Showing preview only (570K chars total). Download the full file or copy to clipboard to get everything.
Repository: dlebrero/wireshark-plantuml
Branch: master
Commit: 84f680ff3379
Files: 5
Total size: 555.5 KB
Directory structure:
gitextract_dgm1z2d9/
├── .gitignore
├── README.md
├── project.clj
├── sample.json
└── src/
└── plantuml_uma/
└── core.clj
================================================
FILE CONTENTS
================================================
================================================
FILE: .gitignore
================================================
/target
/classes
/checkouts
pom.xml
pom.xml.asc
*.jar
*.class
/.lein-*
/.nrepl-port
.hgignore
.hg/
.idea
*.iml
sample.png
================================================
FILE: README.md
================================================
# plantuml-uma
Code for the [Documenting your architecture: Wireshark, PlantUML and a REPL to glue them all.](http://danlebrero.com/2017/04/06/documenting-your-architecture-wireshark-plantuml-and-a-repl/) blog entry.
Generates a PlantUML sequence diagram given a Wireshark JSON capture.
## Usage
Start REPL, load plantuml-uma.core and reload whole file after each change
================================================
FILE: project.clj
================================================
(defproject plantuml-uma "0.1.0-SNAPSHOT"
:description "FIXME: write description"
:url "http://example.com/FIXME"
:license {:name "Eclipse Public License"
:url "http://www.eclipse.org/legal/epl-v10.html"}
:dependencies [[org.clojure/clojure "1.8.0"]
[cheshire "5.6.3"]
[clojure-humanize "0.2.2"]
[net.sourceforge.plantuml/plantuml "2017.08"]])
================================================
FILE: sample.json
================================================
[
{
"_index": "packets-2017-10-17",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.encap_type": "15",
"frame.time": "Mar 9, 2017 03:19:15.436679000 CET",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1489025955.436679000",
"frame.time_delta": "0.000630000",
"frame.time_delta_displayed": "0.000000000",
"frame.time_relative": "5.713806000",
"frame.number": "37",
"frame.len": "532",
"frame.cap_len": "532",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "null:ip:tcp:http",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"null": {
"null.family": "2"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000000",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "0"
},
"ip.len": "528",
"ip.id": "0x000059b7",
"ip.flags": "0x00000002",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0"
},
"ip.frag_offset": "0",
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x00000000",
"ip.checksum.status": "2",
"ip.src": "127.0.0.1",
"ip.addr": "127.0.0.1",
"ip.src_host": "127.0.0.1",
"ip.host": "127.0.0.1",
"ip.dst": "127.0.0.1",
"ip.addr": "127.0.0.1",
"ip.dst_host": "127.0.0.1",
"ip.host": "127.0.0.1",
"Source GeoIP: Unknown": "",
"Destination GeoIP: Unknown": ""
},
"tcp": {
"tcp.srcport": "54765",
"tcp.dstport": "3030",
"tcp.port": "54765",
"tcp.port": "3030",
"tcp.stream": "7",
"tcp.len": "476",
"tcp.seq": "1",
"tcp.nxtseq": "477",
"tcp.ack": "1",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7"
},
"tcp.window_size_value": "12759",
"tcp.window_size": "408288",
"tcp.window_size_scalefactor": "32",
"tcp.checksum": "0x00000005",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:48:49:2d:da:48:49:2d:d9",
"tcp.options_tree": {
"No-Operation (NOP)": {
"tcp.options.type": "1",
"tcp.options.type_tree": {
"tcp.options.type.copy": "0",
"tcp.options.type.class": "0",
"tcp.options.type.number": "1"
}
},
"No-Operation (NOP)": {
"tcp.options.type": "1",
"tcp.options.type_tree": {
"tcp.options.type.copy": "0",
"tcp.options.type.class": "0",
"tcp.options.type.number": "1"
}
},
"Timestamps: TSval 1212755418, TSecr 1212755417": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "1212755418",
"tcp.options.timestamp.tsecr": "1212755417"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.000078000",
"tcp.analysis.bytes_in_flight": "476",
"tcp.analysis.push_bytes_sent": "476"
}
},
"http": {
"GET \/library HTTP\/1.1\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "GET \/library HTTP\/1.1\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.method": "GET",
"http.request.uri": "\/library",
"http.request.version": "HTTP\/1.1"
},
"http.host": "t1.lumen.localhost:3030",
"http.request.line": "Host: t1.lumen.localhost:3030\r\n",
"http.connection": "keep-alive",
"http.request.line": "Connection: keep-alive\r\n",
"http.request.line": "Upgrade-Insecure-Requests: 1\r\n",
"http.user_agent": "Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36",
"http.request.line": "User-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36\r\n",
"http.accept": "text\/html,application\/xhtml+xml,application\/xml;q=0.9,image\/webp,*\/*;q=0.8",
"http.request.line": "Accept: text\/html,application\/xhtml+xml,application\/xml;q=0.9,image\/webp,*\/*;q=0.8\r\n",
"http.accept_encoding": "gzip, deflate, sdch, br",
"http.request.line": "Accept-Encoding: gzip, deflate, sdch, br\r\n",
"http.accept_language": "en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4",
"http.request.line": "Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4\r\n",
"http.request.line": "If-None-Match: W\/\"22f-yjaM2RvlkdfqS0jVUSsumj\/Lpw8\"\r\n",
"\\r\\n": "",
"http.request.full_uri": "http:\/\/t1.lumen.localhost:3030\/library",
"http.request": "1",
"http.request_number": "1",
"http.response_in": "43",
"http.next_request_in": "45"
}
}
}
}
,
{
"_index": "packets-2017-10-17",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.encap_type": "15",
"frame.time": "Mar 9, 2017 03:19:15.465602000 CET",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1489025955.465602000",
"frame.time_delta": "0.018463000",
"frame.time_delta_displayed": "0.028923000",
"frame.time_relative": "5.742729000",
"frame.number": "43",
"frame.len": "266",
"frame.cap_len": "266",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "null:ip:tcp:http",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"null": {
"null.family": "2"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000002",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "2"
},
"ip.len": "262",
"ip.id": "0x000095b1",
"ip.flags": "0x00000002",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0"
},
"ip.frag_offset": "0",
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x00000000",
"ip.checksum.status": "2",
"ip.src": "127.0.0.1",
"ip.addr": "127.0.0.1",
"ip.src_host": "127.0.0.1",
"ip.host": "127.0.0.1",
"ip.dst": "127.0.0.1",
"ip.addr": "127.0.0.1",
"ip.dst_host": "127.0.0.1",
"ip.host": "127.0.0.1",
"Source GeoIP: Unknown": "",
"Destination GeoIP: Unknown": ""
},
"tcp": {
"tcp.srcport": "3030",
"tcp.dstport": "54765",
"tcp.port": "3030",
"tcp.port": "54765",
"tcp.stream": "7",
"tcp.len": "210",
"tcp.seq": "1",
"tcp.nxtseq": "211",
"tcp.ack": "477",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7"
},
"tcp.window_size_value": "12744",
"tcp.window_size": "407808",
"tcp.window_size_scalefactor": "32",
"tcp.checksum": "0x0000fefa",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:48:49:2d:f5:48:49:2d:da",
"tcp.options_tree": {
"No-Operation (NOP)": {
"tcp.options.type": "1",
"tcp.options.type_tree": {
"tcp.options.type.copy": "0",
"tcp.options.type.class": "0",
"tcp.options.type.number": "1"
}
},
"No-Operation (NOP)": {
"tcp.options.type": "1",
"tcp.options.type_tree": {
"tcp.options.type.copy": "0",
"tcp.options.type.class": "0",
"tcp.options.type.number": "1"
}
},
"Timestamps: TSval 1212755445, TSecr 1212755418": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "1212755445",
"tcp.options.timestamp.tsecr": "1212755418"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.000078000",
"tcp.analysis.bytes_in_flight": "210",
"tcp.analysis.push_bytes_sent": "210"
}
},
"http": {
"HTTP\/1.1 304 Not Modified\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "HTTP\/1.1 304 Not Modified\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.version": "HTTP\/1.1",
"http.response.code": "304",
"http.response.phrase": "Not Modified"
},
"http.response.line": "X-Powered-By: Express\r\n",
"http.response.line": "Accept-Ranges: bytes\r\n",
"http.response.line": "Access-Control-Allow-Origin: *\r\n",
"http.response.line": "ETag: W\/\"22f-yjaM2RvlkdfqS0jVUSsumj\/Lpw8\"\r\n",
"http.date": "Thu, 09 Mar 2017 02:19:15 GMT",
"http.response.line": "Date: Thu, 09 Mar 2017 02:19:15 GMT\r\n",
"http.connection": "keep-alive",
"http.response.line": "Connection: keep-alive\r\n",
"\\r\\n": "",
"http.response": "1",
"http.response_number": "1",
"http.time": "0.028923000",
"http.request_in": "37",
"http.next_request_in": "45",
"http.next_response_in": "47"
}
}
}
}
,
{
"_index": "packets-2017-10-17",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.encap_type": "15",
"frame.time": "Mar 9, 2017 03:19:15.474755000 CET",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1489025955.474755000",
"frame.time_delta": "0.009105000",
"frame.time_delta_displayed": "0.009153000",
"frame.time_relative": "5.751882000",
"frame.number": "45",
"frame.len": "517",
"frame.cap_len": "517",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "null:ip:tcp:http",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"null": {
"null.family": "2"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000000",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "0"
},
"ip.len": "513",
"ip.id": "0x0000346d",
"ip.flags": "0x00000002",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0"
},
"ip.frag_offset": "0",
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x00000000",
"ip.checksum.status": "2",
"ip.src": "127.0.0.1",
"ip.addr": "127.0.0.1",
"ip.src_host": "127.0.0.1",
"ip.host": "127.0.0.1",
"ip.dst": "127.0.0.1",
"ip.addr": "127.0.0.1",
"ip.dst_host": "127.0.0.1",
"ip.host": "127.0.0.1",
"Source GeoIP: Unknown": "",
"Destination GeoIP: Unknown": ""
},
"tcp": {
"tcp.srcport": "54765",
"tcp.dstport": "3030",
"tcp.port": "54765",
"tcp.port": "3030",
"tcp.stream": "7",
"tcp.len": "461",
"tcp.seq": "477",
"tcp.nxtseq": "938",
"tcp.ack": "211",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7"
},
"tcp.window_size_value": "12752",
"tcp.window_size": "408064",
"tcp.window_size_scalefactor": "32",
"tcp.checksum": "0x0000fff5",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:48:49:2d:fe:48:49:2d:f5",
"tcp.options_tree": {
"No-Operation (NOP)": {
"tcp.options.type": "1",
"tcp.options.type_tree": {
"tcp.options.type.copy": "0",
"tcp.options.type.class": "0",
"tcp.options.type.number": "1"
}
},
"No-Operation (NOP)": {
"tcp.options.type": "1",
"tcp.options.type_tree": {
"tcp.options.type.copy": "0",
"tcp.options.type.class": "0",
"tcp.options.type.number": "1"
}
},
"Timestamps: TSval 1212755454, TSecr 1212755445": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "1212755454",
"tcp.options.timestamp.tsecr": "1212755445"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.000078000",
"tcp.analysis.bytes_in_flight": "461",
"tcp.analysis.push_bytes_sent": "461"
}
},
"http": {
"GET \/assets\/app.437fba928d138e7fbd35.bundle.js HTTP\/1.1\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "GET \/assets\/app.437fba928d138e7fbd35.bundle.js HTTP\/1.1\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.method": "GET",
"http.request.uri": "\/assets\/app.437fba928d138e7fbd35.bundle.js",
"http.request.version": "HTTP\/1.1"
},
"http.host": "t1.lumen.localhost:3030",
"http.request.line": "Host: t1.lumen.localhost:3030\r\n",
"http.connection": "keep-alive",
"http.request.line": "Connection: keep-alive\r\n",
"http.user_agent": "Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36",
"http.request.line": "User-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36\r\n",
"http.accept": "*\/*",
"http.request.line": "Accept: *\/*\r\n",
"http.referer": "http:\/\/t1.lumen.localhost:3030\/library",
"http.request.line": "Referer: http:\/\/t1.lumen.localhost:3030\/library\r\n",
"http.accept_encoding": "gzip, deflate, sdch, br",
"http.request.line": "Accept-Encoding: gzip, deflate, sdch, br\r\n",
"http.accept_language": "en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4",
"http.request.line": "Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4\r\n",
"http.request.line": "If-None-Match: W\/\"3703df-5oa0o69ljMGxh+qLz\/qCRuyrLV8\"\r\n",
"\\r\\n": "",
"http.request.full_uri": "http:\/\/t1.lumen.localhost:3030\/assets\/app.437fba928d138e7fbd35.bundle.js",
"http.request": "1",
"http.request_number": "2",
"http.prev_request_in": "37",
"http.response_in": "47",
"http.next_request_in": "55"
}
}
}
}
,
{
"_index": "packets-2017-10-17",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.encap_type": "15",
"frame.time": "Mar 9, 2017 03:19:15.495280000 CET",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1489025955.495280000",
"frame.time_delta": "0.020489000",
"frame.time_delta_displayed": "0.020525000",
"frame.time_relative": "5.772407000",
"frame.number": "47",
"frame.len": "269",
"frame.cap_len": "269",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "null:ip:tcp:http",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"null": {
"null.family": "2"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000002",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "2"
},
"ip.len": "265",
"ip.id": "0x00002189",
"ip.flags": "0x00000002",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0"
},
"ip.frag_offset": "0",
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x00000000",
"ip.checksum.status": "2",
"ip.src": "127.0.0.1",
"ip.addr": "127.0.0.1",
"ip.src_host": "127.0.0.1",
"ip.host": "127.0.0.1",
"ip.dst": "127.0.0.1",
"ip.addr": "127.0.0.1",
"ip.dst_host": "127.0.0.1",
"ip.host": "127.0.0.1",
"Source GeoIP: Unknown": "",
"Destination GeoIP: Unknown": ""
},
"tcp": {
"tcp.srcport": "3030",
"tcp.dstport": "54765",
"tcp.port": "3030",
"tcp.port": "54765",
"tcp.stream": "7",
"tcp.len": "213",
"tcp.seq": "211",
"tcp.nxtseq": "424",
"tcp.ack": "938",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7"
},
"tcp.window_size_value": "12730",
"tcp.window_size": "407360",
"tcp.window_size_scalefactor": "32",
"tcp.checksum": "0x0000fefd",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:48:49:2e:12:48:49:2d:fe",
"tcp.options_tree": {
"No-Operation (NOP)": {
"tcp.options.type": "1",
"tcp.options.type_tree": {
"tcp.options.type.copy": "0",
"tcp.options.type.class": "0",
"tcp.options.type.number": "1"
}
},
"No-Operation (NOP)": {
"tcp.options.type": "1",
"tcp.options.type_tree": {
"tcp.options.type.copy": "0",
"tcp.options.type.class": "0",
"tcp.options.type.number": "1"
}
},
"Timestamps: TSval 1212755474, TSecr 1212755454": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "1212755474",
"tcp.options.timestamp.tsecr": "1212755454"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.000078000",
"tcp.analysis.bytes_in_flight": "213",
"tcp.analysis.push_bytes_sent": "213"
}
},
"http": {
"HTTP\/1.1 304 Not Modified\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "HTTP\/1.1 304 Not Modified\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.version": "HTTP\/1.1",
"http.response.code": "304",
"http.response.phrase": "Not Modified"
},
"http.response.line": "X-Powered-By: Express\r\n",
"http.response.line": "Accept-Ranges: bytes\r\n",
"http.response.line": "Access-Control-Allow-Origin: *\r\n",
"http.response.line": "ETag: W\/\"3703df-5oa0o69ljMGxh+qLz\/qCRuyrLV8\"\r\n",
"http.date": "Thu, 09 Mar 2017 02:19:15 GMT",
"http.response.line": "Date: Thu, 09 Mar 2017 02:19:15 GMT\r\n",
"http.connection": "keep-alive",
"http.response.line": "Connection: keep-alive\r\n",
"\\r\\n": "",
"http.response": "1",
"http.response_number": "2",
"http.time": "0.020525000",
"http.prev_request_in": "37",
"http.prev_response_in": "43",
"http.request_in": "45",
"http.next_request_in": "55",
"http.next_response_in": "57"
}
}
}
}
,
{
"_index": "packets-2017-10-17",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.encap_type": "15",
"frame.time": "Mar 9, 2017 03:19:16.021112000 CET",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1489025956.021112000",
"frame.time_delta": "0.000144000",
"frame.time_delta_displayed": "0.525832000",
"frame.time_relative": "6.298239000",
"frame.number": "53",
"frame.len": "424",
"frame.cap_len": "424",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "null:ip:tcp:http",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"null": {
"null.family": "2"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000002",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "2"
},
"ip.len": "420",
"ip.id": "0x0000ea45",
"ip.flags": "0x00000002",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0"
},
"ip.frag_offset": "0",
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x00000000",
"ip.checksum.status": "2",
"ip.src": "127.0.0.1",
"ip.addr": "127.0.0.1",
"ip.src_host": "127.0.0.1",
"ip.host": "127.0.0.1",
"ip.dst": "127.0.0.1",
"ip.addr": "127.0.0.1",
"ip.dst_host": "127.0.0.1",
"ip.host": "127.0.0.1",
"Source GeoIP: Unknown": "",
"Destination GeoIP: Unknown": ""
},
"tcp": {
"tcp.srcport": "54766",
"tcp.dstport": "3030",
"tcp.port": "54766",
"tcp.port": "3030",
"tcp.stream": "8",
"tcp.len": "368",
"tcp.seq": "1",
"tcp.nxtseq": "369",
"tcp.ack": "1",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7"
},
"tcp.window_size_value": "12759",
"tcp.window_size": "408288",
"tcp.window_size_scalefactor": "32",
"tcp.checksum": "0x0000ff98",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:48:49:30:1d:48:49:30:1d",
"tcp.options_tree": {
"No-Operation (NOP)": {
"tcp.options.type": "1",
"tcp.options.type_tree": {
"tcp.options.type.copy": "0",
"tcp.options.type.class": "0",
"tcp.options.type.number": "1"
}
},
"No-Operation (NOP)": {
"tcp.options.type": "1",
"tcp.options.type_tree": {
"tcp.options.type.copy": "0",
"tcp.options.type.class": "0",
"tcp.options.type.number": "1"
}
},
"Timestamps: TSval 1212755997, TSecr 1212755997": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "1212755997",
"tcp.options.timestamp.tsecr": "1212755997"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.000094000",
"tcp.analysis.bytes_in_flight": "368",
"tcp.analysis.push_bytes_sent": "368"
}
},
"http": {
"GET \/env HTTP\/1.1\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "GET \/env HTTP\/1.1\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.method": "GET",
"http.request.uri": "\/env",
"http.request.version": "HTTP\/1.1"
},
"http.host": "t1.lumen.localhost:3030",
"http.request.line": "Host: t1.lumen.localhost:3030\r\n",
"http.connection": "keep-alive",
"http.request.line": "Connection: keep-alive\r\n",
"http.user_agent": "Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36",
"http.request.line": "User-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36\r\n",
"http.accept": "*\/*",
"http.request.line": "Accept: *\/*\r\n",
"http.referer": "http:\/\/t1.lumen.localhost:3030\/library",
"http.request.line": "Referer: http:\/\/t1.lumen.localhost:3030\/library\r\n",
"http.accept_encoding": "gzip, deflate, sdch, br",
"http.request.line": "Accept-Encoding: gzip, deflate, sdch, br\r\n",
"http.accept_language": "en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4",
"http.request.line": "Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4\r\n",
"\\r\\n": "",
"http.request.full_uri": "http:\/\/t1.lumen.localhost:3030\/env",
"http.request": "1",
"http.request_number": "1",
"http.response_in": "89"
}
}
}
}
,
{
"_index": "packets-2017-10-17",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.encap_type": "15",
"frame.time": "Mar 9, 2017 03:19:16.036635000 CET",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1489025956.036635000",
"frame.time_delta": "0.015502000",
"frame.time_delta_displayed": "0.015523000",
"frame.time_relative": "6.313762000",
"frame.number": "55",
"frame.len": "453",
"frame.cap_len": "453",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "null:ip:tcp:http",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"null": {
"null.family": "2"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000000",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "0"
},
"ip.len": "449",
"ip.id": "0x000045d5",
"ip.flags": "0x00000002",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0"
},
"ip.frag_offset": "0",
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x00000000",
"ip.checksum.status": "2",
"ip.src": "127.0.0.1",
"ip.addr": "127.0.0.1",
"ip.src_host": "127.0.0.1",
"ip.host": "127.0.0.1",
"ip.dst": "127.0.0.1",
"ip.addr": "127.0.0.1",
"ip.dst_host": "127.0.0.1",
"ip.host": "127.0.0.1",
"Source GeoIP: Unknown": "",
"Destination GeoIP: Unknown": ""
},
"tcp": {
"tcp.srcport": "54765",
"tcp.dstport": "3030",
"tcp.port": "54765",
"tcp.port": "3030",
"tcp.stream": "7",
"tcp.len": "397",
"tcp.seq": "938",
"tcp.nxtseq": "1335",
"tcp.ack": "424",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7"
},
"tcp.window_size_value": "12746",
"tcp.window_size": "407872",
"tcp.window_size_scalefactor": "32",
"tcp.checksum": "0x0000ffb5",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:48:49:30:2c:48:49:2e:12",
"tcp.options_tree": {
"No-Operation (NOP)": {
"tcp.options.type": "1",
"tcp.options.type_tree": {
"tcp.options.type.copy": "0",
"tcp.options.type.class": "0",
"tcp.options.type.number": "1"
}
},
"No-Operation (NOP)": {
"tcp.options.type": "1",
"tcp.options.type_tree": {
"tcp.options.type.copy": "0",
"tcp.options.type.class": "0",
"tcp.options.type.number": "1"
}
},
"Timestamps: TSval 1212756012, TSecr 1212755474": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "1212756012",
"tcp.options.timestamp.tsecr": "1212755474"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.000078000",
"tcp.analysis.bytes_in_flight": "397",
"tcp.analysis.push_bytes_sent": "397"
}
},
"http": {
"GET \/sockjs-node\/info?t=1489025956034 HTTP\/1.1\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "GET \/sockjs-node\/info?t=1489025956034 HTTP\/1.1\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.method": "GET",
"http.request.uri": "\/sockjs-node\/info?t=1489025956034",
"http.request.uri_tree": {
"http.request.uri.path": "\/sockjs-node\/info",
"http.request.uri.query": "t=1489025956034",
"http.request.uri.query_tree": {
"http.request.uri.query.parameter": "t=1489025956034"
}
},
"http.request.version": "HTTP\/1.1"
},
"http.host": "t1.lumen.localhost:3030",
"http.request.line": "Host: t1.lumen.localhost:3030\r\n",
"http.connection": "keep-alive",
"http.request.line": "Connection: keep-alive\r\n",
"http.user_agent": "Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36",
"http.request.line": "User-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36\r\n",
"http.accept": "*\/*",
"http.request.line": "Accept: *\/*\r\n",
"http.referer": "http:\/\/t1.lumen.localhost:3030\/library",
"http.request.line": "Referer: http:\/\/t1.lumen.localhost:3030\/library\r\n",
"http.accept_encoding": "gzip, deflate, sdch, br",
"http.request.line": "Accept-Encoding: gzip, deflate, sdch, br\r\n",
"http.accept_language": "en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4",
"http.request.line": "Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4\r\n",
"\\r\\n": "",
"http.request.full_uri": "http:\/\/t1.lumen.localhost:3030\/sockjs-node\/info?t=1489025956034",
"http.request": "1",
"http.request_number": "3",
"http.prev_request_in": "45",
"http.response_in": "57",
"http.next_request_in": "69"
}
}
}
}
,
{
"_index": "packets-2017-10-17",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.encap_type": "15",
"frame.time": "Mar 9, 2017 03:19:16.040340000 CET",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1489025956.040340000",
"frame.time_delta": "0.003669000",
"frame.time_delta_displayed": "0.003705000",
"frame.time_relative": "6.317467000",
"frame.number": "57",
"frame.len": "423",
"frame.cap_len": "423",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "null:ip:tcp:http:data:json",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"null": {
"null.family": "2"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000002",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "2"
},
"ip.len": "419",
"ip.id": "0x0000e475",
"ip.flags": "0x00000002",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0"
},
"ip.frag_offset": "0",
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x00000000",
"ip.checksum.status": "2",
"ip.src": "127.0.0.1",
"ip.addr": "127.0.0.1",
"ip.src_host": "127.0.0.1",
"ip.host": "127.0.0.1",
"ip.dst": "127.0.0.1",
"ip.addr": "127.0.0.1",
"ip.dst_host": "127.0.0.1",
"ip.host": "127.0.0.1",
"Source GeoIP: Unknown": "",
"Destination GeoIP: Unknown": ""
},
"tcp": {
"tcp.srcport": "3030",
"tcp.dstport": "54765",
"tcp.port": "3030",
"tcp.port": "54765",
"tcp.stream": "7",
"tcp.len": "367",
"tcp.seq": "424",
"tcp.nxtseq": "791",
"tcp.ack": "1335",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7"
},
"tcp.window_size_value": "12717",
"tcp.window_size": "406944",
"tcp.window_size_scalefactor": "32",
"tcp.checksum": "0x0000ff97",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:48:49:30:2f:48:49:30:2c",
"tcp.options_tree": {
"No-Operation (NOP)": {
"tcp.options.type": "1",
"tcp.options.type_tree": {
"tcp.options.type.copy": "0",
"tcp.options.type.class": "0",
"tcp.options.type.number": "1"
}
},
"No-Operation (NOP)": {
"tcp.options.type": "1",
"tcp.options.type_tree": {
"tcp.options.type.copy": "0",
"tcp.options.type.class": "0",
"tcp.options.type.number": "1"
}
},
"Timestamps: TSval 1212756015, TSecr 1212756012": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "1212756015",
"tcp.options.timestamp.tsecr": "1212756012"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.000078000",
"tcp.analysis.bytes_in_flight": "367",
"tcp.analysis.push_bytes_sent": "367"
}
},
"http": {
"HTTP\/1.1 200 OK\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.version": "HTTP\/1.1",
"http.response.code": "200",
"http.response.phrase": "OK"
},
"http.response.line": "Access-Control-Allow-Origin: *\r\n",
"http.response.line": "Vary: Origin\r\n",
"http.cache_control": "no-store, no-cache, no-transform, must-revalidate, max-age=0",
"http.response.line": "Cache-Control: no-store, no-cache, no-transform, must-revalidate, max-age=0\r\n",
"http.content_type": "application\/json; charset=UTF-8",
"http.response.line": "Content-Type: application\/json; charset=UTF-8\r\n",
"http.date": "Thu, 09 Mar 2017 02:19:16 GMT",
"http.response.line": "Date: Thu, 09 Mar 2017 02:19:16 GMT\r\n",
"http.connection": "keep-alive",
"http.response.line": "Connection: keep-alive\r\n",
"http.transfer_encoding": "chunked",
"http.response.line": "Transfer-Encoding: chunked\r\n",
"\\r\\n": "",
"http.response": "1",
"http.response_number": "3",
"http.time": "0.003705000",
"http.prev_request_in": "45",
"http.prev_response_in": "47",
"http.request_in": "55",
"http.next_request_in": "69",
"http.next_response_in": "73",
"HTTP chunked response": {
"Data chunk (78 octets)": {
"http.chunk_size": "78",
"data": {
"data.data": "7b:22:77:65:62:73:6f:63:6b:65:74:22:3a:74:72:75:65:2c:22:6f:72:69:67:69:6e:73:22:3a:5b:22:2a:3a:2a:22:5d:2c:22:63:6f:6f:6b:69:65:5f:6e:65:65:64:65:64:22:3a:66:61:6c:73:65:2c:22:65:6e:74:72:6f:70:79:22:3a:35:35:37:33:34:30:30:30:36:7d",
"data.len": "78"
},
"http.chunk_boundary": "0d:0a"
},
"End of chunked encoding": {
"http.chunk_size": "0"
},
"\\r\\n": ""
},
"http.file_data": "{\"websocket\":true,\"origins\":[\"*:*\"],\"cookie_needed\":false,\"entropy\":557340006}"
},
"json": {
"json.object": {
"json.member": {
"json.value.true": "",
"json.key": "websocket"
},
"json.member": {
"json.array": {
"json.value.string": "*:*"
},
"json.key": "origins"
},
"json.member": {
"json.value.false": "",
"json.key": "cookie_needed"
},
"json.member": {
"json.value.number": "557340006",
"json.key": "entropy"
}
}
}
}
}
}
,
{
"_index": "packets-2017-10-17",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.encap_type": "15",
"frame.time": "Mar 9, 2017 03:19:16.049876000 CET",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1489025956.049876000",
"frame.time_delta": "0.004154000",
"frame.time_delta_displayed": "0.009536000",
"frame.time_relative": "6.327003000",
"frame.number": "63",
"frame.len": "419",
"frame.cap_len": "419",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "null:ip:tcp:http",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"null": {
"null.family": "2"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000000",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "0"
},
"ip.len": "415",
"ip.id": "0x000029db",
"ip.flags": "0x00000002",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0"
},
"ip.frag_offset": "0",
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x00000000",
"ip.checksum.status": "2",
"ip.src": "192.168.0.14",
"ip.addr": "192.168.0.14",
"ip.src_host": "192.168.0.14",
"ip.host": "192.168.0.14",
"ip.dst": "192.168.0.14",
"ip.addr": "192.168.0.14",
"ip.dst_host": "192.168.0.14",
"ip.host": "192.168.0.14",
"Source GeoIP: Unknown": "",
"Destination GeoIP: Unknown": ""
},
"tcp": {
"tcp.srcport": "54767",
"tcp.dstport": "3000",
"tcp.port": "54767",
"tcp.port": "3000",
"tcp.stream": "9",
"tcp.len": "363",
"tcp.seq": "1",
"tcp.nxtseq": "364",
"tcp.ack": "1",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7"
},
"tcp.window_size_value": "12759",
"tcp.window_size": "408288",
"tcp.window_size_scalefactor": "32",
"tcp.checksum": "0x000082fe",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:48:49:30:38:48:49:30:34",
"tcp.options_tree": {
"No-Operation (NOP)": {
"tcp.options.type": "1",
"tcp.options.type_tree": {
"tcp.options.type.copy": "0",
"tcp.options.type.class": "0",
"tcp.options.type.number": "1"
}
},
"No-Operation (NOP)": {
"tcp.options.type": "1",
"tcp.options.type_tree": {
"tcp.options.type.copy": "0",
"tcp.options.type.class": "0",
"tcp.options.type.number": "1"
}
},
"Timestamps: TSval 1212756024, TSecr 1212756020": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "1212756024",
"tcp.options.timestamp.tsecr": "1212756020"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.000094000",
"tcp.analysis.bytes_in_flight": "363",
"tcp.analysis.push_bytes_sent": "363"
}
},
"http": {
"GET \/env HTTP\/1.1\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "GET \/env HTTP\/1.1\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.method": "GET",
"http.request.uri": "\/env",
"http.request.version": "HTTP\/1.1"
},
"http.accept_language": "en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4",
"http.request.line": "accept-language: en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4\r\n",
"http.accept_encoding": "gzip, deflate, sdch, br",
"http.request.line": "accept-encoding: gzip, deflate, sdch, br\r\n",
"http.referer": "http:\/\/t1.lumen.localhost:3030\/library",
"http.request.line": "referer: http:\/\/t1.lumen.localhost:3030\/library\r\n",
"http.accept": "*\/*",
"http.request.line": "accept: *\/*\r\n",
"http.user_agent": "Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36",
"http.request.line": "user-agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36\r\n",
"http.connection": "close",
"http.request.line": "connection: close\r\n",
"http.host": "t1.lumen.localhost:3030",
"http.request.line": "host: t1.lumen.localhost:3030\r\n",
"\\r\\n": "",
"http.request.full_uri": "http:\/\/t1.lumen.localhost:3030\/env",
"http.request": "1",
"http.request_number": "1",
"http.response_in": "81"
}
}
}
}
,
{
"_index": "packets-2017-10-17",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.encap_type": "15",
"frame.time": "Mar 9, 2017 03:19:16.066224000 CET",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1489025956.066224000",
"frame.time_delta": "0.000798000",
"frame.time_delta_displayed": "0.016348000",
"frame.time_relative": "6.343351000",
"frame.number": "69",
"frame.len": "509",
"frame.cap_len": "509",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "null:ip:tcp:http",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"null": {
"null.family": "2"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000000",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "0"
},
"ip.len": "505",
"ip.id": "0x0000236e",
"ip.flags": "0x00000002",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0"
},
"ip.frag_offset": "0",
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x00000000",
"ip.checksum.status": "2",
"ip.src": "127.0.0.1",
"ip.addr": "127.0.0.1",
"ip.src_host": "127.0.0.1",
"ip.host": "127.0.0.1",
"ip.dst": "127.0.0.1",
"ip.addr": "127.0.0.1",
"ip.dst_host": "127.0.0.1",
"ip.host": "127.0.0.1",
"Source GeoIP: Unknown": "",
"Destination GeoIP: Unknown": ""
},
"tcp": {
"tcp.srcport": "54765",
"tcp.dstport": "3030",
"tcp.port": "54765",
"tcp.port": "3030",
"tcp.stream": "7",
"tcp.len": "453",
"tcp.seq": "1335",
"tcp.nxtseq": "1788",
"tcp.ack": "791",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7"
},
"tcp.window_size_value": "12734",
"tcp.window_size": "407488",
"tcp.window_size_scalefactor": "32",
"tcp.checksum": "0x0000ffed",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:48:49:30:47:48:49:30:2f",
"tcp.options_tree": {
"No-Operation (NOP)": {
"tcp.options.type": "1",
"tcp.options.type_tree": {
"tcp.options.type.copy": "0",
"tcp.options.type.class": "0",
"tcp.options.type.number": "1"
}
},
"No-Operation (NOP)": {
"tcp.options.type": "1",
"tcp.options.type_tree": {
"tcp.options.type.copy": "0",
"tcp.options.type.class": "0",
"tcp.options.type.number": "1"
}
},
"Timestamps: TSval 1212756039, TSecr 1212756015": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "1212756039",
"tcp.options.timestamp.tsecr": "1212756015"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.000078000",
"tcp.analysis.bytes_in_flight": "453",
"tcp.analysis.push_bytes_sent": "453"
}
},
"http": {
"GET \/favicon.ico HTTP\/1.1\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "GET \/favicon.ico HTTP\/1.1\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.method": "GET",
"http.request.uri": "\/favicon.ico",
"http.request.version": "HTTP\/1.1"
},
"http.host": "t1.lumen.localhost:3030",
"http.request.line": "Host: t1.lumen.localhost:3030\r\n",
"http.connection": "keep-alive",
"http.request.line": "Connection: keep-alive\r\n",
"http.user_agent": "Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36",
"http.request.line": "User-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36\r\n",
"http.accept": "image\/webp,image\/*,*\/*;q=0.8",
"http.request.line": "Accept: image\/webp,image\/*,*\/*;q=0.8\r\n",
"http.referer": "http:\/\/t1.lumen.localhost:3030\/library",
"http.request.line": "Referer: http:\/\/t1.lumen.localhost:3030\/library\r\n",
"http.accept_encoding": "gzip, deflate, sdch, br",
"http.request.line": "Accept-Encoding: gzip, deflate, sdch, br\r\n",
"http.accept_language": "en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4",
"http.request.line": "Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4\r\n",
"http.request.line": "If-None-Match: W\/\"22f-yjaM2RvlkdfqS0jVUSsumj\/Lpw8\"\r\n",
"\\r\\n": "",
"http.request.full_uri": "http:\/\/t1.lumen.localhost:3030\/favicon.ico",
"http.request": "1",
"http.request_number": "4",
"http.prev_request_in": "55",
"http.response_in": "73",
"http.next_request_in": "117"
}
}
}
}
,
{
"_index": "packets-2017-10-17",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.encap_type": "15",
"frame.time": "Mar 9, 2017 03:19:16.066425000 CET",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1489025956.066425000",
"frame.time_delta": "0.000168000",
"frame.time_delta_displayed": "0.000201000",
"frame.time_relative": "6.343552000",
"frame.number": "71",
"frame.len": "635",
"frame.cap_len": "635",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "null:ip:tcp:http",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"null": {
"null.family": "2"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000002",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "2"
},
"ip.len": "631",
"ip.id": "0x00001597",
"ip.flags": "0x00000002",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0"
},
"ip.frag_offset": "0",
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x00000000",
"ip.checksum.status": "2",
"ip.src": "127.0.0.1",
"ip.addr": "127.0.0.1",
"ip.src_host": "127.0.0.1",
"ip.host": "127.0.0.1",
"ip.dst": "127.0.0.1",
"ip.addr": "127.0.0.1",
"ip.dst_host": "127.0.0.1",
"ip.host": "127.0.0.1",
"Source GeoIP: Unknown": "",
"Destination GeoIP: Unknown": ""
},
"tcp": {
"tcp.srcport": "54768",
"tcp.dstport": "3030",
"tcp.port": "54768",
"tcp.port": "3030",
"tcp.stream": "10",
"tcp.len": "579",
"tcp.seq": "1",
"tcp.nxtseq": "580",
"tcp.ack": "1",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7"
},
"tcp.window_size_value": "12759",
"tcp.window_size": "408288",
"tcp.window_size_scalefactor": "32",
"tcp.checksum": "0x0000006c",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:48:49:30:48:48:49:30:47",
"tcp.options_tree": {
"No-Operation (NOP)": {
"tcp.options.type": "1",
"tcp.options.type_tree": {
"tcp.options.type.copy": "0",
"tcp.options.type.class": "0",
"tcp.options.type.number": "1"
}
},
"No-Operation (NOP)": {
"tcp.options.type": "1",
"tcp.options.type_tree": {
"tcp.options.type.copy": "0",
"tcp.options.type.class": "0",
"tcp.options.type.number": "1"
}
},
"Timestamps: TSval 1212756040, TSecr 1212756039": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "1212756040",
"tcp.options.timestamp.tsecr": "1212756039"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.000088000",
"tcp.analysis.bytes_in_flight": "579",
"tcp.analysis.push_bytes_sent": "579"
}
},
"http": {
"GET \/sockjs-node\/439\/ud1tasav\/websocket HTTP\/1.1\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "GET \/sockjs-node\/439\/ud1tasav\/websocket HTTP\/1.1\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.method": "GET",
"http.request.uri": "\/sockjs-node\/439\/ud1tasav\/websocket",
"http.request.version": "HTTP\/1.1"
},
"http.host": "t1.lumen.localhost:3030",
"http.request.line": "Host: t1.lumen.localhost:3030\r\n",
"http.connection": "Upgrade",
"http.request.line": "Connection: Upgrade\r\n",
"http.request.line": "Pragma: no-cache\r\n",
"http.cache_control": "no-cache",
"http.request.line": "Cache-Control: no-cache\r\n",
"http.upgrade": "websocket",
"http.request.line": "Upgrade: websocket\r\n",
"http.request.line": "Origin: http:\/\/t1.lumen.localhost:3030\r\n",
"http.sec_websocket_version": "13",
"http.request.line": "Sec-WebSocket-Version: 13\r\n",
"http.user_agent": "Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36",
"http.request.line": "User-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36\r\n",
"http.accept_encoding": "gzip, deflate, sdch, br",
"http.request.line": "Accept-Encoding: gzip, deflate, sdch, br\r\n",
"http.accept_language": "en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4",
"http.request.line": "Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4\r\n",
"http.sec_websocket_key": "hzNNdaEWGEsYxBkGRRJZeA==",
"http.request.line": "Sec-WebSocket-Key: hzNNdaEWGEsYxBkGRRJZeA==\r\n",
"http.sec_websocket_extensions": "permessage-deflate; client_max_window_bits",
"http.request.line": "Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits\r\n",
"\\r\\n": "",
"http.request.full_uri": "http:\/\/t1.lumen.localhost:3030\/sockjs-node\/439\/ud1tasav\/websocket",
"http.request": "1",
"http.request_number": "1",
"http.response_in": "75"
}
}
}
}
,
{
"_index": "packets-2017-10-17",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.encap_type": "15",
"frame.time": "Mar 9, 2017 03:19:16.068648000 CET",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1489025956.068648000",
"frame.time_delta": "0.002207000",
"frame.time_delta_displayed": "0.002223000",
"frame.time_relative": "6.345775000",
"frame.number": "73",
"frame.len": "266",
"frame.cap_len": "266",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "null:ip:tcp:http",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"null": {
"null.family": "2"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000002",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "2"
},
"ip.len": "262",
"ip.id": "0x0000c117",
"ip.flags": "0x00000002",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0"
},
"ip.frag_offset": "0",
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x00000000",
"ip.checksum.status": "2",
"ip.src": "127.0.0.1",
"ip.addr": "127.0.0.1",
"ip.src_host": "127.0.0.1",
"ip.host": "127.0.0.1",
"ip.dst": "127.0.0.1",
"ip.addr": "127.0.0.1",
"ip.dst_host": "127.0.0.1",
"ip.host": "127.0.0.1",
"Source GeoIP: Unknown": "",
"Destination GeoIP: Unknown": ""
},
"tcp": {
"tcp.srcport": "3030",
"tcp.dstport": "54765",
"tcp.port": "3030",
"tcp.port": "54765",
"tcp.stream": "7",
"tcp.len": "210",
"tcp.seq": "791",
"tcp.nxtseq": "1001",
"tcp.ack": "1788",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7"
},
"tcp.window_size_value": "12703",
"tcp.window_size": "406496",
"tcp.window_size_scalefactor": "32",
"tcp.checksum": "0x0000fefa",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:48:49:30:4a:48:49:30:47",
"tcp.options_tree": {
"No-Operation (NOP)": {
"tcp.options.type": "1",
"tcp.options.type_tree": {
"tcp.options.type.copy": "0",
"tcp.options.type.class": "0",
"tcp.options.type.number": "1"
}
},
"No-Operation (NOP)": {
"tcp.options.type": "1",
"tcp.options.type_tree": {
"tcp.options.type.copy": "0",
"tcp.options.type.class": "0",
"tcp.options.type.number": "1"
}
},
"Timestamps: TSval 1212756042, TSecr 1212756039": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "1212756042",
"tcp.options.timestamp.tsecr": "1212756039"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.000078000",
"tcp.analysis.bytes_in_flight": "210",
"tcp.analysis.push_bytes_sent": "210"
}
},
"http": {
"HTTP\/1.1 304 Not Modified\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "HTTP\/1.1 304 Not Modified\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.version": "HTTP\/1.1",
"http.response.code": "304",
"http.response.phrase": "Not Modified"
},
"http.response.line": "X-Powered-By: Express\r\n",
"http.response.line": "Accept-Ranges: bytes\r\n",
"http.response.line": "Access-Control-Allow-Origin: *\r\n",
"http.response.line": "ETag: W\/\"22f-yjaM2RvlkdfqS0jVUSsumj\/Lpw8\"\r\n",
"http.date": "Thu, 09 Mar 2017 02:19:16 GMT",
"http.response.line": "Date: Thu, 09 Mar 2017 02:19:16 GMT\r\n",
"http.connection": "keep-alive",
"http.response.line": "Connection: keep-alive\r\n",
"\\r\\n": "",
"http.response": "1",
"http.response_number": "4",
"http.time": "0.002424000",
"http.prev_request_in": "55",
"http.prev_response_in": "57",
"http.request_in": "69",
"http.next_request_in": "117",
"http.next_response_in": "119"
}
}
}
}
,
{
"_index": "packets-2017-10-17",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.encap_type": "15",
"frame.time": "Mar 9, 2017 03:19:16.092428000 CET",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1489025956.092428000",
"frame.time_delta": "0.023746000",
"frame.time_delta_displayed": "0.023780000",
"frame.time_relative": "6.369555000",
"frame.number": "75",
"frame.len": "185",
"frame.cap_len": "185",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "null:ip:tcp:http",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"null": {
"null.family": "2"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000002",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "2"
},
"ip.len": "181",
"ip.id": "0x00007f31",
"ip.flags": "0x00000002",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0"
},
"ip.frag_offset": "0",
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x00000000",
"ip.checksum.status": "2",
"ip.src": "127.0.0.1",
"ip.addr": "127.0.0.1",
"ip.src_host": "127.0.0.1",
"ip.host": "127.0.0.1",
"ip.dst": "127.0.0.1",
"ip.addr": "127.0.0.1",
"ip.dst_host": "127.0.0.1",
"ip.host": "127.0.0.1",
"Source GeoIP: Unknown": "",
"Destination GeoIP: Unknown": ""
},
"tcp": {
"tcp.srcport": "3030",
"tcp.dstport": "54768",
"tcp.port": "3030",
"tcp.port": "54768",
"tcp.stream": "10",
"tcp.len": "129",
"tcp.seq": "1",
"tcp.nxtseq": "130",
"tcp.ack": "580",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7"
},
"tcp.window_size_value": "12741",
"tcp.window_size": "407712",
"tcp.window_size_scalefactor": "32",
"tcp.checksum": "0x0000fea9",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:48:49:30:60:48:49:30:48",
"tcp.options_tree": {
"No-Operation (NOP)": {
"tcp.options.type": "1",
"tcp.options.type_tree": {
"tcp.options.type.copy": "0",
"tcp.options.type.class": "0",
"tcp.options.type.number": "1"
}
},
"No-Operation (NOP)": {
"tcp.options.type": "1",
"tcp.options.type_tree": {
"tcp.options.type.copy": "0",
"tcp.options.type.class": "0",
"tcp.options.type.number": "1"
}
},
"Timestamps: TSval 1212756064, TSecr 1212756040": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "1212756064",
"tcp.options.timestamp.tsecr": "1212756040"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.000088000",
"tcp.analysis.bytes_in_flight": "129",
"tcp.analysis.push_bytes_sent": "129"
}
},
"http": {
"HTTP\/1.1 101 Switching Protocols\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "HTTP\/1.1 101 Switching Protocols\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.version": "HTTP\/1.1",
"http.response.code": "101",
"http.response.phrase": "Switching Protocols"
},
"http.upgrade": "websocket",
"http.response.line": "Upgrade: websocket\r\n",
"http.connection": "Upgrade",
"http.response.line": "Connection: Upgrade\r\n",
"http.sec_websocket_accept": "NY7c4JQeBXpqYnwUiHZwT5zJkSQ=",
"http.response.line": "Sec-WebSocket-Accept: NY7c4JQeBXpqYnwUiHZwT5zJkSQ=\r\n",
"\\r\\n": "",
"http.response": "1",
"http.response_number": "1",
"http.time": "0.026003000",
"http.request_in": "71"
}
}
}
}
,
{
"_index": "packets-2017-10-17",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.encap_type": "15",
"frame.time": "Mar 9, 2017 03:19:16.220254000 CET",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1489025956.220254000",
"frame.time_delta": "0.124800000",
"frame.time_delta_displayed": "0.127826000",
"frame.time_relative": "6.497381000",
"frame.number": "81",
"frame.len": "304",
"frame.cap_len": "304",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "null:ip:tcp:http:json",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"null": {
"null.family": "2"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000000",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "0"
},
"ip.len": "300",
"ip.id": "0x00000f4d",
"ip.flags": "0x00000002",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0"
},
"ip.frag_offset": "0",
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x00000000",
"ip.checksum.status": "2",
"ip.src": "192.168.0.14",
"ip.addr": "192.168.0.14",
"ip.src_host": "192.168.0.14",
"ip.host": "192.168.0.14",
"ip.dst": "192.168.0.14",
"ip.addr": "192.168.0.14",
"ip.dst_host": "192.168.0.14",
"ip.host": "192.168.0.14",
"Source GeoIP: Unknown": "",
"Destination GeoIP: Unknown": ""
},
"tcp": {
"tcp.srcport": "3000",
"tcp.dstport": "54767",
"tcp.port": "3000",
"tcp.port": "54767",
"tcp.stream": "9",
"tcp.len": "248",
"tcp.seq": "1",
"tcp.nxtseq": "249",
"tcp.ack": "364",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7"
},
"tcp.window_size_value": "12748",
"tcp.window_size": "407936",
"tcp.window_size_scalefactor": "32",
"tcp.checksum": "0x0000828b",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:48:49:30:de:48:49:30:38",
"tcp.options_tree": {
"No-Operation (NOP)": {
"tcp.options.type": "1",
"tcp.options.type_tree": {
"tcp.options.type.copy": "0",
"tcp.options.type.class": "0",
"tcp.options.type.number": "1"
}
},
"No-Operation (NOP)": {
"tcp.options.type": "1",
"tcp.options.type_tree": {
"tcp.options.type.copy": "0",
"tcp.options.type.class": "0",
"tcp.options.type.number": "1"
}
},
"Timestamps: TSval 1212756190, TSecr 1212756024": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "1212756190",
"tcp.options.timestamp.tsecr": "1212756024"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.000094000",
"tcp.analysis.bytes_in_flight": "248",
"tcp.analysis.push_bytes_sent": "248"
}
},
"http": {
"HTTP\/1.1 200 OK\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.version": "HTTP\/1.1",
"http.response.code": "200",
"http.response.phrase": "OK"
},
"http.connection": "close",
"http.response.line": "Connection: close\r\n",
"http.server": "undertow",
"http.response.line": "Server: undertow\r\n",
"http.content_type": "application\/json; charset=utf-8",
"http.response.line": "Content-Type: application\/json; charset=utf-8\r\n",
"http.content_length_header": "88",
"http.content_length_header_tree": {
"http.content_length": "88"
},
"http.response.line": "Content-Length: 88\r\n",
"http.date": "Thu, 09 Mar 2017 02:19:16 GMT",
"http.response.line": "Date: Thu, 09 Mar 2017 02:19:16 GMT\r\n",
"\\r\\n": "",
"http.response": "1",
"http.response_number": "1",
"http.time": "0.170378000",
"http.request_in": "63",
"http.file_data": "{\"keycloakClient\":\"akvo-lumen\",\"keycloakURL\":\"http:\/\/localhost:8080\/auth\",\"tenant\":\"t1\"}"
},
"json": {
"json.object": {
"json.member": {
"json.value.string": "akvo-lumen",
"json.key": "keycloakClient"
},
"json.member": {
"json.value.string": "http:\/\/localhost:8080\/auth",
"json.key": "keycloakURL"
},
"json.member": {
"json.value.string": "t1",
"json.key": "tenant"
}
}
}
}
}
}
,
{
"_index": "packets-2017-10-17",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.encap_type": "15",
"frame.time": "Mar 9, 2017 03:19:16.827706000 CET",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1489025956.827706000",
"frame.time_delta": "0.001038000",
"frame.time_delta_displayed": "0.607452000",
"frame.time_relative": "7.104833000",
"frame.number": "89",
"frame.len": "327",
"frame.cap_len": "327",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "null:ip:tcp:http:json",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"null": {
"null.family": "2"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000002",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "2"
},
"ip.len": "323",
"ip.id": "0x00003cd5",
"ip.flags": "0x00000002",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0"
},
"ip.frag_offset": "0",
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x00000000",
"ip.checksum.status": "2",
"ip.src": "127.0.0.1",
"ip.addr": "127.0.0.1",
"ip.src_host": "127.0.0.1",
"ip.host": "127.0.0.1",
"ip.dst": "127.0.0.1",
"ip.addr": "127.0.0.1",
"ip.dst_host": "127.0.0.1",
"ip.host": "127.0.0.1",
"Source GeoIP: Unknown": "",
"Destination GeoIP: Unknown": ""
},
"tcp": {
"tcp.srcport": "3030",
"tcp.dstport": "54766",
"tcp.port": "3030",
"tcp.port": "54766",
"tcp.stream": "8",
"tcp.len": "271",
"tcp.seq": "1",
"tcp.nxtseq": "272",
"tcp.ack": "369",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7"
},
"tcp.window_size_value": "12747",
"tcp.window_size": "407904",
"tcp.window_size_scalefactor": "32",
"tcp.checksum": "0x0000ff37",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:48:49:33:3c:48:49:30:1d",
"tcp.options_tree": {
"No-Operation (NOP)": {
"tcp.options.type": "1",
"tcp.options.type_tree": {
"tcp.options.type.copy": "0",
"tcp.options.type.class": "0",
"tcp.options.type.number": "1"
}
},
"No-Operation (NOP)": {
"tcp.options.type": "1",
"tcp.options.type_tree": {
"tcp.options.type.copy": "0",
"tcp.options.type.class": "0",
"tcp.options.type.number": "1"
}
},
"Timestamps: TSval 1212756796, TSecr 1212755997": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "1212756796",
"tcp.options.timestamp.tsecr": "1212755997"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.000094000",
"tcp.analysis.bytes_in_flight": "271",
"tcp.analysis.push_bytes_sent": "271"
}
},
"http": {
"HTTP\/1.1 200 OK\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.version": "HTTP\/1.1",
"http.response.code": "200",
"http.response.phrase": "OK"
},
"http.response.line": "X-Powered-By: Express\r\n",
"http.connection": "close",
"http.response.line": "connection: close\r\n",
"http.server": "undertow",
"http.response.line": "server: undertow\r\n",
"http.content_type": "application\/json; charset=utf-8",
"http.response.line": "content-type: application\/json; charset=utf-8\r\n",
"http.content_length_header": "88",
"http.content_length_header_tree": {
"http.content_length": "88"
},
"http.response.line": "content-length: 88\r\n",
"http.date": "Thu, 09 Mar 2017 02:19:16 GMT",
"http.response.line": "date: Thu, 09 Mar 2017 02:19:16 GMT\r\n",
"\\r\\n": "",
"http.response": "1",
"http.response_number": "1",
"http.time": "0.806594000",
"http.request_in": "53",
"http.file_data": "{\"keycloakClient\":\"akvo-lumen\",\"keycloakURL\":\"http:\/\/localhost:8080\/auth\",\"tenant\":\"t1\"}"
},
"json": {
"json.object": {
"json.member": {
"json.value.string": "akvo-lumen",
"json.key": "keycloakClient"
},
"json.member": {
"json.value.string": "http:\/\/localhost:8080\/auth",
"json.key": "keycloakURL"
},
"json.member": {
"json.value.string": "t1",
"json.key": "tenant"
}
}
}
}
}
}
,
{
"_index": "packets-2017-10-17",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.encap_type": "15",
"frame.time": "Mar 9, 2017 03:19:16.854626000 CET",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1489025956.854626000",
"frame.time_delta": "0.000172000",
"frame.time_delta_displayed": "0.026920000",
"frame.time_relative": "7.131753000",
"frame.number": "101",
"frame.len": "802",
"frame.cap_len": "802",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "null:ipv6:tcp:http",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"null": {
"null.family": "30"
},
"ipv6": {
"ipv6.version": "6",
"ip.version": "6",
"ipv6.tclass": "0x00000002",
"ipv6.tclass_tree": {
"ipv6.tclass.dscp": "0",
"ipv6.tclass.ecn": "2"
},
"ipv6.flow": "0x0009438e",
"ipv6.plen": "758",
"ipv6.nxt": "6",
"ipv6.hlim": "64",
"ipv6.src": "::1",
"ipv6.addr": "::1",
"ipv6.src_host": "::1",
"ipv6.host": "::1",
"ipv6.dst": "::1",
"ipv6.addr": "::1",
"ipv6.dst_host": "::1",
"ipv6.host": "::1",
"Source GeoIP: Unknown": "",
"Destination GeoIP: Unknown": ""
},
"tcp": {
"tcp.srcport": "54769",
"tcp.dstport": "8080",
"tcp.port": "54769",
"tcp.port": "8080",
"tcp.stream": "11",
"tcp.len": "726",
"tcp.seq": "1",
"tcp.nxtseq": "727",
"tcp.ack": "1",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7"
},
"tcp.window_size_value": "12743",
"tcp.window_size": "407776",
"tcp.window_size_scalefactor": "32",
"tcp.checksum": "0x000002fe",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:48:49:33:55:48:49:33:55",
"tcp.options_tree": {
"No-Operation (NOP)": {
"tcp.options.type": "1",
"tcp.options.type_tree": {
"tcp.options.type.copy": "0",
"tcp.options.type.class": "0",
"tcp.options.type.number": "1"
}
},
"No-Operation (NOP)": {
"tcp.options.type": "1",
"tcp.options.type_tree": {
"tcp.options.type.copy": "0",
"tcp.options.type.class": "0",
"tcp.options.type.number": "1"
}
},
"Timestamps: TSval 1212756821, TSecr 1212756821": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "1212756821",
"tcp.options.timestamp.tsecr": "1212756821"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.000103000",
"tcp.analysis.bytes_in_flight": "726",
"tcp.analysis.push_bytes_sent": "726"
}
},
"http": {
" [truncated]GET \/auth\/realms\/akvo\/protocol\/openid-connect\/auth?client_id=akvo-lumen&redirect_uri=http%3A%2F%2Ft1.lumen.localhost%3A3030%2Flibrary&state=df2892a9-623d-4d00-8a31-38aab26f8db4&nonce=6a002e6f-e5bc-4c45-ad79-9f44ff43c8e5&respons": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "GET \/auth\/realms\/akvo\/protocol\/openid-connect\/auth?client_id=akvo-lumen&redirect_uri=http%3A%2F%2Ft1.lumen.localhost%3A3030%2Flibrary&state=df2892a9-623d-4d00-8a31-38aab26f8db4&nonce=6a002e6f-e5bc-4c45-ad79-9f44ff43c8e5&response_mode=fragm",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.method": "GET",
"http.request.uri": "\/auth\/realms\/akvo\/protocol\/openid-connect\/auth?client_id=akvo-lumen&redirect_uri=http%3A%2F%2Ft1.lumen.localhost%3A3030%2Flibrary&state=df2892a9-623d-4d00-8a31-38aab26f8db4&nonce=6a002e6f-e5bc-4c45-ad79-9f44ff43c8e5&response_mode=fragment&response_type=code&scope=openid",
"http.request.uri_tree": {
"http.request.uri.path": "\/auth\/realms\/akvo\/protocol\/openid-connect\/auth",
"http.request.uri.query": "client_id=akvo-lumen&redirect_uri=http%3A%2F%2Ft1.lumen.localhost%3A3030%2Flibrary&state=df2892a9-623d-4d00-8a31-38aab26f8db4&nonce=6a002e6f-e5bc-4c45-ad79-9f44ff43c8e5&response_mode=fragment&response_type=code&scope=openid",
"http.request.uri.query_tree": {
"http.request.uri.query.parameter": "client_id=akvo-lumen",
"http.request.uri.query.parameter": "redirect_uri=http%3A%2F%2Ft1.lumen.localhost%3A3030%2Flibrary",
"http.request.uri.query.parameter": "state=df2892a9-623d-4d00-8a31-38aab26f8db4",
"http.request.uri.query.parameter": "nonce=6a002e6f-e5bc-4c45-ad79-9f44ff43c8e5",
"http.request.uri.query.parameter": "response_mode=fragment",
"http.request.uri.query.parameter": "response_type=code",
"http.request.uri.query.parameter": "scope=openid"
}
},
"http.request.version": "HTTP\/1.1"
},
"http.host": "localhost:8080",
"http.request.line": "Host: localhost:8080\r\n",
"http.connection": "keep-alive",
"http.request.line": "Connection: keep-alive\r\n",
"http.request.line": "Upgrade-Insecure-Requests: 1\r\n",
"http.user_agent": "Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36",
"http.request.line": "User-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36\r\n",
"http.accept": "text\/html,application\/xhtml+xml,application\/xml;q=0.9,image\/webp,*\/*;q=0.8",
"http.request.line": "Accept: text\/html,application\/xhtml+xml,application\/xml;q=0.9,image\/webp,*\/*;q=0.8\r\n",
"http.referer": "http:\/\/t1.lumen.localhost:3030\/library",
"http.request.line": "Referer: http:\/\/t1.lumen.localhost:3030\/library\r\n",
"http.accept_encoding": "gzip, deflate, sdch, br",
"http.request.line": "Accept-Encoding: gzip, deflate, sdch, br\r\n",
"http.accept_language": "en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4",
"http.request.line": "Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4\r\n",
"\\r\\n": "",
"http.request.full_uri": "http:\/\/localhost:8080\/auth\/realms\/akvo\/protocol\/openid-connect\/auth?client_id=akvo-lumen&redirect_uri=http%3A%2F%2Ft1.lumen.localhost%3A3030%2Flibrary&state=df2892a9-623d-4d00-8a31-38aab26f8db4&nonce=6a002e6f-e5bc-4c45-ad79-9f44ff43c8e5&response_mode=fragment&response_type=code&scope=openid",
"http.request": "1",
"http.request_number": "1",
"http.response_in": "103",
"http.next_request_in": "113"
}
}
}
}
,
{
"_index": "packets-2017-10-17",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.encap_type": "15",
"frame.time": "Mar 9, 2017 03:19:17.088564000 CET",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1489025957.088564000",
"frame.time_delta": "0.233911000",
"frame.time_delta_displayed": "0.233938000",
"frame.time_relative": "7.365691000",
"frame.number": "103",
"frame.len": "4807",
"frame.cap_len": "4807",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "null:ipv6:tcp:http:data-text-lines",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"null": {
"null.family": "30"
},
"ipv6": {
"ipv6.version": "6",
"ip.version": "6",
"ipv6.tclass": "0x00000002",
"ipv6.tclass_tree": {
"ipv6.tclass.dscp": "0",
"ipv6.tclass.ecn": "2"
},
"ipv6.flow": "0x00090cc8",
"ipv6.plen": "4763",
"ipv6.nxt": "6",
"ipv6.hlim": "64",
"ipv6.src": "::1",
"ipv6.addr": "::1",
"ipv6.src_host": "::1",
"ipv6.host": "::1",
"ipv6.dst": "::1",
"ipv6.addr": "::1",
"ipv6.dst_host": "::1",
"ipv6.host": "::1",
"Source GeoIP: Unknown": "",
"Destination GeoIP: Unknown": ""
},
"tcp": {
"tcp.srcport": "8080",
"tcp.dstport": "54769",
"tcp.port": "8080",
"tcp.port": "54769",
"tcp.stream": "11",
"tcp.len": "4731",
"tcp.seq": "1",
"tcp.nxtseq": "4732",
"tcp.ack": "727",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7"
},
"tcp.window_size_value": "12721",
"tcp.window_size": "407072",
"tcp.window_size_scalefactor": "32",
"tcp.checksum": "0x000012a3",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:48:49:34:3c:48:49:33:55",
"tcp.options_tree": {
"No-Operation (NOP)": {
"tcp.options.type": "1",
"tcp.options.type_tree": {
"tcp.options.type.copy": "0",
"tcp.options.type.class": "0",
"tcp.options.type.number": "1"
}
},
"No-Operation (NOP)": {
"tcp.options.type": "1",
"tcp.options.type_tree": {
"tcp.options.type.copy": "0",
"tcp.options.type.class": "0",
"tcp.options.type.number": "1"
}
},
"Timestamps: TSval 1212757052, TSecr 1212756821": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "1212757052",
"tcp.options.timestamp.tsecr": "1212756821"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.000103000",
"tcp.analysis.bytes_in_flight": "4731",
"tcp.analysis.push_bytes_sent": "4731"
}
},
"http": {
"HTTP\/1.1 200 OK\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.version": "HTTP\/1.1",
"http.response.code": "200",
"http.response.phrase": "OK"
},
"http.cache_control": "no-store, must-revalidate, max-age=0",
"http.response.line": "Cache-Control: no-store, must-revalidate, max-age=0\r\n",
"http.response.line": "X-Powered-By: Undertow\/1\r\n",
"http.set_cookie": "KC_RESTART=eyJhbGciOiJIUzI1NiIsImtpZCIgOiAiNDdmNmU5MjktN2I1NC00MTdkLWJiYTMtM2YwY2M3M2NjNTNjIn0.eyJjcyI6Ijc4NmJlOTQxLWRiYmYtNDg2MC04MGMzLTI0ZjQ2MDU3NzI4NiIsImNpZCI6ImFrdm8tbHVtZW4iLCJwdHkiOiJvcGVuaWQtY29ubmVjdCIsInJ1cmkiOiJodHRwOi8vdDEubHVtZW4ubG9jYWxob3N0OjMwMzAvbGlicmFyeSIsImFjdCI6IkFVVEhFTlRJQ0FURSIsIm5vdGVzIjp7ImF1dGhfdHlwZSI6ImNvZGUiLCJzY29wZSI6Im9wZW5pZCIsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC9hdXRoL3JlYWxtcy9ha3ZvIiwicmVzcG9uc2VfdHlwZSI6ImNvZGUiLCJyZWRpcmVjdF91cmkiOiJodHRwOi8vdDEubHVtZW4ubG9jYWxob3N0OjMwMzAvbGlicmFyeSIsInN0YXRlIjoiZGYyODkyYTktNjIzZC00ZDAwLThhMzEtMzhhYWIyNmY4ZGI0Iiwibm9uY2UiOiI2YTAwMmU2Zi1lNWJjLTRjNDUtYWQ3OS05ZjQ0ZmY0M2M4ZTUiLCJyZXNwb25zZV9tb2RlIjoiZnJhZ21lbnQifX0.3vOGzyxhp-dGq6qnfNdcgNSAGmejeTo5yyC3UezmrA8; Version=1; Path=\/auth\/realms\/akvo; HttpOnly",
"http.response.line": "Set-Cookie: KC_RESTART=eyJhbGciOiJIUzI1NiIsImtpZCIgOiAiNDdmNmU5MjktN2I1NC00MTdkLWJiYTMtM2YwY2M3M2NjNTNjIn0.eyJjcyI6Ijc4NmJlOTQxLWRiYmYtNDg2MC04MGMzLTI0ZjQ2MDU3NzI4NiIsImNpZCI6ImFrdm8tbHVtZW4iLCJwdHkiOiJvcGVuaWQtY29ubmVjdCIsInJ1cmkiOiJodHRwOi8vdDEubHVtZW4ubG9jYWxob3N0OjMwMzAvbGlicmFyeSIsImFjdCI6IkFVVEhFTlRJQ0FURSIsIm5vdGVzIjp7ImF1dGhfdHlwZSI6ImNvZGUiLCJzY29wZSI6Im9wZW5pZCIsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC9hdXRoL3JlYWxtcy9ha3ZvIiwicmVzcG9uc2VfdHlwZSI6ImNvZGUiLCJyZWRpcmVjdF91cmkiOiJodHRwOi8vdDEubHVtZW4ubG9jYWxob3N0OjMwMzAvbGlicmFyeSIsInN0YXRlIjoiZGYyODkyYTktNjIzZC00ZDAwLThhMzEtMzhhYWIyNmY4ZGI0Iiwibm9uY2UiOiI2YTAwMmU2Zi1lNWJjLTRjNDUtYWQ3OS05ZjQ0ZmY0M2M4ZTUiLCJyZXNwb25zZV9tb2RlIjoiZnJhZ21lbnQifX0.3vOGzyxhp-dGq6qnfNdcgNSAGmejeTo5yyC3UezmrA8; Version=1; Path=\/auth\/realms\/akvo; HttpOnly\r\n",
"http.server": "WildFly\/10",
"http.response.line": "Server: WildFly\/10\r\n",
"http.response.line": "X-Frame-Options: SAMEORIGIN\r\n",
"http.response.line": "Content-Security-Policy: frame-src 'self'\r\n",
"http.date": "Thu, 09 Mar 2017 02:19:17 GMT",
"http.response.line": "Date: Thu, 09 Mar 2017 02:19:17 GMT\r\n",
"http.connection": "keep-alive",
"http.response.line": "Connection: keep-alive\r\n",
"http.response.line": "X-Content-Type-Options: nosniff\r\n",
"http.content_type": "text\/html;charset=utf-8",
"http.response.line": "Content-Type: text\/html;charset=utf-8\r\n",
"http.content_length_header": "3589",
"http.content_length_header_tree": {
"http.content_length": "3589"
},
"http.response.line": "Content-Length: 3589\r\n",
"\\r\\n": "",
"http.response": "1",
"http.response_number": "1",
"http.time": "0.233938000",
"http.request_in": "101",
"http.next_request_in": "113",
"http.next_response_in": "115",
"http.file_data": "<!DOCTYPE html PUBLIC \"-\/\/W3C\/\/DTD XHTML 1.0 Transitional\/\/EN\" \"http:\/\/www.w3.org\/TR\/xhtml1\/DTD\/xhtml1-transitional.dtd\">\n<html xmlns=\"http:\/\/www.w3.org\/1999\/xhtml\" class=\"login-pf\">\n\n<head>\n <meta charset=\"utf-8\">\n <meta http-equiv=\"Content-Type\" content=\"text\/html; charset=UTF-8\" \/>\n <meta name=\"robots\" content=\"noindex, nofollow\">\n\n <meta name=\"viewport\" content=\"width=device-width,initial-scale=1\"\/>\n <title> Log in to akvo\n<\/title>\n <link rel=\"icon\" href=\"\/auth\/resources\/2.5.0.final\/login\/keycloak\/img\/favicon.ico\" \/>\n <link href=\"\/auth\/resources\/2.5.0.final\/login\/keycloak\/lib\/patternfly\/css\/patternfly.css\" rel=\"stylesheet\" \/>\n <link href=\"\/auth\/resources\/2.5.0.final\/login\/keycloak\/lib\/zocial\/zocial.css\" rel=\"stylesheet\" \/>\n <link href=\"\/auth\/resources\/2.5.0.final\/login\/keycloak\/css\/login.css\" rel=\"stylesheet\" \/>\n<\/head>\n\n<body class=\"\">\n <div id=\"kc-logo\"><a href=\"http:\/\/www.keycloak.org\"><div id=\"kc-logo-wrapper\"><\/div><\/a><\/div>\n\n <div id=\"kc-container\" class=\"\">\n <div id=\"kc-container-wrapper\" class=\"\">\n\n <div id=\"kc-header\" class=\"col-xs-12 col-sm-8 col-md-8 col-lg-7\">\n <div id=\"kc-header-wrapper\" class=\"\"> akvo\n<\/div>\n <\/div>\n\n\n <div id=\"kc-content\" class=\"col-sm-12 col-md-12 col-lg-12 container\">\n <div id=\"kc-content-wrapper\" class=\"row\">\n\n\n <div id=\"kc-form\" class=\"col-xs-12 col-sm-8 col-md-8 col-lg-7 login\">\n <div id=\"kc-form-wrapper\" class=\"\">\n <form id=\"kc-form-login\" class=\"form-horizontal\" action=\"http:\/\/localhost:8080\/auth\/realms\/akvo\/login-actions\/authenticate?code=9SG716c4Vtovom4imrySQf5MJ8VOY43fknNpNcMnBC4.786be941-dbbf-4860-80c3-24f460577286&execution=99f62daf-cc94-403c-8544-aff95298f592\" method=\"post\">\n <div class=\"form-group\">\n <div class=\"col-xs-12 col-sm-12 col-md-4 col-lg-3\">\n <label for=\"username\" class=\"control-label\">Username or email<\/label>\n <\/div>\n\n <div class=\"col-xs-12 col-sm-12 col-md-8 col-lg-9\">\n <input id=\"username\" class=\"form-control\" name=\"username\" value=\"\" type=\"text\" autofocus autocomplete=\"off\" \/>\n <\/div>\n <\/div>\n\n <div class=\"form-group\">\n <div class=\"col-xs-12 col-sm-12 col-md-4 col-lg-3\">\n <label for=\"password\" class=\"control-label\">Password<\/label>\n <\/div>\n\n <div class=\"col-xs-12 col-sm-12 col-md-8 col-lg-9\">\n <input id=\"password\" class=\"form-control\" name=\"password\" type=\"password\" autocomplete=\"off\" \/>\n <\/div>\n <\/div>\n\n <div class=\"form-group\">\n <div id=\"kc-form-options\" class=\"col-xs-4 col-sm-5 col-md-offset-4 col-md-4 col-lg-offset-3 col-lg-5\">\n <div class=\"\">\n <\/div>\n <\/div>\n\n <div id=\"kc-form-buttons\" class=\"col-xs-8 col-sm-7 col-md-4 col-lg-4 submit\">\n <div class=\"\">\n <input class=\"btn btn-primary btn-lg\" name=\"login\" id=\"kc-login\" type=\"submit\" value=\"Log in\"\/>\n <\/div>\n <\/div>\n <\/div>\n <\/form>\n <\/div>\n <\/div>\n\n <\/div>\n <\/div>\n <\/div>\n <\/div>\n<\/body>\n<\/html>\n"
},
"data-text-lines": {
"<!DOCTYPE html PUBLIC \"-\/\/W3C\/\/DTD XHTML 1.0 Transitional\/\/EN\" \"http:\/\/www.w3.org\/TR\/xhtml1\/DTD\/xhtml1-transitional.dtd\">\\n": "",
"<html xmlns=\"http:\/\/www.w3.org\/1999\/xhtml\" class=\"login-pf\">\\n": "",
"\\n": "",
"<head>\\n": "",
" <meta charset=\"utf-8\">\\n": "",
" <meta http-equiv=\"Content-Type\" content=\"text\/html; charset=UTF-8\" \/>\\n": "",
" <meta name=\"robots\" content=\"noindex, nofollow\">\\n": "",
"\\n": "",
" <meta name=\"viewport\" content=\"width=device-width,initial-scale=1\"\/>\\n": "",
" <title> Log in to akvo\\n": "",
"<\/title>\\n": "",
" <link rel=\"icon\" href=\"\/auth\/resources\/2.5.0.final\/login\/keycloak\/img\/favicon.ico\" \/>\\n": "",
" <link href=\"\/auth\/resources\/2.5.0.final\/login\/keycloak\/lib\/patternfly\/css\/patternfly.css\" rel=\"stylesheet\" \/>\\n": "",
" <link href=\"\/auth\/resources\/2.5.0.final\/login\/keycloak\/lib\/zocial\/zocial.css\" rel=\"stylesheet\" \/>\\n": "",
" <link href=\"\/auth\/resources\/2.5.0.final\/login\/keycloak\/css\/login.css\" rel=\"stylesheet\" \/>\\n": "",
"<\/head>\\n": "",
"\\n": "",
"<body class=\"\">\\n": "",
" <div id=\"kc-logo\"><a href=\"http:\/\/www.keycloak.org\"><div id=\"kc-logo-wrapper\"><\/div><\/a><\/div>\\n": "",
"\\n": "",
" <div id=\"kc-container\" class=\"\">\\n": "",
" <div id=\"kc-container-wrapper\" class=\"\">\\n": "",
"\\n": "",
" <div id=\"kc-header\" class=\"col-xs-12 col-sm-8 col-md-8 col-lg-7\">\\n": "",
" <div id=\"kc-header-wrapper\" class=\"\"> akvo\\n": "",
"<\/div>\\n": "",
" <\/div>\\n": "",
"\\n": "",
"\\n": "",
" <div id=\"kc-content\" class=\"col-sm-12 col-md-12 col-lg-12 container\">\\n": "",
" <div id=\"kc-content-wrapper\" class=\"row\">\\n": "",
"\\n": "",
"\\n": "",
" <div id=\"kc-form\" class=\"col-xs-12 col-sm-8 col-md-8 col-lg-7 login\">\\n": "",
" <div id=\"kc-form-wrapper\" class=\"\">\\n": "",
" [truncated] <form id=\"kc-form-login\" class=\"form-horizontal\" action=\"http:\/\/localhost:8080\/auth\/realms\/akvo\/login-actions\/authenticate?code=9SG716c4Vtovom4imrySQf5MJ8VOY43fknNpNcMnBC4.786be941-dbbf-4860-80c3-24f460577286&execut": "",
" <div class=\"form-group\">\\n": "",
" <div class=\"col-xs-12 col-sm-12 col-md-4 col-lg-3\">\\n": "",
" <label for=\"username\" class=\"control-label\">Username or email<\/label>\\n": "",
" <\/div>\\n": "",
"\\n": "",
" <div class=\"col-xs-12 col-sm-12 col-md-8 col-lg-9\">\\n": "",
" <input id=\"username\" class=\"form-control\" name=\"username\" value=\"\" type=\"text\" autofocus autocomplete=\"off\" \/>\\n": "",
" <\/div>\\n": "",
" <\/div>\\n": "",
"\\n": "",
" <div class=\"form-group\">\\n": "",
" <div class=\"col-xs-12 col-sm-12 col-md-4 col-lg-3\">\\n": "",
" <label for=\"password\" class=\"control-label\">Password<\/label>\\n": "",
" <\/div>\\n": "",
"\\n": "",
" <div class=\"col-xs-12 col-sm-12 col-md-8 col-lg-9\">\\n": "",
" <input id=\"password\" class=\"form-control\" name=\"password\" type=\"password\" autocomplete=\"off\" \/>\\n": "",
" <\/div>\\n": "",
" <\/div>\\n": "",
"\\n": "",
" <div class=\"form-group\">\\n": "",
" <div id=\"kc-form-options\" class=\"col-xs-4 col-sm-5 col-md-offset-4 col-md-4 col-lg-offset-3 col-lg-5\">\\n": "",
" <div class=\"\">\\n": "",
" <\/div>\\n": "",
" <\/div>\\n": "",
"\\n": "",
" <div id=\"kc-form-buttons\" class=\"col-xs-8 col-sm-7 col-md-4 col-lg-4 submit\">\\n": "",
" <div class=\"\">\\n": "",
" <input class=\"btn btn-primary btn-lg\" name=\"login\" id=\"kc-login\" type=\"submit\" value=\"Log in\"\/>\\n": "",
" <\/div>\\n": "",
" <\/div>\\n": "",
" <\/div>\\n": "",
" <\/form>\\n": "",
" <\/div>\\n": "",
" <\/div>\\n": "",
"\\n": "",
" <\/div>\\n": "",
" <\/div>\\n": "",
" <\/div>\\n": "",
" <\/div>\\n": "",
"<\/body>\\n": "",
"<\/html>\\n": ""
}
}
}
}
,
{
"_index": "packets-2017-10-17",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.encap_type": "15",
"frame.time": "Mar 9, 2017 03:19:23.564203000 CET",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1489025963.564203000",
"frame.time_delta": "0.000013000",
"frame.time_delta_displayed": "6.475639000",
"frame.time_relative": "13.841330000",
"frame.number": "113",
"frame.len": "122",
"frame.cap_len": "122",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "null:ipv6:tcp:http:urlencoded-form",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"null": {
"null.family": "30"
},
"ipv6": {
"ipv6.version": "6",
"ip.version": "6",
"ipv6.tclass": "0x00000002",
"ipv6.tclass_tree": {
"ipv6.tclass.dscp": "0",
"ipv6.tclass.ecn": "2"
},
"ipv6.flow": "0x0009438e",
"ipv6.plen": "78",
"ipv6.nxt": "6",
"ipv6.hlim": "64",
"ipv6.src": "::1",
"ipv6.addr": "::1",
"ipv6.src_host": "::1",
"ipv6.host": "::1",
"ipv6.dst": "::1",
"ipv6.addr": "::1",
"ipv6.dst_host": "::1",
"ipv6.host": "::1",
"Source GeoIP: Unknown": "",
"Destination GeoIP: Unknown": ""
},
"tcp": {
"tcp.srcport": "54769",
"tcp.dstport": "8080",
"tcp.port": "54769",
"tcp.port": "8080",
"tcp.stream": "11",
"tcp.len": "46",
"tcp.seq": "2482",
"tcp.nxtseq": "2528",
"tcp.ack": "4732",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7"
},
"tcp.window_size_value": "12595",
"tcp.window_size": "403040",
"tcp.window_size_scalefactor": "32",
"tcp.checksum": "0x00000056",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:48:49:4d:72:48:49:34:3c",
"tcp.options_tree": {
"No-Operation (NOP)": {
"tcp.options.type": "1",
"tcp.options.type_tree": {
"tcp.options.type.copy": "0",
"tcp.options.type.class": "0",
"tcp.options.type.number": "1"
}
},
"No-Operation (NOP)": {
"tcp.options.type": "1",
"tcp.options.type_tree": {
"tcp.options.type.copy": "0",
"tcp.options.type.class": "0",
"tcp.options.type.number": "1"
}
},
"Timestamps: TSval 1212763506, TSecr 1212757052": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "1212763506",
"tcp.options.timestamp.tsecr": "1212757052"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.000103000",
"tcp.analysis.bytes_in_flight": "46",
"tcp.analysis.push_bytes_sent": "46"
},
"tcp.segment_data": "75:73:65:72:6e:61:6d:65:3d:6a:65:72:6f:6d:65:26:70:61:73:73:77:6f:72:64:3d:70:61:73:73:77:6f:72:64:26:6c:6f:67:69:6e:3d:4c:6f:67:2b:69:6e"
},
"tcp.segments": {
"tcp.segment": "111",
"tcp.segment": "113",
"tcp.segment.count": "2",
"tcp.reassembled.length": "1801",
"tcp.reassembled.data": "50:4f:53:54:20:2f:61:75:74:68:2f:72:65:61:6c:6d:73:2f:61:6b:76:6f:2f:6c:6f:67:69:6e:2d:61:63:74:69:6f:6e:73:2f:61:75:74:68:65:6e:74:69:63:61:74:65:3f:63:6f:64:65:3d:39:53:47:37:31:36:63:34:56:74:6f:76:6f:6d:34:69:6d:72:79:53:51:66:35:4d:4a:38:56:4f:59:34:33:66:6b:6e:4e:70:4e:63:4d:6e:42:43:34:2e:37:38:36:62:65:39:34:31:2d:64:62:62:66:2d:34:38:36:30:2d:38:30:63:33:2d:32:34:66:34:36:30:35:37:37:32:38:36:26:65:78:65:63:75:74:69:6f:6e:3d:39:39:66:36:32:64:61:66:2d:63:63:39:34:2d:34:30:33:63:2d:38:35:34:34:2d:61:66:66:39:35:32:39:38:66:35:39:32:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:6c:6f:63:61:6c:68:6f:73:74:3a:38:30:38:30:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:6b:65:65:70:2d:61:6c:69:76:65:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:34:36:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:6d:61:78:2d:61:67:65:3d:30:0d:0a:4f:72:69:67:69:6e:3a:20:68:74:74:70:3a:2f:2f:6c:6f:63:61:6c:68:6f:73:74:3a:38:30:38:30:0d:0a:55:70:67:72:61:64:65:2d:49:6e:73:65:63:75:72:65:2d:52:65:71:75:65:73:74:73:3a:20:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:35:2e:30:20:28:4d:61:63:69:6e:74:6f:73:68:3b:20:49:6e:74:65:6c:20:4d:61:63:20:4f:53:20:58:20:31:30:5f:31:32:5f:33:29:20:41:70:70:6c:65:57:65:62:4b:69:74:2f:35:33:37:2e:33:36:20:28:4b:48:54:4d:4c:2c:20:6c:69:6b:65:20:47:65:63:6b:6f:29:20:43:68:72:6f:6d:65:2f:35:36:2e:30:2e:32:39:32:34:2e:38:37:20:53:61:66:61:72:69:2f:35:33:37:2e:33:36:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:78:2d:77:77:77:2d:66:6f:72:6d:2d:75:72:6c:65:6e:63:6f:64:65:64:0d:0a:41:63:63:65:70:74:3a:20:74:65:78:74:2f:68:74:6d:6c:2c:61:70:70:6c:69:63:61:74:69:6f:6e:2f:78:68:74:6d:6c:2b:78:6d:6c:2c:61:70:70:6c:69:63:61:74:69:6f:6e:2f:78:6d:6c:3b:71:3d:30:2e:39:2c:69:6d:61:67:65:2f:77:65:62:70:2c:2a:2f:2a:3b:71:3d:30:2e:38:0d:0a:52:65:66:65:72:65:72:3a:20:68:74:74:70:3a:2f:2f:6c:6f:63:61:6c:68:6f:73:74:3a:38:30:38:30:2f:61:75:74:68:2f:72:65:61:6c:6d:73:2f:61:6b:76:6f:2f:70:72:6f:74:6f:63:6f:6c:2f:6f:70:65:6e:69:64:2d:63:6f:6e:6e:65:63:74:2f:61:75:74:68:3f:63:6c:69:65:6e:74:5f:69:64:3d:61:6b:76:6f:2d:6c:75:6d:65:6e:26:72:65:64:69:72:65:63:74:5f:75:72:69:3d:68:74:74:70:25:33:41:25:32:46:25:32:46:74:31:2e:6c:75:6d:65:6e:2e:6c:6f:63:61:6c:68:6f:73:74:25:33:41:33:30:33:30:25:32:46:6c:69:62:72:61:72:79:26:73:74:61:74:65:3d:64:66:32:38:39:32:61:39:2d:36:32:33:64:2d:34:64:30:30:2d:38:61:33:31:2d:33:38:61:61:62:32:36:66:38:64:62:34:26:6e:6f:6e:63:65:3d:36:61:30:30:32:65:36:66:2d:65:35:62:63:2d:34:63:34:35:2d:61:64:37:39:2d:39:66:34:34:66:66:34:33:63:38:65:35:26:72:65:73:70:6f:6e:73:65:5f:6d:6f:64:65:3d:66:72:61:67:6d:65:6e:74:26:72:65:73:70:6f:6e:73:65:5f:74:79:70:65:3d:63:6f:64:65:26:73:63:6f:70:65:3d:6f:70:65:6e:69:64:0d:0a:41:63:63:65:70:74:2d:45:6e:63:6f:64:69:6e:67:3a:20:67:7a:69:70:2c:20:64:65:66:6c:61:74:65:2c:20:62:72:0d:0a:41:63:63:65:70:74:2d:4c:61:6e:67:75:61:67:65:3a:20:65:6e:2d:47:42:2c:65:6e:3b:71:3d:30:2e:38:2c:65:6e:2d:55:53:3b:71:3d:30:2e:36:2c:65:73:3b:71:3d:30:2e:34:0d:0a:43:6f:6f:6b:69:65:3a:20:4b:43:5f:52:45:53:54:41:52:54:3d:65:79:4a:68:62:47:63:69:4f:69:4a:49:55:7a:49:31:4e:69:49:73:49:6d:74:70:5a:43:49:67:4f:69:41:69:4e:44:64:6d:4e:6d:55:35:4d:6a:6b:74:4e:32:49:31:4e:43:30:30:4d:54:64:6b:4c:57:4a:69:59:54:4d:74:4d:32:59:77:59:32:4d:33:4d:32:4e:6a:4e:54:4e:6a:49:6e:30:2e:65:79:4a:6a:63:79:49:36:49:6a:63:34:4e:6d:4a:6c:4f:54:51:78:4c:57:52:69:59:6d:59:74:4e:44:67:32:4d:43:30:34:4d:47:4d:7a:4c:54:49:30:5a:6a:51:32:4d:44:55:33:4e:7a:49:34:4e:69:49:73:49:6d:4e:70:5a:43:49:36:49:6d:46:72:64:6d:38:74:62:48:56:74:5a:57:34:69:4c:43:4a:77:64:48:6b:69:4f:69:4a:76:63:47:56:75:61:57:51:74:59:32:39:75:62:6d:56:6a:64:43:49:73:49:6e:4a:31:63:6d:6b:69:4f:69:4a:6f:64:48:52:77:4f:69:38:76:64:44:45:75:62:48:56:74:5a:57:34:75:62:47:39:6a:59:57:78:6f:62:33:4e:30:4f:6a:4d:77:4d:7a:41:76:62:47:6c:69:63:6d:46:79:65:53:49:73:49:6d:46:6a:64:43:49:36:49:6b:46:56:56:45:68:46:54:6c:52:4a:51:30:46:55:52:53:49:73:49:6d:35:76:64:47:56:7a:49:6a:70:37:49:6d:46:31:64:47:68:66:64:48:6c:77:5a:53:49:36:49:6d:4e:76:5a:47:55:69:4c:43:4a:7a:59:32:39:77:5a:53:49:36:49:6d:39:77:5a:57:35:70:5a:43:49:73:49:6d:6c:7a:63:79:49:36:49:6d:68:30:64:48:41:36:4c:79:39:73:62:32:4e:68:62:47:68:76:63:33:51:36:4f:44:41:34:4d:43:39:68:64:58:52:6f:4c:33:4a:6c:59:57:78:74:63:79:39:68:61:33:5a:76:49:69:77:69:63:6d:56:7a:63:47:39:75:63:32:56:66:64:48:6c:77:5a:53:49:36:49:6d:4e:76:5a:47:55:69:4c:43:4a:79:5a:57:52:70:63:6d:56:6a:64:46:39:31:63:6d:6b:69:4f:69:4a:6f:64:48:52:77:4f:69:38:76:64:44:45:75:62:48:56:74:5a:57:34:75:62:47:39:6a:59:57:78:6f:62:33:4e:30:4f:6a:4d:77:4d:7a:41:76:62:47:6c:69:63:6d:46:79:65:53:49:73:49:6e:4e:30:59:58:52:6c:49:6a:6f:69:5a:47:59:79:4f:44:6b:79:59:54:6b:74:4e:6a:49:7a:5a:43:30:30:5a:44:41:77:4c:54:68:68:4d:7a:45:74:4d:7a:68:68:59:57:49:79:4e:6d:59:34:5a:47:49:30:49:69:77:69:62:6d:39:75:59:32:55:69:4f:69:49:32:59:54:41:77:4d:6d:55:32:5a:69:31:6c:4e:57:4a:6a:4c:54:52:6a:4e:44:55:74:59:57:51:33:4f:53:30:35:5a:6a:51:30:5a:6d:59:30:4d:32:4d:34:5a:54:55:69:4c:43:4a:79:5a:58:4e:77:62:32:35:7a:5a:56:39:74:62:32:52:6c:49:6a:6f:69:5a:6e:4a:68:5a:32:31:6c:62:6e:51:69:66:58:30:2e:33:76:4f:47:7a:79:78:68:70:2d:64:47:71:36:71:6e:66:4e:64:63:67:4e:53:41:47:6d:65:6a:65:54:6f:35:79:79:43:33:55:65:7a:6d:72:41:38:0d:0a:0d:0a:75:73:65:72:6e:61:6d:65:3d:6a:65:72:6f:6d:65:26:70:61:73:73:77:6f:72:64:3d:70:61:73:73:77:6f:72:64:26:6c:6f:67:69:6e:3d:4c:6f:67:2b:69:6e"
},
"http": {
"POST \/auth\/realms\/akvo\/login-actions\/authenticate?code=9SG716c4Vtovom4imrySQf5MJ8VOY43fknNpNcMnBC4.786be941-dbbf-4860-80c3-24f460577286&execution=99f62daf-cc94-403c-8544-aff95298f592 HTTP\/1.1\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "POST \/auth\/realms\/akvo\/login-actions\/authenticate?code=9SG716c4Vtovom4imrySQf5MJ8VOY43fknNpNcMnBC4.786be941-dbbf-4860-80c3-24f460577286&execution=99f62daf-cc94-403c-8544-aff95298f592 HTTP\/1.1\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.method": "POST",
"http.request.uri": "\/auth\/realms\/akvo\/login-actions\/authenticate?code=9SG716c4Vtovom4imrySQf5MJ8VOY43fknNpNcMnBC4.786be941-dbbf-4860-80c3-24f460577286&execution=99f62daf-cc94-403c-8544-aff95298f592",
"http.request.uri_tree": {
"http.request.uri.path": "\/auth\/realms\/akvo\/login-actions\/authenticate",
"http.request.uri.query": "code=9SG716c4Vtovom4imrySQf5MJ8VOY43fknNpNcMnBC4.786be941-dbbf-4860-80c3-24f460577286&execution=99f62daf-cc94-403c-8544-aff95298f592",
"http.request.uri.query_tree": {
"http.request.uri.query.parameter": "code=9SG716c4Vtovom4imrySQf5MJ8VOY43fknNpNcMnBC4.786be941-dbbf-4860-80c3-24f460577286",
"http.request.uri.query.parameter": "execution=99f62daf-cc94-403c-8544-aff95298f592"
}
},
"http.request.version": "HTTP\/1.1"
},
"http.host": "localhost:8080",
"http.request.line": "Host: localhost:8080\r\n",
"http.connection": "keep-alive",
"http.request.line": "Connection: keep-alive\r\n",
"http.content_length_header": "46",
"http.content_length_header_tree": {
"http.content_length": "46"
},
"http.request.line": "Content-Length: 46\r\n",
"http.cache_control": "max-age=0",
"http.request.line": "Cache-Control: max-age=0\r\n",
"http.request.line": "Origin: http:\/\/localhost:8080\r\n",
"http.request.line": "Upgrade-Insecure-Requests: 1\r\n",
"http.user_agent": "Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36",
"http.request.line": "User-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36\r\n",
"http.content_type": "application\/x-www-form-urlencoded",
"http.request.line": "Content-Type: application\/x-www-form-urlencoded\r\n",
"http.accept": "text\/html,application\/xhtml+xml,application\/xml;q=0.9,image\/webp,*\/*;q=0.8",
"http.request.line": "Accept: text\/html,application\/xhtml+xml,application\/xml;q=0.9,image\/webp,*\/*;q=0.8\r\n",
"http.referer": "http:\/\/localhost:8080\/auth\/realms\/akvo\/protocol\/openid-connect\/auth?client_id=akvo-lumen&redirect_uri=http%3A%2F%2Ft1.lumen.localhost%3A3030%2Flibrary&state=df2892a9-623d-4d00-8a31-38aab26f8db4&nonce=6a002e6f-e5bc-4c45-ad79-9f44ff43c8e5&response_mode=fragment&response_type=code&scope=openid",
"http.request.line": "Referer: http:\/\/localhost:8080\/auth\/realms\/akvo\/protocol\/openid-connect\/auth?client_id=akvo-lumen&redirect_uri=http%3A%2F%2Ft1.lumen.localhost%3A3030%2Flibrary&state=df2892a9-623d-4d00-8a31-38aab26f8db4&nonce=6a002e6f-e5bc-4c45-ad79-9f44ff43c8e5&response_mode=fragment&response_type=code&scope=openid\r\n",
"http.accept_encoding": "gzip, deflate, br",
"http.request.line": "Accept-Encoding: gzip, deflate, br\r\n",
"http.accept_language": "en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4",
"http.request.line": "Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4\r\n",
"http.cookie": "KC_RESTART=eyJhbGciOiJIUzI1NiIsImtpZCIgOiAiNDdmNmU5MjktN2I1NC00MTdkLWJiYTMtM2YwY2M3M2NjNTNjIn0.eyJjcyI6Ijc4NmJlOTQxLWRiYmYtNDg2MC04MGMzLTI0ZjQ2MDU3NzI4NiIsImNpZCI6ImFrdm8tbHVtZW4iLCJwdHkiOiJvcGVuaWQtY29ubmVjdCIsInJ1cmkiOiJodHRwOi8vdDEubHVtZW4ubG9jYWxob3N0OjMwMzAvbGlicmFyeSIsImFjdCI6IkFVVEhFTlRJQ0FURSIsIm5vdGVzIjp7ImF1dGhfdHlwZSI6ImNvZGUiLCJzY29wZSI6Im9wZW5pZCIsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC9hdXRoL3JlYWxtcy9ha3ZvIiwicmVzcG9uc2VfdHlwZSI6ImNvZGUiLCJyZWRpcmVjdF91cmkiOiJodHRwOi8vdDEubHVtZW4ubG9jYWxob3N0OjMwMzAvbGlicmFyeSIsInN0YXRlIjoiZGYyODkyYTktNjIzZC00ZDAwLThhMzEtMzhhYWIyNmY4ZGI0Iiwibm9uY2UiOiI2YTAwMmU2Zi1lNWJjLTRjNDUtYWQ3OS05ZjQ0ZmY0M2M4ZTUiLCJyZXNwb25zZV9tb2RlIjoiZnJhZ21lbnQifX0.3vOGzyxhp-dGq6qnfNdcgNSAGmejeTo5yyC3UezmrA8",
"http.cookie_tree": {
"http.cookie_pair": "KC_RESTART=eyJhbGciOiJIUzI1NiIsImtpZCIgOiAiNDdmNmU5MjktN2I1NC00MTdkLWJiYTMtM2YwY2M3M2NjNTNjIn0.eyJjcyI6Ijc4NmJlOTQxLWRiYmYtNDg2MC04MGMzLTI0ZjQ2MDU3NzI4NiIsImNpZCI6ImFrdm8tbHVtZW4iLCJwdHkiOiJvcGVuaWQtY29ubmVjdCIsInJ1cmkiOiJodHRwOi8vdDEubHVtZW4ubG9jYWxob3N0OjMwMzAvbGlicmFyeSIsImFjdCI6IkFVVEhFTlRJQ0FURSIsIm5vdGVzIjp7ImF1dGhfdHlwZSI6ImNvZGUiLCJzY29wZSI6Im9wZW5pZCIsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC9hdXRoL3JlYWxtcy9ha3ZvIiwicmVzcG9uc2VfdHlwZSI6ImNvZGUiLCJyZWRpcmVjdF91cmkiOiJodHRwOi8vdDEubHVtZW4ubG9jYWxob3N0OjMwMzAvbGlicmFyeSIsInN0YXRlIjoiZGYyODkyYTktNjIzZC00ZDAwLThhMzEtMzhhYWIyNmY4ZGI0Iiwibm9uY2UiOiI2YTAwMmU2Zi1lNWJjLTRjNDUtYWQ3OS05ZjQ0ZmY0M2M4ZTUiLCJyZXNwb25zZV9tb2RlIjoiZnJhZ21lbnQifX0.3vOGzyxhp-dGq6qnfNdcgNSAGmejeTo5yyC3UezmrA8"
},
"http.request.line": "Cookie: KC_RESTART=eyJhbGciOiJIUzI1NiIsImtpZCIgOiAiNDdmNmU5MjktN2I1NC00MTdkLWJiYTMtM2YwY2M3M2NjNTNjIn0.eyJjcyI6Ijc4NmJlOTQxLWRiYmYtNDg2MC04MGMzLTI0ZjQ2MDU3NzI4NiIsImNpZCI6ImFrdm8tbHVtZW4iLCJwdHkiOiJvcGVuaWQtY29ubmVjdCIsInJ1cmkiOiJodHRwOi8vdDEubHVtZW4ubG9jYWxob3N0OjMwMzAvbGlicmFyeSIsImFjdCI6IkFVVEhFTlRJQ0FURSIsIm5vdGVzIjp7ImF1dGhfdHlwZSI6ImNvZGUiLCJzY29wZSI6Im9wZW5pZCIsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC9hdXRoL3JlYWxtcy9ha3ZvIiwicmVzcG9uc2VfdHlwZSI6ImNvZGUiLCJyZWRpcmVjdF91cmkiOiJodHRwOi8vdDEubHVtZW4ubG9jYWxob3N0OjMwMzAvbGlicmFyeSIsInN0YXRlIjoiZGYyODkyYTktNjIzZC00ZDAwLThhMzEtMzhhYWIyNmY4ZGI0Iiwibm9uY2UiOiI2YTAwMmU2Zi1lNWJjLTRjNDUtYWQ3OS05ZjQ0ZmY0M2M4ZTUiLCJyZXNwb25zZV9tb2RlIjoiZnJhZ21lbnQifX0.3vOGzyxhp-dGq6qnfNdcgNSAGmejeTo5yyC3UezmrA8\r\n",
"\\r\\n": "",
"http.request.full_uri": "http:\/\/localhost:8080\/auth\/realms\/akvo\/login-actions\/authenticate?code=9SG716c4Vtovom4imrySQf5MJ8VOY43fknNpNcMnBC4.786be941-dbbf-4860-80c3-24f460577286&execution=99f62daf-cc94-403c-8544-aff95298f592",
"http.request": "1",
"http.request_number": "2",
"http.prev_request_in": "101",
"http.response_in": "115",
"http.next_request_in": "163",
"http.file_data": "username=jerome&password=password&login=Log+in"
},
"urlencoded-form": {
"Form item: \"username\" = \"jerome\"": {
"urlencoded-form.key": "username",
"urlencoded-form.value": "jerome"
},
"Form item: \"password\" = \"password\"": {
"urlencoded-form.key": "password",
"urlencoded-form.value": "password"
},
"Form item: \"login\" = \"Log in\"": {
"urlencoded-form.key": "login",
"urlencoded-form.value": "Log in"
}
}
}
}
}
,
{
"_index": "packets-2017-10-17",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.encap_type": "15",
"frame.time": "Mar 9, 2017 03:19:23.743229000 CET",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1489025963.743229000",
"frame.time_delta": "0.179012000",
"frame.time_delta_displayed": "0.179026000",
"frame.time_relative": "14.020356000",
"frame.number": "115",
"frame.len": "1411",
"frame.cap_len": "1411",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "null:ipv6:tcp:http",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"null": {
"null.family": "30"
},
"ipv6": {
"ipv6.version": "6",
"ip.version": "6",
"ipv6.tclass": "0x00000002",
"ipv6.tclass_tree": {
"ipv6.tclass.dscp": "0",
"ipv6.tclass.ecn": "2"
},
"ipv6.flow": "0x00090cc8",
"ipv6.plen": "1367",
"ipv6.nxt": "6",
"ipv6.hlim": "64",
"ipv6.src": "::1",
"ipv6.addr": "::1",
"ipv6.src_host": "::1",
"ipv6.host": "::1",
"ipv6.dst": "::1",
"ipv6.addr": "::1",
"ipv6.dst_host": "::1",
"ipv6.host": "::1",
"Source GeoIP: Unknown": "",
"Destination GeoIP: Unknown": ""
},
"tcp": {
"tcp.srcport": "8080",
"tcp.dstport": "54769",
"tcp.port": "8080",
"tcp.port": "54769",
"tcp.stream": "11",
"tcp.len": "1335",
"tcp.seq": "4732",
"tcp.nxtseq": "6067",
"tcp.ack": "2528",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7"
},
"tcp.window_size_value": "12664",
"tcp.window_size": "405248",
"tcp.window_size_scalefactor": "32",
"tcp.checksum": "0x0000055f",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:48:49:4e:23:48:49:4d:72",
"tcp.options_tree": {
"No-Operation (NOP)": {
"tcp.options.type": "1",
"tcp.options.type_tree": {
"tcp.options.type.copy": "0",
"tcp.options.type.class": "0",
"tcp.options.type.number": "1"
}
},
"No-Operation (NOP)": {
"tcp.options.type": "1",
"tcp.options.type_tree": {
"tcp.options.type.copy": "0",
"tcp.options.type.class": "0",
"tcp.options.type.number": "1"
}
},
"Timestamps: TSval 1212763683, TSecr 1212763506": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "1212763683",
"tcp.options.timestamp.tsecr": "1212763506"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.000103000",
"tcp.analysis.bytes_in_flight": "1335",
"tcp.analysis.push_bytes_sent": "1335"
}
},
"http": {
"HTTP\/1.1 302 Found\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "HTTP\/1.1 302 Found\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.version": "HTTP\/1.1",
"http.response.code": "302",
"http.response.phrase": "Found"
},
"http.cache_control": "no-store, must-revalidate, max-age=0",
"http.response.line": "Cache-Control: no-store, must-revalidate, max-age=0\r\n",
"http.response.line": "X-Powered-By: Undertow\/1\r\n",
"http.set_cookie": "KEYCLOAK_IDENTITY=eyJhbGciOiJIUzI1NiIsImtpZCIgOiAiNDdmNmU5MjktN2I1NC00MTdkLWJiYTMtM2YwY2M3M2NjNTNjIn0.eyJqdGkiOiIyOGQ0OTQzNi0yY2Y0LTQ5YzAtYmQ5NC0xNjcxMDJlNjA4N2MiLCJleHAiOjE0ODkwNjE5NjMsIm5iZiI6MCwiaWF0IjoxNDg5MDI1OTYzLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvYWt2byIsInN1YiI6IjM0M2VmMDYxLTI1Y2EtNDgwOC04NDFiLTcyMThmOGEyNmI3ZiIsImF1dGhfdGltZSI6MCwic2Vzc2lvbl9zdGF0ZSI6IjBmYTViMTBjLTgxZmMtNDU0NS1hNjI3LWVlMjhiZmFmZDc0YSIsInJlc291cmNlX2FjY2VzcyI6e319.SV0NcP2Qkbkrhr2OfupPT5KJnX7ruRKlNfOtD6RefzA; Version=1; Path=\/auth\/realms\/akvo; HttpOnly",
"http.response.line": "Set-Cookie: KEYCLOAK_IDENTITY=eyJhbGciOiJIUzI1NiIsImtpZCIgOiAiNDdmNmU5MjktN2I1NC00MTdkLWJiYTMtM2YwY2M3M2NjNTNjIn0.eyJqdGkiOiIyOGQ0OTQzNi0yY2Y0LTQ5YzAtYmQ5NC0xNjcxMDJlNjA4N2MiLCJleHAiOjE0ODkwNjE5NjMsIm5iZiI6MCwiaWF0IjoxNDg5MDI1OTYzLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvYWt2byIsInN1YiI6IjM0M2VmMDYxLTI1Y2EtNDgwOC04NDFiLTcyMThmOGEyNmI3ZiIsImF1dGhfdGltZSI6MCwic2Vzc2lvbl9zdGF0ZSI6IjBmYTViMTBjLTgxZmMtNDU0NS1hNjI3LWVlMjhiZmFmZDc0YSIsInJlc291cmNlX2FjY2VzcyI6e319.SV0NcP2Qkbkrhr2OfupPT5KJnX7ruRKlNfOtD6RefzA; Version=1; Path=\/auth\/realms\/akvo; HttpOnly\r\n",
"http.set_cookie": "KEYCLOAK_SESSION=akvo\/343ef061-25ca-4808-841b-7218f8a26b7f\/0fa5b10c-81fc-4545-a627-ee28bfafd74a; Version=1; Expires=Thu, 09-Mar-2017 12:19:23 GMT; Max-Age=36000; Path=\/auth\/realms\/akvo",
"http.response.line": "Set-Cookie: KEYCLOAK_SESSION=akvo\/343ef061-25ca-4808-841b-7218f8a26b7f\/0fa5b10c-81fc-4545-a627-ee28bfafd74a; Version=1; Expires=Thu, 09-Mar-2017 12:19:23 GMT; Max-Age=36000; Path=\/auth\/realms\/akvo\r\n",
"http.set_cookie": "KEYCLOAK_REMEMBER_ME=; Version=1; Comment=Expiring cookie; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Max-Age=0; Path=\/auth\/realms\/akvo; HttpOnly",
"http.response.line": "Set-Cookie: KEYCLOAK_REMEMBER_ME=; Version=1; Comment=Expiring cookie; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Max-Age=0; Path=\/auth\/realms\/akvo; HttpOnly\r\n",
"http.response.line": "P3P: CP=\"This is not a P3P policy!\"\r\n",
"http.server": "WildFly\/10",
"http.response.line": "Server: WildFly\/10\r\n",
"http.location": "http:\/\/t1.lumen.localhost:3030\/library#state=df2892a9-623d-4d00-8a31-38aab26f8db4&code=geFiYQ9-tZ1eemWLKl3yWJXcFbSv83ydaM2iqM-NgPU.786be941-dbbf-4860-80c3-24f460577286",
"http.response.line": "Location: http:\/\/t1.lumen.localhost:3030\/library#state=df2892a9-623d-4d00-8a31-38aab26f8db4&code=geFiYQ9-tZ1eemWLKl3yWJXcFbSv83ydaM2iqM-NgPU.786be941-dbbf-4860-80c3-24f460577286\r\n",
"http.date": "Thu, 09 Mar 2017 02:19:23 GMT",
"http.response.line": "Date: Thu, 09 Mar 2017 02:19:23 GMT\r\n",
"http.connection": "keep-alive",
"http.response.line": "Connection: keep-alive\r\n",
"http.content_length_header": "0",
"http.content_length_header_tree": {
"http.content_length": "0"
},
"http.response.line": "Content-Length: 0\r\n",
"\\r\\n": "",
"http.response": "1",
"http.response_number": "2",
"http.time": "0.179026000",
"http.prev_request_in": "101",
"http.prev_response_in": "103",
"http.request_in": "113",
"http.next_request_in": "163",
"http.next_response_in": "171"
}
}
}
}
,
{
"_index": "packets-2017-10-17",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.encap_type": "15",
"frame.time": "Mar 9, 2017 03:19:23.745405000 CET",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1489025963.745405000",
"frame.time_delta": "0.002137000",
"frame.time_delta_displayed": "0.002176000",
"frame.time_relative": "14.022532000",
"frame.number": "117",
"frame.len": "860",
"frame.cap_len": "860",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "null:ip:tcp:http",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"null": {
"null.family": "2"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000000",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "0"
},
"ip.len": "856",
"ip.id": "0x0000bfa7",
"ip.flags": "0x00000002",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0"
},
"ip.frag_offset": "0",
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x00000000",
"ip.checksum.status": "2",
"ip.src": "127.0.0.1",
"ip.addr": "127.0.0.1",
"ip.src_host": "127.0.0.1",
"ip.host": "127.0.0.1",
"ip.dst": "127.0.0.1",
"ip.addr": "127.0.0.1",
"ip.dst_host": "127.0.0.1",
"ip.host": "127.0.0.1",
"Source GeoIP: Unknown": "",
"Destination GeoIP: Unknown": ""
},
"tcp": {
"tcp.srcport": "54765",
"tcp.dstport": "3030",
"tcp.port": "54765",
"tcp.port": "3030",
"tcp.stream": "7",
"tcp.len": "804",
"tcp.seq": "1788",
"tcp.nxtseq": "2592",
"tcp.ack": "1001",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7"
},
"tcp.window_size_value": "12728",
"tcp.window_size": "407296",
"tcp.window_size_scalefactor": "32",
"tcp.checksum": "0x0000014d",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:48:49:4e:25:48:49:30:4a",
"tcp.options_tree": {
"No-Operation (NOP)": {
"tcp.options.type": "1",
"tcp.options.type_tree": {
"tcp.options.type.copy": "0",
"tcp.options.type.class": "0",
"tcp.options.type.number": "1"
}
},
"No-Operation (NOP)": {
"tcp.options.type": "1",
"tcp.options.type_tree": {
"tcp.options.type.copy": "0",
"tcp.options.type.class": "0",
"tcp.options.type.number": "1"
}
},
"Timestamps: TSval 1212763685, TSecr 1212756042": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "1212763685",
"tcp.options.timestamp.tsecr": "1212756042"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.000078000",
"tcp.analysis.bytes_in_flight": "804",
"tcp.analysis.push_bytes_sent": "804"
}
},
"http": {
"GET \/library HTTP\/1.1\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "GET \/library HTTP\/1.1\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.method": "GET",
"http.request.uri": "\/library",
"http.request.version": "HTTP\/1.1"
},
"http.host": "t1.lumen.localhost:3030",
"http.request.line": "Host: t1.lumen.localhost:3030\r\n",
"http.connection": "keep-alive",
"http.request.line": "Connection: keep-alive\r\n",
"http.cache_control": "max-age=0",
"http.request.line": "Cache-Control: max-age=0\r\n",
"http.request.line": "Upgrade-Insecure-Requests: 1\r\n",
"http.user_agent": "Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36",
"http.request.line": "User-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36\r\n",
"http.accept": "text\/html,application\/xhtml+xml,application\/xml;q=0.9,image\/webp,*\/*;q=0.8",
"http.request.line": "Accept: text\/html,application\/xhtml+xml,application\/xml;q=0.9,image\/webp,*\/*;q=0.8\r\n",
"http.referer": "http:\/\/localhost:8080\/auth\/realms\/akvo\/protocol\/openid-connect\/auth?client_id=akvo-lumen&redirect_uri=http%3A%2F%2Ft1.lumen.localhost%3A3030%2Flibrary&state=df2892a9-623d-4d00-8a31-38aab26f8db4&nonce=6a002e6f-e5bc-4c45-ad79-9f44ff43c8e5&response_mode=fragment&response_type=code&scope=openid",
"http.request.line": "Referer: http:\/\/localhost:8080\/auth\/realms\/akvo\/protocol\/openid-connect\/auth?client_id=akvo-lumen&redirect_uri=http%3A%2F%2Ft1.lumen.localhost%3A3030%2Flibrary&state=df2892a9-623d-4d00-8a31-38aab26f8db4&nonce=6a002e6f-e5bc-4c45-ad79-9f44ff43c8e5&response_mode=fragment&response_type=code&scope=openid\r\n",
"http.accept_encoding": "gzip, deflate, sdch, br",
"http.request.line": "Accept-Encoding: gzip, deflate, sdch, br\r\n",
"http.accept_language": "en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4",
"http.request.line": "Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4\r\n",
"http.request.line": "If-None-Match: W\/\"22f-yjaM2RvlkdfqS0jVUSsumj\/Lpw8\"\r\n",
"\\r\\n": "",
"http.request.full_uri": "http:\/\/t1.lumen.localhost:3030\/library",
"http.request": "1",
"http.request_number": "5",
"http.prev_request_in": "69",
"http.response_in": "119",
"http.next_request_in": "121"
}
}
}
}
,
{
"_index": "packets-2017-10-17",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.encap_type": "15",
"frame.time": "Mar 9, 2017 03:19:23.747467000 CET",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1489025963.747467000",
"frame.time_delta": "0.002018000",
"frame.time_delta_displayed": "0.002062000",
"frame.time_relative": "14.024594000",
"frame.number": "119",
"frame.len": "266",
"frame.cap_len": "266",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "null:ip:tcp:http",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"null": {
"null.family": "2"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000002",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "2"
},
"ip.len": "262",
"ip.id": "0x0000360e",
"ip.flags": "0x00000002",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0"
},
"ip.frag_offset": "0",
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x00000000",
"ip.checksum.status": "2",
"ip.src": "127.0.0.1",
"ip.addr": "127.0.0.1",
"ip.src_host": "127.0.0.1",
"ip.host": "127.0.0.1",
"ip.dst": "127.0.0.1",
"ip.addr": "127.0.0.1",
"ip.dst_host": "127.0.0.1",
"ip.host": "127.0.0.1",
"Source GeoIP: Unknown": "",
"Destination GeoIP: Unknown": ""
},
"tcp": {
"tcp.srcport": "3030",
"tcp.dstport": "54765",
"tcp.port": "3030",
"tcp.port": "54765",
"tcp.stream": "7",
"tcp.len": "210",
"tcp.seq": "1001",
"tcp.nxtseq": "1211",
"tcp.ack": "2592",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7"
},
"tcp.window_size_value": "12678",
"tcp.window_size": "405696",
"tcp.window_size_scalefactor": "32",
"tcp.checksum": "0x0000fefa",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:48:49:4e:27:48:49:4e:25",
"tcp.options_tree": {
"No-Operation (NOP)": {
"tcp.options.type": "1",
"tcp.options.type_tree": {
"tcp.options.type.copy": "0",
"tcp.options.type.class": "0",
"tcp.options.type.number": "1"
}
},
"No-Operation (NOP)": {
"tcp.options.type": "1",
"tcp.options.type_tree": {
"tcp.options.type.copy": "0",
"tcp.options.type.class": "0",
"tcp.options.type.number": "1"
}
},
"Timestamps: TSval 1212763687, TSecr 1212763685": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "1212763687",
"tcp.options.timestamp.tsecr": "1212763685"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.000078000",
"tcp.analysis.bytes_in_flight": "210",
"tcp.analysis.push_bytes_sent": "210"
}
},
"http": {
"HTTP\/1.1 304 Not Modified\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "HTTP\/1.1 304 Not Modified\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.version": "HTTP\/1.1",
"http.response.code": "304",
"http.response.phrase": "Not Modified"
},
"http.response.line": "X-Powered-By: Express\r\n",
"http.response.line": "Accept-Ranges: bytes\r\n",
"http.response.line": "Access-Control-Allow-Origin: *\r\n",
"http.response.line": "ETag: W\/\"22f-yjaM2RvlkdfqS0jVUSsumj\/Lpw8\"\r\n",
"http.date": "Thu, 09 Mar 2017 02:19:23 GMT",
"http.response.line": "Date: Thu, 09 Mar 2017 02:19:23 GMT\r\n",
"http.connection": "keep-alive",
"http.response.line": "Connection: keep-alive\r\n",
"\\r\\n": "",
"http.response": "1",
"http.response_number": "5",
"http.time": "0.002062000",
"http.prev_request_in": "69",
"http.prev_response_in": "73",
"http.request_in": "117",
"http.next_request_in": "121",
"http.next_response_in": "123"
}
}
}
}
,
{
"_index": "packets-2017-10-17",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.encap_type": "15",
"frame.time": "Mar 9, 2017 03:19:23.758452000 CET",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1489025963.758452000",
"frame.time_delta": "0.010949000",
"frame.time_delta_displayed": "0.010985000",
"frame.time_relative": "14.035579000",
"frame.number": "121",
"frame.len": "517",
"frame.cap_len": "517",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "null:ip:tcp:http",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"null": {
"null.family": "2"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000000",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "0"
},
"ip.len": "513",
"ip.id": "0x00005cca",
"ip.flags": "0x00000002",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0"
},
"ip.frag_offset": "0",
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x00000000",
"ip.checksum.status": "2",
"ip.src": "127.0.0.1",
"ip.addr": "127.0.0.1",
"ip.src_host": "127.0.0.1",
"ip.host": "127.0.0.1",
"ip.dst": "127.0.0.1",
"ip.addr": "127.0.0.1",
"ip.dst_host": "127.0.0.1",
"ip.host": "127.0.0.1",
"Source GeoIP: Unknown": "",
"Destination GeoIP: Unknown": ""
},
"tcp": {
"tcp.srcport": "54765",
"tcp.dstport": "3030",
"tcp.port": "54765",
"tcp.port": "3030",
"tcp.stream": "7",
"tcp.len": "461",
"tcp.seq": "2592",
"tcp.nxtseq": "3053",
"tcp.ack": "1211",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7"
},
"tcp.window_size_value": "12721",
"tcp.window_size": "407072",
"tcp.window_size_scalefactor": "32",
"tcp.checksum": "0x0000fff5",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:48:49:4e:31:48:49:4e:27",
"tcp.options_tree": {
"No-Operation (NOP)": {
"tcp.options.type": "1",
"tcp.options.type_tree": {
"tcp.options.type.copy": "0",
"tcp.options.type.class": "0",
"tcp.options.type.number": "1"
}
},
"No-Operation (NOP)": {
"tcp.options.type": "1",
"tcp.options.type_tree": {
"tcp.options.type.copy": "0",
"tcp.options.type.class": "0",
"tcp.options.type.number": "1"
}
},
"Timestamps: TSval 1212763697, TSecr 1212763687": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "1212763697",
"tcp.options.timestamp.tsecr": "1212763687"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.000078000",
"tcp.analysis.bytes_in_flight": "461",
"tcp.analysis.push_bytes_sent": "461"
}
},
"http": {
"GET \/assets\/app.437fba928d138e7fbd35.bundle.js HTTP\/1.1\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "GET \/assets\/app.437fba928d138e7fbd35.bundle.js HTTP\/1.1\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.method": "GET",
"http.request.uri": "\/assets\/app.437fba928d138e7fbd35.bundle.js",
"http.request.version": "HTTP\/1.1"
},
"http.host": "t1.lumen.localhost:3030",
"http.request.line": "Host: t1.lumen.localhost:3030\r\n",
"http.connection": "keep-alive",
"http.request.line": "Connection: keep-alive\r\n",
"http.user_agent": "Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36",
"http.request.line": "User-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36\r\n",
"http.request.line": "If-None-Match: W\/\"3703df-5oa0o69ljMGxh+qLz\/qCRuyrLV8\"\r\n",
"http.accept": "*\/*",
"http.request.line": "Accept: *\/*\r\n",
"http.referer": "http:\/\/t1.lumen.localhost:3030\/library",
"http.request.line": "Referer: http:\/\/t1.lumen.localhost:3030\/library\r\n",
"http.accept_encoding": "gzip, deflate, sdch, br",
"http.request.line": "Accept-Encoding: gzip, deflate, sdch, br\r\n",
"http.accept_language": "en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4",
"http.request.line": "Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4\r\n",
"\\r\\n": "",
"http.request.full_uri": "http:\/\/t1.lumen.localhost:3030\/assets\/app.437fba928d138e7fbd35.bundle.js",
"http.request": "1",
"http.request_number": "6",
"http.prev_request_in": "117",
"http.response_in": "123",
"http.next_request_in": "131"
}
}
}
}
,
{
"_index": "packets-2017-10-17",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.encap_type": "15",
"frame.time": "Mar 9, 2017 03:19:23.769563000 CET",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1489025963.769563000",
"frame.time_delta": "0.011062000",
"frame.time_delta_displayed": "0.011111000",
"frame.time_relative": "14.046690000",
"frame.number": "123",
"frame.len": "269",
"frame.cap_len": "269",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "null:ip:tcp:http",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"null": {
"null.family": "2"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000002",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "2"
},
"ip.len": "265",
"ip.id": "0x0000948b",
"ip.flags": "0x00000002",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0"
},
"ip.frag_offset": "0",
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x00000000",
"ip.checksum.status": "2",
"ip.src": "127.0.0.1",
"ip.addr": "127.0.0.1",
"ip.src_host": "127.0.0.1",
"ip.host": "127.0.0.1",
"ip.dst": "127.0.0.1",
"ip.addr": "127.0.0.1",
"ip.dst_host": "127.0.0.1",
"ip.host": "127.0.0.1",
"Source GeoIP: Unknown": "",
"Destination GeoIP: Unknown": ""
},
"tcp": {
"tcp.srcport": "3030",
"tcp.dstport": "54765",
"tcp.port": "3030",
"tcp.port": "54765",
"tcp.stream": "7",
"tcp.len": "213",
"tcp.seq": "1211",
"tcp.nxtseq": "1424",
"tcp.ack": "3053",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7"
},
"tcp.window_size_value": "12664",
"tcp.window_size": "405248",
"tcp.window_size_scalefactor": "32",
"tcp.checksum": "0x0000fefd",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:48:49:4e:3c:48:49:4e:31",
"tcp.options_tree": {
"No-Operation (NOP)": {
"tcp.options.type": "1",
"tcp.options.type_tree": {
"tcp.options.type.copy": "0",
"tcp.options.type.class": "0",
"tcp.options.type.number": "1"
}
},
"No-Operation (NOP)": {
"tcp.options.type": "1",
"tcp.options.type_tree": {
"tcp.options.type.copy": "0",
"tcp.options.type.class": "0",
"tcp.options.type.number": "1"
}
},
"Timestamps: TSval 1212763708, TSecr 1212763697": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "1212763708",
"tcp.options.timestamp.tsecr": "1212763697"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.000078000",
"tcp.analysis.bytes_in_flight": "213",
"tcp.analysis.push_bytes_sent": "213"
}
},
"http": {
"HTTP\/1.1 304 Not Modified\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "HTTP\/1.1 304 Not Modified\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.version": "HTTP\/1.1",
"http.response.code": "304",
"http.response.phrase": "Not Modified"
},
"http.response.line": "X-Powered-By: Express\r\n",
"http.response.line": "Accept-Ranges: bytes\r\n",
"http.response.line": "Access-Control-Allow-Origin: *\r\n",
"http.response.line": "ETag: W\/\"3703df-5oa0o69ljMGxh+qLz\/qCRuyrLV8\"\r\n",
"http.date": "Thu, 09 Mar 2017 02:19:23 GMT",
"http.response.line": "Date: Thu, 09 Mar 2017 02:19:23 GMT\r\n",
"http.connection": "keep-alive",
"http.response.line": "Connection: keep-alive\r\n",
"\\r\\n": "",
"http.response": "1",
"http.response_number": "6",
"http.time": "0.011111000",
"http.prev_request_in": "117",
"http.prev_response_in": "119",
"http.request_in": "121",
"http.next_request_in": "131",
"http.next_response_in": "137"
}
}
}
}
,
{
"_index": "packets-2017-10-17",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.encap_type": "15",
"frame.time": "Mar 9, 2017 03:19:24.168294000 CET",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1489025964.168294000",
"frame.time_delta": "0.000160000",
"frame.time_delta_displayed": "0.398731000",
"frame.time_relative": "14.445421000",
"frame.number": "129",
"frame.len": "424",
"frame.cap_len": "424",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "null:ip:tcp:http",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"null": {
"null.family": "2"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000002",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "2"
},
"ip.len": "420",
"ip.id": "0x00009532",
"ip.flags": "0x00000002",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0"
},
"ip.frag_offset": "0",
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x00000000",
"ip.checksum.status": "2",
"ip.src": "127.0.0.1",
"ip.addr": "127.0.0.1",
"ip.src_host": "127.0.0.1",
"ip.host": "127.0.0.1",
"ip.dst": "127.0.0.1",
"ip.addr": "127.0.0.1",
"ip.dst_host": "127.0.0.1",
"ip.host": "127.0.0.1",
"Source GeoIP: Unknown": "",
"Destination GeoIP: Unknown": ""
},
"tcp": {
"tcp.srcport": "54770",
"tcp.dstport": "3030",
"tcp.port": "54770",
"tcp.port": "3030",
"tcp.stream": "12",
"tcp.len": "368",
"tcp.seq": "1",
"tcp.nxtseq": "369",
"tcp.ack": "1",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7"
},
"tcp.window_size_value": "12759",
"tcp.window_size": "408288",
"tcp.window_size_scalefactor": "32",
"tcp.checksum": "0x0000ff98",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:48:49:4f:c8:48:49:4f:c8",
"tcp.options_tree": {
"No-Operation (NOP)": {
"tcp.options.type": "1",
"tcp.options.type_tree": {
"tcp.options.type.copy": "0",
"tcp.options.type.class": "0",
"tcp.options.type.number": "1"
}
},
"No-Operation (NOP)": {
"tcp.options.type": "1",
"tcp.options.type_tree": {
"tcp.options.type.copy": "0",
"tcp.options.type.class": "0",
"tcp.options.type.number": "1"
}
},
"Timestamps: TSval 1212764104, TSecr 1212764104": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "1212764104",
"tcp.options.timestamp.tsecr": "1212764104"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.000072000",
"tcp.analysis.bytes_in_flight": "368",
"tcp.analysis.push_bytes_sent": "368"
}
},
"http": {
"GET \/env HTTP\/1.1\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "GET \/env HTTP\/1.1\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.method": "GET",
"http.request.uri": "\/env",
"http.request.version": "HTTP\/1.1"
},
"http.host": "t1.lumen.localhost:3030",
"http.request.line": "Host: t1.lumen.localhost:3030\r\n",
"http.connection": "keep-alive",
"http.request.line": "Connection: keep-alive\r\n",
"http.user_agent": "Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36",
"http.request.line": "User-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36\r\n",
"http.accept": "*\/*",
"http.request.line": "Accept: *\/*\r\n",
"http.referer": "http:\/\/t1.lumen.localhost:3030\/library",
"http.request.line": "Referer: http:\/\/t1.lumen.localhost:3030\/library\r\n",
"http.accept_encoding": "gzip, deflate, sdch, br",
"http.request.line": "Accept-Encoding: gzip, deflate, sdch, br\r\n",
"http.accept_language": "en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4",
"http.request.line": "Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4\r\n",
"\\r\\n": "",
"http.request.full_uri": "http:\/\/t1.lumen.localhost:3030\/env",
"http.request": "1",
"http.request_number": "1",
"http.response_in": "145"
}
}
}
}
,
{
"_index": "packets-2017-10-17",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.encap_type": "15",
"frame.time": "Mar 9, 2017 03:19:24.177470000 CET",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1489025964.177470000",
"frame.time_delta": "0.009154000",
"frame.time_delta_displayed": "0.009176000",
"frame.time_relative": "14.454597000",
"frame.number": "131",
"frame.len": "453",
"frame.cap_len": "453",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "null:ip:tcp:http",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"null": {
"null.family": "2"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000000",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "0"
},
"ip.len": "449",
"ip.id": "0x00002afb",
"ip.flags": "0x00000002",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0"
},
"ip.frag_offset": "0",
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x00000000",
"ip.checksum.status": "2",
"ip.src": "127.0.0.1",
"ip.addr": "127.0.0.1",
"ip.src_host": "127.0.0.1",
"ip.host": "127.0.0.1",
"ip.dst": "127.0.0.1",
"ip.addr": "127.0.0.1",
"ip.dst_host": "127.0.0.1",
"ip.host": "127.0.0.1",
"Source GeoIP: Unknown": "",
"Destination GeoIP: Unknown": ""
},
"tcp": {
"tcp.srcport": "54765",
"tcp.dstport": "3030",
"tcp.port": "54765",
"tcp.port": "3030",
"tcp.stream": "7",
"tcp.len": "397",
"tcp.seq": "3053",
"tcp.nxtseq": "3450",
"tcp.ack": "1424",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7"
},
"tcp.window_size_value": "12714",
"tcp.window_size": "406848",
"tcp.window_size_scalefactor": "32",
"tcp.checksum": "0x0000ffb5",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:48:49:4f:d1:48:49:4e:3c",
"tcp.options_tree": {
"No-Operation (NOP)": {
"tcp.options.type": "1",
"tcp.options.type_tree": {
"tcp.options.type.copy": "0",
"tcp.options.type.class": "0",
"tcp.options.type.number": "1"
}
},
"No-Operation (NOP)": {
"tcp.options.type": "1",
"tcp.options.type_tree": {
"tcp.options.type.copy": "0",
"tcp.options.type.class": "0",
"tcp.options.type.number": "1"
}
},
"Timestamps: TSval 1212764113, TSecr 1212763708": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "1212764113",
"tcp.options.timestamp.tsecr": "1212763708"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.000078000",
"tcp.analysis.bytes_in_flight": "397",
"tcp.analysis.push_bytes_sent": "397"
}
},
"http": {
"GET \/sockjs-node\/info?t=1489025964174 HTTP\/1.1\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "GET \/sockjs-node\/info?t=1489025964174 HTTP\/1.1\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.method": "GET",
"http.request.uri": "\/sockjs-node\/info?t=1489025964174",
"http.request.uri_tree": {
"http.request.uri.path": "\/sockjs-node\/info",
"http.request.uri.query": "t=1489025964174",
"http.request.uri.query_tree": {
"http.request.uri.query.parameter": "t=1489025964174"
}
},
"http.request.version": "HTTP\/1.1"
},
"http.host": "t1.lumen.localhost:3030",
"http.request.line": "Host: t1.lumen.localhost:3030\r\n",
"http.connection": "keep-alive",
"http.request.line": "Connection: keep-alive\r\n",
"http.user_agent": "Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36",
"http.request.line": "User-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36\r\n",
"http.accept": "*\/*",
"http.request.line": "Accept: *\/*\r\n",
"http.referer": "http:\/\/t1.lumen.localhost:3030\/library",
"http.request.line": "Referer: http:\/\/t1.lumen.localhost:3030\/library\r\n",
"http.accept_encoding": "gzip, deflate, sdch, br",
"http.request.line": "Accept-Encoding: gzip, deflate, sdch, br\r\n",
"http.accept_language": "en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4",
"http.request.line": "Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4\r\n",
"\\r\\n": "",
"http.request.full_uri": "http:\/\/t1.lumen.localhost:3030\/sockjs-node\/info?t=1489025964174",
"http.request": "1",
"http.request_number": "7",
"http.prev_request_in": "121",
"http.response_in": "137",
"http.next_request_in": "155"
}
}
}
}
,
{
"_index": "packets-2017-10-17",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.encap_type": "15",
"frame.time": "Mar 9, 2017 03:19:24.186030000 CET",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1489025964.186030000",
"frame.time_delta": "0.003663000",
"frame.time_delta_displayed": "0.008560000",
"frame.time_relative": "14.463157000",
"frame.number": "137",
"frame.len": "423",
"frame.cap_len": "423",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "null:ip:tcp:http:data:json",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"null": {
"null.family": "2"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000002",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "2"
},
"ip.len": "419",
"ip.id": "0x00005dac",
"ip.flags": "0x00000002",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0"
},
"ip.frag_offset": "0",
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x00000000",
"ip.checksum.status": "2",
"ip.src": "127.0.0.1",
"ip.addr": "127.0.0.1",
"ip.src_host": "127.0.0.1",
"ip.host": "127.0.0.1",
"ip.dst": "127.0.0.1",
"ip.addr": "127.0.0.1",
"ip.dst_host": "127.0.0.1",
"ip.host": "127.0.0.1",
"Source GeoIP: Unknown": "",
"Destination GeoIP: Unknown": ""
},
"tcp": {
"tcp.srcport": "3030",
"tcp.dstport": "54765",
"tcp.port": "3030",
"tcp.port": "54765",
"tcp.stream": "7",
"tcp.len": "367",
"tcp.seq": "1424",
"tcp.nxtseq": "1791",
"tcp.ack": "3450",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7"
},
"tcp.window_size_value": "12651",
"tcp.window_size": "404832",
"tcp.window_size_scalefactor": "32",
"tcp.checksum": "0x0000ff97",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:48:49:4f:d8:48:49:4f:d1",
"tcp.options_tree": {
"No-Operation (NOP)": {
"tcp.options.type": "1",
"tcp.options.type_tree": {
"tcp.options.type.copy": "0",
"tcp.options.type.class": "0",
"tcp.options.type.number": "1"
}
},
"No-Operation (NOP)": {
"tcp.options.type": "1",
"tcp.options.type_tree": {
"tcp.options.type.copy": "0",
"tcp.options.type.class": "0",
"tcp.options.type.number": "1"
}
},
"Timestamps: TSval 1212764120, TSecr 1212764113": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "1212764120",
"tcp.options.timestamp.tsecr": "1212764113"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.000078000",
"tcp.analysis.bytes_in_flight": "367",
"tcp.analysis.push_bytes_sent": "367"
}
},
"http": {
"HTTP\/1.1 200 OK\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.version": "HTTP\/1.1",
"http.response.code": "200",
"http.response.phrase": "OK"
},
"http.response.line": "Access-Control-Allow-Origin: *\r\n",
"http.response.line": "Vary: Origin\r\n",
"http.cache_control": "no-store, no-cache, no-transform, must-revalidate, max-age=0",
"http.response.line": "Cache-Control: no-store, no-cache, no-transform, must-revalidate, max-age=0\r\n",
"http.content_type": "application\/json; charset=UTF-8",
"http.response.line": "Content-Type: application\/json; charset=UTF-8\r\n",
"http.date": "Thu, 09 Mar 2017 02:19:24 GMT",
"http.response.line": "Date: Thu, 09 Mar 2017 02:19:24 GMT\r\n",
"http.connection": "keep-alive",
"http.response.line": "Connection: keep-alive\r\n",
"http.transfer_encoding": "chunked",
"http.response.line": "Transfer-Encoding: chunked\r\n",
"\\r\\n": "",
"http.response": "1",
"http.response_number": "7",
"http.time": "0.008560000",
"http.prev_request_in": "121",
"http.prev_response_in": "123",
"http.request_in": "131",
"http.next_request_in": "155",
"http.next_response_in": "165",
"HTTP chunked response": {
"Data chunk (78 octets)": {
"http.chunk_size": "78",
"data": {
"data.data": "7b:22:77:65:62:73:6f:63:6b:65:74:22:3a:74:72:75:65:2c:22:6f:72:69:67:69:6e:73:22:3a:5b:22:2a:3a:2a:22:5d:2c:22:63:6f:6f:6b:69:65:5f:6e:65:65:64:65:64:22:3a:66:61:6c:73:65:2c:22:65:6e:74:72:6f:70:79:22:3a:35:32:39:39:32:30:36:38:30:7d",
"data.len": "78"
},
"http.chunk_boundary": "0d:0a"
},
"End of chunked encoding": {
"http.chunk_size": "0"
},
"\\r\\n": ""
},
"http.file_data": "{\"websocket\":true,\"origins\":[\"*:*\"],\"cookie_needed\":false,\"entropy\":529920680}"
},
"json": {
"json.object": {
"json.member": {
"json.value.true": "",
"json.key": "websocket"
},
"json.member": {
"json.array": {
"json.value.string": "*:*"
},
"json.key": "origins"
},
"json.member": {
"json.value.false": "",
"json.key": "cookie_needed"
},
"json.member": {
"json.value.number": "529920680",
"json.key": "entropy"
}
}
}
}
}
}
,
{
"_index": "packets-2017-10-17",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.encap_type": "15",
"frame.time": "Mar 9, 2017 03:19:24.189154000 CET",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1489025964.189154000",
"frame.time_delta": "0.003094000",
"frame.time_delta_displayed": "0.003124000",
"frame.time_relative": "14.466281000",
"frame.number": "139",
"frame.len": "419",
"frame.cap_len": "419",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "null:ip:tcp:http",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"null": {
"null.family": "2"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000002",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "2"
},
"ip.len": "415",
"ip.id": "0x00009ba9",
"ip.flags": "0x00000002",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0"
},
"ip.frag_offset": "0",
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x00000000",
"ip.checksum.status": "2",
"ip.src": "192.168.0.14",
"ip.addr": "192.168.0.14",
"ip.src_host": "192.168.0.14",
"ip.host": "192.168.0.14",
"ip.dst": "192.168.0.14",
"ip.addr": "192.168.0.14",
"ip.dst_host": "192.168.0.14",
"ip.host": "192.168.0.14",
"Source GeoIP: Unknown": "",
"Destination GeoIP: Unknown": ""
},
"tcp": {
"tcp.srcport": "54771",
"tcp.dstport": "3000",
"tcp.port": "54771",
"tcp.port": "3000",
"tcp.stream": "13",
"tcp.len": "363",
"tcp.seq": "1",
"tcp.nxtseq": "364",
"tcp.ack": "1",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7"
},
"tcp.window_size_value": "12759",
"tcp.window_size": "408288",
"tcp.window_size_scalefactor": "32",
"tcp.checksum": "0x000082fe",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:48:49:4f:db:48:49:4f:d5",
"tcp.options_tree": {
"No-Operation (NOP)": {
"tcp.options.type": "1",
"tcp.options.type_tree": {
"tcp.options.type.copy": "0",
"tcp.options.type.class": "0",
"tcp.options.type.number": "1"
}
},
"No-Operation (NOP)": {
"tcp.options.type": "1",
"tcp.options.type_tree": {
"tcp.options.type.copy": "0",
"tcp.options.type.class": "0",
"tcp.options.type.number": "1"
}
},
"Timestamps: TSval 1212764123, TSecr 1212764117": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "1212764123",
"tcp.options.timestamp.tsecr": "1212764117"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.000118000",
"tcp.analysis.bytes_in_flight": "363",
"tcp.analysis.push_bytes_sent": "363"
}
},
"http": {
"GET \/env HTTP\/1.1\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "GET \/env HTTP\/1.1\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.method": "GET",
"http.request.uri": "\/env",
"http.request.version": "HTTP\/1.1"
},
"http.accept_language": "en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4",
"http.request.line": "accept-language: en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4\r\n",
"http.accept_encoding": "gzip, deflate, sdch, br",
"http.request.line": "accept-encoding: gzip, deflate, sdch, br\r\n",
"http.referer": "http:\/\/t1.lumen.localhost:3030\/library",
"http.request.line": "referer: http:\/\/t1.lumen.localhost:3030\/library\r\n",
"http.accept": "*\/*",
"http.request.line": "accept: *\/*\r\n",
"http.user_agent": "Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36",
"http.request.line": "user-agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36\r\n",
"http.connection": "close",
"http.request.line": "connection: close\r\n",
"http.host": "t1.lumen.localhost:3030",
"http.request.line": "host: t1.lumen.localhost:3030\r\n",
"\\r\\n": "",
"http.request.full_uri": "http:\/\/t1.lumen.localhost:3030\/env",
"http.request": "1",
"http.request_number": "1",
"http.response_in": "141"
}
}
}
}
,
{
"_index": "packets-2017-10-17",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.encap_type": "15",
"frame.time": "Mar 9, 2017 03:19:24.201552000 CET",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1489025964.201552000",
"frame.time_delta": "0.012360000",
"frame.time_delta_displayed": "0.012398000",
"frame.time_relative": "14.478679000",
"frame.number": "141",
"frame.len": "304",
"frame.cap_len": "304",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "null:ip:tcp:http:json",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"null": {
"null.family": "2"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000002",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "2"
},
"ip.len": "300",
"ip.id": "0x0000a059",
"ip.flags": "0x00000002",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0"
},
"ip.frag_offset": "0",
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x00000000",
"ip.checksum.status": "2",
"ip.src": "192.168.0.14",
"ip.addr": "192.168.0.14",
"ip.src_host": "192.168.0.14",
"ip.host": "192.168.0.14",
"ip.dst": "192.168.0.14",
"ip.addr": "192.168.0.14",
"ip.dst_host": "192.168.0.14",
"ip.host": "192.168.0.14",
"Source GeoIP: Unknown": "",
"Destination GeoIP: Unknown": ""
},
"tcp": {
"tcp.srcport": "3000",
"tcp.dstport": "54771",
"tcp.port": "3000",
"tcp.port": "54771",
"tcp.stream": "13",
"tcp.len": "248",
"tcp.seq": "1",
"tcp.nxtseq": "249",
"tcp.ack": "364",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7"
},
"tcp.window_size_value": "12748",
"tcp.window_size": "407936",
"tcp.window_size_scalefactor": "32",
"tcp.checksum": "0x0000828b",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:48:49:4f:e6:48:49:4f:db",
"tcp.options_tree": {
"No-Operation (NOP)": {
"tcp.options.type": "1",
"tcp.options.type_tree": {
"tcp.options.type.copy": "0",
"tcp.options.type.class": "0",
"tcp.options.type.number": "1"
}
},
"No-Operation (NOP)": {
"tcp.options.type": "1",
"tcp.options.type_tree": {
"tcp.options.type.copy": "0",
"tcp.options.type.class": "0",
"tcp.options.type.number": "1"
}
},
"Timestamps: TSval 1212764134, TSecr 1212764123": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "1212764134",
"tcp.options.timestamp.tsecr": "1212764123"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.000118000",
"tcp.analysis.bytes_in_flight": "248",
"tcp.analysis.push_bytes_sent": "248"
}
},
"http": {
"HTTP\/1.1 200 OK\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.version": "HTTP\/1.1",
"http.response.code": "200",
"http.response.phrase": "OK"
},
"http.connection": "close",
"http.response.line": "Connection: close\r\n",
"http.server": "undertow",
"http.response.line": "Server: undertow\r\n",
"http.content_type": "application\/json; charset=utf-8",
"http.response.line": "Content-Type: application\/json; charset=utf-8\r\n",
"http.content_length_header": "88",
"http.content_length_header_tree": {
"http.content_length": "88"
},
"http.response.line": "Content-Length: 88\r\n",
"http.date": "Thu, 09 Mar 2017 02:19:24 GMT",
"http.response.line": "Date: Thu, 09 Mar 2017 02:19:24 GMT\r\n",
"\\r\\n": "",
"http.response": "1",
"http.response_number": "1",
"http.time": "0.012398000",
"http.request_in": "139",
"http.file_data": "{\"keycloakClient\":\"akvo-lumen\",\"keycloakURL\":\"http:\/\/localhost:8080\/auth\",\"tenant\":\"t1\"}"
},
"json": {
"json.object": {
"json.member": {
"json.value.string": "akvo-lumen",
"json.key": "keycloakClient"
},
"json.member": {
"json.value.string": "http:\/\/localhost:8080\/auth",
"json.key": "keycloakURL"
},
"json.member": {
"json.value.string": "t1",
"json.key": "tenant"
}
}
}
}
}
}
,
{
"_index": "packets-2017-10-17",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.encap_type": "15",
"frame.time": "Mar 9, 2017 03:19:24.207743000 CET",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1489025964.207743000",
"frame.time_delta": "0.006035000",
"frame.time_delta_displayed": "0.006191000",
"frame.time_relative": "14.484870000",
"frame.number": "145",
"frame.len": "327",
"frame.cap_len": "327",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "null:ip:tcp:http:json",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"null": {
"null.family": "2"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000002",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "2"
},
"ip.len": "323",
"ip.id": "0x00006881",
"ip.flags": "0x00000002",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0"
},
"ip.frag_offset": "0",
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x00000000",
"ip.checksum.status": "2",
"ip.src": "127.0.0.1",
"ip.addr": "127.0.0.1",
"ip.src_host": "127.0.0.1",
"ip.host": "127.0.0.1",
"ip.dst": "127.0.0.1",
"ip.addr": "127.0.0.1",
"ip.dst_host": "127.0.0.1",
"ip.host": "127.0.0.1",
"Source GeoIP: Unknown": "",
"Destination GeoIP: Unknown": ""
},
"tcp": {
"tcp.srcport": "3030",
"tcp.dstport": "54770",
"tcp.port": "3030",
"tcp.port": "54770",
"tcp.stream": "12",
"tcp.len": "271",
"tcp.seq": "1",
"tcp.nxtseq": "272",
"tcp.ack": "369",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7"
},
"tcp.window_size_value": "12747",
"tcp.window_size": "407904",
"tcp.window_size_scalefactor": "32",
"tcp.checksum": "0x0000ff37",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:48:49:4f:ec:48:49:4f:c8",
"tcp.options_tree": {
"No-Operation (NOP)": {
"tcp.options.type": "1",
"tcp.options.type_tree": {
"tcp.options.type.copy": "0",
"tcp.options.type.class": "0",
"tcp.options.type.number": "1"
}
},
"No-Operation (NOP)": {
"tcp.options.type": "1",
"tcp.options.type_tree": {
"tcp.options.type.copy": "0",
"tcp.options.type.class": "0",
"tcp.options.type.number": "1"
}
},
"Timestamps: TSval 1212764140, TSecr 1212764104": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "1212764140",
"tcp.options.timestamp.tsecr": "1212764104"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.000072000",
"tcp.analysis.bytes_in_flight": "271",
"tcp.analysis.push_bytes_sent": "271"
}
},
"http": {
"HTTP\/1.1 200 OK\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.version": "HTTP\/1.1",
"http.response.code": "200",
"http.response.phrase": "OK"
},
"http.response.line": "X-Powered-By: Express\r\n",
"http.connection": "close",
"http.response.line": "connection: close\r\n",
"http.server": "undertow",
"http.response.line": "server: undertow\r\n",
"http.content_type": "application\/json; charset=utf-8",
"http.response.line": "content-type: application\/json; charset=utf-8\r\n",
"http.content_length_header": "88",
"http.content_length_header_tree": {
"http.content_length": "88"
},
"http.response.line": "content-length: 88\r\n",
"http.date": "Thu, 09 Mar 2017 02:19:24 GMT",
"http.response.line": "date: Thu, 09 Mar 2017 02:19:24 GMT\r\n",
"\\r\\n": "",
"http.response": "1",
"http.response_number": "1",
"http.time": "0.039449000",
"http.request_in": "129",
"http.file_data": "{\"keycloakClient\":\"akvo-lumen\",\"keycloakURL\":\"http:\/\/localhost:8080\/auth\",\"tenant\":\"t1\"}"
},
"json": {
"json.object": {
"json.member": {
"json.value.string": "akvo-lumen",
"json.key": "keycloakClient"
},
"json.member": {
"json.value.string": "http:\/\/localhost:8080\/auth",
"json.key": "keycloakURL"
},
"json.member": {
"json.value.string": "t1",
"json.key": "tenant"
}
}
}
}
}
}
,
{
"_index": "packets-2017-10-17",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.encap_type": "15",
"frame.time": "Mar 9, 2017 03:19:24.209055000 CET",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1489025964.209055000",
"frame.time_delta": "0.000629000",
"frame.time_delta_displayed": "0.001312000",
"frame.time_relative": "14.486182000",
"frame.number": "153",
"frame.len": "635",
"frame.cap_len": "635",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "null:ip:tcp:http",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.
gitextract_dgm1z2d9/
├── .gitignore
├── README.md
├── project.clj
├── sample.json
└── src/
└── plantuml_uma/
└── core.clj
Condensed preview — 5 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (625K chars).
[
{
"path": ".gitignore",
"chars": 121,
"preview": "/target\n/classes\n/checkouts\npom.xml\npom.xml.asc\n*.jar\n*.class\n/.lein-*\n/.nrepl-port\n.hgignore\n.hg/\n.idea\n*.iml\nsample.pn"
},
{
"path": "README.md",
"chars": 375,
"preview": "# plantuml-uma\n\nCode for the [Documenting your architecture: Wireshark, PlantUML and a REPL to glue them all.](http://da"
},
{
"path": "project.clj",
"chars": 417,
"preview": "(defproject plantuml-uma \"0.1.0-SNAPSHOT\"\n :description \"FIXME: write description\"\n :url \"http://example.com/FIXME\"\n "
},
{
"path": "sample.json",
"chars": 559523,
"preview": "[\n {\n \"_index\": \"packets-2017-10-17\",\n \"_type\": \"pcap_file\",\n \"_score\": null,\n \"_source\": {\n \"layers\":"
},
{
"path": "src/plantuml_uma/core.clj",
"chars": 8403,
"preview": "(ns plantuml-uma.core\n (:require [cheshire.core :as json]\n [clojure.contrib.humanize :as human]\n "
}
]
About this extraction
This page contains the full source code of the dlebrero/wireshark-plantuml GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 5 files (555.5 KB), approximately 205.2k tokens. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.