Repository: dlebrero/wireshark-plantuml Branch: master Commit: 84f680ff3379 Files: 5 Total size: 555.5 KB Directory structure: gitextract_dgm1z2d9/ ├── .gitignore ├── README.md ├── project.clj ├── sample.json └── src/ └── plantuml_uma/ └── core.clj ================================================ FILE CONTENTS ================================================ ================================================ FILE: .gitignore ================================================ /target /classes /checkouts pom.xml pom.xml.asc *.jar *.class /.lein-* /.nrepl-port .hgignore .hg/ .idea *.iml sample.png ================================================ FILE: README.md ================================================ # plantuml-uma Code for the [Documenting your architecture: Wireshark, PlantUML and a REPL to glue them all.](http://danlebrero.com/2017/04/06/documenting-your-architecture-wireshark-plantuml-and-a-repl/) blog entry. Generates a PlantUML sequence diagram given a Wireshark JSON capture. ## Usage Start REPL, load plantuml-uma.core and reload whole file after each change ================================================ FILE: project.clj ================================================ (defproject plantuml-uma "0.1.0-SNAPSHOT" :description "FIXME: write description" :url "http://example.com/FIXME" :license {:name "Eclipse Public License" :url "http://www.eclipse.org/legal/epl-v10.html"} :dependencies [[org.clojure/clojure "1.8.0"] [cheshire "5.6.3"] [clojure-humanize "0.2.2"] [net.sourceforge.plantuml/plantuml "2017.08"]]) ================================================ FILE: sample.json ================================================ [ { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:15.436679000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025955.436679000", "frame.time_delta": "0.000630000", "frame.time_delta_displayed": "0.000000000", "frame.time_relative": "5.713806000", "frame.number": "37", "frame.len": "532", "frame.cap_len": "532", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ip:tcp:http", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "2" }, "ip": { "ip.version": "4", "ip.hdr_len": "20", "ip.dsfield": "0x00000000", "ip.dsfield_tree": { "ip.dsfield.dscp": "0", "ip.dsfield.ecn": "0" }, "ip.len": "528", "ip.id": "0x000059b7", "ip.flags": "0x00000002", "ip.flags_tree": { "ip.flags.rb": "0", "ip.flags.df": "1", "ip.flags.mf": "0" }, "ip.frag_offset": "0", "ip.ttl": "64", "ip.proto": "6", "ip.checksum": "0x00000000", "ip.checksum.status": "2", "ip.src": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.src_host": "127.0.0.1", "ip.host": "127.0.0.1", "ip.dst": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.dst_host": "127.0.0.1", "ip.host": "127.0.0.1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "54765", "tcp.dstport": "3030", "tcp.port": "54765", "tcp.port": "3030", "tcp.stream": "7", "tcp.len": "476", "tcp.seq": "1", "tcp.nxtseq": "477", "tcp.ack": "1", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12759", "tcp.window_size": "408288", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x00000005", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:2d:da:48:49:2d:d9", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212755418, TSecr 1212755417": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212755418", "tcp.options.timestamp.tsecr": "1212755417" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000078000", "tcp.analysis.bytes_in_flight": "476", "tcp.analysis.push_bytes_sent": "476" } }, "http": { "GET \/library HTTP\/1.1\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "GET \/library HTTP\/1.1\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.method": "GET", "http.request.uri": "\/library", "http.request.version": "HTTP\/1.1" }, "http.host": "t1.lumen.localhost:3030", "http.request.line": "Host: t1.lumen.localhost:3030\r\n", "http.connection": "keep-alive", "http.request.line": "Connection: keep-alive\r\n", "http.request.line": "Upgrade-Insecure-Requests: 1\r\n", "http.user_agent": "Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36", "http.request.line": "User-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36\r\n", "http.accept": "text\/html,application\/xhtml+xml,application\/xml;q=0.9,image\/webp,*\/*;q=0.8", "http.request.line": "Accept: text\/html,application\/xhtml+xml,application\/xml;q=0.9,image\/webp,*\/*;q=0.8\r\n", "http.accept_encoding": "gzip, deflate, sdch, br", "http.request.line": "Accept-Encoding: gzip, deflate, sdch, br\r\n", "http.accept_language": "en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4", "http.request.line": "Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4\r\n", "http.request.line": "If-None-Match: W\/\"22f-yjaM2RvlkdfqS0jVUSsumj\/Lpw8\"\r\n", "\\r\\n": "", "http.request.full_uri": "http:\/\/t1.lumen.localhost:3030\/library", "http.request": "1", "http.request_number": "1", "http.response_in": "43", "http.next_request_in": "45" } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:15.465602000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025955.465602000", "frame.time_delta": "0.018463000", "frame.time_delta_displayed": "0.028923000", "frame.time_relative": "5.742729000", "frame.number": "43", "frame.len": "266", "frame.cap_len": "266", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ip:tcp:http", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "2" }, "ip": { "ip.version": "4", "ip.hdr_len": "20", "ip.dsfield": "0x00000002", "ip.dsfield_tree": { "ip.dsfield.dscp": "0", "ip.dsfield.ecn": "2" }, "ip.len": "262", "ip.id": "0x000095b1", "ip.flags": "0x00000002", "ip.flags_tree": { "ip.flags.rb": "0", "ip.flags.df": "1", "ip.flags.mf": "0" }, "ip.frag_offset": "0", "ip.ttl": "64", "ip.proto": "6", "ip.checksum": "0x00000000", "ip.checksum.status": "2", "ip.src": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.src_host": "127.0.0.1", "ip.host": "127.0.0.1", "ip.dst": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.dst_host": "127.0.0.1", "ip.host": "127.0.0.1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "3030", "tcp.dstport": "54765", "tcp.port": "3030", "tcp.port": "54765", "tcp.stream": "7", "tcp.len": "210", "tcp.seq": "1", "tcp.nxtseq": "211", "tcp.ack": "477", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12744", "tcp.window_size": "407808", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x0000fefa", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:2d:f5:48:49:2d:da", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212755445, TSecr 1212755418": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212755445", "tcp.options.timestamp.tsecr": "1212755418" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000078000", "tcp.analysis.bytes_in_flight": "210", "tcp.analysis.push_bytes_sent": "210" } }, "http": { "HTTP\/1.1 304 Not Modified\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "HTTP\/1.1 304 Not Modified\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.version": "HTTP\/1.1", "http.response.code": "304", "http.response.phrase": "Not Modified" }, "http.response.line": "X-Powered-By: Express\r\n", "http.response.line": "Accept-Ranges: bytes\r\n", "http.response.line": "Access-Control-Allow-Origin: *\r\n", "http.response.line": "ETag: W\/\"22f-yjaM2RvlkdfqS0jVUSsumj\/Lpw8\"\r\n", "http.date": "Thu, 09 Mar 2017 02:19:15 GMT", "http.response.line": "Date: Thu, 09 Mar 2017 02:19:15 GMT\r\n", "http.connection": "keep-alive", "http.response.line": "Connection: keep-alive\r\n", "\\r\\n": "", "http.response": "1", "http.response_number": "1", "http.time": "0.028923000", "http.request_in": "37", "http.next_request_in": "45", "http.next_response_in": "47" } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:15.474755000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025955.474755000", "frame.time_delta": "0.009105000", "frame.time_delta_displayed": "0.009153000", "frame.time_relative": "5.751882000", "frame.number": "45", "frame.len": "517", "frame.cap_len": "517", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ip:tcp:http", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "2" }, "ip": { "ip.version": "4", "ip.hdr_len": "20", "ip.dsfield": "0x00000000", "ip.dsfield_tree": { "ip.dsfield.dscp": "0", "ip.dsfield.ecn": "0" }, "ip.len": "513", "ip.id": "0x0000346d", "ip.flags": "0x00000002", "ip.flags_tree": { "ip.flags.rb": "0", "ip.flags.df": "1", "ip.flags.mf": "0" }, "ip.frag_offset": "0", "ip.ttl": "64", "ip.proto": "6", "ip.checksum": "0x00000000", "ip.checksum.status": "2", "ip.src": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.src_host": "127.0.0.1", "ip.host": "127.0.0.1", "ip.dst": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.dst_host": "127.0.0.1", "ip.host": "127.0.0.1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "54765", "tcp.dstport": "3030", "tcp.port": "54765", "tcp.port": "3030", "tcp.stream": "7", "tcp.len": "461", "tcp.seq": "477", "tcp.nxtseq": "938", "tcp.ack": "211", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12752", "tcp.window_size": "408064", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x0000fff5", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:2d:fe:48:49:2d:f5", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212755454, TSecr 1212755445": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212755454", "tcp.options.timestamp.tsecr": "1212755445" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000078000", "tcp.analysis.bytes_in_flight": "461", "tcp.analysis.push_bytes_sent": "461" } }, "http": { "GET \/assets\/app.437fba928d138e7fbd35.bundle.js HTTP\/1.1\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "GET \/assets\/app.437fba928d138e7fbd35.bundle.js HTTP\/1.1\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.method": "GET", "http.request.uri": "\/assets\/app.437fba928d138e7fbd35.bundle.js", "http.request.version": "HTTP\/1.1" }, "http.host": "t1.lumen.localhost:3030", "http.request.line": "Host: t1.lumen.localhost:3030\r\n", "http.connection": "keep-alive", "http.request.line": "Connection: keep-alive\r\n", "http.user_agent": "Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36", "http.request.line": "User-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36\r\n", "http.accept": "*\/*", "http.request.line": "Accept: *\/*\r\n", "http.referer": "http:\/\/t1.lumen.localhost:3030\/library", "http.request.line": "Referer: http:\/\/t1.lumen.localhost:3030\/library\r\n", "http.accept_encoding": "gzip, deflate, sdch, br", "http.request.line": "Accept-Encoding: gzip, deflate, sdch, br\r\n", "http.accept_language": "en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4", "http.request.line": "Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4\r\n", "http.request.line": "If-None-Match: W\/\"3703df-5oa0o69ljMGxh+qLz\/qCRuyrLV8\"\r\n", "\\r\\n": "", "http.request.full_uri": "http:\/\/t1.lumen.localhost:3030\/assets\/app.437fba928d138e7fbd35.bundle.js", "http.request": "1", "http.request_number": "2", "http.prev_request_in": "37", "http.response_in": "47", "http.next_request_in": "55" } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:15.495280000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025955.495280000", "frame.time_delta": "0.020489000", "frame.time_delta_displayed": "0.020525000", "frame.time_relative": "5.772407000", "frame.number": "47", "frame.len": "269", "frame.cap_len": "269", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ip:tcp:http", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "2" }, "ip": { "ip.version": "4", "ip.hdr_len": "20", "ip.dsfield": "0x00000002", "ip.dsfield_tree": { "ip.dsfield.dscp": "0", "ip.dsfield.ecn": "2" }, "ip.len": "265", "ip.id": "0x00002189", "ip.flags": "0x00000002", "ip.flags_tree": { "ip.flags.rb": "0", "ip.flags.df": "1", "ip.flags.mf": "0" }, "ip.frag_offset": "0", "ip.ttl": "64", "ip.proto": "6", "ip.checksum": "0x00000000", "ip.checksum.status": "2", "ip.src": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.src_host": "127.0.0.1", "ip.host": "127.0.0.1", "ip.dst": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.dst_host": "127.0.0.1", "ip.host": "127.0.0.1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "3030", "tcp.dstport": "54765", "tcp.port": "3030", "tcp.port": "54765", "tcp.stream": "7", "tcp.len": "213", "tcp.seq": "211", "tcp.nxtseq": "424", "tcp.ack": "938", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12730", "tcp.window_size": "407360", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x0000fefd", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:2e:12:48:49:2d:fe", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212755474, TSecr 1212755454": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212755474", "tcp.options.timestamp.tsecr": "1212755454" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000078000", "tcp.analysis.bytes_in_flight": "213", "tcp.analysis.push_bytes_sent": "213" } }, "http": { "HTTP\/1.1 304 Not Modified\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "HTTP\/1.1 304 Not Modified\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.version": "HTTP\/1.1", "http.response.code": "304", "http.response.phrase": "Not Modified" }, "http.response.line": "X-Powered-By: Express\r\n", "http.response.line": "Accept-Ranges: bytes\r\n", "http.response.line": "Access-Control-Allow-Origin: *\r\n", "http.response.line": "ETag: W\/\"3703df-5oa0o69ljMGxh+qLz\/qCRuyrLV8\"\r\n", "http.date": "Thu, 09 Mar 2017 02:19:15 GMT", "http.response.line": "Date: Thu, 09 Mar 2017 02:19:15 GMT\r\n", "http.connection": "keep-alive", "http.response.line": "Connection: keep-alive\r\n", "\\r\\n": "", "http.response": "1", "http.response_number": "2", "http.time": "0.020525000", "http.prev_request_in": "37", "http.prev_response_in": "43", "http.request_in": "45", "http.next_request_in": "55", "http.next_response_in": "57" } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:16.021112000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025956.021112000", "frame.time_delta": "0.000144000", "frame.time_delta_displayed": "0.525832000", "frame.time_relative": "6.298239000", "frame.number": "53", "frame.len": "424", "frame.cap_len": "424", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ip:tcp:http", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "2" }, "ip": { "ip.version": "4", "ip.hdr_len": "20", "ip.dsfield": "0x00000002", "ip.dsfield_tree": { "ip.dsfield.dscp": "0", "ip.dsfield.ecn": "2" }, "ip.len": "420", "ip.id": "0x0000ea45", "ip.flags": "0x00000002", "ip.flags_tree": { "ip.flags.rb": "0", "ip.flags.df": "1", "ip.flags.mf": "0" }, "ip.frag_offset": "0", "ip.ttl": "64", "ip.proto": "6", "ip.checksum": "0x00000000", "ip.checksum.status": "2", "ip.src": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.src_host": "127.0.0.1", "ip.host": "127.0.0.1", "ip.dst": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.dst_host": "127.0.0.1", "ip.host": "127.0.0.1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "54766", "tcp.dstport": "3030", "tcp.port": "54766", "tcp.port": "3030", "tcp.stream": "8", "tcp.len": "368", "tcp.seq": "1", "tcp.nxtseq": "369", "tcp.ack": "1", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12759", "tcp.window_size": "408288", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x0000ff98", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:30:1d:48:49:30:1d", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212755997, TSecr 1212755997": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212755997", "tcp.options.timestamp.tsecr": "1212755997" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000094000", "tcp.analysis.bytes_in_flight": "368", "tcp.analysis.push_bytes_sent": "368" } }, "http": { "GET \/env HTTP\/1.1\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "GET \/env HTTP\/1.1\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.method": "GET", "http.request.uri": "\/env", "http.request.version": "HTTP\/1.1" }, "http.host": "t1.lumen.localhost:3030", "http.request.line": "Host: t1.lumen.localhost:3030\r\n", "http.connection": "keep-alive", "http.request.line": "Connection: keep-alive\r\n", "http.user_agent": "Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36", "http.request.line": "User-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36\r\n", "http.accept": "*\/*", "http.request.line": "Accept: *\/*\r\n", "http.referer": "http:\/\/t1.lumen.localhost:3030\/library", "http.request.line": "Referer: http:\/\/t1.lumen.localhost:3030\/library\r\n", "http.accept_encoding": "gzip, deflate, sdch, br", "http.request.line": "Accept-Encoding: gzip, deflate, sdch, br\r\n", "http.accept_language": "en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4", "http.request.line": "Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4\r\n", "\\r\\n": "", "http.request.full_uri": "http:\/\/t1.lumen.localhost:3030\/env", "http.request": "1", "http.request_number": "1", "http.response_in": "89" } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:16.036635000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025956.036635000", "frame.time_delta": "0.015502000", "frame.time_delta_displayed": "0.015523000", "frame.time_relative": "6.313762000", "frame.number": "55", "frame.len": "453", "frame.cap_len": "453", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ip:tcp:http", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "2" }, "ip": { "ip.version": "4", "ip.hdr_len": "20", "ip.dsfield": "0x00000000", "ip.dsfield_tree": { "ip.dsfield.dscp": "0", "ip.dsfield.ecn": "0" }, "ip.len": "449", "ip.id": "0x000045d5", "ip.flags": "0x00000002", "ip.flags_tree": { "ip.flags.rb": "0", "ip.flags.df": "1", "ip.flags.mf": "0" }, "ip.frag_offset": "0", "ip.ttl": "64", "ip.proto": "6", "ip.checksum": "0x00000000", "ip.checksum.status": "2", "ip.src": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.src_host": "127.0.0.1", "ip.host": "127.0.0.1", "ip.dst": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.dst_host": "127.0.0.1", "ip.host": "127.0.0.1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "54765", "tcp.dstport": "3030", "tcp.port": "54765", "tcp.port": "3030", "tcp.stream": "7", "tcp.len": "397", "tcp.seq": "938", "tcp.nxtseq": "1335", "tcp.ack": "424", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12746", "tcp.window_size": "407872", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x0000ffb5", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:30:2c:48:49:2e:12", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212756012, TSecr 1212755474": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212756012", "tcp.options.timestamp.tsecr": "1212755474" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000078000", "tcp.analysis.bytes_in_flight": "397", "tcp.analysis.push_bytes_sent": "397" } }, "http": { "GET \/sockjs-node\/info?t=1489025956034 HTTP\/1.1\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "GET \/sockjs-node\/info?t=1489025956034 HTTP\/1.1\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.method": "GET", "http.request.uri": "\/sockjs-node\/info?t=1489025956034", "http.request.uri_tree": { "http.request.uri.path": "\/sockjs-node\/info", "http.request.uri.query": "t=1489025956034", "http.request.uri.query_tree": { "http.request.uri.query.parameter": "t=1489025956034" } }, "http.request.version": "HTTP\/1.1" }, "http.host": "t1.lumen.localhost:3030", "http.request.line": "Host: t1.lumen.localhost:3030\r\n", "http.connection": "keep-alive", "http.request.line": "Connection: keep-alive\r\n", "http.user_agent": "Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36", "http.request.line": "User-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36\r\n", "http.accept": "*\/*", "http.request.line": "Accept: *\/*\r\n", "http.referer": "http:\/\/t1.lumen.localhost:3030\/library", "http.request.line": "Referer: http:\/\/t1.lumen.localhost:3030\/library\r\n", "http.accept_encoding": "gzip, deflate, sdch, br", "http.request.line": "Accept-Encoding: gzip, deflate, sdch, br\r\n", "http.accept_language": "en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4", "http.request.line": "Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4\r\n", "\\r\\n": "", "http.request.full_uri": "http:\/\/t1.lumen.localhost:3030\/sockjs-node\/info?t=1489025956034", "http.request": "1", "http.request_number": "3", "http.prev_request_in": "45", "http.response_in": "57", "http.next_request_in": "69" } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:16.040340000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025956.040340000", "frame.time_delta": "0.003669000", "frame.time_delta_displayed": "0.003705000", "frame.time_relative": "6.317467000", "frame.number": "57", "frame.len": "423", "frame.cap_len": "423", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ip:tcp:http:data:json", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "2" }, "ip": { "ip.version": "4", "ip.hdr_len": "20", "ip.dsfield": "0x00000002", "ip.dsfield_tree": { "ip.dsfield.dscp": "0", "ip.dsfield.ecn": "2" }, "ip.len": "419", "ip.id": "0x0000e475", "ip.flags": "0x00000002", "ip.flags_tree": { "ip.flags.rb": "0", "ip.flags.df": "1", "ip.flags.mf": "0" }, "ip.frag_offset": "0", "ip.ttl": "64", "ip.proto": "6", "ip.checksum": "0x00000000", "ip.checksum.status": "2", "ip.src": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.src_host": "127.0.0.1", "ip.host": "127.0.0.1", "ip.dst": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.dst_host": "127.0.0.1", "ip.host": "127.0.0.1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "3030", "tcp.dstport": "54765", "tcp.port": "3030", "tcp.port": "54765", "tcp.stream": "7", "tcp.len": "367", "tcp.seq": "424", "tcp.nxtseq": "791", "tcp.ack": "1335", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12717", "tcp.window_size": "406944", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x0000ff97", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:30:2f:48:49:30:2c", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212756015, TSecr 1212756012": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212756015", "tcp.options.timestamp.tsecr": "1212756012" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000078000", "tcp.analysis.bytes_in_flight": "367", "tcp.analysis.push_bytes_sent": "367" } }, "http": { "HTTP\/1.1 200 OK\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.version": "HTTP\/1.1", "http.response.code": "200", "http.response.phrase": "OK" }, "http.response.line": "Access-Control-Allow-Origin: *\r\n", "http.response.line": "Vary: Origin\r\n", "http.cache_control": "no-store, no-cache, no-transform, must-revalidate, max-age=0", "http.response.line": "Cache-Control: no-store, no-cache, no-transform, must-revalidate, max-age=0\r\n", "http.content_type": "application\/json; charset=UTF-8", "http.response.line": "Content-Type: application\/json; charset=UTF-8\r\n", "http.date": "Thu, 09 Mar 2017 02:19:16 GMT", "http.response.line": "Date: Thu, 09 Mar 2017 02:19:16 GMT\r\n", "http.connection": "keep-alive", "http.response.line": "Connection: keep-alive\r\n", "http.transfer_encoding": "chunked", "http.response.line": "Transfer-Encoding: chunked\r\n", "\\r\\n": "", "http.response": "1", "http.response_number": "3", "http.time": "0.003705000", "http.prev_request_in": "45", "http.prev_response_in": "47", "http.request_in": "55", "http.next_request_in": "69", "http.next_response_in": "73", "HTTP chunked response": { "Data chunk (78 octets)": { "http.chunk_size": "78", "data": { "data.data": "7b:22:77:65:62:73:6f:63:6b:65:74:22:3a:74:72:75:65:2c:22:6f:72:69:67:69:6e:73:22:3a:5b:22:2a:3a:2a:22:5d:2c:22:63:6f:6f:6b:69:65:5f:6e:65:65:64:65:64:22:3a:66:61:6c:73:65:2c:22:65:6e:74:72:6f:70:79:22:3a:35:35:37:33:34:30:30:30:36:7d", "data.len": "78" }, "http.chunk_boundary": "0d:0a" }, "End of chunked encoding": { "http.chunk_size": "0" }, "\\r\\n": "" }, "http.file_data": "{\"websocket\":true,\"origins\":[\"*:*\"],\"cookie_needed\":false,\"entropy\":557340006}" }, "json": { "json.object": { "json.member": { "json.value.true": "", "json.key": "websocket" }, "json.member": { "json.array": { "json.value.string": "*:*" }, "json.key": "origins" }, "json.member": { "json.value.false": "", "json.key": "cookie_needed" }, "json.member": { "json.value.number": "557340006", "json.key": "entropy" } } } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:16.049876000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025956.049876000", "frame.time_delta": "0.004154000", "frame.time_delta_displayed": "0.009536000", "frame.time_relative": "6.327003000", "frame.number": "63", "frame.len": "419", "frame.cap_len": "419", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ip:tcp:http", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "2" }, "ip": { "ip.version": "4", "ip.hdr_len": "20", "ip.dsfield": "0x00000000", "ip.dsfield_tree": { "ip.dsfield.dscp": "0", "ip.dsfield.ecn": "0" }, "ip.len": "415", "ip.id": "0x000029db", "ip.flags": "0x00000002", "ip.flags_tree": { "ip.flags.rb": "0", "ip.flags.df": "1", "ip.flags.mf": "0" }, "ip.frag_offset": "0", "ip.ttl": "64", "ip.proto": "6", "ip.checksum": "0x00000000", "ip.checksum.status": "2", "ip.src": "192.168.0.14", "ip.addr": "192.168.0.14", "ip.src_host": "192.168.0.14", "ip.host": "192.168.0.14", "ip.dst": "192.168.0.14", "ip.addr": "192.168.0.14", "ip.dst_host": "192.168.0.14", "ip.host": "192.168.0.14", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "54767", "tcp.dstport": "3000", "tcp.port": "54767", "tcp.port": "3000", "tcp.stream": "9", "tcp.len": "363", "tcp.seq": "1", "tcp.nxtseq": "364", "tcp.ack": "1", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12759", "tcp.window_size": "408288", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x000082fe", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:30:38:48:49:30:34", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212756024, TSecr 1212756020": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212756024", "tcp.options.timestamp.tsecr": "1212756020" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000094000", "tcp.analysis.bytes_in_flight": "363", "tcp.analysis.push_bytes_sent": "363" } }, "http": { "GET \/env HTTP\/1.1\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "GET \/env HTTP\/1.1\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.method": "GET", "http.request.uri": "\/env", "http.request.version": "HTTP\/1.1" }, "http.accept_language": "en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4", "http.request.line": "accept-language: en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4\r\n", "http.accept_encoding": "gzip, deflate, sdch, br", "http.request.line": "accept-encoding: gzip, deflate, sdch, br\r\n", "http.referer": "http:\/\/t1.lumen.localhost:3030\/library", "http.request.line": "referer: http:\/\/t1.lumen.localhost:3030\/library\r\n", "http.accept": "*\/*", "http.request.line": "accept: *\/*\r\n", "http.user_agent": "Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36", "http.request.line": "user-agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36\r\n", "http.connection": "close", "http.request.line": "connection: close\r\n", "http.host": "t1.lumen.localhost:3030", "http.request.line": "host: t1.lumen.localhost:3030\r\n", "\\r\\n": "", "http.request.full_uri": "http:\/\/t1.lumen.localhost:3030\/env", "http.request": "1", "http.request_number": "1", "http.response_in": "81" } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:16.066224000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025956.066224000", "frame.time_delta": "0.000798000", "frame.time_delta_displayed": "0.016348000", "frame.time_relative": "6.343351000", "frame.number": "69", "frame.len": "509", "frame.cap_len": "509", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ip:tcp:http", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "2" }, "ip": { "ip.version": "4", "ip.hdr_len": "20", "ip.dsfield": "0x00000000", "ip.dsfield_tree": { "ip.dsfield.dscp": "0", "ip.dsfield.ecn": "0" }, "ip.len": "505", "ip.id": "0x0000236e", "ip.flags": "0x00000002", "ip.flags_tree": { "ip.flags.rb": "0", "ip.flags.df": "1", "ip.flags.mf": "0" }, "ip.frag_offset": "0", "ip.ttl": "64", "ip.proto": "6", "ip.checksum": "0x00000000", "ip.checksum.status": "2", "ip.src": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.src_host": "127.0.0.1", "ip.host": "127.0.0.1", "ip.dst": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.dst_host": "127.0.0.1", "ip.host": "127.0.0.1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "54765", "tcp.dstport": "3030", "tcp.port": "54765", "tcp.port": "3030", "tcp.stream": "7", "tcp.len": "453", "tcp.seq": "1335", "tcp.nxtseq": "1788", "tcp.ack": "791", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12734", "tcp.window_size": "407488", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x0000ffed", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:30:47:48:49:30:2f", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212756039, TSecr 1212756015": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212756039", "tcp.options.timestamp.tsecr": "1212756015" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000078000", "tcp.analysis.bytes_in_flight": "453", "tcp.analysis.push_bytes_sent": "453" } }, "http": { "GET \/favicon.ico HTTP\/1.1\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "GET \/favicon.ico HTTP\/1.1\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.method": "GET", "http.request.uri": "\/favicon.ico", "http.request.version": "HTTP\/1.1" }, "http.host": "t1.lumen.localhost:3030", "http.request.line": "Host: t1.lumen.localhost:3030\r\n", "http.connection": "keep-alive", "http.request.line": "Connection: keep-alive\r\n", "http.user_agent": "Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36", "http.request.line": "User-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36\r\n", "http.accept": "image\/webp,image\/*,*\/*;q=0.8", "http.request.line": "Accept: image\/webp,image\/*,*\/*;q=0.8\r\n", "http.referer": "http:\/\/t1.lumen.localhost:3030\/library", "http.request.line": "Referer: http:\/\/t1.lumen.localhost:3030\/library\r\n", "http.accept_encoding": "gzip, deflate, sdch, br", "http.request.line": "Accept-Encoding: gzip, deflate, sdch, br\r\n", "http.accept_language": "en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4", "http.request.line": "Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4\r\n", "http.request.line": "If-None-Match: W\/\"22f-yjaM2RvlkdfqS0jVUSsumj\/Lpw8\"\r\n", "\\r\\n": "", "http.request.full_uri": "http:\/\/t1.lumen.localhost:3030\/favicon.ico", "http.request": "1", "http.request_number": "4", "http.prev_request_in": "55", "http.response_in": "73", "http.next_request_in": "117" } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:16.066425000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025956.066425000", "frame.time_delta": "0.000168000", "frame.time_delta_displayed": "0.000201000", "frame.time_relative": "6.343552000", "frame.number": "71", "frame.len": "635", "frame.cap_len": "635", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ip:tcp:http", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "2" }, "ip": { "ip.version": "4", "ip.hdr_len": "20", "ip.dsfield": "0x00000002", "ip.dsfield_tree": { "ip.dsfield.dscp": "0", "ip.dsfield.ecn": "2" }, "ip.len": "631", "ip.id": "0x00001597", "ip.flags": "0x00000002", "ip.flags_tree": { "ip.flags.rb": "0", "ip.flags.df": "1", "ip.flags.mf": "0" }, "ip.frag_offset": "0", "ip.ttl": "64", "ip.proto": "6", "ip.checksum": "0x00000000", "ip.checksum.status": "2", "ip.src": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.src_host": "127.0.0.1", "ip.host": "127.0.0.1", "ip.dst": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.dst_host": "127.0.0.1", "ip.host": "127.0.0.1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "54768", "tcp.dstport": "3030", "tcp.port": "54768", "tcp.port": "3030", "tcp.stream": "10", "tcp.len": "579", "tcp.seq": "1", "tcp.nxtseq": "580", "tcp.ack": "1", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12759", "tcp.window_size": "408288", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x0000006c", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:30:48:48:49:30:47", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212756040, TSecr 1212756039": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212756040", "tcp.options.timestamp.tsecr": "1212756039" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000088000", "tcp.analysis.bytes_in_flight": "579", "tcp.analysis.push_bytes_sent": "579" } }, "http": { "GET \/sockjs-node\/439\/ud1tasav\/websocket HTTP\/1.1\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "GET \/sockjs-node\/439\/ud1tasav\/websocket HTTP\/1.1\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.method": "GET", "http.request.uri": "\/sockjs-node\/439\/ud1tasav\/websocket", "http.request.version": "HTTP\/1.1" }, "http.host": "t1.lumen.localhost:3030", "http.request.line": "Host: t1.lumen.localhost:3030\r\n", "http.connection": "Upgrade", "http.request.line": "Connection: Upgrade\r\n", "http.request.line": "Pragma: no-cache\r\n", "http.cache_control": "no-cache", "http.request.line": "Cache-Control: no-cache\r\n", "http.upgrade": "websocket", "http.request.line": "Upgrade: websocket\r\n", "http.request.line": "Origin: http:\/\/t1.lumen.localhost:3030\r\n", "http.sec_websocket_version": "13", "http.request.line": "Sec-WebSocket-Version: 13\r\n", "http.user_agent": "Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36", "http.request.line": "User-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36\r\n", "http.accept_encoding": "gzip, deflate, sdch, br", "http.request.line": "Accept-Encoding: gzip, deflate, sdch, br\r\n", "http.accept_language": "en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4", "http.request.line": "Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4\r\n", "http.sec_websocket_key": "hzNNdaEWGEsYxBkGRRJZeA==", "http.request.line": "Sec-WebSocket-Key: hzNNdaEWGEsYxBkGRRJZeA==\r\n", "http.sec_websocket_extensions": "permessage-deflate; client_max_window_bits", "http.request.line": "Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits\r\n", "\\r\\n": "", "http.request.full_uri": "http:\/\/t1.lumen.localhost:3030\/sockjs-node\/439\/ud1tasav\/websocket", "http.request": "1", "http.request_number": "1", "http.response_in": "75" } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:16.068648000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025956.068648000", "frame.time_delta": "0.002207000", "frame.time_delta_displayed": "0.002223000", "frame.time_relative": "6.345775000", "frame.number": "73", "frame.len": "266", "frame.cap_len": "266", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ip:tcp:http", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "2" }, "ip": { "ip.version": "4", "ip.hdr_len": "20", "ip.dsfield": "0x00000002", "ip.dsfield_tree": { "ip.dsfield.dscp": "0", "ip.dsfield.ecn": "2" }, "ip.len": "262", "ip.id": "0x0000c117", "ip.flags": "0x00000002", "ip.flags_tree": { "ip.flags.rb": "0", "ip.flags.df": "1", "ip.flags.mf": "0" }, "ip.frag_offset": "0", "ip.ttl": "64", "ip.proto": "6", "ip.checksum": "0x00000000", "ip.checksum.status": "2", "ip.src": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.src_host": "127.0.0.1", "ip.host": "127.0.0.1", "ip.dst": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.dst_host": "127.0.0.1", "ip.host": "127.0.0.1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "3030", "tcp.dstport": "54765", "tcp.port": "3030", "tcp.port": "54765", "tcp.stream": "7", "tcp.len": "210", "tcp.seq": "791", "tcp.nxtseq": "1001", "tcp.ack": "1788", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12703", "tcp.window_size": "406496", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x0000fefa", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:30:4a:48:49:30:47", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212756042, TSecr 1212756039": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212756042", "tcp.options.timestamp.tsecr": "1212756039" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000078000", "tcp.analysis.bytes_in_flight": "210", "tcp.analysis.push_bytes_sent": "210" } }, "http": { "HTTP\/1.1 304 Not Modified\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "HTTP\/1.1 304 Not Modified\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.version": "HTTP\/1.1", "http.response.code": "304", "http.response.phrase": "Not Modified" }, "http.response.line": "X-Powered-By: Express\r\n", "http.response.line": "Accept-Ranges: bytes\r\n", "http.response.line": "Access-Control-Allow-Origin: *\r\n", "http.response.line": "ETag: W\/\"22f-yjaM2RvlkdfqS0jVUSsumj\/Lpw8\"\r\n", "http.date": "Thu, 09 Mar 2017 02:19:16 GMT", "http.response.line": "Date: Thu, 09 Mar 2017 02:19:16 GMT\r\n", "http.connection": "keep-alive", "http.response.line": "Connection: keep-alive\r\n", "\\r\\n": "", "http.response": "1", "http.response_number": "4", "http.time": "0.002424000", "http.prev_request_in": "55", "http.prev_response_in": "57", "http.request_in": "69", "http.next_request_in": "117", "http.next_response_in": "119" } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:16.092428000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025956.092428000", "frame.time_delta": "0.023746000", "frame.time_delta_displayed": "0.023780000", "frame.time_relative": "6.369555000", "frame.number": "75", "frame.len": "185", "frame.cap_len": "185", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ip:tcp:http", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "2" }, "ip": { "ip.version": "4", "ip.hdr_len": "20", "ip.dsfield": "0x00000002", "ip.dsfield_tree": { "ip.dsfield.dscp": "0", "ip.dsfield.ecn": "2" }, "ip.len": "181", "ip.id": "0x00007f31", "ip.flags": "0x00000002", "ip.flags_tree": { "ip.flags.rb": "0", "ip.flags.df": "1", "ip.flags.mf": "0" }, "ip.frag_offset": "0", "ip.ttl": "64", "ip.proto": "6", "ip.checksum": "0x00000000", "ip.checksum.status": "2", "ip.src": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.src_host": "127.0.0.1", "ip.host": "127.0.0.1", "ip.dst": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.dst_host": "127.0.0.1", "ip.host": "127.0.0.1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "3030", "tcp.dstport": "54768", "tcp.port": "3030", "tcp.port": "54768", "tcp.stream": "10", "tcp.len": "129", "tcp.seq": "1", "tcp.nxtseq": "130", "tcp.ack": "580", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12741", "tcp.window_size": "407712", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x0000fea9", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:30:60:48:49:30:48", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212756064, TSecr 1212756040": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212756064", "tcp.options.timestamp.tsecr": "1212756040" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000088000", "tcp.analysis.bytes_in_flight": "129", "tcp.analysis.push_bytes_sent": "129" } }, "http": { "HTTP\/1.1 101 Switching Protocols\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "HTTP\/1.1 101 Switching Protocols\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.version": "HTTP\/1.1", "http.response.code": "101", "http.response.phrase": "Switching Protocols" }, "http.upgrade": "websocket", "http.response.line": "Upgrade: websocket\r\n", "http.connection": "Upgrade", "http.response.line": "Connection: Upgrade\r\n", "http.sec_websocket_accept": "NY7c4JQeBXpqYnwUiHZwT5zJkSQ=", "http.response.line": "Sec-WebSocket-Accept: NY7c4JQeBXpqYnwUiHZwT5zJkSQ=\r\n", "\\r\\n": "", "http.response": "1", "http.response_number": "1", "http.time": "0.026003000", "http.request_in": "71" } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:16.220254000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025956.220254000", "frame.time_delta": "0.124800000", "frame.time_delta_displayed": "0.127826000", "frame.time_relative": "6.497381000", "frame.number": "81", "frame.len": "304", "frame.cap_len": "304", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ip:tcp:http:json", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "2" }, "ip": { "ip.version": "4", "ip.hdr_len": "20", "ip.dsfield": "0x00000000", "ip.dsfield_tree": { "ip.dsfield.dscp": "0", "ip.dsfield.ecn": "0" }, "ip.len": "300", "ip.id": "0x00000f4d", "ip.flags": "0x00000002", "ip.flags_tree": { "ip.flags.rb": "0", "ip.flags.df": "1", "ip.flags.mf": "0" }, "ip.frag_offset": "0", "ip.ttl": "64", "ip.proto": "6", "ip.checksum": "0x00000000", "ip.checksum.status": "2", "ip.src": "192.168.0.14", "ip.addr": "192.168.0.14", "ip.src_host": "192.168.0.14", "ip.host": "192.168.0.14", "ip.dst": "192.168.0.14", "ip.addr": "192.168.0.14", "ip.dst_host": "192.168.0.14", "ip.host": "192.168.0.14", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "3000", "tcp.dstport": "54767", "tcp.port": "3000", "tcp.port": "54767", "tcp.stream": "9", "tcp.len": "248", "tcp.seq": "1", "tcp.nxtseq": "249", "tcp.ack": "364", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12748", "tcp.window_size": "407936", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x0000828b", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:30:de:48:49:30:38", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212756190, TSecr 1212756024": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212756190", "tcp.options.timestamp.tsecr": "1212756024" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000094000", "tcp.analysis.bytes_in_flight": "248", "tcp.analysis.push_bytes_sent": "248" } }, "http": { "HTTP\/1.1 200 OK\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.version": "HTTP\/1.1", "http.response.code": "200", "http.response.phrase": "OK" }, "http.connection": "close", "http.response.line": "Connection: close\r\n", "http.server": "undertow", "http.response.line": "Server: undertow\r\n", "http.content_type": "application\/json; charset=utf-8", "http.response.line": "Content-Type: application\/json; charset=utf-8\r\n", "http.content_length_header": "88", "http.content_length_header_tree": { "http.content_length": "88" }, "http.response.line": "Content-Length: 88\r\n", "http.date": "Thu, 09 Mar 2017 02:19:16 GMT", "http.response.line": "Date: Thu, 09 Mar 2017 02:19:16 GMT\r\n", "\\r\\n": "", "http.response": "1", "http.response_number": "1", "http.time": "0.170378000", "http.request_in": "63", "http.file_data": "{\"keycloakClient\":\"akvo-lumen\",\"keycloakURL\":\"http:\/\/localhost:8080\/auth\",\"tenant\":\"t1\"}" }, "json": { "json.object": { "json.member": { "json.value.string": "akvo-lumen", "json.key": "keycloakClient" }, "json.member": { "json.value.string": "http:\/\/localhost:8080\/auth", "json.key": "keycloakURL" }, "json.member": { "json.value.string": "t1", "json.key": "tenant" } } } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:16.827706000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025956.827706000", "frame.time_delta": "0.001038000", "frame.time_delta_displayed": "0.607452000", "frame.time_relative": "7.104833000", "frame.number": "89", "frame.len": "327", "frame.cap_len": "327", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ip:tcp:http:json", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "2" }, "ip": { "ip.version": "4", "ip.hdr_len": "20", "ip.dsfield": "0x00000002", "ip.dsfield_tree": { "ip.dsfield.dscp": "0", "ip.dsfield.ecn": "2" }, "ip.len": "323", "ip.id": "0x00003cd5", "ip.flags": "0x00000002", "ip.flags_tree": { "ip.flags.rb": "0", "ip.flags.df": "1", "ip.flags.mf": "0" }, "ip.frag_offset": "0", "ip.ttl": "64", "ip.proto": "6", "ip.checksum": "0x00000000", "ip.checksum.status": "2", "ip.src": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.src_host": "127.0.0.1", "ip.host": "127.0.0.1", "ip.dst": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.dst_host": "127.0.0.1", "ip.host": "127.0.0.1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "3030", "tcp.dstport": "54766", "tcp.port": "3030", "tcp.port": "54766", "tcp.stream": "8", "tcp.len": "271", "tcp.seq": "1", "tcp.nxtseq": "272", "tcp.ack": "369", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12747", "tcp.window_size": "407904", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x0000ff37", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:33:3c:48:49:30:1d", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212756796, TSecr 1212755997": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212756796", "tcp.options.timestamp.tsecr": "1212755997" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000094000", "tcp.analysis.bytes_in_flight": "271", "tcp.analysis.push_bytes_sent": "271" } }, "http": { "HTTP\/1.1 200 OK\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.version": "HTTP\/1.1", "http.response.code": "200", "http.response.phrase": "OK" }, "http.response.line": "X-Powered-By: Express\r\n", "http.connection": "close", "http.response.line": "connection: close\r\n", "http.server": "undertow", "http.response.line": "server: undertow\r\n", "http.content_type": "application\/json; charset=utf-8", "http.response.line": "content-type: application\/json; charset=utf-8\r\n", "http.content_length_header": "88", "http.content_length_header_tree": { "http.content_length": "88" }, "http.response.line": "content-length: 88\r\n", "http.date": "Thu, 09 Mar 2017 02:19:16 GMT", "http.response.line": "date: Thu, 09 Mar 2017 02:19:16 GMT\r\n", "\\r\\n": "", "http.response": "1", "http.response_number": "1", "http.time": "0.806594000", "http.request_in": "53", "http.file_data": "{\"keycloakClient\":\"akvo-lumen\",\"keycloakURL\":\"http:\/\/localhost:8080\/auth\",\"tenant\":\"t1\"}" }, "json": { "json.object": { "json.member": { "json.value.string": "akvo-lumen", "json.key": "keycloakClient" }, "json.member": { "json.value.string": "http:\/\/localhost:8080\/auth", "json.key": "keycloakURL" }, "json.member": { "json.value.string": "t1", "json.key": "tenant" } } } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:16.854626000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025956.854626000", "frame.time_delta": "0.000172000", "frame.time_delta_displayed": "0.026920000", "frame.time_relative": "7.131753000", "frame.number": "101", "frame.len": "802", "frame.cap_len": "802", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ipv6:tcp:http", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "30" }, "ipv6": { "ipv6.version": "6", "ip.version": "6", "ipv6.tclass": "0x00000002", "ipv6.tclass_tree": { "ipv6.tclass.dscp": "0", "ipv6.tclass.ecn": "2" }, "ipv6.flow": "0x0009438e", "ipv6.plen": "758", "ipv6.nxt": "6", "ipv6.hlim": "64", "ipv6.src": "::1", "ipv6.addr": "::1", "ipv6.src_host": "::1", "ipv6.host": "::1", "ipv6.dst": "::1", "ipv6.addr": "::1", "ipv6.dst_host": "::1", "ipv6.host": "::1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "54769", "tcp.dstport": "8080", "tcp.port": "54769", "tcp.port": "8080", "tcp.stream": "11", "tcp.len": "726", "tcp.seq": "1", "tcp.nxtseq": "727", "tcp.ack": "1", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12743", "tcp.window_size": "407776", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x000002fe", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:33:55:48:49:33:55", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212756821, TSecr 1212756821": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212756821", "tcp.options.timestamp.tsecr": "1212756821" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000103000", "tcp.analysis.bytes_in_flight": "726", "tcp.analysis.push_bytes_sent": "726" } }, "http": { " [truncated]GET \/auth\/realms\/akvo\/protocol\/openid-connect\/auth?client_id=akvo-lumen&redirect_uri=http%3A%2F%2Ft1.lumen.localhost%3A3030%2Flibrary&state=df2892a9-623d-4d00-8a31-38aab26f8db4&nonce=6a002e6f-e5bc-4c45-ad79-9f44ff43c8e5&respons": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "GET \/auth\/realms\/akvo\/protocol\/openid-connect\/auth?client_id=akvo-lumen&redirect_uri=http%3A%2F%2Ft1.lumen.localhost%3A3030%2Flibrary&state=df2892a9-623d-4d00-8a31-38aab26f8db4&nonce=6a002e6f-e5bc-4c45-ad79-9f44ff43c8e5&response_mode=fragm", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.method": "GET", "http.request.uri": "\/auth\/realms\/akvo\/protocol\/openid-connect\/auth?client_id=akvo-lumen&redirect_uri=http%3A%2F%2Ft1.lumen.localhost%3A3030%2Flibrary&state=df2892a9-623d-4d00-8a31-38aab26f8db4&nonce=6a002e6f-e5bc-4c45-ad79-9f44ff43c8e5&response_mode=fragment&response_type=code&scope=openid", "http.request.uri_tree": { "http.request.uri.path": "\/auth\/realms\/akvo\/protocol\/openid-connect\/auth", "http.request.uri.query": "client_id=akvo-lumen&redirect_uri=http%3A%2F%2Ft1.lumen.localhost%3A3030%2Flibrary&state=df2892a9-623d-4d00-8a31-38aab26f8db4&nonce=6a002e6f-e5bc-4c45-ad79-9f44ff43c8e5&response_mode=fragment&response_type=code&scope=openid", "http.request.uri.query_tree": { "http.request.uri.query.parameter": "client_id=akvo-lumen", "http.request.uri.query.parameter": "redirect_uri=http%3A%2F%2Ft1.lumen.localhost%3A3030%2Flibrary", "http.request.uri.query.parameter": "state=df2892a9-623d-4d00-8a31-38aab26f8db4", "http.request.uri.query.parameter": "nonce=6a002e6f-e5bc-4c45-ad79-9f44ff43c8e5", "http.request.uri.query.parameter": "response_mode=fragment", "http.request.uri.query.parameter": "response_type=code", "http.request.uri.query.parameter": "scope=openid" } }, "http.request.version": "HTTP\/1.1" }, "http.host": "localhost:8080", "http.request.line": "Host: localhost:8080\r\n", "http.connection": "keep-alive", "http.request.line": "Connection: keep-alive\r\n", "http.request.line": "Upgrade-Insecure-Requests: 1\r\n", "http.user_agent": "Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36", "http.request.line": "User-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36\r\n", "http.accept": "text\/html,application\/xhtml+xml,application\/xml;q=0.9,image\/webp,*\/*;q=0.8", "http.request.line": "Accept: text\/html,application\/xhtml+xml,application\/xml;q=0.9,image\/webp,*\/*;q=0.8\r\n", "http.referer": "http:\/\/t1.lumen.localhost:3030\/library", "http.request.line": "Referer: http:\/\/t1.lumen.localhost:3030\/library\r\n", "http.accept_encoding": "gzip, deflate, sdch, br", "http.request.line": "Accept-Encoding: gzip, deflate, sdch, br\r\n", "http.accept_language": "en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4", "http.request.line": "Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4\r\n", "\\r\\n": "", "http.request.full_uri": "http:\/\/localhost:8080\/auth\/realms\/akvo\/protocol\/openid-connect\/auth?client_id=akvo-lumen&redirect_uri=http%3A%2F%2Ft1.lumen.localhost%3A3030%2Flibrary&state=df2892a9-623d-4d00-8a31-38aab26f8db4&nonce=6a002e6f-e5bc-4c45-ad79-9f44ff43c8e5&response_mode=fragment&response_type=code&scope=openid", "http.request": "1", "http.request_number": "1", "http.response_in": "103", "http.next_request_in": "113" } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:17.088564000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025957.088564000", "frame.time_delta": "0.233911000", "frame.time_delta_displayed": "0.233938000", "frame.time_relative": "7.365691000", "frame.number": "103", "frame.len": "4807", "frame.cap_len": "4807", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ipv6:tcp:http:data-text-lines", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "30" }, "ipv6": { "ipv6.version": "6", "ip.version": "6", "ipv6.tclass": "0x00000002", "ipv6.tclass_tree": { "ipv6.tclass.dscp": "0", "ipv6.tclass.ecn": "2" }, "ipv6.flow": "0x00090cc8", "ipv6.plen": "4763", "ipv6.nxt": "6", "ipv6.hlim": "64", "ipv6.src": "::1", "ipv6.addr": "::1", "ipv6.src_host": "::1", "ipv6.host": "::1", "ipv6.dst": "::1", "ipv6.addr": "::1", "ipv6.dst_host": "::1", "ipv6.host": "::1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "8080", "tcp.dstport": "54769", "tcp.port": "8080", "tcp.port": "54769", "tcp.stream": "11", "tcp.len": "4731", "tcp.seq": "1", "tcp.nxtseq": "4732", "tcp.ack": "727", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12721", "tcp.window_size": "407072", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x000012a3", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:34:3c:48:49:33:55", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212757052, TSecr 1212756821": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212757052", "tcp.options.timestamp.tsecr": "1212756821" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000103000", "tcp.analysis.bytes_in_flight": "4731", "tcp.analysis.push_bytes_sent": "4731" } }, "http": { "HTTP\/1.1 200 OK\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.version": "HTTP\/1.1", "http.response.code": "200", "http.response.phrase": "OK" }, "http.cache_control": "no-store, must-revalidate, max-age=0", "http.response.line": "Cache-Control: no-store, must-revalidate, max-age=0\r\n", "http.response.line": "X-Powered-By: Undertow\/1\r\n", "http.set_cookie": "KC_RESTART=eyJhbGciOiJIUzI1NiIsImtpZCIgOiAiNDdmNmU5MjktN2I1NC00MTdkLWJiYTMtM2YwY2M3M2NjNTNjIn0.eyJjcyI6Ijc4NmJlOTQxLWRiYmYtNDg2MC04MGMzLTI0ZjQ2MDU3NzI4NiIsImNpZCI6ImFrdm8tbHVtZW4iLCJwdHkiOiJvcGVuaWQtY29ubmVjdCIsInJ1cmkiOiJodHRwOi8vdDEubHVtZW4ubG9jYWxob3N0OjMwMzAvbGlicmFyeSIsImFjdCI6IkFVVEhFTlRJQ0FURSIsIm5vdGVzIjp7ImF1dGhfdHlwZSI6ImNvZGUiLCJzY29wZSI6Im9wZW5pZCIsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC9hdXRoL3JlYWxtcy9ha3ZvIiwicmVzcG9uc2VfdHlwZSI6ImNvZGUiLCJyZWRpcmVjdF91cmkiOiJodHRwOi8vdDEubHVtZW4ubG9jYWxob3N0OjMwMzAvbGlicmFyeSIsInN0YXRlIjoiZGYyODkyYTktNjIzZC00ZDAwLThhMzEtMzhhYWIyNmY4ZGI0Iiwibm9uY2UiOiI2YTAwMmU2Zi1lNWJjLTRjNDUtYWQ3OS05ZjQ0ZmY0M2M4ZTUiLCJyZXNwb25zZV9tb2RlIjoiZnJhZ21lbnQifX0.3vOGzyxhp-dGq6qnfNdcgNSAGmejeTo5yyC3UezmrA8; Version=1; Path=\/auth\/realms\/akvo; HttpOnly", "http.response.line": "Set-Cookie: KC_RESTART=eyJhbGciOiJIUzI1NiIsImtpZCIgOiAiNDdmNmU5MjktN2I1NC00MTdkLWJiYTMtM2YwY2M3M2NjNTNjIn0.eyJjcyI6Ijc4NmJlOTQxLWRiYmYtNDg2MC04MGMzLTI0ZjQ2MDU3NzI4NiIsImNpZCI6ImFrdm8tbHVtZW4iLCJwdHkiOiJvcGVuaWQtY29ubmVjdCIsInJ1cmkiOiJodHRwOi8vdDEubHVtZW4ubG9jYWxob3N0OjMwMzAvbGlicmFyeSIsImFjdCI6IkFVVEhFTlRJQ0FURSIsIm5vdGVzIjp7ImF1dGhfdHlwZSI6ImNvZGUiLCJzY29wZSI6Im9wZW5pZCIsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC9hdXRoL3JlYWxtcy9ha3ZvIiwicmVzcG9uc2VfdHlwZSI6ImNvZGUiLCJyZWRpcmVjdF91cmkiOiJodHRwOi8vdDEubHVtZW4ubG9jYWxob3N0OjMwMzAvbGlicmFyeSIsInN0YXRlIjoiZGYyODkyYTktNjIzZC00ZDAwLThhMzEtMzhhYWIyNmY4ZGI0Iiwibm9uY2UiOiI2YTAwMmU2Zi1lNWJjLTRjNDUtYWQ3OS05ZjQ0ZmY0M2M4ZTUiLCJyZXNwb25zZV9tb2RlIjoiZnJhZ21lbnQifX0.3vOGzyxhp-dGq6qnfNdcgNSAGmejeTo5yyC3UezmrA8; Version=1; Path=\/auth\/realms\/akvo; HttpOnly\r\n", "http.server": "WildFly\/10", "http.response.line": "Server: WildFly\/10\r\n", "http.response.line": "X-Frame-Options: SAMEORIGIN\r\n", "http.response.line": "Content-Security-Policy: frame-src 'self'\r\n", "http.date": "Thu, 09 Mar 2017 02:19:17 GMT", "http.response.line": "Date: Thu, 09 Mar 2017 02:19:17 GMT\r\n", "http.connection": "keep-alive", "http.response.line": "Connection: keep-alive\r\n", "http.response.line": "X-Content-Type-Options: nosniff\r\n", "http.content_type": "text\/html;charset=utf-8", "http.response.line": "Content-Type: text\/html;charset=utf-8\r\n", "http.content_length_header": "3589", "http.content_length_header_tree": { "http.content_length": "3589" }, "http.response.line": "Content-Length: 3589\r\n", "\\r\\n": "", "http.response": "1", "http.response_number": "1", "http.time": "0.233938000", "http.request_in": "101", "http.next_request_in": "113", "http.next_response_in": "115", "http.file_data": "\n\n\n\n \n \n \n\n \n Log in to akvo\n<\/title>\n <link rel=\"icon\" href=\"\/auth\/resources\/2.5.0.final\/login\/keycloak\/img\/favicon.ico\" \/>\n <link href=\"\/auth\/resources\/2.5.0.final\/login\/keycloak\/lib\/patternfly\/css\/patternfly.css\" rel=\"stylesheet\" \/>\n <link href=\"\/auth\/resources\/2.5.0.final\/login\/keycloak\/lib\/zocial\/zocial.css\" rel=\"stylesheet\" \/>\n <link href=\"\/auth\/resources\/2.5.0.final\/login\/keycloak\/css\/login.css\" rel=\"stylesheet\" \/>\n<\/head>\n\n<body class=\"\">\n <div id=\"kc-logo\"><a href=\"http:\/\/www.keycloak.org\"><div id=\"kc-logo-wrapper\"><\/div><\/a><\/div>\n\n <div id=\"kc-container\" class=\"\">\n <div id=\"kc-container-wrapper\" class=\"\">\n\n <div id=\"kc-header\" class=\"col-xs-12 col-sm-8 col-md-8 col-lg-7\">\n <div id=\"kc-header-wrapper\" class=\"\"> akvo\n<\/div>\n <\/div>\n\n\n <div id=\"kc-content\" class=\"col-sm-12 col-md-12 col-lg-12 container\">\n <div id=\"kc-content-wrapper\" class=\"row\">\n\n\n <div id=\"kc-form\" class=\"col-xs-12 col-sm-8 col-md-8 col-lg-7 login\">\n <div id=\"kc-form-wrapper\" class=\"\">\n <form id=\"kc-form-login\" class=\"form-horizontal\" action=\"http:\/\/localhost:8080\/auth\/realms\/akvo\/login-actions\/authenticate?code=9SG716c4Vtovom4imrySQf5MJ8VOY43fknNpNcMnBC4.786be941-dbbf-4860-80c3-24f460577286&execution=99f62daf-cc94-403c-8544-aff95298f592\" method=\"post\">\n <div class=\"form-group\">\n <div class=\"col-xs-12 col-sm-12 col-md-4 col-lg-3\">\n <label for=\"username\" class=\"control-label\">Username or email<\/label>\n <\/div>\n\n <div class=\"col-xs-12 col-sm-12 col-md-8 col-lg-9\">\n <input id=\"username\" class=\"form-control\" name=\"username\" value=\"\" type=\"text\" autofocus autocomplete=\"off\" \/>\n <\/div>\n <\/div>\n\n <div class=\"form-group\">\n <div class=\"col-xs-12 col-sm-12 col-md-4 col-lg-3\">\n <label for=\"password\" class=\"control-label\">Password<\/label>\n <\/div>\n\n <div class=\"col-xs-12 col-sm-12 col-md-8 col-lg-9\">\n <input id=\"password\" class=\"form-control\" name=\"password\" type=\"password\" autocomplete=\"off\" \/>\n <\/div>\n <\/div>\n\n <div class=\"form-group\">\n <div id=\"kc-form-options\" class=\"col-xs-4 col-sm-5 col-md-offset-4 col-md-4 col-lg-offset-3 col-lg-5\">\n <div class=\"\">\n <\/div>\n <\/div>\n\n <div id=\"kc-form-buttons\" class=\"col-xs-8 col-sm-7 col-md-4 col-lg-4 submit\">\n <div class=\"\">\n <input class=\"btn btn-primary btn-lg\" name=\"login\" id=\"kc-login\" type=\"submit\" value=\"Log in\"\/>\n <\/div>\n <\/div>\n <\/div>\n <\/form>\n <\/div>\n <\/div>\n\n <\/div>\n <\/div>\n <\/div>\n <\/div>\n<\/body>\n<\/html>\n" }, "data-text-lines": { "<!DOCTYPE html PUBLIC \"-\/\/W3C\/\/DTD XHTML 1.0 Transitional\/\/EN\" \"http:\/\/www.w3.org\/TR\/xhtml1\/DTD\/xhtml1-transitional.dtd\">\\n": "", "<html xmlns=\"http:\/\/www.w3.org\/1999\/xhtml\" class=\"login-pf\">\\n": "", "\\n": "", "<head>\\n": "", " <meta charset=\"utf-8\">\\n": "", " <meta http-equiv=\"Content-Type\" content=\"text\/html; charset=UTF-8\" \/>\\n": "", " <meta name=\"robots\" content=\"noindex, nofollow\">\\n": "", "\\n": "", " <meta name=\"viewport\" content=\"width=device-width,initial-scale=1\"\/>\\n": "", " <title> Log in to akvo\\n": "", "<\/title>\\n": "", " <link rel=\"icon\" href=\"\/auth\/resources\/2.5.0.final\/login\/keycloak\/img\/favicon.ico\" \/>\\n": "", " <link href=\"\/auth\/resources\/2.5.0.final\/login\/keycloak\/lib\/patternfly\/css\/patternfly.css\" rel=\"stylesheet\" \/>\\n": "", " <link href=\"\/auth\/resources\/2.5.0.final\/login\/keycloak\/lib\/zocial\/zocial.css\" rel=\"stylesheet\" \/>\\n": "", " <link href=\"\/auth\/resources\/2.5.0.final\/login\/keycloak\/css\/login.css\" rel=\"stylesheet\" \/>\\n": "", "<\/head>\\n": "", "\\n": "", "<body class=\"\">\\n": "", " <div id=\"kc-logo\"><a href=\"http:\/\/www.keycloak.org\"><div id=\"kc-logo-wrapper\"><\/div><\/a><\/div>\\n": "", "\\n": "", " <div id=\"kc-container\" class=\"\">\\n": "", " <div id=\"kc-container-wrapper\" class=\"\">\\n": "", "\\n": "", " <div id=\"kc-header\" class=\"col-xs-12 col-sm-8 col-md-8 col-lg-7\">\\n": "", " <div id=\"kc-header-wrapper\" class=\"\"> akvo\\n": "", "<\/div>\\n": "", " <\/div>\\n": "", "\\n": "", "\\n": "", " <div id=\"kc-content\" class=\"col-sm-12 col-md-12 col-lg-12 container\">\\n": "", " <div id=\"kc-content-wrapper\" class=\"row\">\\n": "", "\\n": "", "\\n": "", " <div id=\"kc-form\" class=\"col-xs-12 col-sm-8 col-md-8 col-lg-7 login\">\\n": "", " <div id=\"kc-form-wrapper\" class=\"\">\\n": "", " [truncated] <form id=\"kc-form-login\" class=\"form-horizontal\" action=\"http:\/\/localhost:8080\/auth\/realms\/akvo\/login-actions\/authenticate?code=9SG716c4Vtovom4imrySQf5MJ8VOY43fknNpNcMnBC4.786be941-dbbf-4860-80c3-24f460577286&execut": "", " <div class=\"form-group\">\\n": "", " <div class=\"col-xs-12 col-sm-12 col-md-4 col-lg-3\">\\n": "", " <label for=\"username\" class=\"control-label\">Username or email<\/label>\\n": "", " <\/div>\\n": "", "\\n": "", " <div class=\"col-xs-12 col-sm-12 col-md-8 col-lg-9\">\\n": "", " <input id=\"username\" class=\"form-control\" name=\"username\" value=\"\" type=\"text\" autofocus autocomplete=\"off\" \/>\\n": "", " <\/div>\\n": "", " <\/div>\\n": "", "\\n": "", " <div class=\"form-group\">\\n": "", " <div class=\"col-xs-12 col-sm-12 col-md-4 col-lg-3\">\\n": "", " <label for=\"password\" class=\"control-label\">Password<\/label>\\n": "", " <\/div>\\n": "", "\\n": "", " <div class=\"col-xs-12 col-sm-12 col-md-8 col-lg-9\">\\n": "", " <input id=\"password\" class=\"form-control\" name=\"password\" type=\"password\" autocomplete=\"off\" \/>\\n": "", " <\/div>\\n": "", " <\/div>\\n": "", "\\n": "", " <div class=\"form-group\">\\n": "", " <div id=\"kc-form-options\" class=\"col-xs-4 col-sm-5 col-md-offset-4 col-md-4 col-lg-offset-3 col-lg-5\">\\n": "", " <div class=\"\">\\n": "", " <\/div>\\n": "", " <\/div>\\n": "", "\\n": "", " <div id=\"kc-form-buttons\" class=\"col-xs-8 col-sm-7 col-md-4 col-lg-4 submit\">\\n": "", " <div class=\"\">\\n": "", " <input class=\"btn btn-primary btn-lg\" name=\"login\" id=\"kc-login\" type=\"submit\" value=\"Log in\"\/>\\n": "", " <\/div>\\n": "", " <\/div>\\n": "", " <\/div>\\n": "", " <\/form>\\n": "", " <\/div>\\n": "", " <\/div>\\n": "", "\\n": "", " <\/div>\\n": "", " <\/div>\\n": "", " <\/div>\\n": "", " <\/div>\\n": "", "<\/body>\\n": "", "<\/html>\\n": "" } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:23.564203000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025963.564203000", "frame.time_delta": "0.000013000", "frame.time_delta_displayed": "6.475639000", "frame.time_relative": "13.841330000", "frame.number": "113", "frame.len": "122", "frame.cap_len": "122", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ipv6:tcp:http:urlencoded-form", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "30" }, "ipv6": { "ipv6.version": "6", "ip.version": "6", "ipv6.tclass": "0x00000002", "ipv6.tclass_tree": { "ipv6.tclass.dscp": "0", "ipv6.tclass.ecn": "2" }, "ipv6.flow": "0x0009438e", "ipv6.plen": "78", "ipv6.nxt": "6", "ipv6.hlim": "64", "ipv6.src": "::1", "ipv6.addr": "::1", "ipv6.src_host": "::1", "ipv6.host": "::1", "ipv6.dst": "::1", "ipv6.addr": "::1", "ipv6.dst_host": "::1", "ipv6.host": "::1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "54769", "tcp.dstport": "8080", "tcp.port": "54769", "tcp.port": "8080", "tcp.stream": "11", "tcp.len": "46", "tcp.seq": "2482", "tcp.nxtseq": "2528", "tcp.ack": "4732", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12595", "tcp.window_size": "403040", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x00000056", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:4d:72:48:49:34:3c", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212763506, TSecr 1212757052": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212763506", "tcp.options.timestamp.tsecr": "1212757052" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000103000", "tcp.analysis.bytes_in_flight": "46", "tcp.analysis.push_bytes_sent": "46" }, "tcp.segment_data": "75:73:65:72:6e:61:6d:65:3d:6a:65:72:6f:6d:65:26:70:61:73:73:77:6f:72:64:3d:70:61:73:73:77:6f:72:64:26:6c:6f:67:69:6e:3d:4c:6f:67:2b:69:6e" }, "tcp.segments": { "tcp.segment": "111", "tcp.segment": "113", "tcp.segment.count": "2", "tcp.reassembled.length": "1801", "tcp.reassembled.data": "50:4f:53:54:20:2f:61:75:74:68:2f:72:65:61:6c:6d:73:2f:61:6b:76:6f:2f:6c:6f:67:69:6e:2d:61:63:74:69:6f:6e:73:2f:61:75:74:68:65:6e:74:69:63:61:74:65:3f:63:6f:64:65:3d:39:53:47:37:31:36:63:34:56:74:6f:76:6f:6d:34:69:6d:72:79:53:51:66:35:4d:4a:38:56:4f:59:34:33:66:6b:6e:4e:70:4e:63:4d:6e:42:43:34:2e:37:38:36:62:65:39:34:31:2d:64:62:62:66:2d:34:38:36:30:2d:38:30:63:33:2d:32:34:66:34:36:30:35:37:37:32:38:36:26:65:78:65:63:75:74:69:6f:6e:3d:39:39:66:36:32:64:61:66:2d:63:63:39:34:2d:34:30:33:63:2d:38:35:34:34:2d:61:66:66:39:35:32:39:38:66:35:39:32:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:6c:6f:63:61:6c:68:6f:73:74:3a:38:30:38:30:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:6b:65:65:70:2d:61:6c:69:76:65:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:34:36:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:6d:61:78:2d:61:67:65:3d:30:0d:0a:4f:72:69:67:69:6e:3a:20:68:74:74:70:3a:2f:2f:6c:6f:63:61:6c:68:6f:73:74:3a:38:30:38:30:0d:0a:55:70:67:72:61:64:65:2d:49:6e:73:65:63:75:72:65:2d:52:65:71:75:65:73:74:73:3a:20:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:35:2e:30:20:28:4d:61:63:69:6e:74:6f:73:68:3b:20:49:6e:74:65:6c:20:4d:61:63:20:4f:53:20:58:20:31:30:5f:31:32:5f:33:29:20:41:70:70:6c:65:57:65:62:4b:69:74:2f:35:33:37:2e:33:36:20:28:4b:48:54:4d:4c:2c:20:6c:69:6b:65:20:47:65:63:6b:6f:29:20:43:68:72:6f:6d:65:2f:35:36:2e:30:2e:32:39:32:34:2e:38:37:20:53:61:66:61:72:69:2f:35:33:37:2e:33:36:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:78:2d:77:77:77:2d:66:6f:72:6d:2d:75:72:6c:65:6e:63:6f:64:65:64:0d:0a:41:63:63:65:70:74:3a:20:74:65:78:74:2f:68:74:6d:6c:2c:61:70:70:6c:69:63:61:74:69:6f:6e:2f:78:68:74:6d:6c:2b:78:6d:6c:2c:61:70:70:6c:69:63:61:74:69:6f:6e:2f:78:6d:6c:3b:71:3d:30:2e:39:2c:69:6d:61:67:65:2f:77:65:62:70:2c:2a:2f:2a:3b:71:3d:30:2e:38:0d:0a:52:65:66:65:72:65:72:3a:20:68:74:74:70:3a:2f:2f:6c:6f:63:61:6c:68:6f:73:74:3a:38:30:38:30:2f:61:75:74:68:2f:72:65:61:6c:6d:73:2f:61:6b:76:6f:2f:70:72:6f:74:6f:63:6f:6c:2f:6f:70:65:6e:69:64:2d:63:6f:6e:6e:65:63:74:2f:61:75:74:68:3f:63:6c:69:65:6e:74:5f:69:64:3d:61:6b:76:6f:2d:6c:75:6d:65:6e:26:72:65:64:69:72:65:63:74:5f:75:72:69:3d:68:74:74:70:25:33:41:25:32:46:25:32:46:74:31:2e:6c:75:6d:65:6e:2e:6c:6f:63:61:6c:68:6f:73:74:25:33:41:33:30:33:30:25:32:46:6c:69:62:72:61:72:79:26:73:74:61:74:65:3d:64:66:32:38:39:32:61:39:2d:36:32:33:64:2d:34:64:30:30:2d:38:61:33:31:2d:33:38:61:61:62:32:36:66:38:64:62:34:26:6e:6f:6e:63:65:3d:36:61:30:30:32:65:36:66:2d:65:35:62:63:2d:34:63:34:35:2d:61:64:37:39:2d:39:66:34:34:66:66:34:33:63:38:65:35:26:72:65:73:70:6f:6e:73:65:5f:6d:6f:64:65:3d:66:72:61:67:6d:65:6e:74:26:72:65:73:70:6f:6e:73:65:5f:74:79:70:65:3d:63:6f:64:65:26:73:63:6f:70:65:3d:6f:70:65:6e:69:64:0d:0a:41:63:63:65:70:74:2d:45:6e:63:6f:64:69:6e:67:3a:20:67:7a:69:70:2c:20:64:65:66:6c:61:74:65:2c:20:62:72:0d:0a:41:63:63:65:70:74:2d:4c:61:6e:67:75:61:67:65:3a:20:65:6e:2d:47:42:2c:65:6e:3b:71:3d:30:2e:38:2c:65:6e:2d:55:53:3b:71:3d:30:2e:36:2c:65:73:3b:71:3d:30:2e:34:0d:0a:43:6f:6f:6b:69:65:3a:20:4b:43:5f:52:45:53:54:41:52:54:3d:65:79:4a:68:62:47:63:69:4f:69:4a:49:55:7a:49:31:4e:69:49:73:49:6d:74:70:5a:43:49:67:4f:69:41:69:4e:44:64:6d:4e:6d:55:35:4d:6a:6b:74:4e:32:49:31:4e:43:30:30:4d:54:64:6b:4c:57:4a:69:59:54:4d:74:4d:32:59:77:59:32:4d:33:4d:32:4e:6a:4e:54:4e:6a:49:6e:30:2e:65:79:4a:6a:63:79:49:36:49:6a:63:34:4e:6d:4a:6c:4f:54:51:78:4c:57:52:69:59:6d:59:74:4e:44:67:32:4d:43:30:34:4d:47:4d:7a:4c:54:49:30:5a:6a:51:32:4d:44:55:33:4e:7a:49:34:4e:69:49:73:49:6d:4e:70:5a:43:49:36:49:6d:46:72:64:6d:38:74:62:48:56:74:5a:57:34:69:4c:43:4a:77:64:48:6b:69:4f:69:4a:76:63:47:56:75:61:57:51:74:59:32:39:75:62:6d:56:6a:64:43:49:73:49:6e:4a:31:63:6d:6b:69:4f:69:4a:6f:64:48:52:77:4f:69:38:76:64:44:45:75:62:48:56:74:5a:57:34:75:62:47:39:6a:59:57:78:6f:62:33:4e:30:4f:6a:4d:77:4d:7a:41:76:62:47:6c:69:63:6d:46:79:65:53:49:73:49:6d:46:6a:64:43:49:36:49:6b:46:56:56:45:68:46:54:6c:52:4a:51:30:46:55:52:53:49:73:49:6d:35:76:64:47:56:7a:49:6a:70:37:49:6d:46:31:64:47:68:66:64:48:6c:77:5a:53:49:36:49:6d:4e:76:5a:47:55:69:4c:43:4a:7a:59:32:39:77:5a:53:49:36:49:6d:39:77:5a:57:35:70:5a:43:49:73:49:6d:6c:7a:63:79:49:36:49:6d:68:30:64:48:41:36:4c:79:39:73:62:32:4e:68:62:47:68:76:63:33:51:36:4f:44:41:34:4d:43:39:68:64:58:52:6f:4c:33:4a:6c:59:57:78:74:63:79:39:68:61:33:5a:76:49:69:77:69:63:6d:56:7a:63:47:39:75:63:32:56:66:64:48:6c:77:5a:53:49:36:49:6d:4e:76:5a:47:55:69:4c:43:4a:79:5a:57:52:70:63:6d:56:6a:64:46:39:31:63:6d:6b:69:4f:69:4a:6f:64:48:52:77:4f:69:38:76:64:44:45:75:62:48:56:74:5a:57:34:75:62:47:39:6a:59:57:78:6f:62:33:4e:30:4f:6a:4d:77:4d:7a:41:76:62:47:6c:69:63:6d:46:79:65:53:49:73:49:6e:4e:30:59:58:52:6c:49:6a:6f:69:5a:47:59:79:4f:44:6b:79:59:54:6b:74:4e:6a:49:7a:5a:43:30:30:5a:44:41:77:4c:54:68:68:4d:7a:45:74:4d:7a:68:68:59:57:49:79:4e:6d:59:34:5a:47:49:30:49:69:77:69:62:6d:39:75:59:32:55:69:4f:69:49:32:59:54:41:77:4d:6d:55:32:5a:69:31:6c:4e:57:4a:6a:4c:54:52:6a:4e:44:55:74:59:57:51:33:4f:53:30:35:5a:6a:51:30:5a:6d:59:30:4d:32:4d:34:5a:54:55:69:4c:43:4a:79:5a:58:4e:77:62:32:35:7a:5a:56:39:74:62:32:52:6c:49:6a:6f:69:5a:6e:4a:68:5a:32:31:6c:62:6e:51:69:66:58:30:2e:33:76:4f:47:7a:79:78:68:70:2d:64:47:71:36:71:6e:66:4e:64:63:67:4e:53:41:47:6d:65:6a:65:54:6f:35:79:79:43:33:55:65:7a:6d:72:41:38:0d:0a:0d:0a:75:73:65:72:6e:61:6d:65:3d:6a:65:72:6f:6d:65:26:70:61:73:73:77:6f:72:64:3d:70:61:73:73:77:6f:72:64:26:6c:6f:67:69:6e:3d:4c:6f:67:2b:69:6e" }, "http": { "POST \/auth\/realms\/akvo\/login-actions\/authenticate?code=9SG716c4Vtovom4imrySQf5MJ8VOY43fknNpNcMnBC4.786be941-dbbf-4860-80c3-24f460577286&execution=99f62daf-cc94-403c-8544-aff95298f592 HTTP\/1.1\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "POST \/auth\/realms\/akvo\/login-actions\/authenticate?code=9SG716c4Vtovom4imrySQf5MJ8VOY43fknNpNcMnBC4.786be941-dbbf-4860-80c3-24f460577286&execution=99f62daf-cc94-403c-8544-aff95298f592 HTTP\/1.1\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.method": "POST", "http.request.uri": "\/auth\/realms\/akvo\/login-actions\/authenticate?code=9SG716c4Vtovom4imrySQf5MJ8VOY43fknNpNcMnBC4.786be941-dbbf-4860-80c3-24f460577286&execution=99f62daf-cc94-403c-8544-aff95298f592", "http.request.uri_tree": { "http.request.uri.path": "\/auth\/realms\/akvo\/login-actions\/authenticate", "http.request.uri.query": "code=9SG716c4Vtovom4imrySQf5MJ8VOY43fknNpNcMnBC4.786be941-dbbf-4860-80c3-24f460577286&execution=99f62daf-cc94-403c-8544-aff95298f592", "http.request.uri.query_tree": { "http.request.uri.query.parameter": "code=9SG716c4Vtovom4imrySQf5MJ8VOY43fknNpNcMnBC4.786be941-dbbf-4860-80c3-24f460577286", "http.request.uri.query.parameter": "execution=99f62daf-cc94-403c-8544-aff95298f592" } }, "http.request.version": "HTTP\/1.1" }, "http.host": "localhost:8080", "http.request.line": "Host: localhost:8080\r\n", "http.connection": "keep-alive", "http.request.line": "Connection: keep-alive\r\n", "http.content_length_header": "46", "http.content_length_header_tree": { "http.content_length": "46" }, "http.request.line": "Content-Length: 46\r\n", "http.cache_control": "max-age=0", "http.request.line": "Cache-Control: max-age=0\r\n", "http.request.line": "Origin: http:\/\/localhost:8080\r\n", "http.request.line": "Upgrade-Insecure-Requests: 1\r\n", "http.user_agent": "Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36", "http.request.line": "User-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36\r\n", "http.content_type": "application\/x-www-form-urlencoded", "http.request.line": "Content-Type: application\/x-www-form-urlencoded\r\n", "http.accept": "text\/html,application\/xhtml+xml,application\/xml;q=0.9,image\/webp,*\/*;q=0.8", "http.request.line": "Accept: text\/html,application\/xhtml+xml,application\/xml;q=0.9,image\/webp,*\/*;q=0.8\r\n", "http.referer": "http:\/\/localhost:8080\/auth\/realms\/akvo\/protocol\/openid-connect\/auth?client_id=akvo-lumen&redirect_uri=http%3A%2F%2Ft1.lumen.localhost%3A3030%2Flibrary&state=df2892a9-623d-4d00-8a31-38aab26f8db4&nonce=6a002e6f-e5bc-4c45-ad79-9f44ff43c8e5&response_mode=fragment&response_type=code&scope=openid", "http.request.line": "Referer: http:\/\/localhost:8080\/auth\/realms\/akvo\/protocol\/openid-connect\/auth?client_id=akvo-lumen&redirect_uri=http%3A%2F%2Ft1.lumen.localhost%3A3030%2Flibrary&state=df2892a9-623d-4d00-8a31-38aab26f8db4&nonce=6a002e6f-e5bc-4c45-ad79-9f44ff43c8e5&response_mode=fragment&response_type=code&scope=openid\r\n", "http.accept_encoding": "gzip, deflate, br", "http.request.line": "Accept-Encoding: gzip, deflate, br\r\n", "http.accept_language": "en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4", "http.request.line": "Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4\r\n", "http.cookie": "KC_RESTART=eyJhbGciOiJIUzI1NiIsImtpZCIgOiAiNDdmNmU5MjktN2I1NC00MTdkLWJiYTMtM2YwY2M3M2NjNTNjIn0.eyJjcyI6Ijc4NmJlOTQxLWRiYmYtNDg2MC04MGMzLTI0ZjQ2MDU3NzI4NiIsImNpZCI6ImFrdm8tbHVtZW4iLCJwdHkiOiJvcGVuaWQtY29ubmVjdCIsInJ1cmkiOiJodHRwOi8vdDEubHVtZW4ubG9jYWxob3N0OjMwMzAvbGlicmFyeSIsImFjdCI6IkFVVEhFTlRJQ0FURSIsIm5vdGVzIjp7ImF1dGhfdHlwZSI6ImNvZGUiLCJzY29wZSI6Im9wZW5pZCIsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC9hdXRoL3JlYWxtcy9ha3ZvIiwicmVzcG9uc2VfdHlwZSI6ImNvZGUiLCJyZWRpcmVjdF91cmkiOiJodHRwOi8vdDEubHVtZW4ubG9jYWxob3N0OjMwMzAvbGlicmFyeSIsInN0YXRlIjoiZGYyODkyYTktNjIzZC00ZDAwLThhMzEtMzhhYWIyNmY4ZGI0Iiwibm9uY2UiOiI2YTAwMmU2Zi1lNWJjLTRjNDUtYWQ3OS05ZjQ0ZmY0M2M4ZTUiLCJyZXNwb25zZV9tb2RlIjoiZnJhZ21lbnQifX0.3vOGzyxhp-dGq6qnfNdcgNSAGmejeTo5yyC3UezmrA8", "http.cookie_tree": { "http.cookie_pair": "KC_RESTART=eyJhbGciOiJIUzI1NiIsImtpZCIgOiAiNDdmNmU5MjktN2I1NC00MTdkLWJiYTMtM2YwY2M3M2NjNTNjIn0.eyJjcyI6Ijc4NmJlOTQxLWRiYmYtNDg2MC04MGMzLTI0ZjQ2MDU3NzI4NiIsImNpZCI6ImFrdm8tbHVtZW4iLCJwdHkiOiJvcGVuaWQtY29ubmVjdCIsInJ1cmkiOiJodHRwOi8vdDEubHVtZW4ubG9jYWxob3N0OjMwMzAvbGlicmFyeSIsImFjdCI6IkFVVEhFTlRJQ0FURSIsIm5vdGVzIjp7ImF1dGhfdHlwZSI6ImNvZGUiLCJzY29wZSI6Im9wZW5pZCIsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC9hdXRoL3JlYWxtcy9ha3ZvIiwicmVzcG9uc2VfdHlwZSI6ImNvZGUiLCJyZWRpcmVjdF91cmkiOiJodHRwOi8vdDEubHVtZW4ubG9jYWxob3N0OjMwMzAvbGlicmFyeSIsInN0YXRlIjoiZGYyODkyYTktNjIzZC00ZDAwLThhMzEtMzhhYWIyNmY4ZGI0Iiwibm9uY2UiOiI2YTAwMmU2Zi1lNWJjLTRjNDUtYWQ3OS05ZjQ0ZmY0M2M4ZTUiLCJyZXNwb25zZV9tb2RlIjoiZnJhZ21lbnQifX0.3vOGzyxhp-dGq6qnfNdcgNSAGmejeTo5yyC3UezmrA8" }, "http.request.line": "Cookie: KC_RESTART=eyJhbGciOiJIUzI1NiIsImtpZCIgOiAiNDdmNmU5MjktN2I1NC00MTdkLWJiYTMtM2YwY2M3M2NjNTNjIn0.eyJjcyI6Ijc4NmJlOTQxLWRiYmYtNDg2MC04MGMzLTI0ZjQ2MDU3NzI4NiIsImNpZCI6ImFrdm8tbHVtZW4iLCJwdHkiOiJvcGVuaWQtY29ubmVjdCIsInJ1cmkiOiJodHRwOi8vdDEubHVtZW4ubG9jYWxob3N0OjMwMzAvbGlicmFyeSIsImFjdCI6IkFVVEhFTlRJQ0FURSIsIm5vdGVzIjp7ImF1dGhfdHlwZSI6ImNvZGUiLCJzY29wZSI6Im9wZW5pZCIsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC9hdXRoL3JlYWxtcy9ha3ZvIiwicmVzcG9uc2VfdHlwZSI6ImNvZGUiLCJyZWRpcmVjdF91cmkiOiJodHRwOi8vdDEubHVtZW4ubG9jYWxob3N0OjMwMzAvbGlicmFyeSIsInN0YXRlIjoiZGYyODkyYTktNjIzZC00ZDAwLThhMzEtMzhhYWIyNmY4ZGI0Iiwibm9uY2UiOiI2YTAwMmU2Zi1lNWJjLTRjNDUtYWQ3OS05ZjQ0ZmY0M2M4ZTUiLCJyZXNwb25zZV9tb2RlIjoiZnJhZ21lbnQifX0.3vOGzyxhp-dGq6qnfNdcgNSAGmejeTo5yyC3UezmrA8\r\n", "\\r\\n": "", "http.request.full_uri": "http:\/\/localhost:8080\/auth\/realms\/akvo\/login-actions\/authenticate?code=9SG716c4Vtovom4imrySQf5MJ8VOY43fknNpNcMnBC4.786be941-dbbf-4860-80c3-24f460577286&execution=99f62daf-cc94-403c-8544-aff95298f592", "http.request": "1", "http.request_number": "2", "http.prev_request_in": "101", "http.response_in": "115", "http.next_request_in": "163", "http.file_data": "username=jerome&password=password&login=Log+in" }, "urlencoded-form": { "Form item: \"username\" = \"jerome\"": { "urlencoded-form.key": "username", "urlencoded-form.value": "jerome" }, "Form item: \"password\" = \"password\"": { "urlencoded-form.key": "password", "urlencoded-form.value": "password" }, "Form item: \"login\" = \"Log in\"": { "urlencoded-form.key": "login", "urlencoded-form.value": "Log in" } } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:23.743229000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025963.743229000", "frame.time_delta": "0.179012000", "frame.time_delta_displayed": "0.179026000", "frame.time_relative": "14.020356000", "frame.number": "115", "frame.len": "1411", "frame.cap_len": "1411", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ipv6:tcp:http", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "30" }, "ipv6": { "ipv6.version": "6", "ip.version": "6", "ipv6.tclass": "0x00000002", "ipv6.tclass_tree": { "ipv6.tclass.dscp": "0", "ipv6.tclass.ecn": "2" }, "ipv6.flow": "0x00090cc8", "ipv6.plen": "1367", "ipv6.nxt": "6", "ipv6.hlim": "64", "ipv6.src": "::1", "ipv6.addr": "::1", "ipv6.src_host": "::1", "ipv6.host": "::1", "ipv6.dst": "::1", "ipv6.addr": "::1", "ipv6.dst_host": "::1", "ipv6.host": "::1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "8080", "tcp.dstport": "54769", "tcp.port": "8080", "tcp.port": "54769", "tcp.stream": "11", "tcp.len": "1335", "tcp.seq": "4732", "tcp.nxtseq": "6067", "tcp.ack": "2528", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12664", "tcp.window_size": "405248", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x0000055f", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:4e:23:48:49:4d:72", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212763683, TSecr 1212763506": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212763683", "tcp.options.timestamp.tsecr": "1212763506" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000103000", "tcp.analysis.bytes_in_flight": "1335", "tcp.analysis.push_bytes_sent": "1335" } }, "http": { "HTTP\/1.1 302 Found\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "HTTP\/1.1 302 Found\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.version": "HTTP\/1.1", "http.response.code": "302", "http.response.phrase": "Found" }, "http.cache_control": "no-store, must-revalidate, max-age=0", "http.response.line": "Cache-Control: no-store, must-revalidate, max-age=0\r\n", "http.response.line": "X-Powered-By: Undertow\/1\r\n", "http.set_cookie": "KEYCLOAK_IDENTITY=eyJhbGciOiJIUzI1NiIsImtpZCIgOiAiNDdmNmU5MjktN2I1NC00MTdkLWJiYTMtM2YwY2M3M2NjNTNjIn0.eyJqdGkiOiIyOGQ0OTQzNi0yY2Y0LTQ5YzAtYmQ5NC0xNjcxMDJlNjA4N2MiLCJleHAiOjE0ODkwNjE5NjMsIm5iZiI6MCwiaWF0IjoxNDg5MDI1OTYzLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvYWt2byIsInN1YiI6IjM0M2VmMDYxLTI1Y2EtNDgwOC04NDFiLTcyMThmOGEyNmI3ZiIsImF1dGhfdGltZSI6MCwic2Vzc2lvbl9zdGF0ZSI6IjBmYTViMTBjLTgxZmMtNDU0NS1hNjI3LWVlMjhiZmFmZDc0YSIsInJlc291cmNlX2FjY2VzcyI6e319.SV0NcP2Qkbkrhr2OfupPT5KJnX7ruRKlNfOtD6RefzA; Version=1; Path=\/auth\/realms\/akvo; HttpOnly", "http.response.line": "Set-Cookie: KEYCLOAK_IDENTITY=eyJhbGciOiJIUzI1NiIsImtpZCIgOiAiNDdmNmU5MjktN2I1NC00MTdkLWJiYTMtM2YwY2M3M2NjNTNjIn0.eyJqdGkiOiIyOGQ0OTQzNi0yY2Y0LTQ5YzAtYmQ5NC0xNjcxMDJlNjA4N2MiLCJleHAiOjE0ODkwNjE5NjMsIm5iZiI6MCwiaWF0IjoxNDg5MDI1OTYzLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvYWt2byIsInN1YiI6IjM0M2VmMDYxLTI1Y2EtNDgwOC04NDFiLTcyMThmOGEyNmI3ZiIsImF1dGhfdGltZSI6MCwic2Vzc2lvbl9zdGF0ZSI6IjBmYTViMTBjLTgxZmMtNDU0NS1hNjI3LWVlMjhiZmFmZDc0YSIsInJlc291cmNlX2FjY2VzcyI6e319.SV0NcP2Qkbkrhr2OfupPT5KJnX7ruRKlNfOtD6RefzA; Version=1; Path=\/auth\/realms\/akvo; HttpOnly\r\n", "http.set_cookie": "KEYCLOAK_SESSION=akvo\/343ef061-25ca-4808-841b-7218f8a26b7f\/0fa5b10c-81fc-4545-a627-ee28bfafd74a; Version=1; Expires=Thu, 09-Mar-2017 12:19:23 GMT; Max-Age=36000; Path=\/auth\/realms\/akvo", "http.response.line": "Set-Cookie: KEYCLOAK_SESSION=akvo\/343ef061-25ca-4808-841b-7218f8a26b7f\/0fa5b10c-81fc-4545-a627-ee28bfafd74a; Version=1; Expires=Thu, 09-Mar-2017 12:19:23 GMT; Max-Age=36000; Path=\/auth\/realms\/akvo\r\n", "http.set_cookie": "KEYCLOAK_REMEMBER_ME=; Version=1; Comment=Expiring cookie; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Max-Age=0; Path=\/auth\/realms\/akvo; HttpOnly", "http.response.line": "Set-Cookie: KEYCLOAK_REMEMBER_ME=; Version=1; Comment=Expiring cookie; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Max-Age=0; Path=\/auth\/realms\/akvo; HttpOnly\r\n", "http.response.line": "P3P: CP=\"This is not a P3P policy!\"\r\n", "http.server": "WildFly\/10", "http.response.line": "Server: WildFly\/10\r\n", "http.location": "http:\/\/t1.lumen.localhost:3030\/library#state=df2892a9-623d-4d00-8a31-38aab26f8db4&code=geFiYQ9-tZ1eemWLKl3yWJXcFbSv83ydaM2iqM-NgPU.786be941-dbbf-4860-80c3-24f460577286", "http.response.line": "Location: http:\/\/t1.lumen.localhost:3030\/library#state=df2892a9-623d-4d00-8a31-38aab26f8db4&code=geFiYQ9-tZ1eemWLKl3yWJXcFbSv83ydaM2iqM-NgPU.786be941-dbbf-4860-80c3-24f460577286\r\n", "http.date": "Thu, 09 Mar 2017 02:19:23 GMT", "http.response.line": "Date: Thu, 09 Mar 2017 02:19:23 GMT\r\n", "http.connection": "keep-alive", "http.response.line": "Connection: keep-alive\r\n", "http.content_length_header": "0", "http.content_length_header_tree": { "http.content_length": "0" }, "http.response.line": "Content-Length: 0\r\n", "\\r\\n": "", "http.response": "1", "http.response_number": "2", "http.time": "0.179026000", "http.prev_request_in": "101", "http.prev_response_in": "103", "http.request_in": "113", "http.next_request_in": "163", "http.next_response_in": "171" } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:23.745405000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025963.745405000", "frame.time_delta": "0.002137000", "frame.time_delta_displayed": "0.002176000", "frame.time_relative": "14.022532000", "frame.number": "117", "frame.len": "860", "frame.cap_len": "860", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ip:tcp:http", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "2" }, "ip": { "ip.version": "4", "ip.hdr_len": "20", "ip.dsfield": "0x00000000", "ip.dsfield_tree": { "ip.dsfield.dscp": "0", "ip.dsfield.ecn": "0" }, "ip.len": "856", "ip.id": "0x0000bfa7", "ip.flags": "0x00000002", "ip.flags_tree": { "ip.flags.rb": "0", "ip.flags.df": "1", "ip.flags.mf": "0" }, "ip.frag_offset": "0", "ip.ttl": "64", "ip.proto": "6", "ip.checksum": "0x00000000", "ip.checksum.status": "2", "ip.src": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.src_host": "127.0.0.1", "ip.host": "127.0.0.1", "ip.dst": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.dst_host": "127.0.0.1", "ip.host": "127.0.0.1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "54765", "tcp.dstport": "3030", "tcp.port": "54765", "tcp.port": "3030", "tcp.stream": "7", "tcp.len": "804", "tcp.seq": "1788", "tcp.nxtseq": "2592", "tcp.ack": "1001", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12728", "tcp.window_size": "407296", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x0000014d", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:4e:25:48:49:30:4a", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212763685, TSecr 1212756042": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212763685", "tcp.options.timestamp.tsecr": "1212756042" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000078000", "tcp.analysis.bytes_in_flight": "804", "tcp.analysis.push_bytes_sent": "804" } }, "http": { "GET \/library HTTP\/1.1\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "GET \/library HTTP\/1.1\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.method": "GET", "http.request.uri": "\/library", "http.request.version": "HTTP\/1.1" }, "http.host": "t1.lumen.localhost:3030", "http.request.line": "Host: t1.lumen.localhost:3030\r\n", "http.connection": "keep-alive", "http.request.line": "Connection: keep-alive\r\n", "http.cache_control": "max-age=0", "http.request.line": "Cache-Control: max-age=0\r\n", "http.request.line": "Upgrade-Insecure-Requests: 1\r\n", "http.user_agent": "Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36", "http.request.line": "User-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36\r\n", "http.accept": "text\/html,application\/xhtml+xml,application\/xml;q=0.9,image\/webp,*\/*;q=0.8", "http.request.line": "Accept: text\/html,application\/xhtml+xml,application\/xml;q=0.9,image\/webp,*\/*;q=0.8\r\n", "http.referer": "http:\/\/localhost:8080\/auth\/realms\/akvo\/protocol\/openid-connect\/auth?client_id=akvo-lumen&redirect_uri=http%3A%2F%2Ft1.lumen.localhost%3A3030%2Flibrary&state=df2892a9-623d-4d00-8a31-38aab26f8db4&nonce=6a002e6f-e5bc-4c45-ad79-9f44ff43c8e5&response_mode=fragment&response_type=code&scope=openid", "http.request.line": "Referer: http:\/\/localhost:8080\/auth\/realms\/akvo\/protocol\/openid-connect\/auth?client_id=akvo-lumen&redirect_uri=http%3A%2F%2Ft1.lumen.localhost%3A3030%2Flibrary&state=df2892a9-623d-4d00-8a31-38aab26f8db4&nonce=6a002e6f-e5bc-4c45-ad79-9f44ff43c8e5&response_mode=fragment&response_type=code&scope=openid\r\n", "http.accept_encoding": "gzip, deflate, sdch, br", "http.request.line": "Accept-Encoding: gzip, deflate, sdch, br\r\n", "http.accept_language": "en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4", "http.request.line": "Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4\r\n", "http.request.line": "If-None-Match: W\/\"22f-yjaM2RvlkdfqS0jVUSsumj\/Lpw8\"\r\n", "\\r\\n": "", "http.request.full_uri": "http:\/\/t1.lumen.localhost:3030\/library", "http.request": "1", "http.request_number": "5", "http.prev_request_in": "69", "http.response_in": "119", "http.next_request_in": "121" } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:23.747467000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025963.747467000", "frame.time_delta": "0.002018000", "frame.time_delta_displayed": "0.002062000", "frame.time_relative": "14.024594000", "frame.number": "119", "frame.len": "266", "frame.cap_len": "266", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ip:tcp:http", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "2" }, "ip": { "ip.version": "4", "ip.hdr_len": "20", "ip.dsfield": "0x00000002", "ip.dsfield_tree": { "ip.dsfield.dscp": "0", "ip.dsfield.ecn": "2" }, "ip.len": "262", "ip.id": "0x0000360e", "ip.flags": "0x00000002", "ip.flags_tree": { "ip.flags.rb": "0", "ip.flags.df": "1", "ip.flags.mf": "0" }, "ip.frag_offset": "0", "ip.ttl": "64", "ip.proto": "6", "ip.checksum": "0x00000000", "ip.checksum.status": "2", "ip.src": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.src_host": "127.0.0.1", "ip.host": "127.0.0.1", "ip.dst": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.dst_host": "127.0.0.1", "ip.host": "127.0.0.1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "3030", "tcp.dstport": "54765", "tcp.port": "3030", "tcp.port": "54765", "tcp.stream": "7", "tcp.len": "210", "tcp.seq": "1001", "tcp.nxtseq": "1211", "tcp.ack": "2592", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12678", "tcp.window_size": "405696", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x0000fefa", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:4e:27:48:49:4e:25", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212763687, TSecr 1212763685": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212763687", "tcp.options.timestamp.tsecr": "1212763685" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000078000", "tcp.analysis.bytes_in_flight": "210", "tcp.analysis.push_bytes_sent": "210" } }, "http": { "HTTP\/1.1 304 Not Modified\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "HTTP\/1.1 304 Not Modified\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.version": "HTTP\/1.1", "http.response.code": "304", "http.response.phrase": "Not Modified" }, "http.response.line": "X-Powered-By: Express\r\n", "http.response.line": "Accept-Ranges: bytes\r\n", "http.response.line": "Access-Control-Allow-Origin: *\r\n", "http.response.line": "ETag: W\/\"22f-yjaM2RvlkdfqS0jVUSsumj\/Lpw8\"\r\n", "http.date": "Thu, 09 Mar 2017 02:19:23 GMT", "http.response.line": "Date: Thu, 09 Mar 2017 02:19:23 GMT\r\n", "http.connection": "keep-alive", "http.response.line": "Connection: keep-alive\r\n", "\\r\\n": "", "http.response": "1", "http.response_number": "5", "http.time": "0.002062000", "http.prev_request_in": "69", "http.prev_response_in": "73", "http.request_in": "117", "http.next_request_in": "121", "http.next_response_in": "123" } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:23.758452000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025963.758452000", "frame.time_delta": "0.010949000", "frame.time_delta_displayed": "0.010985000", "frame.time_relative": "14.035579000", "frame.number": "121", "frame.len": "517", "frame.cap_len": "517", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ip:tcp:http", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "2" }, "ip": { "ip.version": "4", "ip.hdr_len": "20", "ip.dsfield": "0x00000000", "ip.dsfield_tree": { "ip.dsfield.dscp": "0", "ip.dsfield.ecn": "0" }, "ip.len": "513", "ip.id": "0x00005cca", "ip.flags": "0x00000002", "ip.flags_tree": { "ip.flags.rb": "0", "ip.flags.df": "1", "ip.flags.mf": "0" }, "ip.frag_offset": "0", "ip.ttl": "64", "ip.proto": "6", "ip.checksum": "0x00000000", "ip.checksum.status": "2", "ip.src": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.src_host": "127.0.0.1", "ip.host": "127.0.0.1", "ip.dst": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.dst_host": "127.0.0.1", "ip.host": "127.0.0.1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "54765", "tcp.dstport": "3030", "tcp.port": "54765", "tcp.port": "3030", "tcp.stream": "7", "tcp.len": "461", "tcp.seq": "2592", "tcp.nxtseq": "3053", "tcp.ack": "1211", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12721", "tcp.window_size": "407072", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x0000fff5", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:4e:31:48:49:4e:27", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212763697, TSecr 1212763687": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212763697", "tcp.options.timestamp.tsecr": "1212763687" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000078000", "tcp.analysis.bytes_in_flight": "461", "tcp.analysis.push_bytes_sent": "461" } }, "http": { "GET \/assets\/app.437fba928d138e7fbd35.bundle.js HTTP\/1.1\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "GET \/assets\/app.437fba928d138e7fbd35.bundle.js HTTP\/1.1\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.method": "GET", "http.request.uri": "\/assets\/app.437fba928d138e7fbd35.bundle.js", "http.request.version": "HTTP\/1.1" }, "http.host": "t1.lumen.localhost:3030", "http.request.line": "Host: t1.lumen.localhost:3030\r\n", "http.connection": "keep-alive", "http.request.line": "Connection: keep-alive\r\n", "http.user_agent": "Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36", "http.request.line": "User-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36\r\n", "http.request.line": "If-None-Match: W\/\"3703df-5oa0o69ljMGxh+qLz\/qCRuyrLV8\"\r\n", "http.accept": "*\/*", "http.request.line": "Accept: *\/*\r\n", "http.referer": "http:\/\/t1.lumen.localhost:3030\/library", "http.request.line": "Referer: http:\/\/t1.lumen.localhost:3030\/library\r\n", "http.accept_encoding": "gzip, deflate, sdch, br", "http.request.line": "Accept-Encoding: gzip, deflate, sdch, br\r\n", "http.accept_language": "en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4", "http.request.line": "Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4\r\n", "\\r\\n": "", "http.request.full_uri": "http:\/\/t1.lumen.localhost:3030\/assets\/app.437fba928d138e7fbd35.bundle.js", "http.request": "1", "http.request_number": "6", "http.prev_request_in": "117", "http.response_in": "123", "http.next_request_in": "131" } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:23.769563000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025963.769563000", "frame.time_delta": "0.011062000", "frame.time_delta_displayed": "0.011111000", "frame.time_relative": "14.046690000", "frame.number": "123", "frame.len": "269", "frame.cap_len": "269", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ip:tcp:http", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "2" }, "ip": { "ip.version": "4", "ip.hdr_len": "20", "ip.dsfield": "0x00000002", "ip.dsfield_tree": { "ip.dsfield.dscp": "0", "ip.dsfield.ecn": "2" }, "ip.len": "265", "ip.id": "0x0000948b", "ip.flags": "0x00000002", "ip.flags_tree": { "ip.flags.rb": "0", "ip.flags.df": "1", "ip.flags.mf": "0" }, "ip.frag_offset": "0", "ip.ttl": "64", "ip.proto": "6", "ip.checksum": "0x00000000", "ip.checksum.status": "2", "ip.src": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.src_host": "127.0.0.1", "ip.host": "127.0.0.1", "ip.dst": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.dst_host": "127.0.0.1", "ip.host": "127.0.0.1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "3030", "tcp.dstport": "54765", "tcp.port": "3030", "tcp.port": "54765", "tcp.stream": "7", "tcp.len": "213", "tcp.seq": "1211", "tcp.nxtseq": "1424", "tcp.ack": "3053", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12664", "tcp.window_size": "405248", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x0000fefd", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:4e:3c:48:49:4e:31", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212763708, TSecr 1212763697": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212763708", "tcp.options.timestamp.tsecr": "1212763697" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000078000", "tcp.analysis.bytes_in_flight": "213", "tcp.analysis.push_bytes_sent": "213" } }, "http": { "HTTP\/1.1 304 Not Modified\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "HTTP\/1.1 304 Not Modified\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.version": "HTTP\/1.1", "http.response.code": "304", "http.response.phrase": "Not Modified" }, "http.response.line": "X-Powered-By: Express\r\n", "http.response.line": "Accept-Ranges: bytes\r\n", "http.response.line": "Access-Control-Allow-Origin: *\r\n", "http.response.line": "ETag: W\/\"3703df-5oa0o69ljMGxh+qLz\/qCRuyrLV8\"\r\n", "http.date": "Thu, 09 Mar 2017 02:19:23 GMT", "http.response.line": "Date: Thu, 09 Mar 2017 02:19:23 GMT\r\n", "http.connection": "keep-alive", "http.response.line": "Connection: keep-alive\r\n", "\\r\\n": "", "http.response": "1", "http.response_number": "6", "http.time": "0.011111000", "http.prev_request_in": "117", "http.prev_response_in": "119", "http.request_in": "121", "http.next_request_in": "131", "http.next_response_in": "137" } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:24.168294000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025964.168294000", "frame.time_delta": "0.000160000", "frame.time_delta_displayed": "0.398731000", "frame.time_relative": "14.445421000", "frame.number": "129", "frame.len": "424", "frame.cap_len": "424", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ip:tcp:http", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "2" }, "ip": { "ip.version": "4", "ip.hdr_len": "20", "ip.dsfield": "0x00000002", "ip.dsfield_tree": { "ip.dsfield.dscp": "0", "ip.dsfield.ecn": "2" }, "ip.len": "420", "ip.id": "0x00009532", "ip.flags": "0x00000002", "ip.flags_tree": { "ip.flags.rb": "0", "ip.flags.df": "1", "ip.flags.mf": "0" }, "ip.frag_offset": "0", "ip.ttl": "64", "ip.proto": "6", "ip.checksum": "0x00000000", "ip.checksum.status": "2", "ip.src": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.src_host": "127.0.0.1", "ip.host": "127.0.0.1", "ip.dst": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.dst_host": "127.0.0.1", "ip.host": "127.0.0.1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "54770", "tcp.dstport": "3030", "tcp.port": "54770", "tcp.port": "3030", "tcp.stream": "12", "tcp.len": "368", "tcp.seq": "1", "tcp.nxtseq": "369", "tcp.ack": "1", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12759", "tcp.window_size": "408288", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x0000ff98", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:4f:c8:48:49:4f:c8", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212764104, TSecr 1212764104": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212764104", "tcp.options.timestamp.tsecr": "1212764104" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000072000", "tcp.analysis.bytes_in_flight": "368", "tcp.analysis.push_bytes_sent": "368" } }, "http": { "GET \/env HTTP\/1.1\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "GET \/env HTTP\/1.1\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.method": "GET", "http.request.uri": "\/env", "http.request.version": "HTTP\/1.1" }, "http.host": "t1.lumen.localhost:3030", "http.request.line": "Host: t1.lumen.localhost:3030\r\n", "http.connection": "keep-alive", "http.request.line": "Connection: keep-alive\r\n", "http.user_agent": "Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36", "http.request.line": "User-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36\r\n", "http.accept": "*\/*", "http.request.line": "Accept: *\/*\r\n", "http.referer": "http:\/\/t1.lumen.localhost:3030\/library", "http.request.line": "Referer: http:\/\/t1.lumen.localhost:3030\/library\r\n", "http.accept_encoding": "gzip, deflate, sdch, br", "http.request.line": "Accept-Encoding: gzip, deflate, sdch, br\r\n", "http.accept_language": "en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4", "http.request.line": "Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4\r\n", "\\r\\n": "", "http.request.full_uri": "http:\/\/t1.lumen.localhost:3030\/env", "http.request": "1", "http.request_number": "1", "http.response_in": "145" } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:24.177470000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025964.177470000", "frame.time_delta": "0.009154000", "frame.time_delta_displayed": "0.009176000", "frame.time_relative": "14.454597000", "frame.number": "131", "frame.len": "453", "frame.cap_len": "453", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ip:tcp:http", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "2" }, "ip": { "ip.version": "4", "ip.hdr_len": "20", "ip.dsfield": "0x00000000", "ip.dsfield_tree": { "ip.dsfield.dscp": "0", "ip.dsfield.ecn": "0" }, "ip.len": "449", "ip.id": "0x00002afb", "ip.flags": "0x00000002", "ip.flags_tree": { "ip.flags.rb": "0", "ip.flags.df": "1", "ip.flags.mf": "0" }, "ip.frag_offset": "0", "ip.ttl": "64", "ip.proto": "6", "ip.checksum": "0x00000000", "ip.checksum.status": "2", "ip.src": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.src_host": "127.0.0.1", "ip.host": "127.0.0.1", "ip.dst": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.dst_host": "127.0.0.1", "ip.host": "127.0.0.1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "54765", "tcp.dstport": "3030", "tcp.port": "54765", "tcp.port": "3030", "tcp.stream": "7", "tcp.len": "397", "tcp.seq": "3053", "tcp.nxtseq": "3450", "tcp.ack": "1424", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12714", "tcp.window_size": "406848", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x0000ffb5", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:4f:d1:48:49:4e:3c", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212764113, TSecr 1212763708": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212764113", "tcp.options.timestamp.tsecr": "1212763708" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000078000", "tcp.analysis.bytes_in_flight": "397", "tcp.analysis.push_bytes_sent": "397" } }, "http": { "GET \/sockjs-node\/info?t=1489025964174 HTTP\/1.1\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "GET \/sockjs-node\/info?t=1489025964174 HTTP\/1.1\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.method": "GET", "http.request.uri": "\/sockjs-node\/info?t=1489025964174", "http.request.uri_tree": { "http.request.uri.path": "\/sockjs-node\/info", "http.request.uri.query": "t=1489025964174", "http.request.uri.query_tree": { "http.request.uri.query.parameter": "t=1489025964174" } }, "http.request.version": "HTTP\/1.1" }, "http.host": "t1.lumen.localhost:3030", "http.request.line": "Host: t1.lumen.localhost:3030\r\n", "http.connection": "keep-alive", "http.request.line": "Connection: keep-alive\r\n", "http.user_agent": "Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36", "http.request.line": "User-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36\r\n", "http.accept": "*\/*", "http.request.line": "Accept: *\/*\r\n", "http.referer": "http:\/\/t1.lumen.localhost:3030\/library", "http.request.line": "Referer: http:\/\/t1.lumen.localhost:3030\/library\r\n", "http.accept_encoding": "gzip, deflate, sdch, br", "http.request.line": "Accept-Encoding: gzip, deflate, sdch, br\r\n", "http.accept_language": "en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4", "http.request.line": "Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4\r\n", "\\r\\n": "", "http.request.full_uri": "http:\/\/t1.lumen.localhost:3030\/sockjs-node\/info?t=1489025964174", "http.request": "1", "http.request_number": "7", "http.prev_request_in": "121", "http.response_in": "137", "http.next_request_in": "155" } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:24.186030000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025964.186030000", "frame.time_delta": "0.003663000", "frame.time_delta_displayed": "0.008560000", "frame.time_relative": "14.463157000", "frame.number": "137", "frame.len": "423", "frame.cap_len": "423", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ip:tcp:http:data:json", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "2" }, "ip": { "ip.version": "4", "ip.hdr_len": "20", "ip.dsfield": "0x00000002", "ip.dsfield_tree": { "ip.dsfield.dscp": "0", "ip.dsfield.ecn": "2" }, "ip.len": "419", "ip.id": "0x00005dac", "ip.flags": "0x00000002", "ip.flags_tree": { "ip.flags.rb": "0", "ip.flags.df": "1", "ip.flags.mf": "0" }, "ip.frag_offset": "0", "ip.ttl": "64", "ip.proto": "6", "ip.checksum": "0x00000000", "ip.checksum.status": "2", "ip.src": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.src_host": "127.0.0.1", "ip.host": "127.0.0.1", "ip.dst": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.dst_host": "127.0.0.1", "ip.host": "127.0.0.1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "3030", "tcp.dstport": "54765", "tcp.port": "3030", "tcp.port": "54765", "tcp.stream": "7", "tcp.len": "367", "tcp.seq": "1424", "tcp.nxtseq": "1791", "tcp.ack": "3450", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12651", "tcp.window_size": "404832", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x0000ff97", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:4f:d8:48:49:4f:d1", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212764120, TSecr 1212764113": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212764120", "tcp.options.timestamp.tsecr": "1212764113" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000078000", "tcp.analysis.bytes_in_flight": "367", "tcp.analysis.push_bytes_sent": "367" } }, "http": { "HTTP\/1.1 200 OK\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.version": "HTTP\/1.1", "http.response.code": "200", "http.response.phrase": "OK" }, "http.response.line": "Access-Control-Allow-Origin: *\r\n", "http.response.line": "Vary: Origin\r\n", "http.cache_control": "no-store, no-cache, no-transform, must-revalidate, max-age=0", "http.response.line": "Cache-Control: no-store, no-cache, no-transform, must-revalidate, max-age=0\r\n", "http.content_type": "application\/json; charset=UTF-8", "http.response.line": "Content-Type: application\/json; charset=UTF-8\r\n", "http.date": "Thu, 09 Mar 2017 02:19:24 GMT", "http.response.line": "Date: Thu, 09 Mar 2017 02:19:24 GMT\r\n", "http.connection": "keep-alive", "http.response.line": "Connection: keep-alive\r\n", "http.transfer_encoding": "chunked", "http.response.line": "Transfer-Encoding: chunked\r\n", "\\r\\n": "", "http.response": "1", "http.response_number": "7", "http.time": "0.008560000", "http.prev_request_in": "121", "http.prev_response_in": "123", "http.request_in": "131", "http.next_request_in": "155", "http.next_response_in": "165", "HTTP chunked response": { "Data chunk (78 octets)": { "http.chunk_size": "78", "data": { "data.data": "7b:22:77:65:62:73:6f:63:6b:65:74:22:3a:74:72:75:65:2c:22:6f:72:69:67:69:6e:73:22:3a:5b:22:2a:3a:2a:22:5d:2c:22:63:6f:6f:6b:69:65:5f:6e:65:65:64:65:64:22:3a:66:61:6c:73:65:2c:22:65:6e:74:72:6f:70:79:22:3a:35:32:39:39:32:30:36:38:30:7d", "data.len": "78" }, "http.chunk_boundary": "0d:0a" }, "End of chunked encoding": { "http.chunk_size": "0" }, "\\r\\n": "" }, "http.file_data": "{\"websocket\":true,\"origins\":[\"*:*\"],\"cookie_needed\":false,\"entropy\":529920680}" }, "json": { "json.object": { "json.member": { "json.value.true": "", "json.key": "websocket" }, "json.member": { "json.array": { "json.value.string": "*:*" }, "json.key": "origins" }, "json.member": { "json.value.false": "", "json.key": "cookie_needed" }, "json.member": { "json.value.number": "529920680", "json.key": "entropy" } } } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:24.189154000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025964.189154000", "frame.time_delta": "0.003094000", "frame.time_delta_displayed": "0.003124000", "frame.time_relative": "14.466281000", "frame.number": "139", "frame.len": "419", "frame.cap_len": "419", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ip:tcp:http", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "2" }, "ip": { "ip.version": "4", "ip.hdr_len": "20", "ip.dsfield": "0x00000002", "ip.dsfield_tree": { "ip.dsfield.dscp": "0", "ip.dsfield.ecn": "2" }, "ip.len": "415", "ip.id": "0x00009ba9", "ip.flags": "0x00000002", "ip.flags_tree": { "ip.flags.rb": "0", "ip.flags.df": "1", "ip.flags.mf": "0" }, "ip.frag_offset": "0", "ip.ttl": "64", "ip.proto": "6", "ip.checksum": "0x00000000", "ip.checksum.status": "2", "ip.src": "192.168.0.14", "ip.addr": "192.168.0.14", "ip.src_host": "192.168.0.14", "ip.host": "192.168.0.14", "ip.dst": "192.168.0.14", "ip.addr": "192.168.0.14", "ip.dst_host": "192.168.0.14", "ip.host": "192.168.0.14", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "54771", "tcp.dstport": "3000", "tcp.port": "54771", "tcp.port": "3000", "tcp.stream": "13", "tcp.len": "363", "tcp.seq": "1", "tcp.nxtseq": "364", "tcp.ack": "1", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12759", "tcp.window_size": "408288", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x000082fe", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:4f:db:48:49:4f:d5", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212764123, TSecr 1212764117": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212764123", "tcp.options.timestamp.tsecr": "1212764117" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000118000", "tcp.analysis.bytes_in_flight": "363", "tcp.analysis.push_bytes_sent": "363" } }, "http": { "GET \/env HTTP\/1.1\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "GET \/env HTTP\/1.1\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.method": "GET", "http.request.uri": "\/env", "http.request.version": "HTTP\/1.1" }, "http.accept_language": "en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4", "http.request.line": "accept-language: en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4\r\n", "http.accept_encoding": "gzip, deflate, sdch, br", "http.request.line": "accept-encoding: gzip, deflate, sdch, br\r\n", "http.referer": "http:\/\/t1.lumen.localhost:3030\/library", "http.request.line": "referer: http:\/\/t1.lumen.localhost:3030\/library\r\n", "http.accept": "*\/*", "http.request.line": "accept: *\/*\r\n", "http.user_agent": "Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36", "http.request.line": "user-agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36\r\n", "http.connection": "close", "http.request.line": "connection: close\r\n", "http.host": "t1.lumen.localhost:3030", "http.request.line": "host: t1.lumen.localhost:3030\r\n", "\\r\\n": "", "http.request.full_uri": "http:\/\/t1.lumen.localhost:3030\/env", "http.request": "1", "http.request_number": "1", "http.response_in": "141" } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:24.201552000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025964.201552000", "frame.time_delta": "0.012360000", "frame.time_delta_displayed": "0.012398000", "frame.time_relative": "14.478679000", "frame.number": "141", "frame.len": "304", "frame.cap_len": "304", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ip:tcp:http:json", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "2" }, "ip": { "ip.version": "4", "ip.hdr_len": "20", "ip.dsfield": "0x00000002", "ip.dsfield_tree": { "ip.dsfield.dscp": "0", "ip.dsfield.ecn": "2" }, "ip.len": "300", "ip.id": "0x0000a059", "ip.flags": "0x00000002", "ip.flags_tree": { "ip.flags.rb": "0", "ip.flags.df": "1", "ip.flags.mf": "0" }, "ip.frag_offset": "0", "ip.ttl": "64", "ip.proto": "6", "ip.checksum": "0x00000000", "ip.checksum.status": "2", "ip.src": "192.168.0.14", "ip.addr": "192.168.0.14", "ip.src_host": "192.168.0.14", "ip.host": "192.168.0.14", "ip.dst": "192.168.0.14", "ip.addr": "192.168.0.14", "ip.dst_host": "192.168.0.14", "ip.host": "192.168.0.14", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "3000", "tcp.dstport": "54771", "tcp.port": "3000", "tcp.port": "54771", "tcp.stream": "13", "tcp.len": "248", "tcp.seq": "1", "tcp.nxtseq": "249", "tcp.ack": "364", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12748", "tcp.window_size": "407936", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x0000828b", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:4f:e6:48:49:4f:db", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212764134, TSecr 1212764123": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212764134", "tcp.options.timestamp.tsecr": "1212764123" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000118000", "tcp.analysis.bytes_in_flight": "248", "tcp.analysis.push_bytes_sent": "248" } }, "http": { "HTTP\/1.1 200 OK\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.version": "HTTP\/1.1", "http.response.code": "200", "http.response.phrase": "OK" }, "http.connection": "close", "http.response.line": "Connection: close\r\n", "http.server": "undertow", "http.response.line": "Server: undertow\r\n", "http.content_type": "application\/json; charset=utf-8", "http.response.line": "Content-Type: application\/json; charset=utf-8\r\n", "http.content_length_header": "88", "http.content_length_header_tree": { "http.content_length": "88" }, "http.response.line": "Content-Length: 88\r\n", "http.date": "Thu, 09 Mar 2017 02:19:24 GMT", "http.response.line": "Date: Thu, 09 Mar 2017 02:19:24 GMT\r\n", "\\r\\n": "", "http.response": "1", "http.response_number": "1", "http.time": "0.012398000", "http.request_in": "139", "http.file_data": "{\"keycloakClient\":\"akvo-lumen\",\"keycloakURL\":\"http:\/\/localhost:8080\/auth\",\"tenant\":\"t1\"}" }, "json": { "json.object": { "json.member": { "json.value.string": "akvo-lumen", "json.key": "keycloakClient" }, "json.member": { "json.value.string": "http:\/\/localhost:8080\/auth", "json.key": "keycloakURL" }, "json.member": { "json.value.string": "t1", "json.key": "tenant" } } } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:24.207743000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025964.207743000", "frame.time_delta": "0.006035000", "frame.time_delta_displayed": "0.006191000", "frame.time_relative": "14.484870000", "frame.number": "145", "frame.len": "327", "frame.cap_len": "327", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ip:tcp:http:json", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "2" }, "ip": { "ip.version": "4", "ip.hdr_len": "20", "ip.dsfield": "0x00000002", "ip.dsfield_tree": { "ip.dsfield.dscp": "0", "ip.dsfield.ecn": "2" }, "ip.len": "323", "ip.id": "0x00006881", "ip.flags": "0x00000002", "ip.flags_tree": { "ip.flags.rb": "0", "ip.flags.df": "1", "ip.flags.mf": "0" }, "ip.frag_offset": "0", "ip.ttl": "64", "ip.proto": "6", "ip.checksum": "0x00000000", "ip.checksum.status": "2", "ip.src": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.src_host": "127.0.0.1", "ip.host": "127.0.0.1", "ip.dst": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.dst_host": "127.0.0.1", "ip.host": "127.0.0.1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "3030", "tcp.dstport": "54770", "tcp.port": "3030", "tcp.port": "54770", "tcp.stream": "12", "tcp.len": "271", "tcp.seq": "1", "tcp.nxtseq": "272", "tcp.ack": "369", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12747", "tcp.window_size": "407904", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x0000ff37", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:4f:ec:48:49:4f:c8", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212764140, TSecr 1212764104": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212764140", "tcp.options.timestamp.tsecr": "1212764104" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000072000", "tcp.analysis.bytes_in_flight": "271", "tcp.analysis.push_bytes_sent": "271" } }, "http": { "HTTP\/1.1 200 OK\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.version": "HTTP\/1.1", "http.response.code": "200", "http.response.phrase": "OK" }, "http.response.line": "X-Powered-By: Express\r\n", "http.connection": "close", "http.response.line": "connection: close\r\n", "http.server": "undertow", "http.response.line": "server: undertow\r\n", "http.content_type": "application\/json; charset=utf-8", "http.response.line": "content-type: application\/json; charset=utf-8\r\n", "http.content_length_header": "88", "http.content_length_header_tree": { "http.content_length": "88" }, "http.response.line": "content-length: 88\r\n", "http.date": "Thu, 09 Mar 2017 02:19:24 GMT", "http.response.line": "date: Thu, 09 Mar 2017 02:19:24 GMT\r\n", "\\r\\n": "", "http.response": "1", "http.response_number": "1", "http.time": "0.039449000", "http.request_in": "129", "http.file_data": "{\"keycloakClient\":\"akvo-lumen\",\"keycloakURL\":\"http:\/\/localhost:8080\/auth\",\"tenant\":\"t1\"}" }, "json": { "json.object": { "json.member": { "json.value.string": "akvo-lumen", "json.key": "keycloakClient" }, "json.member": { "json.value.string": "http:\/\/localhost:8080\/auth", "json.key": "keycloakURL" }, "json.member": { "json.value.string": "t1", "json.key": "tenant" } } } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:24.209055000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025964.209055000", "frame.time_delta": "0.000629000", "frame.time_delta_displayed": "0.001312000", "frame.time_relative": "14.486182000", "frame.number": "153", "frame.len": "635", "frame.cap_len": "635", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ip:tcp:http", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "2" }, "ip": { "ip.version": "4", "ip.hdr_len": "20", "ip.dsfield": "0x00000000", "ip.dsfield_tree": { "ip.dsfield.dscp": "0", "ip.dsfield.ecn": "0" }, "ip.len": "631", "ip.id": "0x0000ff06", "ip.flags": "0x00000002", "ip.flags_tree": { "ip.flags.rb": "0", "ip.flags.df": "1", "ip.flags.mf": "0" }, "ip.frag_offset": "0", "ip.ttl": "64", "ip.proto": "6", "ip.checksum": "0x00000000", "ip.checksum.status": "2", "ip.src": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.src_host": "127.0.0.1", "ip.host": "127.0.0.1", "ip.dst": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.dst_host": "127.0.0.1", "ip.host": "127.0.0.1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "54772", "tcp.dstport": "3030", "tcp.port": "54772", "tcp.port": "3030", "tcp.stream": "14", "tcp.len": "579", "tcp.seq": "1", "tcp.nxtseq": "580", "tcp.ack": "1", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12759", "tcp.window_size": "408288", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x0000006c", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:4f:ed:48:49:4f:ec", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212764141, TSecr 1212764140": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212764141", "tcp.options.timestamp.tsecr": "1212764140" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000093000", "tcp.analysis.bytes_in_flight": "579", "tcp.analysis.push_bytes_sent": "579" } }, "http": { "GET \/sockjs-node\/817\/3byemt1k\/websocket HTTP\/1.1\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "GET \/sockjs-node\/817\/3byemt1k\/websocket HTTP\/1.1\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.method": "GET", "http.request.uri": "\/sockjs-node\/817\/3byemt1k\/websocket", "http.request.version": "HTTP\/1.1" }, "http.host": "t1.lumen.localhost:3030", "http.request.line": "Host: t1.lumen.localhost:3030\r\n", "http.connection": "Upgrade", "http.request.line": "Connection: Upgrade\r\n", "http.request.line": "Pragma: no-cache\r\n", "http.cache_control": "no-cache", "http.request.line": "Cache-Control: no-cache\r\n", "http.upgrade": "websocket", "http.request.line": "Upgrade: websocket\r\n", "http.request.line": "Origin: http:\/\/t1.lumen.localhost:3030\r\n", "http.sec_websocket_version": "13", "http.request.line": "Sec-WebSocket-Version: 13\r\n", "http.user_agent": "Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36", "http.request.line": "User-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36\r\n", "http.accept_encoding": "gzip, deflate, sdch, br", "http.request.line": "Accept-Encoding: gzip, deflate, sdch, br\r\n", "http.accept_language": "en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4", "http.request.line": "Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4\r\n", "http.sec_websocket_key": "6OEkhpwhd84jr7D+Qgr84A==", "http.request.line": "Sec-WebSocket-Key: 6OEkhpwhd84jr7D+Qgr84A==\r\n", "http.sec_websocket_extensions": "permessage-deflate; client_max_window_bits", "http.request.line": "Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits\r\n", "\\r\\n": "", "http.request.full_uri": "http:\/\/t1.lumen.localhost:3030\/sockjs-node\/817\/3byemt1k\/websocket", "http.request": "1", "http.request_number": "1", "http.response_in": "167" } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:24.210663000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025964.210663000", "frame.time_delta": "0.001585000", "frame.time_delta_displayed": "0.001608000", "frame.time_relative": "14.487790000", "frame.number": "155", "frame.len": "509", "frame.cap_len": "509", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ip:tcp:http", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "2" }, "ip": { "ip.version": "4", "ip.hdr_len": "20", "ip.dsfield": "0x00000000", "ip.dsfield_tree": { "ip.dsfield.dscp": "0", "ip.dsfield.ecn": "0" }, "ip.len": "505", "ip.id": "0x00009197", "ip.flags": "0x00000002", "ip.flags_tree": { "ip.flags.rb": "0", "ip.flags.df": "1", "ip.flags.mf": "0" }, "ip.frag_offset": "0", "ip.ttl": "64", "ip.proto": "6", "ip.checksum": "0x00000000", "ip.checksum.status": "2", "ip.src": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.src_host": "127.0.0.1", "ip.host": "127.0.0.1", "ip.dst": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.dst_host": "127.0.0.1", "ip.host": "127.0.0.1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "54765", "tcp.dstport": "3030", "tcp.port": "54765", "tcp.port": "3030", "tcp.stream": "7", "tcp.len": "453", "tcp.seq": "3450", "tcp.nxtseq": "3903", "tcp.ack": "1791", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12703", "tcp.window_size": "406496", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x0000ffed", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:4f:ee:48:49:4f:d8", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212764142, TSecr 1212764120": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212764142", "tcp.options.timestamp.tsecr": "1212764120" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000078000", "tcp.analysis.bytes_in_flight": "453", "tcp.analysis.push_bytes_sent": "453" } }, "http": { "GET \/favicon.ico HTTP\/1.1\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "GET \/favicon.ico HTTP\/1.1\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.method": "GET", "http.request.uri": "\/favicon.ico", "http.request.version": "HTTP\/1.1" }, "http.host": "t1.lumen.localhost:3030", "http.request.line": "Host: t1.lumen.localhost:3030\r\n", "http.connection": "keep-alive", "http.request.line": "Connection: keep-alive\r\n", "http.user_agent": "Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36", "http.request.line": "User-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36\r\n", "http.accept": "image\/webp,image\/*,*\/*;q=0.8", "http.request.line": "Accept: image\/webp,image\/*,*\/*;q=0.8\r\n", "http.referer": "http:\/\/t1.lumen.localhost:3030\/library", "http.request.line": "Referer: http:\/\/t1.lumen.localhost:3030\/library\r\n", "http.accept_encoding": "gzip, deflate, sdch, br", "http.request.line": "Accept-Encoding: gzip, deflate, sdch, br\r\n", "http.accept_language": "en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4", "http.request.line": "Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4\r\n", "http.request.line": "If-None-Match: W\/\"22f-yjaM2RvlkdfqS0jVUSsumj\/Lpw8\"\r\n", "\\r\\n": "", "http.request.full_uri": "http:\/\/t1.lumen.localhost:3030\/favicon.ico", "http.request": "1", "http.request_number": "8", "http.prev_request_in": "131", "http.response_in": "165", "http.next_request_in": "169" } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:24.226383000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025964.226383000", "frame.time_delta": "0.000033000", "frame.time_delta_displayed": "0.015720000", "frame.time_relative": "14.503510000", "frame.number": "163", "frame.len": "274", "frame.cap_len": "274", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ipv6:tcp:http:urlencoded-form", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "30" }, "ipv6": { "ipv6.version": "6", "ip.version": "6", "ipv6.tclass": "0x00000002", "ipv6.tclass_tree": { "ipv6.tclass.dscp": "0", "ipv6.tclass.ecn": "2" }, "ipv6.flow": "0x0009438e", "ipv6.plen": "230", "ipv6.nxt": "6", "ipv6.hlim": "64", "ipv6.src": "::1", "ipv6.addr": "::1", "ipv6.src_host": "::1", "ipv6.host": "::1", "ipv6.dst": "::1", "ipv6.addr": "::1", "ipv6.dst_host": "::1", "ipv6.host": "::1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "54769", "tcp.dstport": "8080", "tcp.port": "54769", "tcp.port": "8080", "tcp.stream": "11", "tcp.len": "198", "tcp.seq": "4388", "tcp.nxtseq": "4586", "tcp.ack": "6067", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12554", "tcp.window_size": "401728", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x000000ee", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:4f:fc:48:49:4f:fc", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212764156, TSecr 1212764156": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212764156", "tcp.options.timestamp.tsecr": "1212764156" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000103000", "tcp.analysis.bytes_in_flight": "198", "tcp.analysis.push_bytes_sent": "198" }, "tcp.segment_data": "63:6f:64:65:3d:67:65:46:69:59:51:39:2d:74:5a:31:65:65:6d:57:4c:4b:6c:33:79:57:4a:58:63:46:62:53:76:38:33:79:64:61:4d:32:69:71:4d:2d:4e:67:50:55:2e:37:38:36:62:65:39:34:31:2d:64:62:62:66:2d:34:38:36:30:2d:38:30:63:33:2d:32:34:66:34:36:30:35:37:37:32:38:36:26:67:72:61:6e:74:5f:74:79:70:65:3d:61:75:74:68:6f:72:69:7a:61:74:69:6f:6e:5f:63:6f:64:65:26:63:6c:69:65:6e:74:5f:69:64:3d:61:6b:76:6f:2d:6c:75:6d:65:6e:26:72:65:64:69:72:65:63:74:5f:75:72:69:3d:68:74:74:70:25:33:41:25:32:46:25:32:46:74:31:2e:6c:75:6d:65:6e:2e:6c:6f:63:61:6c:68:6f:73:74:25:33:41:33:30:33:30:25:32:46:6c:69:62:72:61:72:79" }, "tcp.segments": { "tcp.segment": "161", "tcp.segment": "163", "tcp.segment.count": "2", "tcp.reassembled.length": "2058", "tcp.reassembled.data": "50:4f:53:54:20:2f:61:75:74:68:2f:72:65:61:6c:6d:73:2f:61:6b:76:6f:2f:70:72:6f:74:6f:63:6f:6c:2f:6f:70:65:6e:69:64:2d:63:6f:6e:6e:65:63:74:2f:74:6f:6b:65:6e:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:6c:6f:63:61:6c:68:6f:73:74:3a:38:30:38:30:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:6b:65:65:70:2d:61:6c:69:76:65:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:39:38:0d:0a:4f:72:69:67:69:6e:3a:20:68:74:74:70:3a:2f:2f:74:31:2e:6c:75:6d:65:6e:2e:6c:6f:63:61:6c:68:6f:73:74:3a:33:30:33:30:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:35:2e:30:20:28:4d:61:63:69:6e:74:6f:73:68:3b:20:49:6e:74:65:6c:20:4d:61:63:20:4f:53:20:58:20:31:30:5f:31:32:5f:33:29:20:41:70:70:6c:65:57:65:62:4b:69:74:2f:35:33:37:2e:33:36:20:28:4b:48:54:4d:4c:2c:20:6c:69:6b:65:20:47:65:63:6b:6f:29:20:43:68:72:6f:6d:65:2f:35:36:2e:30:2e:32:39:32:34:2e:38:37:20:53:61:66:61:72:69:2f:35:33:37:2e:33:36:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:78:2d:77:77:77:2d:66:6f:72:6d:2d:75:72:6c:65:6e:63:6f:64:65:64:0d:0a:41:63:63:65:70:74:3a:20:2a:2f:2a:0d:0a:52:65:66:65:72:65:72:3a:20:68:74:74:70:3a:2f:2f:74:31:2e:6c:75:6d:65:6e:2e:6c:6f:63:61:6c:68:6f:73:74:3a:33:30:33:30:2f:6c:69:62:72:61:72:79:0d:0a:41:63:63:65:70:74:2d:45:6e:63:6f:64:69:6e:67:3a:20:67:7a:69:70:2c:20:64:65:66:6c:61:74:65:2c:20:62:72:0d:0a:41:63:63:65:70:74:2d:4c:61:6e:67:75:61:67:65:3a:20:65:6e:2d:47:42:2c:65:6e:3b:71:3d:30:2e:38:2c:65:6e:2d:55:53:3b:71:3d:30:2e:36:2c:65:73:3b:71:3d:30:2e:34:0d:0a:43:6f:6f:6b:69:65:3a:20:4b:43:5f:52:45:53:54:41:52:54:3d:65:79:4a:68:62:47:63:69:4f:69:4a:49:55:7a:49:31:4e:69:49:73:49:6d:74:70:5a:43:49:67:4f:69:41:69:4e:44:64:6d:4e:6d:55:35:4d:6a:6b:74:4e:32:49:31:4e:43:30:30:4d:54:64:6b:4c:57:4a:69:59:54:4d:74:4d:32:59:77:59:32:4d:33:4d:32:4e:6a:4e:54:4e:6a:49:6e:30:2e:65:79:4a:6a:63:79:49:36:49:6a:63:34:4e:6d:4a:6c:4f:54:51:78:4c:57:52:69:59:6d:59:74:4e:44:67:32:4d:43:30:34:4d:47:4d:7a:4c:54:49:30:5a:6a:51:32:4d:44:55:33:4e:7a:49:34:4e:69:49:73:49:6d:4e:70:5a:43:49:36:49:6d:46:72:64:6d:38:74:62:48:56:74:5a:57:34:69:4c:43:4a:77:64:48:6b:69:4f:69:4a:76:63:47:56:75:61:57:51:74:59:32:39:75:62:6d:56:6a:64:43:49:73:49:6e:4a:31:63:6d:6b:69:4f:69:4a:6f:64:48:52:77:4f:69:38:76:64:44:45:75:62:48:56:74:5a:57:34:75:62:47:39:6a:59:57:78:6f:62:33:4e:30:4f:6a:4d:77:4d:7a:41:76:62:47:6c:69:63:6d:46:79:65:53:49:73:49:6d:46:6a:64:43:49:36:49:6b:46:56:56:45:68:46:54:6c:52:4a:51:30:46:55:52:53:49:73:49:6d:35:76:64:47:56:7a:49:6a:70:37:49:6d:46:31:64:47:68:66:64:48:6c:77:5a:53:49:36:49:6d:4e:76:5a:47:55:69:4c:43:4a:7a:59:32:39:77:5a:53:49:36:49:6d:39:77:5a:57:35:70:5a:43:49:73:49:6d:6c:7a:63:79:49:36:49:6d:68:30:64:48:41:36:4c:79:39:73:62:32:4e:68:62:47:68:76:63:33:51:36:4f:44:41:34:4d:43:39:68:64:58:52:6f:4c:33:4a:6c:59:57:78:74:63:79:39:68:61:33:5a:76:49:69:77:69:63:6d:56:7a:63:47:39:75:63:32:56:66:64:48:6c:77:5a:53:49:36:49:6d:4e:76:5a:47:55:69:4c:43:4a:79:5a:57:52:70:63:6d:56:6a:64:46:39:31:63:6d:6b:69:4f:69:4a:6f:64:48:52:77:4f:69:38:76:64:44:45:75:62:48:56:74:5a:57:34:75:62:47:39:6a:59:57:78:6f:62:33:4e:30:4f:6a:4d:77:4d:7a:41:76:62:47:6c:69:63:6d:46:79:65:53:49:73:49:6e:4e:30:59:58:52:6c:49:6a:6f:69:5a:47:59:79:4f:44:6b:79:59:54:6b:74:4e:6a:49:7a:5a:43:30:30:5a:44:41:77:4c:54:68:68:4d:7a:45:74:4d:7a:68:68:59:57:49:79:4e:6d:59:34:5a:47:49:30:49:69:77:69:62:6d:39:75:59:32:55:69:4f:69:49:32:59:54:41:77:4d:6d:55:32:5a:69:31:6c:4e:57:4a:6a:4c:54:52:6a:4e:44:55:74:59:57:51:33:4f:53:30:35:5a:6a:51:30:5a:6d:59:30:4d:32:4d:34:5a:54:55:69:4c:43:4a:79:5a:58:4e:77:62:32:35:7a:5a:56:39:74:62:32:52:6c:49:6a:6f:69:5a:6e:4a:68:5a:32:31:6c:62:6e:51:69:66:58:30:2e:33:76:4f:47:7a:79:78:68:70:2d:64:47:71:36:71:6e:66:4e:64:63:67:4e:53:41:47:6d:65:6a:65:54:6f:35:79:79:43:33:55:65:7a:6d:72:41:38:3b:20:4b:45:59:43:4c:4f:41:4b:5f:49:44:45:4e:54:49:54:59:3d:65:79:4a:68:62:47:63:69:4f:69:4a:49:55:7a:49:31:4e:69:49:73:49:6d:74:70:5a:43:49:67:4f:69:41:69:4e:44:64:6d:4e:6d:55:35:4d:6a:6b:74:4e:32:49:31:4e:43:30:30:4d:54:64:6b:4c:57:4a:69:59:54:4d:74:4d:32:59:77:59:32:4d:33:4d:32:4e:6a:4e:54:4e:6a:49:6e:30:2e:65:79:4a:71:64:47:6b:69:4f:69:49:79:4f:47:51:30:4f:54:51:7a:4e:69:30:79:59:32:59:30:4c:54:51:35:59:7a:41:74:59:6d:51:35:4e:43:30:78:4e:6a:63:78:4d:44:4a:6c:4e:6a:41:34:4e:32:4d:69:4c:43:4a:6c:65:48:41:69:4f:6a:45:30:4f:44:6b:77:4e:6a:45:35:4e:6a:4d:73:49:6d:35:69:5a:69:49:36:4d:43:77:69:61:57:46:30:49:6a:6f:78:4e:44:67:35:4d:44:49:31:4f:54:59:7a:4c:43:4a:70:63:33:4d:69:4f:69:4a:6f:64:48:52:77:4f:69:38:76:62:47:39:6a:59:57:78:6f:62:33:4e:30:4f:6a:67:77:4f:44:41:76:59:58:56:30:61:43:39:79:5a:57:46:73:62:58:4d:76:59:57:74:32:62:79:49:73:49:6e:4e:31:59:69:49:36:49:6a:4d:30:4d:32:56:6d:4d:44:59:78:4c:54:49:31:59:32:45:74:4e:44:67:77:4f:43:30:34:4e:44:46:69:4c:54:63:79:4d:54:68:6d:4f:47:45:79:4e:6d:49:33:5a:69:49:73:49:6d:46:31:64:47:68:66:64:47:6c:74:5a:53:49:36:4d:43:77:69:63:32:56:7a:63:32:6c:76:62:6c:39:7a:64:47:46:30:5a:53:49:36:49:6a:42:6d:59:54:56:69:4d:54:42:6a:4c:54:67:78:5a:6d:4d:74:4e:44:55:30:4e:53:31:68:4e:6a:49:33:4c:57:56:6c:4d:6a:68:69:5a:6d:46:6d:5a:44:63:30:59:53:49:73:49:6e:4a:6c:63:32:39:31:63:6d:4e:6c:58:32:46:6a:59:32:56:7a:63:79:49:36:65:33:31:39:2e:53:56:30:4e:63:50:32:51:6b:62:6b:72:68:72:32:4f:66:75:70:50:54:35:4b:4a:6e:58:37:72:75:52:4b:6c:4e:66:4f:74:44:36:52:65:66:7a:41:3b:20:4b:45:59:43:4c:4f:41:4b:5f:53:45:53:53:49:4f:4e:3d:61:6b:76:6f:2f:33:34:33:65:66:30:36:31:2d:32:35:63:61:2d:34:38:30:38:2d:38:34:31:62:2d:37:32:31:38:66:38:61:32:36:62:37:66:2f:30:66:61:35:62:31:30:63:2d:38:31:66:63:2d:34:35:34:35:2d:61:36:32:37:2d:65:65:32:38:62:66:61:66:64:37:34:61:0d:0a:0d:0a:63:6f:64:65:3d:67:65:46:69:59:51:39:2d:74:5a:31:65:65:6d:57:4c:4b:6c:33:79:57:4a:58:63:46:62:53:76:38:33:79:64:61:4d:32:69:71:4d:2d:4e:67:50:55:2e:37:38:36:62:65:39:34:31:2d:64:62:62:66:2d:34:38:36:30:2d:38:30:63:33:2d:32:34:66:34:36:30:35:37:37:32:38:36:26:67:72:61:6e:74:5f:74:79:70:65:3d:61:75:74:68:6f:72:69:7a:61:74:69:6f:6e:5f:63:6f:64:65:26:63:6c:69:65:6e:74:5f:69:64:3d:61:6b:76:6f:2d:6c:75:6d:65:6e:26:72:65:64:69:72:65:63:74:5f:75:72:69:3d:68:74:74:70:25:33:41:25:32:46:25:32:46:74:31:2e:6c:75:6d:65:6e:2e:6c:6f:63:61:6c:68:6f:73:74:25:33:41:33:30:33:30:25:32:46:6c:69:62:72:61:72:79" }, "http": { "POST \/auth\/realms\/akvo\/protocol\/openid-connect\/token HTTP\/1.1\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "POST \/auth\/realms\/akvo\/protocol\/openid-connect\/token HTTP\/1.1\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.method": "POST", "http.request.uri": "\/auth\/realms\/akvo\/protocol\/openid-connect\/token", "http.request.version": "HTTP\/1.1" }, "http.host": "localhost:8080", "http.request.line": "Host: localhost:8080\r\n", "http.connection": "keep-alive", "http.request.line": "Connection: keep-alive\r\n", "http.content_length_header": "198", "http.content_length_header_tree": { "http.content_length": "198" }, "http.request.line": "Content-Length: 198\r\n", "http.request.line": "Origin: http:\/\/t1.lumen.localhost:3030\r\n", "http.user_agent": "Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36", "http.request.line": "User-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36\r\n", "http.content_type": "application\/x-www-form-urlencoded", "http.request.line": "Content-type: application\/x-www-form-urlencoded\r\n", "http.accept": "*\/*", "http.request.line": "Accept: *\/*\r\n", "http.referer": "http:\/\/t1.lumen.localhost:3030\/library", "http.request.line": "Referer: http:\/\/t1.lumen.localhost:3030\/library\r\n", "http.accept_encoding": "gzip, deflate, br", "http.request.line": "Accept-Encoding: gzip, deflate, br\r\n", "http.accept_language": "en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4", "http.request.line": "Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4\r\n", "http.cookie": "KC_RESTART=eyJhbGciOiJIUzI1NiIsImtpZCIgOiAiNDdmNmU5MjktN2I1NC00MTdkLWJiYTMtM2YwY2M3M2NjNTNjIn0.eyJjcyI6Ijc4NmJlOTQxLWRiYmYtNDg2MC04MGMzLTI0ZjQ2MDU3NzI4NiIsImNpZCI6ImFrdm8tbHVtZW4iLCJwdHkiOiJvcGVuaWQtY29ubmVjdCIsInJ1cmkiOiJodHRwOi8vdDEubHVtZW4ubG9jYWxob3N0OjMwMzAvbGlicmFyeSIsImFjdCI6IkFVVEhFTlRJQ0FURSIsIm5vdGVzIjp7ImF1dGhfdHlwZSI6ImNvZGUiLCJzY29wZSI6Im9wZW5pZCIsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC9hdXRoL3JlYWxtcy9ha3ZvIiwicmVzcG9uc2VfdHlwZSI6ImNvZGUiLCJyZWRpcmVjdF91cmkiOiJodHRwOi8vdDEubHVtZW4ubG9jYWxob3N0OjMwMzAvbGlicmFyeSIsInN0YXRlIjoiZGYyODkyYTktNjIzZC00ZDAwLThhMzEtMzhhYWIyNmY4ZGI0Iiwibm9uY2UiOiI2YTAwMmU2Zi1lNWJjLTRjNDUtYWQ3OS05ZjQ0ZmY0M2M4ZTUiLCJyZXNwb25zZV9tb2RlIjoiZnJhZ21lbnQifX0.3vOGzyxhp-dGq6qnfNdcgNSAGmejeTo5yyC3UezmrA8; KEYCLOAK_IDENTITY=eyJhbGciOiJIUzI1NiIsImtpZCIgOiAiNDdmNmU5MjktN2I1NC00MTdkLWJiYTMtM2YwY2M3M2NjNTNjIn0.eyJqdGkiOiIyOGQ0OTQzNi0yY2Y0LTQ5YzAtYmQ5NC0xNjcxMDJlNjA4N2MiLCJleHAiOjE0ODkwNjE5NjMsIm5iZiI6MCwiaWF0IjoxNDg5MDI1OTYzLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvYWt2byIsInN1YiI6IjM0M2VmMDYxLTI1Y2EtNDgwOC04NDFiLTcyMThmOGEyNmI3ZiIsImF1dGhfdGltZSI6MCwic2Vzc2lvbl9zdGF0ZSI6IjBmYTViMTBjLTgxZmMtNDU0NS1hNjI3LWVlMjhiZmFmZDc0YSIsInJlc291cmNlX2FjY2VzcyI6e319.SV0NcP2Qkbkrhr2OfupPT5KJnX7ruRKlNfOtD6RefzA; KEYCLOAK_SESSION=akvo\/343ef061-25ca-4808-841b-7218f8a26b7f\/0fa5b10c-81fc-4545-a627-ee28bfafd74a", "http.cookie_tree": { "http.cookie_pair": "KC_RESTART=eyJhbGciOiJIUzI1NiIsImtpZCIgOiAiNDdmNmU5MjktN2I1NC00MTdkLWJiYTMtM2YwY2M3M2NjNTNjIn0.eyJjcyI6Ijc4NmJlOTQxLWRiYmYtNDg2MC04MGMzLTI0ZjQ2MDU3NzI4NiIsImNpZCI6ImFrdm8tbHVtZW4iLCJwdHkiOiJvcGVuaWQtY29ubmVjdCIsInJ1cmkiOiJodHRwOi8vdDEubHVtZW4ubG9jYWxob3N0OjMwMzAvbGlicmFyeSIsImFjdCI6IkFVVEhFTlRJQ0FURSIsIm5vdGVzIjp7ImF1dGhfdHlwZSI6ImNvZGUiLCJzY29wZSI6Im9wZW5pZCIsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC9hdXRoL3JlYWxtcy9ha3ZvIiwicmVzcG9uc2VfdHlwZSI6ImNvZGUiLCJyZWRpcmVjdF91cmkiOiJodHRwOi8vdDEubHVtZW4ubG9jYWxob3N0OjMwMzAvbGlicmFyeSIsInN0YXRlIjoiZGYyODkyYTktNjIzZC00ZDAwLThhMzEtMzhhYWIyNmY4ZGI0Iiwibm9uY2UiOiI2YTAwMmU2Zi1lNWJjLTRjNDUtYWQ3OS05ZjQ0ZmY0M2M4ZTUiLCJyZXNwb25zZV9tb2RlIjoiZnJhZ21lbnQifX0.3vOGzyxhp-dGq6qnfNdcgNSAGmejeTo5yyC3UezmrA8", "http.cookie_pair": "KEYCLOAK_IDENTITY=eyJhbGciOiJIUzI1NiIsImtpZCIgOiAiNDdmNmU5MjktN2I1NC00MTdkLWJiYTMtM2YwY2M3M2NjNTNjIn0.eyJqdGkiOiIyOGQ0OTQzNi0yY2Y0LTQ5YzAtYmQ5NC0xNjcxMDJlNjA4N2MiLCJleHAiOjE0ODkwNjE5NjMsIm5iZiI6MCwiaWF0IjoxNDg5MDI1OTYzLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvYWt2byIsInN1YiI6IjM0M2VmMDYxLTI1Y2EtNDgwOC04NDFiLTcyMThmOGEyNmI3ZiIsImF1dGhfdGltZSI6MCwic2Vzc2lvbl9zdGF0ZSI6IjBmYTViMTBjLTgxZmMtNDU0NS1hNjI3LWVlMjhiZmFmZDc0YSIsInJlc291cmNlX2FjY2VzcyI6e319.SV0NcP2Qkbkrhr2OfupPT5KJnX7ruRKlNfOtD6RefzA", "http.cookie_pair": "KEYCLOAK_SESSION=akvo\/343ef061-25ca-4808-841b-7218f8a26b7f\/0fa5b10c-81fc-4545-a627-ee28bfafd74a" }, "http.request.line": "Cookie: KC_RESTART=eyJhbGciOiJIUzI1NiIsImtpZCIgOiAiNDdmNmU5MjktN2I1NC00MTdkLWJiYTMtM2YwY2M3M2NjNTNjIn0.eyJjcyI6Ijc4NmJlOTQxLWRiYmYtNDg2MC04MGMzLTI0ZjQ2MDU3NzI4NiIsImNpZCI6ImFrdm8tbHVtZW4iLCJwdHkiOiJvcGVuaWQtY29ubmVjdCIsInJ1cmkiOiJodHRwOi8vdDEubHVtZW4ubG9jYWxob3N0OjMwMzAvbGlicmFyeSIsImFjdCI6IkFVVEhFTlRJQ0FURSIsIm5vdGVzIjp7ImF1dGhfdHlwZSI6ImNvZGUiLCJzY29wZSI6Im9wZW5pZCIsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC9hdXRoL3JlYWxtcy9ha3ZvIiwicmVzcG9uc2VfdHlwZSI6ImNvZGUiLCJyZWRpcmVjdF91cmkiOiJodHRwOi8vdDEubHVtZW4ubG9jYWxob3N0OjMwMzAvbGlicmFyeSIsInN0YXRlIjoiZGYyODkyYTktNjIzZC00ZDAwLThhMzEtMzhhYWIyNmY4ZGI0Iiwibm9uY2UiOiI2YTAwMmU2Zi1lNWJjLTRjNDUtYWQ3OS05ZjQ0ZmY0M2M4ZTUiLCJyZXNwb25zZV9tb2RlIjoiZnJhZ21lbnQifX0.3vOGzyxhp-dGq6qnfNdcgNSAGmejeTo5yyC3UezmrA8; KEYCLOAK_IDENTITY=eyJhbGciOiJIUzI1NiIsImtpZCIgOiAiNDdmNmU5MjktN2I1NC00MTdkLWJiYTMtM2YwY2M3M2NjNTNjIn0.eyJqdGkiOiIyOGQ0OTQzNi0yY2Y0LTQ5YzAtYmQ5NC0xNjcxMDJlNjA4N2MiLCJleHAiOjE0ODkwNjE5NjMsIm5iZiI6MCwiaWF0IjoxNDg5MDI1OTYzLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvYWt2byIsInN1YiI6IjM0M2VmMDYxLTI1Y2EtNDgwOC04NDFiLTcyMThmOGEyNmI3ZiIsImF1dGhfdGltZSI6MCwic2Vzc2lvbl9zdGF0ZSI6IjBmYTViMTBjLTgxZmMtNDU0NS1hNjI3LWVlMjhiZmFmZDc0YSIsInJlc291cmNlX2FjY2VzcyI6e319.SV0NcP2Qkbkrhr2OfupPT5KJnX7ruRKlNfOtD6RefzA; KEYCLOAK_SESSION=akvo\/343ef061-25ca-4808-841b-7218f8a26b7f\/0fa5b10c-81fc-4545-a627-ee28bfafd74a\r\n", "\\r\\n": "", "http.request.full_uri": "http:\/\/localhost:8080\/auth\/realms\/akvo\/protocol\/openid-connect\/token", "http.request": "1", "http.request_number": "3", "http.prev_request_in": "113", "http.response_in": "171", "http.next_request_in": "203", "http.file_data": "code=geFiYQ9-tZ1eemWLKl3yWJXcFbSv83ydaM2iqM-NgPU.786be941-dbbf-4860-80c3-24f460577286&grant_type=authorization_code&client_id=akvo-lumen&redirect_uri=http%3A%2F%2Ft1.lumen.localhost%3A3030%2Flibrary" }, "urlencoded-form": { "Form item: \"code\" = \"geFiYQ9-tZ1eemWLKl3yWJXcFbSv83ydaM2iqM-NgPU.786be941-dbbf-4860-80c3-24f460577286\"": { "urlencoded-form.key": "code", "urlencoded-form.value": "geFiYQ9-tZ1eemWLKl3yWJXcFbSv83ydaM2iqM-NgPU.786be941-dbbf-4860-80c3-24f460577286" }, "Form item: \"grant_type\" = \"authorization_code\"": { "urlencoded-form.key": "grant_type", "urlencoded-form.value": "authorization_code" }, "Form item: \"client_id\" = \"akvo-lumen\"": { "urlencoded-form.key": "client_id", "urlencoded-form.value": "akvo-lumen" }, "Form item: \"redirect_uri\" = \"http:\/\/t1.lumen.localhost:3030\/library\"": { "urlencoded-form.key": "redirect_uri", "urlencoded-form.value": "http:\/\/t1.lumen.localhost:3030\/library" } } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:24.227391000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025964.227391000", "frame.time_delta": "0.000981000", "frame.time_delta_displayed": "0.001008000", "frame.time_relative": "14.504518000", "frame.number": "165", "frame.len": "266", "frame.cap_len": "266", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ip:tcp:http", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "2" }, "ip": { "ip.version": "4", "ip.hdr_len": "20", "ip.dsfield": "0x00000002", "ip.dsfield_tree": { "ip.dsfield.dscp": "0", "ip.dsfield.ecn": "2" }, "ip.len": "262", "ip.id": "0x00003635", "ip.flags": "0x00000002", "ip.flags_tree": { "ip.flags.rb": "0", "ip.flags.df": "1", "ip.flags.mf": "0" }, "ip.frag_offset": "0", "ip.ttl": "64", "ip.proto": "6", "ip.checksum": "0x00000000", "ip.checksum.status": "2", "ip.src": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.src_host": "127.0.0.1", "ip.host": "127.0.0.1", "ip.dst": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.dst_host": "127.0.0.1", "ip.host": "127.0.0.1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "3030", "tcp.dstport": "54765", "tcp.port": "3030", "tcp.port": "54765", "tcp.stream": "7", "tcp.len": "210", "tcp.seq": "1791", "tcp.nxtseq": "2001", "tcp.ack": "3903", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12637", "tcp.window_size": "404384", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x0000fefa", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:4f:fd:48:49:4f:ee", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212764157, TSecr 1212764142": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212764157", "tcp.options.timestamp.tsecr": "1212764142" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000078000", "tcp.analysis.bytes_in_flight": "210", "tcp.analysis.push_bytes_sent": "210" } }, "http": { "HTTP\/1.1 304 Not Modified\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "HTTP\/1.1 304 Not Modified\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.version": "HTTP\/1.1", "http.response.code": "304", "http.response.phrase": "Not Modified" }, "http.response.line": "X-Powered-By: Express\r\n", "http.response.line": "Accept-Ranges: bytes\r\n", "http.response.line": "Access-Control-Allow-Origin: *\r\n", "http.response.line": "ETag: W\/\"22f-yjaM2RvlkdfqS0jVUSsumj\/Lpw8\"\r\n", "http.date": "Thu, 09 Mar 2017 02:19:24 GMT", "http.response.line": "Date: Thu, 09 Mar 2017 02:19:24 GMT\r\n", "http.connection": "keep-alive", "http.response.line": "Connection: keep-alive\r\n", "\\r\\n": "", "http.response": "1", "http.response_number": "8", "http.time": "0.016728000", "http.prev_request_in": "131", "http.prev_response_in": "137", "http.request_in": "155", "http.next_request_in": "169", "http.next_response_in": "219" } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:24.267262000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025964.267262000", "frame.time_delta": "0.039844000", "frame.time_delta_displayed": "0.039871000", "frame.time_relative": "14.544389000", "frame.number": "167", "frame.len": "213", "frame.cap_len": "213", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ip:tcp:http:data", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "2" }, "ip": { "ip.version": "4", "ip.hdr_len": "20", "ip.dsfield": "0x00000000", "ip.dsfield_tree": { "ip.dsfield.dscp": "0", "ip.dsfield.ecn": "0" }, "ip.len": "209", "ip.id": "0x0000b9bd", "ip.flags": "0x00000002", "ip.flags_tree": { "ip.flags.rb": "0", "ip.flags.df": "1", "ip.flags.mf": "0" }, "ip.frag_offset": "0", "ip.ttl": "64", "ip.proto": "6", "ip.checksum": "0x00000000", "ip.checksum.status": "2", "ip.src": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.src_host": "127.0.0.1", "ip.host": "127.0.0.1", "ip.dst": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.dst_host": "127.0.0.1", "ip.host": "127.0.0.1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "3030", "tcp.dstport": "54772", "tcp.port": "3030", "tcp.port": "54772", "tcp.stream": "14", "tcp.len": "157", "tcp.seq": "1", "tcp.nxtseq": "158", "tcp.ack": "580", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12741", "tcp.window_size": "407712", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x0000fec5", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:50:23:48:49:4f:ed", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212764195, TSecr 1212764141": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212764195", "tcp.options.timestamp.tsecr": "1212764141" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000093000", "tcp.analysis.bytes_in_flight": "157", "tcp.analysis.push_bytes_sent": "157" } }, "http": { "HTTP\/1.1 101 Switching Protocols\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "HTTP\/1.1 101 Switching Protocols\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.version": "HTTP\/1.1", "http.response.code": "101", "http.response.phrase": "Switching Protocols" }, "http.upgrade": "websocket", "http.response.line": "Upgrade: websocket\r\n", "http.connection": "Upgrade", "http.response.line": "Connection: Upgrade\r\n", "http.sec_websocket_accept": "x7KIkDOXYNlDhuneanLr\/MjqS+A=", "http.response.line": "Sec-WebSocket-Accept: x7KIkDOXYNlDhuneanLr\/MjqS+A=\r\n", "\\r\\n": "", "http.response": "1", "http.response_number": "1", "http.time": "0.058207000", "http.request_in": "153" }, "http": { "data": { "data.data": "48:54:54:50:2f:31:2e:31:20:31:30:31:20:53:77:69:74:63:68:69:6e:67:20:50:72:6f:74:6f:63:6f:6c:73:0d:0a:55:70:67:72:61:64:65:3a:20:77:65:62:73:6f:63:6b:65:74:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:55:70:67:72:61:64:65:0d:0a:53:65:63:2d:57:65:62:53:6f:63:6b:65:74:2d:41:63:63:65:70:74:3a:20:78:37:4b:49:6b:44:4f:58:59:4e:6c:44:68:75:6e:65:61:6e:4c:72:2f:4d:6a:71:53:2b:41:3d:0d:0a:0d:0a:81:01:6f:81:17:61:5b:22:7b:5c:22:74:79:70:65:5c:22:3a:5c:22:68:6f:74:5c:22:7d:22:5d", "data.len": "157" } } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:24.272758000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025964.272758000", "frame.time_delta": "0.005458000", "frame.time_delta_displayed": "0.005496000", "frame.time_relative": "14.549885000", "frame.number": "169", "frame.len": "509", "frame.cap_len": "509", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ip:tcp:http", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "2" }, "ip": { "ip.version": "4", "ip.hdr_len": "20", "ip.dsfield": "0x00000000", "ip.dsfield_tree": { "ip.dsfield.dscp": "0", "ip.dsfield.ecn": "0" }, "ip.len": "505", "ip.id": "0x0000cd61", "ip.flags": "0x00000002", "ip.flags_tree": { "ip.flags.rb": "0", "ip.flags.df": "1", "ip.flags.mf": "0" }, "ip.frag_offset": "0", "ip.ttl": "64", "ip.proto": "6", "ip.checksum": "0x00000000", "ip.checksum.status": "2", "ip.src": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.src_host": "127.0.0.1", "ip.host": "127.0.0.1", "ip.dst": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.dst_host": "127.0.0.1", "ip.host": "127.0.0.1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "54765", "tcp.dstport": "3030", "tcp.port": "54765", "tcp.port": "3030", "tcp.stream": "7", "tcp.len": "453", "tcp.seq": "3903", "tcp.nxtseq": "4356", "tcp.ack": "2001", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12696", "tcp.window_size": "406272", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x0000ffed", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:50:28:48:49:4f:fd", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212764200, TSecr 1212764157": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212764200", "tcp.options.timestamp.tsecr": "1212764157" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000078000", "tcp.analysis.bytes_in_flight": "453", "tcp.analysis.push_bytes_sent": "453" } }, "http": { "GET \/favicon.ico HTTP\/1.1\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "GET \/favicon.ico HTTP\/1.1\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.method": "GET", "http.request.uri": "\/favicon.ico", "http.request.version": "HTTP\/1.1" }, "http.host": "t1.lumen.localhost:3030", "http.request.line": "Host: t1.lumen.localhost:3030\r\n", "http.connection": "keep-alive", "http.request.line": "Connection: keep-alive\r\n", "http.user_agent": "Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36", "http.request.line": "User-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36\r\n", "http.accept": "image\/webp,image\/*,*\/*;q=0.8", "http.request.line": "Accept: image\/webp,image\/*,*\/*;q=0.8\r\n", "http.referer": "http:\/\/t1.lumen.localhost:3030\/library", "http.request.line": "Referer: http:\/\/t1.lumen.localhost:3030\/library\r\n", "http.accept_encoding": "gzip, deflate, sdch, br", "http.request.line": "Accept-Encoding: gzip, deflate, sdch, br\r\n", "http.accept_language": "en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4", "http.request.line": "Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4\r\n", "http.request.line": "If-None-Match: W\/\"22f-yjaM2RvlkdfqS0jVUSsumj\/Lpw8\"\r\n", "\\r\\n": "", "http.request.full_uri": "http:\/\/t1.lumen.localhost:3030\/favicon.ico", "http.request": "1", "http.request_number": "9", "http.prev_request_in": "155", "http.response_in": "219" } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:24.336343000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025964.336343000", "frame.time_delta": "0.063546000", "frame.time_delta_displayed": "0.063585000", "frame.time_relative": "14.613470000", "frame.number": "171", "frame.len": "4466", "frame.cap_len": "4466", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ipv6:tcp:http:json", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "30" }, "ipv6": { "ipv6.version": "6", "ip.version": "6", "ipv6.tclass": "0x00000002", "ipv6.tclass_tree": { "ipv6.tclass.dscp": "0", "ipv6.tclass.ecn": "2" }, "ipv6.flow": "0x00090cc8", "ipv6.plen": "4422", "ipv6.nxt": "6", "ipv6.hlim": "64", "ipv6.src": "::1", "ipv6.addr": "::1", "ipv6.src_host": "::1", "ipv6.host": "::1", "ipv6.dst": "::1", "ipv6.addr": "::1", "ipv6.dst_host": "::1", "ipv6.host": "::1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "8080", "tcp.dstport": "54769", "tcp.port": "8080", "tcp.port": "54769", "tcp.stream": "11", "tcp.len": "4390", "tcp.seq": "6067", "tcp.nxtseq": "10457", "tcp.ack": "4586", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12600", "tcp.window_size": "403200", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x0000114e", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:50:67:48:49:4f:fc", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212764263, TSecr 1212764156": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212764263", "tcp.options.timestamp.tsecr": "1212764156" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000103000", "tcp.analysis.bytes_in_flight": "4390", "tcp.analysis.push_bytes_sent": "4390" } }, "http": { "HTTP\/1.1 200 OK\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.version": "HTTP\/1.1", "http.response.code": "200", "http.response.phrase": "OK" }, "http.response.line": "X-Powered-By: Undertow\/1\r\n", "http.server": "WildFly\/10", "http.response.line": "Server: WildFly\/10\r\n", "http.response.line": "Access-Control-Expose-Headers: Access-Control-Allow-Methods\r\n", "http.date": "Thu, 09 Mar 2017 02:19:24 GMT", "http.response.line": "Date: Thu, 09 Mar 2017 02:19:24 GMT\r\n", "http.connection": "keep-alive", "http.response.line": "Connection: keep-alive\r\n", "http.response.line": "Access-Control-Allow-Origin: http:\/\/t1.lumen.localhost:3030\r\n", "http.response.line": "Access-Control-Allow-Credentials: true\r\n", "http.content_type": "application\/json", "http.response.line": "Content-Type: application\/json\r\n", "http.content_length_header": "4048", "http.content_length_header_tree": { "http.content_length": "4048" }, "http.response.line": "Content-Length: 4048\r\n", "\\r\\n": "", "http.response": "1", "http.response_number": "3", "http.time": "0.109960000", "http.prev_request_in": "113", "http.prev_response_in": "115", "http.request_in": "163", "http.next_request_in": "203", "http.next_response_in": "209", "http.file_data": "{\"access_token\":\"eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIwd2ZVd0pDVXM2YmVHT3ZTdzZTN1ZjSW04djZWd3RzZXlCWmd0MElzTmlZIn0.eyJqdGkiOiIxZGJiMjRjZi1lZGUwLTRkNDktOTA1Yi1mZTVjNmQ5NDkxM2EiLCJleHAiOjE0ODkwMjYyNjQsIm5iZiI6MCwiaWF0IjoxNDg5MDI1OTY0LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvYWt2byIsImF1ZCI6ImFrdm8tbHVtZW4iLCJzdWIiOiIzNDNlZjA2MS0yNWNhLTQ4MDgtODQxYi03MjE4ZjhhMjZiN2YiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJha3ZvLWx1bWVuIiwibm9uY2UiOiI2YTAwMmU2Zi1lNWJjLTRjNDUtYWQ3OS05ZjQ0ZmY0M2M4ZTUiLCJhdXRoX3RpbWUiOjE0ODkwMjU5NjMsInNlc3Npb25fc3RhdGUiOiIwZmE1YjEwYy04MWZjLTQ1NDUtYTYyNy1lZTI4YmZhZmQ3NGEiLCJhY3IiOiIxIiwiY2xpZW50X3Nlc3Npb24iOiI3ODZiZTk0MS1kYmJmLTQ4NjAtODBjMy0yNGY0NjA1NzcyODYiLCJhbGxvd2VkLW9yaWdpbnMiOlsiaHR0cDovL3QyLmx1bWVuLmxvY2FsaG9zdDozMDMwIiwiaHR0cDovL3QxLmx1bWVuLmxvY2FsaG9zdDozMDMwIl0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJha3ZvOmx1bWVuOnQxIiwiYWt2bzpsdW1lbjp0MTphZG1pbiIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsInZpZXctcHJvZmlsZSJdfX0sIm5hbWUiOiJKZXJvbWUgRWdpbmxhIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiamVyb21lIiwiZ2l2ZW5fbmFtZSI6Ikplcm9tZSIsImZhbWlseV9uYW1lIjoiRWdpbmxhIiwiZW1haWwiOiJqZXJvbWVAdDEubHVtZW4ubG9jYWxob3N0In0.bjGYDjA3-395ATeR7KTUluOKApoZkV2_MdA7Jbuz3moWhVHBDT4-3BGuLYNLFwlFNCvOo8ngjCaMBH6NqaQIxvybXI9Lcsi3203BIY7q2Drj3c8cL-T6k4YlORACwVpsX395eqqJeZSYgAdnHwvh5yod2KfKeDBatpUtYIYkC-gCwSCUPsDSbb1M8l7HR5dQAeaOPM6BIXaY7cNBkzTHO_PGmPkXBfDvR8rT_3XCPqVF-e01L0lXrW6M82q3XA3Mot3RE6OrXFNm-9ilWh_mg6bEKWaD1WhiXrv9fzExV04PZ53FLP5TgSqCfX0KfkAvWilchC0o8wLvaf9nVeCPCw\",\"expires_in\":300,\"refresh_expires_in\":1800,\"refresh_token\":\"eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIwd2ZVd0pDVXM2YmVHT3ZTdzZTN1ZjSW04djZWd3RzZXlCWmd0MElzTmlZIn0.eyJqdGkiOiJlYTI5YTNlOS1iYTJmLTQ4YjktYmY5Yy0zODhlYmEyZTg2YTgiLCJleHAiOjE0ODkwMjc3NjQsIm5iZiI6MCwiaWF0IjoxNDg5MDI1OTY0LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvYWt2byIsImF1ZCI6ImFrdm8tbHVtZW4iLCJzdWIiOiIzNDNlZjA2MS0yNWNhLTQ4MDgtODQxYi03MjE4ZjhhMjZiN2YiLCJ0eXAiOiJSZWZyZXNoIiwiYXpwIjoiYWt2by1sdW1lbiIsIm5vbmNlIjoiNmEwMDJlNmYtZTViYy00YzQ1LWFkNzktOWY0NGZmNDNjOGU1IiwiYXV0aF90aW1lIjowLCJzZXNzaW9uX3N0YXRlIjoiMGZhNWIxMGMtODFmYy00NTQ1LWE2MjctZWUyOGJmYWZkNzRhIiwiY2xpZW50X3Nlc3Npb24iOiI3ODZiZTk0MS1kYmJmLTQ4NjAtODBjMy0yNGY0NjA1NzcyODYiLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsiYWt2bzpsdW1lbjp0MSIsImFrdm86bHVtZW46dDE6YWRtaW4iLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJ2aWV3LXByb2ZpbGUiXX19fQ.gf_JDli0ZRZ0C6-FoZP7tvUXAhCxdwomWkMDAX0Qqe1c4KTE_RpUQks2Lf4mNnLlXldb2tiXuAcvAnyVlPSEriR5g6xq5EZk7uMltzc6hcSTTRkIEjRWg1AWAe6_7CSeJSYZ194clrpd6LC1Dk-QAlviV2lfyrXHVTbcgMbPFy3tdzz0WGgOvUMdnfRX6xv6MWvUiHGxWlI-y5zCRSzeScO_OyRvTOKSz9oZUb--T6aUNGqaCuYRohPLZ-MYy74RbvdZgin2F8JAwfQtfznz7w1dYm-0GKzzspXG2UwZ4EMCaFQdMeqSkTrDtMMfSNwD-fimz1caeTYBG4Sku-NU5Q\",\"token_type\":\"bearer\",\"id_token\":\"eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIwd2ZVd0pDVXM2YmVHT3ZTdzZTN1ZjSW04djZWd3RzZXlCWmd0MElzTmlZIn0.eyJqdGkiOiJjZTliMzJlNi00NWIxLTQzZmEtODE4MS1jY2QxMTA1NWQ1MDkiLCJleHAiOjE0ODkwMjYyNjQsIm5iZiI6MCwiaWF0IjoxNDg5MDI1OTY0LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvYWt2byIsImF1ZCI6ImFrdm8tbHVtZW4iLCJzdWIiOiIzNDNlZjA2MS0yNWNhLTQ4MDgtODQxYi03MjE4ZjhhMjZiN2YiLCJ0eXAiOiJJRCIsImF6cCI6ImFrdm8tbHVtZW4iLCJub25jZSI6IjZhMDAyZTZmLWU1YmMtNGM0NS1hZDc5LTlmNDRmZjQzYzhlNSIsImF1dGhfdGltZSI6MTQ4OTAyNTk2Mywic2Vzc2lvbl9zdGF0ZSI6IjBmYTViMTBjLTgxZmMtNDU0NS1hNjI3LWVlMjhiZmFmZDc0YSIsImFjciI6IjEiLCJuYW1lIjoiSmVyb21lIEVnaW5sYSIsInByZWZlcnJlZF91c2VybmFtZSI6Implcm9tZSIsImdpdmVuX25hbWUiOiJKZXJvbWUiLCJmYW1pbHlfbmFtZSI6IkVnaW5sYSIsImVtYWlsIjoiamVyb21lQHQxLmx1bWVuLmxvY2FsaG9zdCJ9.hWBYzQIW1EtLhc1m0PLXQXSHv8AfdDvC_pZE8cBZvP4YLruvZUcuXH5h7ECEagYWQUHiYKwrXqrXKDBxlRzPPRaA2VdtOzzl6EZF9oW4dNQf4St0sGokh8jE2_pZSSegTOt1DN91cc5hl-ePp5Z6qDgP1KNsPKSdoPphFdSja2KtfMdN3XCjmsv8NT1zm-8FDsYpQvOrLfv5y9gb5YDmwRZfqYw4rfJ5ZMGsnpuhZcOPG9kjsOPBeiMzms8iiW43mQqjXfj9mBw1r00pBxJc_mxl5oF6nGjMDRuLTmMh5qNK1pFdEeo64krouMPnn-VyKmJtCCGpuN3qWWyzNTawRw\",\"not-before-policy\":0,\"session_state\":\"0fa5b10c-81fc-4545-a627-ee28bfafd74a\"}" }, "json": { "json.object": { "json.member": { "json.value.string": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIwd2ZVd0pDVXM2YmVHT3ZTdzZTN1ZjSW04djZWd3RzZXlCWmd0MElzTmlZIn0.eyJqdGkiOiIxZGJiMjRjZi1lZGUwLTRkNDktOTA1Yi1mZTVjNmQ5NDkxM2EiLCJleHAiOjE0ODkwMjYyNjQsIm5iZiI6MCwiaWF0IjoxNDg5MDI1OTY0LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvYWt2byIsImF1ZCI6ImFrdm8tbHVtZW4iLCJzdWIiOiIzNDNlZjA2MS0yNWNhLTQ4MDgtODQxYi03MjE4ZjhhMjZiN2YiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJha3ZvLWx1bWVuIiwibm9uY2UiOiI2YTAwMmU2Zi1lNWJjLTRjNDUtYWQ3OS05ZjQ0ZmY0M2M4ZTUiLCJhdXRoX3RpbWUiOjE0ODkwMjU5NjMsInNlc3Npb25fc3RhdGUiOiIwZmE1YjEwYy04MWZjLTQ1NDUtYTYyNy1lZTI4YmZhZmQ3NGEiLCJhY3IiOiIxIiwiY2xpZW50X3Nlc3Npb24iOiI3ODZiZTk0MS1kYmJmLTQ4NjAtODBjMy0yNGY0NjA1NzcyODYiLCJhbGxvd2VkLW9yaWdpbnMiOlsiaHR0cDovL3QyLmx1bWVuLmxvY2FsaG9zdDozMDMwIiwiaHR0cDovL3QxLmx1bWVuLmxvY2FsaG9zdDozMDMwIl0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJha3ZvOmx1bWVuOnQxIiwiYWt2bzpsdW1lbjp0MTphZG1pbiIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsInZpZXctcHJvZmlsZSJdfX0sIm5hbWUiOiJKZXJvbWUgRWdpbmxhIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiamVyb21lIiwiZ2l2ZW5fbmFtZSI6Ikplcm9tZSIsImZhbWlseV9uYW1lIjoiRWdpbmxhIiwiZW1haWwiOiJqZXJvbWVAdDEubHVtZW4ubG9jYWxob3N0In0.bjGYDjA3-395ATeR7KTUluOKApoZkV2_MdA7Jbuz3moWhVHBDT4-3BGuLYNLFwlFNCvOo8ngjCaMBH6NqaQIxvybXI9Lcsi3203BIY7q2Drj3c8cL-T6k4YlORACwVpsX395eqqJeZSYgAdnHwvh5yod2KfKeDBatpUtYIYkC-gCwSCUPsDSbb1M8l7HR5dQAeaOPM6BIXaY7cNBkzTHO_PGmPkXBfDvR8rT_3XCPqVF-e01L0lXrW6M82q3XA3Mot3RE6OrXFNm-9ilWh_mg6bEKWaD1WhiXrv9fzExV04PZ53FLP5TgSqCfX0KfkAvWilchC0o8wLvaf9nVeCPCw", "json.key": "access_token" }, "json.member": { "json.value.number": "300", "json.key": "expires_in" }, "json.member": { "json.value.number": "1800", "json.key": "refresh_expires_in" }, "json.member": { "json.value.string": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIwd2ZVd0pDVXM2YmVHT3ZTdzZTN1ZjSW04djZWd3RzZXlCWmd0MElzTmlZIn0.eyJqdGkiOiJlYTI5YTNlOS1iYTJmLTQ4YjktYmY5Yy0zODhlYmEyZTg2YTgiLCJleHAiOjE0ODkwMjc3NjQsIm5iZiI6MCwiaWF0IjoxNDg5MDI1OTY0LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvYWt2byIsImF1ZCI6ImFrdm8tbHVtZW4iLCJzdWIiOiIzNDNlZjA2MS0yNWNhLTQ4MDgtODQxYi03MjE4ZjhhMjZiN2YiLCJ0eXAiOiJSZWZyZXNoIiwiYXpwIjoiYWt2by1sdW1lbiIsIm5vbmNlIjoiNmEwMDJlNmYtZTViYy00YzQ1LWFkNzktOWY0NGZmNDNjOGU1IiwiYXV0aF90aW1lIjowLCJzZXNzaW9uX3N0YXRlIjoiMGZhNWIxMGMtODFmYy00NTQ1LWE2MjctZWUyOGJmYWZkNzRhIiwiY2xpZW50X3Nlc3Npb24iOiI3ODZiZTk0MS1kYmJmLTQ4NjAtODBjMy0yNGY0NjA1NzcyODYiLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsiYWt2bzpsdW1lbjp0MSIsImFrdm86bHVtZW46dDE6YWRtaW4iLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJ2aWV3LXByb2ZpbGUiXX19fQ.gf_JDli0ZRZ0C6-FoZP7tvUXAhCxdwomWkMDAX0Qqe1c4KTE_RpUQks2Lf4mNnLlXldb2tiXuAcvAnyVlPSEriR5g6xq5EZk7uMltzc6hcSTTRkIEjRWg1AWAe6_7CSeJSYZ194clrpd6LC1Dk-QAlviV2lfyrXHVTbcgMbPFy3tdzz0WGgOvUMdnfRX6xv6MWvUiHGxWlI-y5zCRSzeScO_OyRvTOKSz9oZUb--T6aUNGqaCuYRohPLZ-MYy74RbvdZgin2F8JAwfQtfznz7w1dYm-0GKzzspXG2UwZ4EMCaFQdMeqSkTrDtMMfSNwD-fimz1caeTYBG4Sku-NU5Q", "json.key": "refresh_token" }, "json.member": { "json.value.string": "bearer", "json.key": "token_type" }, "json.member": { "json.value.string": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIwd2ZVd0pDVXM2YmVHT3ZTdzZTN1ZjSW04djZWd3RzZXlCWmd0MElzTmlZIn0.eyJqdGkiOiJjZTliMzJlNi00NWIxLTQzZmEtODE4MS1jY2QxMTA1NWQ1MDkiLCJleHAiOjE0ODkwMjYyNjQsIm5iZiI6MCwiaWF0IjoxNDg5MDI1OTY0LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvYWt2byIsImF1ZCI6ImFrdm8tbHVtZW4iLCJzdWIiOiIzNDNlZjA2MS0yNWNhLTQ4MDgtODQxYi03MjE4ZjhhMjZiN2YiLCJ0eXAiOiJJRCIsImF6cCI6ImFrdm8tbHVtZW4iLCJub25jZSI6IjZhMDAyZTZmLWU1YmMtNGM0NS1hZDc5LTlmNDRmZjQzYzhlNSIsImF1dGhfdGltZSI6MTQ4OTAyNTk2Mywic2Vzc2lvbl9zdGF0ZSI6IjBmYTViMTBjLTgxZmMtNDU0NS1hNjI3LWVlMjhiZmFmZDc0YSIsImFjciI6IjEiLCJuYW1lIjoiSmVyb21lIEVnaW5sYSIsInByZWZlcnJlZF91c2VybmFtZSI6Implcm9tZSIsImdpdmVuX25hbWUiOiJKZXJvbWUiLCJmYW1pbHlfbmFtZSI6IkVnaW5sYSIsImVtYWlsIjoiamVyb21lQHQxLmx1bWVuLmxvY2FsaG9zdCJ9.hWBYzQIW1EtLhc1m0PLXQXSHv8AfdDvC_pZE8cBZvP4YLruvZUcuXH5h7ECEagYWQUHiYKwrXqrXKDBxlRzPPRaA2VdtOzzl6EZF9oW4dNQf4St0sGokh8jE2_pZSSegTOt1DN91cc5hl-ePp5Z6qDgP1KNsPKSdoPphFdSja2KtfMdN3XCjmsv8NT1zm-8FDsYpQvOrLfv5y9gb5YDmwRZfqYw4rfJ5ZMGsnpuhZcOPG9kjsOPBeiMzms8iiW43mQqjXfj9mBw1r00pBxJc_mxl5oF6nGjMDRuLTmMh5qNK1pFdEeo64krouMPnn-VyKmJtCCGpuN3qWWyzNTawRw", "json.key": "id_token" }, "json.member": { "json.value.number": "0", "json.key": "not-before-policy" }, "json.member": { "json.value.string": "0fa5b10c-81fc-4545-a627-ee28bfafd74a", "json.key": "session_state" } } } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:24.340172000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025964.340172000", "frame.time_delta": "0.000132000", "frame.time_delta_displayed": "0.003829000", "frame.time_relative": "14.617299000", "frame.number": "177", "frame.len": "583", "frame.cap_len": "583", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ipv6:tcp:http", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "30" }, "ipv6": { "ipv6.version": "6", "ip.version": "6", "ipv6.tclass": "0x00000002", "ipv6.tclass_tree": { "ipv6.tclass.dscp": "0", "ipv6.tclass.ecn": "2" }, "ipv6.flow": "0x0007416a", "ipv6.plen": "539", "ipv6.nxt": "6", "ipv6.hlim": "64", "ipv6.src": "::1", "ipv6.addr": "::1", "ipv6.src_host": "::1", "ipv6.host": "::1", "ipv6.dst": "::1", "ipv6.addr": "::1", "ipv6.dst_host": "::1", "ipv6.host": "::1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "54773", "tcp.dstport": "8080", "tcp.port": "54773", "tcp.port": "8080", "tcp.stream": "15", "tcp.len": "507", "tcp.seq": "1", "tcp.nxtseq": "508", "tcp.ack": "1", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12743", "tcp.window_size": "407776", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x00000223", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:50:6a:48:49:50:6a", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212764266, TSecr 1212764266": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212764266", "tcp.options.timestamp.tsecr": "1212764266" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000081000", "tcp.analysis.bytes_in_flight": "507", "tcp.analysis.push_bytes_sent": "507" } }, "http": { "OPTIONS \/auth\/realms\/akvo\/account HTTP\/1.1\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "OPTIONS \/auth\/realms\/akvo\/account HTTP\/1.1\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.method": "OPTIONS", "http.request.uri": "\/auth\/realms\/akvo\/account", "http.request.version": "HTTP\/1.1" }, "http.host": "localhost:8080", "http.request.line": "Host: localhost:8080\r\n", "http.connection": "keep-alive", "http.request.line": "Connection: keep-alive\r\n", "http.request.line": "Access-Control-Request-Method: GET\r\n", "http.request.line": "Origin: http:\/\/t1.lumen.localhost:3030\r\n", "http.user_agent": "Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36", "http.request.line": "User-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36\r\n", "http.request.line": "Access-Control-Request-Headers: authorization\r\n", "http.accept": "*\/*", "http.request.line": "Accept: *\/*\r\n", "http.referer": "http:\/\/t1.lumen.localhost:3030\/library", "http.request.line": "Referer: http:\/\/t1.lumen.localhost:3030\/library\r\n", "http.accept_encoding": "gzip, deflate, sdch, br", "http.request.line": "Accept-Encoding: gzip, deflate, sdch, br\r\n", "http.accept_language": "en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4", "http.request.line": "Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4\r\n", "\\r\\n": "", "http.request.full_uri": "http:\/\/localhost:8080\/auth\/realms\/akvo\/account", "http.request": "1", "http.request_number": "1", "http.response_in": "179", "http.next_request_in": "181" } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:24.366934000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025964.366934000", "frame.time_delta": "0.026746000", "frame.time_delta_displayed": "0.026762000", "frame.time_relative": "14.644061000", "frame.number": "179", "frame.len": "558", "frame.cap_len": "558", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ipv6:tcp:http", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "30" }, "ipv6": { "ipv6.version": "6", "ip.version": "6", "ipv6.tclass": "0x00000002", "ipv6.tclass_tree": { "ipv6.tclass.dscp": "0", "ipv6.tclass.ecn": "2" }, "ipv6.flow": "0x0003ca37", "ipv6.plen": "514", "ipv6.nxt": "6", "ipv6.hlim": "64", "ipv6.src": "::1", "ipv6.addr": "::1", "ipv6.src_host": "::1", "ipv6.host": "::1", "ipv6.dst": "::1", "ipv6.addr": "::1", "ipv6.dst_host": "::1", "ipv6.host": "::1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "8080", "tcp.dstport": "54773", "tcp.port": "8080", "tcp.port": "54773", "tcp.stream": "15", "tcp.len": "482", "tcp.seq": "1", "tcp.nxtseq": "483", "tcp.ack": "508", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12727", "tcp.window_size": "407264", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x0000020a", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:50:84:48:49:50:6a", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212764292, TSecr 1212764266": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212764292", "tcp.options.timestamp.tsecr": "1212764266" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000081000", "tcp.analysis.bytes_in_flight": "482", "tcp.analysis.push_bytes_sent": "482" } }, "http": { "HTTP\/1.1 200 OK\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.version": "HTTP\/1.1", "http.response.code": "200", "http.response.phrase": "OK" }, "http.response.line": "X-Powered-By: Undertow\/1\r\n", "http.response.line": "Access-Control-Allow-Headers: Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization\r\n", "http.server": "WildFly\/10", "http.response.line": "Server: WildFly\/10\r\n", "http.date": "Thu, 09 Mar 2017 02:19:24 GMT", "http.response.line": "Date: Thu, 09 Mar 2017 02:19:24 GMT\r\n", "http.connection": "keep-alive", "http.response.line": "Connection: keep-alive\r\n", "http.response.line": "Access-Control-Allow-Origin: http:\/\/t1.lumen.localhost:3030\r\n", "http.response.line": "Access-Control-Allow-Credentials: true\r\n", "http.content_length_header": "0", "http.content_length_header_tree": { "http.content_length": "0" }, "http.response.line": "Content-Length: 0\r\n", "http.response.line": "Access-Control-Allow-Methods: GET, HEAD, OPTIONS\r\n", "http.response.line": "Access-Control-Max-Age: 3600\r\n", "\\r\\n": "", "http.response": "1", "http.response_number": "1", "http.time": "0.026762000", "http.request_in": "177", "http.next_request_in": "181", "http.next_response_in": "183" } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:24.369685000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025964.369685000", "frame.time_delta": "0.002709000", "frame.time_delta_displayed": "0.002751000", "frame.time_relative": "14.646812000", "frame.number": "181", "frame.len": "2059", "frame.cap_len": "2059", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ipv6:tcp:http", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "30" }, "ipv6": { "ipv6.version": "6", "ip.version": "6", "ipv6.tclass": "0x00000002", "ipv6.tclass_tree": { "ipv6.tclass.dscp": "0", "ipv6.tclass.ecn": "2" }, "ipv6.flow": "0x0007416a", "ipv6.plen": "2015", "ipv6.nxt": "6", "ipv6.hlim": "64", "ipv6.src": "::1", "ipv6.addr": "::1", "ipv6.src_host": "::1", "ipv6.host": "::1", "ipv6.dst": "::1", "ipv6.addr": "::1", "ipv6.dst_host": "::1", "ipv6.host": "::1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "54773", "tcp.dstport": "8080", "tcp.port": "54773", "tcp.port": "8080", "tcp.stream": "15", "tcp.len": "1983", "tcp.seq": "508", "tcp.nxtseq": "2491", "tcp.ack": "483", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12728", "tcp.window_size": "407296", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x000007e7", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:50:86:48:49:50:84", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212764294, TSecr 1212764292": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212764294", "tcp.options.timestamp.tsecr": "1212764292" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000081000", "tcp.analysis.bytes_in_flight": "1983", "tcp.analysis.push_bytes_sent": "1983" } }, "http": { "GET \/auth\/realms\/akvo\/account HTTP\/1.1\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "GET \/auth\/realms\/akvo\/account HTTP\/1.1\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.method": "GET", "http.request.uri": "\/auth\/realms\/akvo\/account", "http.request.version": "HTTP\/1.1" }, "http.host": "localhost:8080", "http.request.line": "Host: localhost:8080\r\n", "http.connection": "keep-alive", "http.request.line": "Connection: keep-alive\r\n", "http.accept": "application\/json", "http.request.line": "Accept: application\/json\r\n", "http.request.line": "Origin: http:\/\/t1.lumen.localhost:3030\r\n", "http.user_agent": "Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36", "http.request.line": "User-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36\r\n", "http.authorization": "bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIwd2ZVd0pDVXM2YmVHT3ZTdzZTN1ZjSW04djZWd3RzZXlCWmd0MElzTmlZIn0.eyJqdGkiOiIxZGJiMjRjZi1lZGUwLTRkNDktOTA1Yi1mZTVjNmQ5NDkxM2EiLCJleHAiOjE0ODkwMjYyNjQsIm5iZiI6MCwiaWF0IjoxNDg5MDI1OTY0LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvYWt2byIsImF1ZCI6ImFrdm8tbHVtZW4iLCJzdWIiOiIzNDNlZjA2MS0yNWNhLTQ4MDgtODQxYi03MjE4ZjhhMjZiN2YiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJha3ZvLWx1bWVuIiwibm9uY2UiOiI2YTAwMmU2Zi1lNWJjLTRjNDUtYWQ3OS05ZjQ0ZmY0M2M4ZTUiLCJhdXRoX3RpbWUiOjE0ODkwMjU5NjMsInNlc3Npb25fc3RhdGUiOiIwZmE1YjEwYy04MWZjLTQ1NDUtYTYyNy1lZTI4YmZhZmQ3NGEiLCJhY3IiOiIxIiwiY2xpZW50X3Nlc3Npb24iOiI3ODZiZTk0MS1kYmJmLTQ4NjAtODBjMy0yNGY0NjA1NzcyODYiLCJhbGxvd2VkLW9yaWdpbnMiOlsiaHR0cDovL3QyLmx1bWVuLmxvY2FsaG9zdDozMDMwIiwiaHR0cDovL3QxLmx1bWVuLmxvY2FsaG9zdDozMDMwIl0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJha3ZvOmx1bWVuOnQxIiwiYWt2bzpsdW1lbjp0MTphZG1pbiIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsInZpZXctcHJvZmlsZSJdfX0sIm5hbWUiOiJKZXJvbWUgRWdpbmxhIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiamVyb21lIiwiZ2l2ZW5fbmFtZSI6Ikplcm9tZSIsImZhbWlseV9uYW1lIjoiRWdpbmxhIiwiZW1haWwiOiJqZXJvbWVAdDEubHVtZW4ubG9jYWxob3N0In0.bjGYDjA3-395ATeR7KTUluOKApoZkV2_MdA7Jbuz3moWhVHBDT4-3BGuLYNLFwlFNCvOo8ngjCaMBH6NqaQIxvybXI9Lcsi3203BIY7q2Drj3c8cL-T6k4YlORACwVpsX395eqqJeZSYgAdnHwvh5yod2KfKeDBatpUtYIYkC-gCwSCUPsDSbb1M8l7HR5dQAeaOPM6BIXaY7cNBkzTHO_PGmPkXBfDvR8rT_3XCPqVF-e01L0lXrW6M82q3XA3Mot3RE6OrXFNm-9ilWh_mg6bEKWaD1WhiXrv9fzExV04PZ53FLP5TgSqCfX0KfkAvWilchC0o8wLvaf9nVeCPCw", "http.request.line": "Authorization: bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIwd2ZVd0pDVXM2YmVHT3ZTdzZTN1ZjSW04djZWd3RzZXlCWmd0MElzTmlZIn0.eyJqdGkiOiIxZGJiMjRjZi1lZGUwLTRkNDktOTA1Yi1mZTVjNmQ5NDkxM2EiLCJleHAiOjE0ODkwMjYyNjQsIm5iZiI6MCwiaWF0IjoxNDg5MDI1OTY0LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvYWt2byIsImF1ZCI6ImFrdm8tbHVtZW4iLCJzdWIiOiIzNDNlZjA2MS0yNWNhLTQ4MDgtODQxYi03MjE4ZjhhMjZiN2YiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJha3ZvLWx1bWVuIiwibm9uY2UiOiI2YTAwMmU2Zi1lNWJjLTRjNDUtYWQ3OS05ZjQ0ZmY0M2M4ZTUiLCJhdXRoX3RpbWUiOjE0ODkwMjU5NjMsInNlc3Npb25fc3RhdGUiOiIwZmE1YjEwYy04MWZjLTQ1NDUtYTYyNy1lZTI4YmZhZmQ3NGEiLCJhY3IiOiIxIiwiY2xpZW50X3Nlc3Npb24iOiI3ODZiZTk0MS1kYmJmLTQ4NjAtODBjMy0yNGY0NjA1NzcyODYiLCJhbGxvd2VkLW9yaWdpbnMiOlsiaHR0cDovL3QyLmx1bWVuLmxvY2FsaG9zdDozMDMwIiwiaHR0cDovL3QxLmx1bWVuLmxvY2FsaG9zdDozMDMwIl0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJha3ZvOmx1bWVuOnQxIiwiYWt2bzpsdW1lbjp0MTphZG1pbiIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsInZpZXctcHJvZmlsZSJdfX0sIm5hbWUiOiJKZXJvbWUgRWdpbmxhIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiamVyb21lIiwiZ2l2ZW5fbmFtZSI6Ikplcm9tZSIsImZhbWlseV9uYW1lIjoiRWdpbmxhIiwiZW1haWwiOiJqZXJvbWVAdDEubHVtZW4ubG9jYWxob3N0In0.bjGYDjA3-395ATeR7KTUluOKApoZkV2_MdA7Jbuz3moWhVHBDT4-3BGuLYNLFwlFNCvOo8ngjCaMBH6NqaQIxvybXI9Lcsi3203BIY7q2Drj3c8cL-T6k4YlORACwVpsX395eqqJeZSYgAdnHwvh5yod2KfKeDBatpUtYIYkC-gCwSCUPsDSbb1M8l7HR5dQAeaOPM6BIXaY7cNBkzTHO_PGmPkXBfDvR8rT_3XCPqVF-e01L0lXrW6M82q3XA3Mot3RE6OrXFNm-9ilWh_mg6bEKWaD1WhiXrv9fzExV04PZ53FLP5TgSqCfX0KfkAvWilchC0o8wLvaf9nVeCPCw\r\n", "http.referer": "http:\/\/t1.lumen.localhost:3030\/library", "http.request.line": "Referer: http:\/\/t1.lumen.localhost:3030\/library\r\n", "http.accept_encoding": "gzip, deflate, sdch, br", "http.request.line": "Accept-Encoding: gzip, deflate, sdch, br\r\n", "http.accept_language": "en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4", "http.request.line": "Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4\r\n", "\\r\\n": "", "http.request.full_uri": "http:\/\/localhost:8080\/auth\/realms\/akvo\/account", "http.request": "1", "http.request_number": "2", "http.prev_request_in": "177", "http.response_in": "183", "http.next_request_in": "255" } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:24.412127000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025964.412127000", "frame.time_delta": "0.042399000", "frame.time_delta_displayed": "0.042442000", "frame.time_relative": "14.689254000", "frame.number": "183", "frame.len": "643", "frame.cap_len": "643", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ipv6:tcp:http:json", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "30" }, "ipv6": { "ipv6.version": "6", "ip.version": "6", "ipv6.tclass": "0x00000002", "ipv6.tclass_tree": { "ipv6.tclass.dscp": "0", "ipv6.tclass.ecn": "2" }, "ipv6.flow": "0x0003ca37", "ipv6.plen": "599", "ipv6.nxt": "6", "ipv6.hlim": "64", "ipv6.src": "::1", "ipv6.addr": "::1", "ipv6.src_host": "::1", "ipv6.host": "::1", "ipv6.dst": "::1", "ipv6.addr": "::1", "ipv6.dst_host": "::1", "ipv6.host": "::1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "8080", "tcp.dstport": "54773", "tcp.port": "8080", "tcp.port": "54773", "tcp.stream": "15", "tcp.len": "567", "tcp.seq": "483", "tcp.nxtseq": "1050", "tcp.ack": "2491", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12665", "tcp.window_size": "405280", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x0000025f", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:50:b0:48:49:50:86", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212764336, TSecr 1212764294": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212764336", "tcp.options.timestamp.tsecr": "1212764294" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000081000", "tcp.analysis.bytes_in_flight": "567", "tcp.analysis.push_bytes_sent": "567" } }, "http": { "HTTP\/1.1 200 OK\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.version": "HTTP\/1.1", "http.response.code": "200", "http.response.phrase": "OK" }, "http.connection": "keep-alive", "http.response.line": "Connection: keep-alive\r\n", "http.response.line": "Access-Control-Allow-Origin: http:\/\/t1.lumen.localhost:3030\r\n", "http.response.line": "X-Powered-By: Undertow\/1\r\n", "http.server": "WildFly\/10", "http.response.line": "Server: WildFly\/10\r\n", "http.response.line": "Access-Control-Allow-Credentials: true\r\n", "http.content_type": "application\/json", "http.response.line": "Content-Type: application\/json\r\n", "http.content_length_header": "287", "http.content_length_header_tree": { "http.content_length": "287" }, "http.response.line": "Content-Length: 287\r\n", "http.date": "Thu, 09 Mar 2017 02:19:24 GMT", "http.response.line": "Date: Thu, 09 Mar 2017 02:19:24 GMT\r\n", "\\r\\n": "", "http.response": "1", "http.response_number": "2", "http.time": "0.042442000", "http.prev_request_in": "177", "http.prev_response_in": "179", "http.request_in": "181", "http.next_request_in": "255", "http.next_response_in": "257", "http.file_data": "{\"id\":\"343ef061-25ca-4808-841b-7218f8a26b7f\",\"createdTimestamp\":1485263034547,\"username\":\"jerome\",\"enabled\":true,\"totp\":false,\"emailVerified\":true,\"firstName\":\"Jerome\",\"lastName\":\"Eginla\",\"email\":\"jerome@t1.lumen.localhost\",\"disableableCredentialTypes\":[\"password\"],\"requiredActions\":[]}" }, "json": { "json.object": { "json.member": { "json.value.string": "343ef061-25ca-4808-841b-7218f8a26b7f", "json.key": "id" }, "json.member": { "json.value.number": "1485263034547", "json.key": "createdTimestamp" }, "json.member": { "json.value.string": "jerome", "json.key": "username" }, "json.member": { "json.value.true": "", "json.key": "enabled" }, "json.member": { "json.value.false": "", "json.key": "totp" }, "json.member": { "json.value.true": "", "json.key": "emailVerified" }, "json.member": { "json.value.string": "Jerome", "json.key": "firstName" }, "json.member": { "json.value.string": "Eginla", "json.key": "lastName" }, "json.member": { "json.value.string": "jerome@t1.lumen.localhost", "json.key": "email" }, "json.member": { "json.array": { "json.value.string": "password" }, "json.key": "disableableCredentialTypes" }, "json.member": { "json.array": "", "json.key": "requiredActions" } } } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:24.563621000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025964.563621000", "frame.time_delta": "0.000176000", "frame.time_delta_displayed": "0.151494000", "frame.time_relative": "14.840748000", "frame.number": "189", "frame.len": "542", "frame.cap_len": "542", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ip:tcp:http", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "2" }, "ip": { "ip.version": "4", "ip.hdr_len": "20", "ip.dsfield": "0x00000002", "ip.dsfield_tree": { "ip.dsfield.dscp": "0", "ip.dsfield.ecn": "2" }, "ip.len": "538", "ip.id": "0x0000142a", "ip.flags": "0x00000002", "ip.flags_tree": { "ip.flags.rb": "0", "ip.flags.df": "1", "ip.flags.mf": "0" }, "ip.frag_offset": "0", "ip.ttl": "64", "ip.proto": "6", "ip.checksum": "0x00000000", "ip.checksum.status": "2", "ip.src": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.src_host": "127.0.0.1", "ip.host": "127.0.0.1", "ip.dst": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.dst_host": "127.0.0.1", "ip.host": "127.0.0.1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "54774", "tcp.dstport": "3030", "tcp.port": "54774", "tcp.port": "3030", "tcp.stream": "16", "tcp.len": "486", "tcp.seq": "1", "tcp.nxtseq": "487", "tcp.ack": "1", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12759", "tcp.window_size": "408288", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x0000000f", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:51:46:48:49:51:46", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212764486, TSecr 1212764486": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212764486", "tcp.options.timestamp.tsecr": "1212764486" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000097000", "tcp.analysis.bytes_in_flight": "486", "tcp.analysis.push_bytes_sent": "486" } }, "http": { "GET \/assets\/e3c2272db1a310c1d24951998deda938.png HTTP\/1.1\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "GET \/assets\/e3c2272db1a310c1d24951998deda938.png HTTP\/1.1\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.method": "GET", "http.request.uri": "\/assets\/e3c2272db1a310c1d24951998deda938.png", "http.request.version": "HTTP\/1.1" }, "http.host": "t1.lumen.localhost:3030", "http.request.line": "Host: t1.lumen.localhost:3030\r\n", "http.connection": "keep-alive", "http.request.line": "Connection: keep-alive\r\n", "http.user_agent": "Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36", "http.request.line": "User-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36\r\n", "http.accept": "image\/webp,image\/*,*\/*;q=0.8", "http.request.line": "Accept: image\/webp,image\/*,*\/*;q=0.8\r\n", "http.referer": "http:\/\/t1.lumen.localhost:3030\/library", "http.request.line": "Referer: http:\/\/t1.lumen.localhost:3030\/library\r\n", "http.accept_encoding": "gzip, deflate, sdch, br", "http.request.line": "Accept-Encoding: gzip, deflate, sdch, br\r\n", "http.accept_language": "en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4", "http.request.line": "Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4\r\n", "http.request.line": "If-None-Match: W\/\"6b7f-GkbsPx7z0LsNm2JejVusvhUVbpM\"\r\n", "\\r\\n": "", "http.request.full_uri": "http:\/\/t1.lumen.localhost:3030\/assets\/e3c2272db1a310c1d24951998deda938.png", "http.request": "1", "http.request_number": "1", "http.response_in": "221" } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:24.579605000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025964.579605000", "frame.time_delta": "0.002660000", "frame.time_delta_displayed": "0.015984000", "frame.time_relative": "14.856732000", "frame.number": "199", "frame.len": "542", "frame.cap_len": "542", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ip:tcp:http", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "2" }, "ip": { "ip.version": "4", "ip.hdr_len": "20", "ip.dsfield": "0x00000000", "ip.dsfield_tree": { "ip.dsfield.dscp": "0", "ip.dsfield.ecn": "0" }, "ip.len": "538", "ip.id": "0x00000964", "ip.flags": "0x00000002", "ip.flags_tree": { "ip.flags.rb": "0", "ip.flags.df": "1", "ip.flags.mf": "0" }, "ip.frag_offset": "0", "ip.ttl": "64", "ip.proto": "6", "ip.checksum": "0x00000000", "ip.checksum.status": "2", "ip.src": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.src_host": "127.0.0.1", "ip.host": "127.0.0.1", "ip.dst": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.dst_host": "127.0.0.1", "ip.host": "127.0.0.1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "54775", "tcp.dstport": "3030", "tcp.port": "54775", "tcp.port": "3030", "tcp.stream": "17", "tcp.len": "486", "tcp.seq": "1", "tcp.nxtseq": "487", "tcp.ack": "1", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12759", "tcp.window_size": "408288", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x0000000f", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:51:54:48:49:51:51", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212764500, TSecr 1212764497": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212764500", "tcp.options.timestamp.tsecr": "1212764497" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000086000", "tcp.analysis.bytes_in_flight": "486", "tcp.analysis.push_bytes_sent": "486" } }, "http": { "GET \/assets\/638b11b0cef683059211f84c733a4af9.png HTTP\/1.1\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "GET \/assets\/638b11b0cef683059211f84c733a4af9.png HTTP\/1.1\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.method": "GET", "http.request.uri": "\/assets\/638b11b0cef683059211f84c733a4af9.png", "http.request.version": "HTTP\/1.1" }, "http.host": "t1.lumen.localhost:3030", "http.request.line": "Host: t1.lumen.localhost:3030\r\n", "http.connection": "keep-alive", "http.request.line": "Connection: keep-alive\r\n", "http.user_agent": "Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36", "http.request.line": "User-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36\r\n", "http.accept": "image\/webp,image\/*,*\/*;q=0.8", "http.request.line": "Accept: image\/webp,image\/*,*\/*;q=0.8\r\n", "http.referer": "http:\/\/t1.lumen.localhost:3030\/library", "http.request.line": "Referer: http:\/\/t1.lumen.localhost:3030\/library\r\n", "http.accept_encoding": "gzip, deflate, sdch, br", "http.request.line": "Accept-Encoding: gzip, deflate, sdch, br\r\n", "http.accept_language": "en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4", "http.request.line": "Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4\r\n", "http.request.line": "If-None-Match: W\/\"2b08-4T+DrkyZ5MPwwJDaU0yiJwpA07k\"\r\n", "\\r\\n": "", "http.request.full_uri": "http:\/\/t1.lumen.localhost:3030\/assets\/638b11b0cef683059211f84c733a4af9.png", "http.request": "1", "http.request_number": "1", "http.response_in": "225", "http.next_request_in": "323" } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:24.579777000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025964.579777000", "frame.time_delta": "0.000142000", "frame.time_delta_displayed": "0.000172000", "frame.time_relative": "14.856904000", "frame.number": "201", "frame.len": "542", "frame.cap_len": "542", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ip:tcp:http", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "2" }, "ip": { "ip.version": "4", "ip.hdr_len": "20", "ip.dsfield": "0x00000000", "ip.dsfield_tree": { "ip.dsfield.dscp": "0", "ip.dsfield.ecn": "0" }, "ip.len": "538", "ip.id": "0x00000e7d", "ip.flags": "0x00000002", "ip.flags_tree": { "ip.flags.rb": "0", "ip.flags.df": "1", "ip.flags.mf": "0" }, "ip.frag_offset": "0", "ip.ttl": "64", "ip.proto": "6", "ip.checksum": "0x00000000", "ip.checksum.status": "2", "ip.src": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.src_host": "127.0.0.1", "ip.host": "127.0.0.1", "ip.dst": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.dst_host": "127.0.0.1", "ip.host": "127.0.0.1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "54776", "tcp.dstport": "3030", "tcp.port": "54776", "tcp.port": "3030", "tcp.stream": "18", "tcp.len": "486", "tcp.seq": "1", "tcp.nxtseq": "487", "tcp.ack": "1", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12759", "tcp.window_size": "408288", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x0000000f", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:51:54:48:49:51:52", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212764500, TSecr 1212764498": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212764500", "tcp.options.timestamp.tsecr": "1212764498" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000084000", "tcp.analysis.bytes_in_flight": "486", "tcp.analysis.push_bytes_sent": "486" } }, "http": { "GET \/assets\/a760ae71262a8cbd3a23baecca7f151a.png HTTP\/1.1\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "GET \/assets\/a760ae71262a8cbd3a23baecca7f151a.png HTTP\/1.1\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.method": "GET", "http.request.uri": "\/assets\/a760ae71262a8cbd3a23baecca7f151a.png", "http.request.version": "HTTP\/1.1" }, "http.host": "t1.lumen.localhost:3030", "http.request.line": "Host: t1.lumen.localhost:3030\r\n", "http.connection": "keep-alive", "http.request.line": "Connection: keep-alive\r\n", "http.user_agent": "Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36", "http.request.line": "User-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36\r\n", "http.accept": "image\/webp,image\/*,*\/*;q=0.8", "http.request.line": "Accept: image\/webp,image\/*,*\/*;q=0.8\r\n", "http.referer": "http:\/\/t1.lumen.localhost:3030\/library", "http.request.line": "Referer: http:\/\/t1.lumen.localhost:3030\/library\r\n", "http.accept_encoding": "gzip, deflate, sdch, br", "http.request.line": "Accept-Encoding: gzip, deflate, sdch, br\r\n", "http.accept_language": "en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4", "http.request.line": "Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4\r\n", "http.request.line": "If-None-Match: W\/\"2500-\/vCJnovadd3btLwhzD8WES2+f4A\"\r\n", "\\r\\n": "", "http.request.full_uri": "http:\/\/t1.lumen.localhost:3030\/assets\/a760ae71262a8cbd3a23baecca7f151a.png", "http.request": "1", "http.request_number": "1", "http.response_in": "223" } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:24.731195000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025964.731195000", "frame.time_delta": "0.151382000", "frame.time_delta_displayed": "0.151418000", "frame.time_relative": "15.008322000", "frame.number": "203", "frame.len": "1971", "frame.cap_len": "1971", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ipv6:tcp:http", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "30" }, "ipv6": { "ipv6.version": "6", "ip.version": "6", "ipv6.tclass": "0x00000002", "ipv6.tclass_tree": { "ipv6.tclass.dscp": "0", "ipv6.tclass.ecn": "2" }, "ipv6.flow": "0x0009438e", "ipv6.plen": "1927", "ipv6.nxt": "6", "ipv6.hlim": "64", "ipv6.src": "::1", "ipv6.addr": "::1", "ipv6.src_host": "::1", "ipv6.host": "::1", "ipv6.dst": "::1", "ipv6.addr": "::1", "ipv6.dst_host": "::1", "ipv6.host": "::1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "54769", "tcp.dstport": "8080", "tcp.port": "54769", "tcp.port": "8080", "tcp.stream": "11", "tcp.len": "1895", "tcp.seq": "4586", "tcp.nxtseq": "6481", "tcp.ack": "10457", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12417", "tcp.window_size": "397344", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x0000078f", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:51:e8:48:49:50:67", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212764648, TSecr 1212764263": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212764648", "tcp.options.timestamp.tsecr": "1212764263" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000103000", "tcp.analysis.bytes_in_flight": "1895", "tcp.analysis.push_bytes_sent": "1895" } }, "http": { "GET \/auth\/realms\/akvo\/protocol\/openid-connect\/login-status-iframe.html\/init?client_id=akvo-lumen&origin=http%3A%2F%2Ft1.lumen.localhost%3A3030 HTTP\/1.1\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "GET \/auth\/realms\/akvo\/protocol\/openid-connect\/login-status-iframe.html\/init?client_id=akvo-lumen&origin=http%3A%2F%2Ft1.lumen.localhost%3A3030 HTTP\/1.1\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.method": "GET", "http.request.uri": "\/auth\/realms\/akvo\/protocol\/openid-connect\/login-status-iframe.html\/init?client_id=akvo-lumen&origin=http%3A%2F%2Ft1.lumen.localhost%3A3030", "http.request.uri_tree": { "http.request.uri.path": "\/auth\/realms\/akvo\/protocol\/openid-connect\/login-status-iframe.html\/init", "http.request.uri.query": "client_id=akvo-lumen&origin=http%3A%2F%2Ft1.lumen.localhost%3A3030", "http.request.uri.query_tree": { "http.request.uri.query.parameter": "client_id=akvo-lumen", "http.request.uri.query.parameter": "origin=http%3A%2F%2Ft1.lumen.localhost%3A3030" } }, "http.request.version": "HTTP\/1.1" }, "http.host": "localhost:8080", "http.request.line": "Host: localhost:8080\r\n", "http.connection": "keep-alive", "http.request.line": "Connection: keep-alive\r\n", "http.user_agent": "Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36", "http.request.line": "User-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36\r\n", "http.accept": "*\/*", "http.request.line": "Accept: *\/*\r\n", "http.referer": "http:\/\/localhost:8080\/auth\/realms\/akvo\/protocol\/openid-connect\/login-status-iframe.html", "http.request.line": "Referer: http:\/\/localhost:8080\/auth\/realms\/akvo\/protocol\/openid-connect\/login-status-iframe.html\r\n", "http.accept_encoding": "gzip, deflate, sdch, br", "http.request.line": "Accept-Encoding: gzip, deflate, sdch, br\r\n", "http.accept_language": "en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4", "http.request.line": "Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4\r\n", "http.cookie": "KC_RESTART=eyJhbGciOiJIUzI1NiIsImtpZCIgOiAiNDdmNmU5MjktN2I1NC00MTdkLWJiYTMtM2YwY2M3M2NjNTNjIn0.eyJjcyI6Ijc4NmJlOTQxLWRiYmYtNDg2MC04MGMzLTI0ZjQ2MDU3NzI4NiIsImNpZCI6ImFrdm8tbHVtZW4iLCJwdHkiOiJvcGVuaWQtY29ubmVjdCIsInJ1cmkiOiJodHRwOi8vdDEubHVtZW4ubG9jYWxob3N0OjMwMzAvbGlicmFyeSIsImFjdCI6IkFVVEhFTlRJQ0FURSIsIm5vdGVzIjp7ImF1dGhfdHlwZSI6ImNvZGUiLCJzY29wZSI6Im9wZW5pZCIsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC9hdXRoL3JlYWxtcy9ha3ZvIiwicmVzcG9uc2VfdHlwZSI6ImNvZGUiLCJyZWRpcmVjdF91cmkiOiJodHRwOi8vdDEubHVtZW4ubG9jYWxob3N0OjMwMzAvbGlicmFyeSIsInN0YXRlIjoiZGYyODkyYTktNjIzZC00ZDAwLThhMzEtMzhhYWIyNmY4ZGI0Iiwibm9uY2UiOiI2YTAwMmU2Zi1lNWJjLTRjNDUtYWQ3OS05ZjQ0ZmY0M2M4ZTUiLCJyZXNwb25zZV9tb2RlIjoiZnJhZ21lbnQifX0.3vOGzyxhp-dGq6qnfNdcgNSAGmejeTo5yyC3UezmrA8; KEYCLOAK_IDENTITY=eyJhbGciOiJIUzI1NiIsImtpZCIgOiAiNDdmNmU5MjktN2I1NC00MTdkLWJiYTMtM2YwY2M3M2NjNTNjIn0.eyJqdGkiOiIyOGQ0OTQzNi0yY2Y0LTQ5YzAtYmQ5NC0xNjcxMDJlNjA4N2MiLCJleHAiOjE0ODkwNjE5NjMsIm5iZiI6MCwiaWF0IjoxNDg5MDI1OTYzLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvYWt2byIsInN1YiI6IjM0M2VmMDYxLTI1Y2EtNDgwOC04NDFiLTcyMThmOGEyNmI3ZiIsImF1dGhfdGltZSI6MCwic2Vzc2lvbl9zdGF0ZSI6IjBmYTViMTBjLTgxZmMtNDU0NS1hNjI3LWVlMjhiZmFmZDc0YSIsInJlc291cmNlX2FjY2VzcyI6e319.SV0NcP2Qkbkrhr2OfupPT5KJnX7ruRKlNfOtD6RefzA; KEYCLOAK_SESSION=akvo\/343ef061-25ca-4808-841b-7218f8a26b7f\/0fa5b10c-81fc-4545-a627-ee28bfafd74a", "http.cookie_tree": { "http.cookie_pair": "KC_RESTART=eyJhbGciOiJIUzI1NiIsImtpZCIgOiAiNDdmNmU5MjktN2I1NC00MTdkLWJiYTMtM2YwY2M3M2NjNTNjIn0.eyJjcyI6Ijc4NmJlOTQxLWRiYmYtNDg2MC04MGMzLTI0ZjQ2MDU3NzI4NiIsImNpZCI6ImFrdm8tbHVtZW4iLCJwdHkiOiJvcGVuaWQtY29ubmVjdCIsInJ1cmkiOiJodHRwOi8vdDEubHVtZW4ubG9jYWxob3N0OjMwMzAvbGlicmFyeSIsImFjdCI6IkFVVEhFTlRJQ0FURSIsIm5vdGVzIjp7ImF1dGhfdHlwZSI6ImNvZGUiLCJzY29wZSI6Im9wZW5pZCIsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC9hdXRoL3JlYWxtcy9ha3ZvIiwicmVzcG9uc2VfdHlwZSI6ImNvZGUiLCJyZWRpcmVjdF91cmkiOiJodHRwOi8vdDEubHVtZW4ubG9jYWxob3N0OjMwMzAvbGlicmFyeSIsInN0YXRlIjoiZGYyODkyYTktNjIzZC00ZDAwLThhMzEtMzhhYWIyNmY4ZGI0Iiwibm9uY2UiOiI2YTAwMmU2Zi1lNWJjLTRjNDUtYWQ3OS05ZjQ0ZmY0M2M4ZTUiLCJyZXNwb25zZV9tb2RlIjoiZnJhZ21lbnQifX0.3vOGzyxhp-dGq6qnfNdcgNSAGmejeTo5yyC3UezmrA8", "http.cookie_pair": "KEYCLOAK_IDENTITY=eyJhbGciOiJIUzI1NiIsImtpZCIgOiAiNDdmNmU5MjktN2I1NC00MTdkLWJiYTMtM2YwY2M3M2NjNTNjIn0.eyJqdGkiOiIyOGQ0OTQzNi0yY2Y0LTQ5YzAtYmQ5NC0xNjcxMDJlNjA4N2MiLCJleHAiOjE0ODkwNjE5NjMsIm5iZiI6MCwiaWF0IjoxNDg5MDI1OTYzLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvYWt2byIsInN1YiI6IjM0M2VmMDYxLTI1Y2EtNDgwOC04NDFiLTcyMThmOGEyNmI3ZiIsImF1dGhfdGltZSI6MCwic2Vzc2lvbl9zdGF0ZSI6IjBmYTViMTBjLTgxZmMtNDU0NS1hNjI3LWVlMjhiZmFmZDc0YSIsInJlc291cmNlX2FjY2VzcyI6e319.SV0NcP2Qkbkrhr2OfupPT5KJnX7ruRKlNfOtD6RefzA", "http.cookie_pair": "KEYCLOAK_SESSION=akvo\/343ef061-25ca-4808-841b-7218f8a26b7f\/0fa5b10c-81fc-4545-a627-ee28bfafd74a" }, "http.request.line": "Cookie: KC_RESTART=eyJhbGciOiJIUzI1NiIsImtpZCIgOiAiNDdmNmU5MjktN2I1NC00MTdkLWJiYTMtM2YwY2M3M2NjNTNjIn0.eyJjcyI6Ijc4NmJlOTQxLWRiYmYtNDg2MC04MGMzLTI0ZjQ2MDU3NzI4NiIsImNpZCI6ImFrdm8tbHVtZW4iLCJwdHkiOiJvcGVuaWQtY29ubmVjdCIsInJ1cmkiOiJodHRwOi8vdDEubHVtZW4ubG9jYWxob3N0OjMwMzAvbGlicmFyeSIsImFjdCI6IkFVVEhFTlRJQ0FURSIsIm5vdGVzIjp7ImF1dGhfdHlwZSI6ImNvZGUiLCJzY29wZSI6Im9wZW5pZCIsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC9hdXRoL3JlYWxtcy9ha3ZvIiwicmVzcG9uc2VfdHlwZSI6ImNvZGUiLCJyZWRpcmVjdF91cmkiOiJodHRwOi8vdDEubHVtZW4ubG9jYWxob3N0OjMwMzAvbGlicmFyeSIsInN0YXRlIjoiZGYyODkyYTktNjIzZC00ZDAwLThhMzEtMzhhYWIyNmY4ZGI0Iiwibm9uY2UiOiI2YTAwMmU2Zi1lNWJjLTRjNDUtYWQ3OS05ZjQ0ZmY0M2M4ZTUiLCJyZXNwb25zZV9tb2RlIjoiZnJhZ21lbnQifX0.3vOGzyxhp-dGq6qnfNdcgNSAGmejeTo5yyC3UezmrA8; KEYCLOAK_IDENTITY=eyJhbGciOiJIUzI1NiIsImtpZCIgOiAiNDdmNmU5MjktN2I1NC00MTdkLWJiYTMtM2YwY2M3M2NjNTNjIn0.eyJqdGkiOiIyOGQ0OTQzNi0yY2Y0LTQ5YzAtYmQ5NC0xNjcxMDJlNjA4N2MiLCJleHAiOjE0ODkwNjE5NjMsIm5iZiI6MCwiaWF0IjoxNDg5MDI1OTYzLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvYWt2byIsInN1YiI6IjM0M2VmMDYxLTI1Y2EtNDgwOC04NDFiLTcyMThmOGEyNmI3ZiIsImF1dGhfdGltZSI6MCwic2Vzc2lvbl9zdGF0ZSI6IjBmYTViMTBjLTgxZmMtNDU0NS1hNjI3LWVlMjhiZmFmZDc0YSIsInJlc291cmNlX2FjY2VzcyI6e319.SV0NcP2Qkbkrhr2OfupPT5KJnX7ruRKlNfOtD6RefzA; KEYCLOAK_SESSION=akvo\/343ef061-25ca-4808-841b-7218f8a26b7f\/0fa5b10c-81fc-4545-a627-ee28bfafd74a\r\n", "\\r\\n": "", "http.request.full_uri": "http:\/\/localhost:8080\/auth\/realms\/akvo\/protocol\/openid-connect\/login-status-iframe.html\/init?client_id=akvo-lumen&origin=http%3A%2F%2Ft1.lumen.localhost%3A3030", "http.request": "1", "http.request_number": "4", "http.prev_request_in": "163", "http.response_in": "209" } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:24.738596000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025964.738596000", "frame.time_delta": "0.005116000", "frame.time_delta_displayed": "0.007401000", "frame.time_relative": "15.015723000", "frame.number": "209", "frame.len": "186", "frame.cap_len": "186", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ipv6:tcp:http", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "30" }, "ipv6": { "ipv6.version": "6", "ip.version": "6", "ipv6.tclass": "0x00000002", "ipv6.tclass_tree": { "ipv6.tclass.dscp": "0", "ipv6.tclass.ecn": "2" }, "ipv6.flow": "0x00090cc8", "ipv6.plen": "142", "ipv6.nxt": "6", "ipv6.hlim": "64", "ipv6.src": "::1", "ipv6.addr": "::1", "ipv6.src_host": "::1", "ipv6.host": "::1", "ipv6.dst": "::1", "ipv6.addr": "::1", "ipv6.dst_host": "::1", "ipv6.host": "::1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "8080", "tcp.dstport": "54769", "tcp.port": "8080", "tcp.port": "54769", "tcp.stream": "11", "tcp.len": "110", "tcp.seq": "10457", "tcp.nxtseq": "10567", "tcp.ack": "6481", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12541", "tcp.window_size": "401312", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x00000096", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:51:ef:48:49:51:e8", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212764655, TSecr 1212764648": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212764655", "tcp.options.timestamp.tsecr": "1212764648" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000103000", "tcp.analysis.bytes_in_flight": "110", "tcp.analysis.push_bytes_sent": "110" } }, "http": { "HTTP\/1.1 204 No Content\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "HTTP\/1.1 204 No Content\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.version": "HTTP\/1.1", "http.response.code": "204", "http.response.phrase": "No Content" }, "http.response.line": "X-Powered-By: Undertow\/1\r\n", "http.server": "WildFly\/10", "http.response.line": "Server: WildFly\/10\r\n", "http.date": "Thu, 09 Mar 2017 02:19:24 GMT", "http.response.line": "Date: Thu, 09 Mar 2017 02:19:24 GMT\r\n", "\\r\\n": "", "http.response": "1", "http.response_number": "4", "http.time": "0.007401000", "http.prev_request_in": "163", "http.prev_response_in": "171", "http.request_in": "203" } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:24.761552000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025964.761552000", "frame.time_delta": "0.000201000", "frame.time_delta_displayed": "0.022956000", "frame.time_relative": "15.038679000", "frame.number": "215", "frame.len": "2014", "frame.cap_len": "2014", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ip:tcp:http", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "2" }, "ip": { "ip.version": "4", "ip.hdr_len": "20", "ip.dsfield": "0x00000002", "ip.dsfield_tree": { "ip.dsfield.dscp": "0", "ip.dsfield.ecn": "2" }, "ip.len": "2010", "ip.id": "0x000011b7", "ip.flags": "0x00000002", "ip.flags_tree": { "ip.flags.rb": "0", "ip.flags.df": "1", "ip.flags.mf": "0" }, "ip.frag_offset": "0", "ip.ttl": "64", "ip.proto": "6", "ip.checksum": "0x00000000", "ip.checksum.status": "2", "ip.src": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.src_host": "127.0.0.1", "ip.host": "127.0.0.1", "ip.dst": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.dst_host": "127.0.0.1", "ip.host": "127.0.0.1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "54777", "tcp.dstport": "3030", "tcp.port": "54777", "tcp.port": "3030", "tcp.stream": "19", "tcp.len": "1958", "tcp.seq": "1", "tcp.nxtseq": "1959", "tcp.ack": "1", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12759", "tcp.window_size": "408288", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x000005cf", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:52:05:48:49:52:05", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212764677, TSecr 1212764677": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212764677", "tcp.options.timestamp.tsecr": "1212764677" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000085000", "tcp.analysis.bytes_in_flight": "1958", "tcp.analysis.push_bytes_sent": "1958" } }, "http": { "GET \/api\/library HTTP\/1.1\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "GET \/api\/library HTTP\/1.1\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.method": "GET", "http.request.uri": "\/api\/library", "http.request.version": "HTTP\/1.1" }, "http.host": "t1.lumen.localhost:3030", "http.request.line": "Host: t1.lumen.localhost:3030\r\n", "http.connection": "keep-alive", "http.request.line": "Connection: keep-alive\r\n", "http.authorization": "Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIwd2ZVd0pDVXM2YmVHT3ZTdzZTN1ZjSW04djZWd3RzZXlCWmd0MElzTmlZIn0.eyJqdGkiOiIxZGJiMjRjZi1lZGUwLTRkNDktOTA1Yi1mZTVjNmQ5NDkxM2EiLCJleHAiOjE0ODkwMjYyNjQsIm5iZiI6MCwiaWF0IjoxNDg5MDI1OTY0LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvYWt2byIsImF1ZCI6ImFrdm8tbHVtZW4iLCJzdWIiOiIzNDNlZjA2MS0yNWNhLTQ4MDgtODQxYi03MjE4ZjhhMjZiN2YiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJha3ZvLWx1bWVuIiwibm9uY2UiOiI2YTAwMmU2Zi1lNWJjLTRjNDUtYWQ3OS05ZjQ0ZmY0M2M4ZTUiLCJhdXRoX3RpbWUiOjE0ODkwMjU5NjMsInNlc3Npb25fc3RhdGUiOiIwZmE1YjEwYy04MWZjLTQ1NDUtYTYyNy1lZTI4YmZhZmQ3NGEiLCJhY3IiOiIxIiwiY2xpZW50X3Nlc3Npb24iOiI3ODZiZTk0MS1kYmJmLTQ4NjAtODBjMy0yNGY0NjA1NzcyODYiLCJhbGxvd2VkLW9yaWdpbnMiOlsiaHR0cDovL3QyLmx1bWVuLmxvY2FsaG9zdDozMDMwIiwiaHR0cDovL3QxLmx1bWVuLmxvY2FsaG9zdDozMDMwIl0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJha3ZvOmx1bWVuOnQxIiwiYWt2bzpsdW1lbjp0MTphZG1pbiIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsInZpZXctcHJvZmlsZSJdfX0sIm5hbWUiOiJKZXJvbWUgRWdpbmxhIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiamVyb21lIiwiZ2l2ZW5fbmFtZSI6Ikplcm9tZSIsImZhbWlseV9uYW1lIjoiRWdpbmxhIiwiZW1haWwiOiJqZXJvbWVAdDEubHVtZW4ubG9jYWxob3N0In0.bjGYDjA3-395ATeR7KTUluOKApoZkV2_MdA7Jbuz3moWhVHBDT4-3BGuLYNLFwlFNCvOo8ngjCaMBH6NqaQIxvybXI9Lcsi3203BIY7q2Drj3c8cL-T6k4YlORACwVpsX395eqqJeZSYgAdnHwvh5yod2KfKeDBatpUtYIYkC-gCwSCUPsDSbb1M8l7HR5dQAeaOPM6BIXaY7cNBkzTHO_PGmPkXBfDvR8rT_3XCPqVF-e01L0lXrW6M82q3XA3Mot3RE6OrXFNm-9ilWh_mg6bEKWaD1WhiXrv9fzExV04PZ53FLP5TgSqCfX0KfkAvWilchC0o8wLvaf9nVeCPCw", "http.request.line": "authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIwd2ZVd0pDVXM2YmVHT3ZTdzZTN1ZjSW04djZWd3RzZXlCWmd0MElzTmlZIn0.eyJqdGkiOiIxZGJiMjRjZi1lZGUwLTRkNDktOTA1Yi1mZTVjNmQ5NDkxM2EiLCJleHAiOjE0ODkwMjYyNjQsIm5iZiI6MCwiaWF0IjoxNDg5MDI1OTY0LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvYWt2byIsImF1ZCI6ImFrdm8tbHVtZW4iLCJzdWIiOiIzNDNlZjA2MS0yNWNhLTQ4MDgtODQxYi03MjE4ZjhhMjZiN2YiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJha3ZvLWx1bWVuIiwibm9uY2UiOiI2YTAwMmU2Zi1lNWJjLTRjNDUtYWQ3OS05ZjQ0ZmY0M2M4ZTUiLCJhdXRoX3RpbWUiOjE0ODkwMjU5NjMsInNlc3Npb25fc3RhdGUiOiIwZmE1YjEwYy04MWZjLTQ1NDUtYTYyNy1lZTI4YmZhZmQ3NGEiLCJhY3IiOiIxIiwiY2xpZW50X3Nlc3Npb24iOiI3ODZiZTk0MS1kYmJmLTQ4NjAtODBjMy0yNGY0NjA1NzcyODYiLCJhbGxvd2VkLW9yaWdpbnMiOlsiaHR0cDovL3QyLmx1bWVuLmxvY2FsaG9zdDozMDMwIiwiaHR0cDovL3QxLmx1bWVuLmxvY2FsaG9zdDozMDMwIl0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJha3ZvOmx1bWVuOnQxIiwiYWt2bzpsdW1lbjp0MTphZG1pbiIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsInZpZXctcHJvZmlsZSJdfX0sIm5hbWUiOiJKZXJvbWUgRWdpbmxhIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiamVyb21lIiwiZ2l2ZW5fbmFtZSI6Ikplcm9tZSIsImZhbWlseV9uYW1lIjoiRWdpbmxhIiwiZW1haWwiOiJqZXJvbWVAdDEubHVtZW4ubG9jYWxob3N0In0.bjGYDjA3-395ATeR7KTUluOKApoZkV2_MdA7Jbuz3moWhVHBDT4-3BGuLYNLFwlFNCvOo8ngjCaMBH6NqaQIxvybXI9Lcsi3203BIY7q2Drj3c8cL-T6k4YlORACwVpsX395eqqJeZSYgAdnHwvh5yod2KfKeDBatpUtYIYkC-gCwSCUPsDSbb1M8l7HR5dQAeaOPM6BIXaY7cNBkzTHO_PGmPkXBfDvR8rT_3XCPqVF-e01L0lXrW6M82q3XA3Mot3RE6OrXFNm-9ilWh_mg6bEKWaD1WhiXrv9fzExV04PZ53FLP5TgSqCfX0KfkAvWilchC0o8wLvaf9nVeCPCw\r\n", "http.user_agent": "Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36", "http.request.line": "User-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36\r\n", "http.content_type": "application\/json", "http.request.line": "content-type: application\/json\r\n", "http.accept": "*\/*", "http.request.line": "Accept: *\/*\r\n", "http.referer": "http:\/\/t1.lumen.localhost:3030\/library", "http.request.line": "Referer: http:\/\/t1.lumen.localhost:3030\/library\r\n", "http.accept_encoding": "gzip, deflate, sdch, br", "http.request.line": "Accept-Encoding: gzip, deflate, sdch, br\r\n", "http.accept_language": "en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4", "http.request.line": "Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4\r\n", "\\r\\n": "", "http.request.full_uri": "http:\/\/t1.lumen.localhost:3030\/api\/library", "http.request": "1", "http.request_number": "1", "http.response_in": "249" } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:24.828280000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025964.828280000", "frame.time_delta": "0.000973000", "frame.time_delta_displayed": "0.066728000", "frame.time_relative": "15.105407000", "frame.number": "219", "frame.len": "266", "frame.cap_len": "266", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ip:tcp:http", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "2" }, "ip": { "ip.version": "4", "ip.hdr_len": "20", "ip.dsfield": "0x00000002", "ip.dsfield_tree": { "ip.dsfield.dscp": "0", "ip.dsfield.ecn": "2" }, "ip.len": "262", "ip.id": "0x0000f1c3", "ip.flags": "0x00000002", "ip.flags_tree": { "ip.flags.rb": "0", "ip.flags.df": "1", "ip.flags.mf": "0" }, "ip.frag_offset": "0", "ip.ttl": "64", "ip.proto": "6", "ip.checksum": "0x00000000", "ip.checksum.status": "2", "ip.src": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.src_host": "127.0.0.1", "ip.host": "127.0.0.1", "ip.dst": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.dst_host": "127.0.0.1", "ip.host": "127.0.0.1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "3030", "tcp.dstport": "54765", "tcp.port": "3030", "tcp.port": "54765", "tcp.stream": "7", "tcp.len": "210", "tcp.seq": "2001", "tcp.nxtseq": "2211", "tcp.ack": "4356", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12623", "tcp.window_size": "403936", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x0000fefa", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:52:45:48:49:50:28", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212764741, TSecr 1212764200": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212764741", "tcp.options.timestamp.tsecr": "1212764200" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000078000", "tcp.analysis.bytes_in_flight": "210", "tcp.analysis.push_bytes_sent": "210" } }, "http": { "HTTP\/1.1 304 Not Modified\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "HTTP\/1.1 304 Not Modified\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.version": "HTTP\/1.1", "http.response.code": "304", "http.response.phrase": "Not Modified" }, "http.response.line": "X-Powered-By: Express\r\n", "http.response.line": "Accept-Ranges: bytes\r\n", "http.response.line": "Access-Control-Allow-Origin: *\r\n", "http.response.line": "ETag: W\/\"22f-yjaM2RvlkdfqS0jVUSsumj\/Lpw8\"\r\n", "http.date": "Thu, 09 Mar 2017 02:19:24 GMT", "http.response.line": "Date: Thu, 09 Mar 2017 02:19:24 GMT\r\n", "http.connection": "keep-alive", "http.response.line": "Connection: keep-alive\r\n", "\\r\\n": "", "http.response": "1", "http.response_number": "9", "http.time": "0.555522000", "http.prev_request_in": "155", "http.prev_response_in": "165", "http.request_in": "169" } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:24.831467000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025964.831467000", "frame.time_delta": "0.003146000", "frame.time_delta_displayed": "0.003187000", "frame.time_relative": "15.108594000", "frame.number": "221", "frame.len": "267", "frame.cap_len": "267", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ip:tcp:http", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "2" }, "ip": { "ip.version": "4", "ip.hdr_len": "20", "ip.dsfield": "0x00000002", "ip.dsfield_tree": { "ip.dsfield.dscp": "0", "ip.dsfield.ecn": "2" }, "ip.len": "263", "ip.id": "0x00007f2c", "ip.flags": "0x00000002", "ip.flags_tree": { "ip.flags.rb": "0", "ip.flags.df": "1", "ip.flags.mf": "0" }, "ip.frag_offset": "0", "ip.ttl": "64", "ip.proto": "6", "ip.checksum": "0x00000000", "ip.checksum.status": "2", "ip.src": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.src_host": "127.0.0.1", "ip.host": "127.0.0.1", "ip.dst": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.dst_host": "127.0.0.1", "ip.host": "127.0.0.1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "3030", "tcp.dstport": "54774", "tcp.port": "3030", "tcp.port": "54774", "tcp.stream": "16", "tcp.len": "211", "tcp.seq": "1", "tcp.nxtseq": "212", "tcp.ack": "487", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12744", "tcp.window_size": "407808", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x0000fefb", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:52:48:48:49:51:46", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212764744, TSecr 1212764486": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212764744", "tcp.options.timestamp.tsecr": "1212764486" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000097000", "tcp.analysis.bytes_in_flight": "211", "tcp.analysis.push_bytes_sent": "211" } }, "http": { "HTTP\/1.1 304 Not Modified\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "HTTP\/1.1 304 Not Modified\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.version": "HTTP\/1.1", "http.response.code": "304", "http.response.phrase": "Not Modified" }, "http.response.line": "X-Powered-By: Express\r\n", "http.response.line": "Accept-Ranges: bytes\r\n", "http.response.line": "Access-Control-Allow-Origin: *\r\n", "http.response.line": "ETag: W\/\"6b7f-GkbsPx7z0LsNm2JejVusvhUVbpM\"\r\n", "http.date": "Thu, 09 Mar 2017 02:19:24 GMT", "http.response.line": "Date: Thu, 09 Mar 2017 02:19:24 GMT\r\n", "http.connection": "keep-alive", "http.response.line": "Connection: keep-alive\r\n", "\\r\\n": "", "http.response": "1", "http.response_number": "1", "http.time": "0.267846000", "http.request_in": "189" } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:24.832693000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025964.832693000", "frame.time_delta": "0.001185000", "frame.time_delta_displayed": "0.001226000", "frame.time_relative": "15.109820000", "frame.number": "223", "frame.len": "267", "frame.cap_len": "267", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ip:tcp:http", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "2" }, "ip": { "ip.version": "4", "ip.hdr_len": "20", "ip.dsfield": "0x00000000", "ip.dsfield_tree": { "ip.dsfield.dscp": "0", "ip.dsfield.ecn": "0" }, "ip.len": "263", "ip.id": "0x00002595", "ip.flags": "0x00000002", "ip.flags_tree": { "ip.flags.rb": "0", "ip.flags.df": "1", "ip.flags.mf": "0" }, "ip.frag_offset": "0", "ip.ttl": "64", "ip.proto": "6", "ip.checksum": "0x00000000", "ip.checksum.status": "2", "ip.src": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.src_host": "127.0.0.1", "ip.host": "127.0.0.1", "ip.dst": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.dst_host": "127.0.0.1", "ip.host": "127.0.0.1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "3030", "tcp.dstport": "54776", "tcp.port": "3030", "tcp.port": "54776", "tcp.stream": "18", "tcp.len": "211", "tcp.seq": "1", "tcp.nxtseq": "212", "tcp.ack": "487", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12744", "tcp.window_size": "407808", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x0000fefb", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:52:49:48:49:51:54", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212764745, TSecr 1212764500": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212764745", "tcp.options.timestamp.tsecr": "1212764500" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000084000", "tcp.analysis.bytes_in_flight": "211", "tcp.analysis.push_bytes_sent": "211" } }, "http": { "HTTP\/1.1 304 Not Modified\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "HTTP\/1.1 304 Not Modified\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.version": "HTTP\/1.1", "http.response.code": "304", "http.response.phrase": "Not Modified" }, "http.response.line": "X-Powered-By: Express\r\n", "http.response.line": "Accept-Ranges: bytes\r\n", "http.response.line": "Access-Control-Allow-Origin: *\r\n", "http.response.line": "ETag: W\/\"2500-\/vCJnovadd3btLwhzD8WES2+f4A\"\r\n", "http.date": "Thu, 09 Mar 2017 02:19:24 GMT", "http.response.line": "Date: Thu, 09 Mar 2017 02:19:24 GMT\r\n", "http.connection": "keep-alive", "http.response.line": "Connection: keep-alive\r\n", "\\r\\n": "", "http.response": "1", "http.response_number": "1", "http.time": "0.252916000", "http.request_in": "201" } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:24.833760000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025964.833760000", "frame.time_delta": "0.001024000", "frame.time_delta_displayed": "0.001067000", "frame.time_relative": "15.110887000", "frame.number": "225", "frame.len": "267", "frame.cap_len": "267", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ip:tcp:http", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "2" }, "ip": { "ip.version": "4", "ip.hdr_len": "20", "ip.dsfield": "0x00000000", "ip.dsfield_tree": { "ip.dsfield.dscp": "0", "ip.dsfield.ecn": "0" }, "ip.len": "263", "ip.id": "0x000095c6", "ip.flags": "0x00000002", "ip.flags_tree": { "ip.flags.rb": "0", "ip.flags.df": "1", "ip.flags.mf": "0" }, "ip.frag_offset": "0", "ip.ttl": "64", "ip.proto": "6", "ip.checksum": "0x00000000", "ip.checksum.status": "2", "ip.src": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.src_host": "127.0.0.1", "ip.host": "127.0.0.1", "ip.dst": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.dst_host": "127.0.0.1", "ip.host": "127.0.0.1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "3030", "tcp.dstport": "54775", "tcp.port": "3030", "tcp.port": "54775", "tcp.stream": "17", "tcp.len": "211", "tcp.seq": "1", "tcp.nxtseq": "212", "tcp.ack": "487", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12744", "tcp.window_size": "407808", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x0000fefb", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:52:4a:48:49:51:54", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212764746, TSecr 1212764500": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212764746", "tcp.options.timestamp.tsecr": "1212764500" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000086000", "tcp.analysis.bytes_in_flight": "211", "tcp.analysis.push_bytes_sent": "211" } }, "http": { "HTTP\/1.1 304 Not Modified\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "HTTP\/1.1 304 Not Modified\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.version": "HTTP\/1.1", "http.response.code": "304", "http.response.phrase": "Not Modified" }, "http.response.line": "X-Powered-By: Express\r\n", "http.response.line": "Accept-Ranges: bytes\r\n", "http.response.line": "Access-Control-Allow-Origin: *\r\n", "http.response.line": "ETag: W\/\"2b08-4T+DrkyZ5MPwwJDaU0yiJwpA07k\"\r\n", "http.date": "Thu, 09 Mar 2017 02:19:24 GMT", "http.response.line": "Date: Thu, 09 Mar 2017 02:19:24 GMT\r\n", "http.connection": "keep-alive", "http.response.line": "Connection: keep-alive\r\n", "\\r\\n": "", "http.response": "1", "http.response_number": "1", "http.time": "0.254155000", "http.request_in": "199", "http.next_request_in": "323", "http.next_response_in": "325" } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:24.920529000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025964.920529000", "frame.time_delta": "0.084558000", "frame.time_delta_displayed": "0.086769000", "frame.time_relative": "15.197656000", "frame.number": "235", "frame.len": "383", "frame.cap_len": "383", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ip:tcp:http:urlencoded-form", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "2" }, "ip": { "ip.version": "4", "ip.hdr_len": "20", "ip.dsfield": "0x00000000", "ip.dsfield_tree": { "ip.dsfield.dscp": "0", "ip.dsfield.ecn": "0" }, "ip.len": "379", "ip.id": "0x0000783a", "ip.flags": "0x00000002", "ip.flags_tree": { "ip.flags.rb": "0", "ip.flags.df": "1", "ip.flags.mf": "0" }, "ip.frag_offset": "0", "ip.ttl": "64", "ip.proto": "6", "ip.checksum": "0x00000000", "ip.checksum.status": "2", "ip.src": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.src_host": "127.0.0.1", "ip.host": "127.0.0.1", "ip.dst": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.dst_host": "127.0.0.1", "ip.host": "127.0.0.1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "53730", "tcp.dstport": "8080", "tcp.port": "53730", "tcp.port": "8080", "tcp.stream": "21", "tcp.len": "327", "tcp.seq": "1", "tcp.nxtseq": "328", "tcp.ack": "1", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12307", "tcp.window_size": "12307", "tcp.window_size_scalefactor": "-1", "tcp.checksum": "0x0000ff6f", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:52:a0:47:e5:a4:28", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212764832, TSecr 1206232104": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212764832", "tcp.options.timestamp.tsecr": "1206232104" } }, "tcp.analysis": { "tcp.analysis.bytes_in_flight": "327", "tcp.analysis.push_bytes_sent": "327" } }, "http": { "POST \/auth\/realms\/akvo\/protocol\/openid-connect\/token HTTP\/1.1\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "POST \/auth\/realms\/akvo\/protocol\/openid-connect\/token HTTP\/1.1\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.method": "POST", "http.request.uri": "\/auth\/realms\/akvo\/protocol\/openid-connect\/token", "http.request.version": "HTTP\/1.1" }, "http.authorization": "Basic YWt2by1sdW1lbi1jb25maWRlbnRpYWw6Y2FlZDM5NjQtMDlkZC00NzUyLWIwYmItMjJjOGU4ZmZkNjMx", "http.authorization_tree": { "http.authbasic": "akvo-lumen-confidential:caed3964-09dd-4752-b0bb-22c8e8ffd631" }, "http.request.line": "Authorization: Basic YWt2by1sdW1lbi1jb25maWRlbnRpYWw6Y2FlZDM5NjQtMDlkZC00NzUyLWIwYmItMjJjOGU4ZmZkNjMx\r\n", "http.content_length_header": "29", "http.content_length_header_tree": { "http.content_length": "29" }, "http.request.line": "Content-Length: 29\r\n", "http.content_type": "application\/x-www-form-urlencoded; charset=UTF-8", "http.request.line": "Content-Type: application\/x-www-form-urlencoded; charset=UTF-8\r\n", "http.host": "localhost:8080", "http.request.line": "Host: localhost:8080\r\n", "http.connection": "Keep-Alive", "http.request.line": "Connection: Keep-Alive\r\n", "\\r\\n": "", "http.request.full_uri": "http:\/\/localhost:8080\/auth\/realms\/akvo\/protocol\/openid-connect\/token", "http.request": "1", "http.request_number": "1", "http.response_in": "237", "http.next_request_in": "239", "http.file_data": "grant_type=client_credentials" }, "urlencoded-form": { "Form item: \"grant_type\" = \"client_credentials\"": { "urlencoded-form.key": "grant_type", "urlencoded-form.value": "client_credentials" } } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:24.975514000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025964.975514000", "frame.time_delta": "0.054942000", "frame.time_delta_displayed": "0.054985000", "frame.time_relative": "15.252641000", "frame.number": "237", "frame.len": "5292", "frame.cap_len": "5292", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ip:tcp:http:json", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "2" }, "ip": { "ip.version": "4", "ip.hdr_len": "20", "ip.dsfield": "0x00000000", "ip.dsfield_tree": { "ip.dsfield.dscp": "0", "ip.dsfield.ecn": "0" }, "ip.len": "5288", "ip.id": "0x0000f7d8", "ip.flags": "0x00000002", "ip.flags_tree": { "ip.flags.rb": "0", "ip.flags.df": "1", "ip.flags.mf": "0" }, "ip.frag_offset": "0", "ip.ttl": "64", "ip.proto": "6", "ip.checksum": "0x00000000", "ip.checksum.status": "2", "ip.src": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.src_host": "127.0.0.1", "ip.host": "127.0.0.1", "ip.dst": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.dst_host": "127.0.0.1", "ip.host": "127.0.0.1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "8080", "tcp.dstport": "53730", "tcp.port": "8080", "tcp.port": "53730", "tcp.stream": "21", "tcp.len": "5236", "tcp.seq": "1", "tcp.nxtseq": "5237", "tcp.ack": "328", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12510", "tcp.window_size": "12510", "tcp.window_size_scalefactor": "-1", "tcp.checksum": "0x0000129d", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:52:d5:48:49:52:a0", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212764885, TSecr 1212764832": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212764885", "tcp.options.timestamp.tsecr": "1212764832" } }, "tcp.analysis": { "tcp.analysis.bytes_in_flight": "5236", "tcp.analysis.push_bytes_sent": "5236" } }, "http": { "HTTP\/1.1 200 OK\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.version": "HTTP\/1.1", "http.response.code": "200", "http.response.phrase": "OK" }, "http.connection": "keep-alive", "http.response.line": "Connection: keep-alive\r\n", "http.response.line": "X-Powered-By: Undertow\/1\r\n", "http.server": "WildFly\/10", "http.response.line": "Server: WildFly\/10\r\n", "http.content_type": "application\/json", "http.response.line": "Content-Type: application\/json\r\n", "http.content_length_header": "5056", "http.content_length_header_tree": { "http.content_length": "5056" }, "http.response.line": "Content-Length: 5056\r\n", "http.date": "Thu, 09 Mar 2017 02:19:24 GMT", "http.response.line": "Date: Thu, 09 Mar 2017 02:19:24 GMT\r\n", "\\r\\n": "", "http.response": "1", "http.response_number": "1", "http.time": "0.054985000", "http.request_in": "235", "http.next_request_in": "239", "http.next_response_in": "241", "http.file_data": "{\"access_token\":\"eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIwd2ZVd0pDVXM2YmVHT3ZTdzZTN1ZjSW04djZWd3RzZXlCWmd0MElzTmlZIn0.eyJqdGkiOiI1ZWZiOWE3ZS1jZWRjLTQ2MmUtODI3YS04NjdlZmFjYjhhN2IiLCJleHAiOjE0ODkwMjYyNjQsIm5iZiI6MCwiaWF0IjoxNDg5MDI1OTY0LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvYWt2byIsImF1ZCI6ImFrdm8tbHVtZW4tY29uZmlkZW50aWFsIiwic3ViIjoiMDM0MzlkMjItNTgwZi00NTlhLWJkOGUtM2I0NGU0M2FmZjEwIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiYWt2by1sdW1lbi1jb25maWRlbnRpYWwiLCJhdXRoX3RpbWUiOjAsInNlc3Npb25fc3RhdGUiOiI3ODhiNGNhNy05MTM4LTQxYWYtYTQwYS0xZjNkNjFhNDRkMTgiLCJhY3IiOiIxIiwiY2xpZW50X3Nlc3Npb24iOiJiNDhiMDcwZi1jYmQ3LTRmNzItYTNhNi0zOWZlYWJhZjc2ZTUiLCJhbGxvd2VkLW9yaWdpbnMiOlsiaHR0cDovL3QxLmx1bWVuLmxvY2FsaG9zdCIsImh0dHA6Ly90MS5sdW1lbi5sb2NhbGhvc3Q6MzAzMCIsImh0dHA6Ly90Mi5sdW1lbi5sb2NhbGhvc3QiXSwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsicmVhbG0tbWFuYWdlbWVudCI6eyJyb2xlcyI6WyJ2aWV3LWlkZW50aXR5LXByb3ZpZGVycyIsInZpZXctcmVhbG0iLCJtYW5hZ2UtaWRlbnRpdHktcHJvdmlkZXJzIiwiaW1wZXJzb25hdGlvbiIsInJlYWxtLWFkbWluIiwiY3JlYXRlLWNsaWVudCIsIm1hbmFnZS11c2VycyIsInZpZXctYXV0aG9yaXphdGlvbiIsIm1hbmFnZS1ldmVudHMiLCJtYW5hZ2UtcmVhbG0iLCJ2aWV3LWV2ZW50cyIsInZpZXctdXNlcnMiLCJ2aWV3LWNsaWVudHMiLCJtYW5hZ2UtYXV0aG9yaXphdGlvbiIsIm1hbmFnZS1jbGllbnRzIl19LCJha3ZvLWx1bWVuLWNvbmZpZGVudGlhbCI6eyJyb2xlcyI6WyJ1bWFfcHJvdGVjdGlvbiJdfSwiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsInZpZXctcHJvZmlsZSJdfX0sImNsaWVudEhvc3QiOiIxNzIuMTcuMC4xIiwiY2xpZW50SWQiOiJha3ZvLWx1bWVuLWNvbmZpZGVudGlhbCIsIm5hbWUiOiIiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJzZXJ2aWNlLWFjY291bnQtYWt2by1sdW1lbi1jb25maWRlbnRpYWwiLCJjbGllbnRBZGRyZXNzIjoiMTcyLjE3LjAuMSIsImVtYWlsIjoic2VydmljZS1hY2NvdW50LWFrdm8tbHVtZW4tY29uZmlkZW50aWFsQHBsYWNlaG9sZGVyLm9yZyJ9.dsmUDD_Igc8wzUYFmioTt_5Nt25qheuiVRBNm5pqXlUj-m3o4k4DjKRtF2Z7mCvfzRIF8cxxHj_N4citRA9B12mTUaxfX7pOsS8l2G6f4VE6Qw8WjX8OmuWFDHu7lvW7STshzr_wpbir63OaP8YuploOwVKblqVa7kXToZ-24YDsaVbtajGSWXlVJY4DAr54iELrsyUw_4ZgHSWPoXCQf3Le4XXvFF0moxLMd5tkWzawheqiFHQRU_QEya5D5IzGfOhWI1PtbvI8oy0BwQTJWnVw43BGkx04W9r1US1EIo4RgqfTGJguoCS1lAI9VhGEyxho2Jl1TQcRb_zhi9nEgg\",\"expires_in\":300,\"refresh_expires_in\":1800,\"refresh_token\":\"eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIwd2ZVd0pDVXM2YmVHT3ZTdzZTN1ZjSW04djZWd3RzZXlCWmd0MElzTmlZIn0.eyJqdGkiOiIwMjNjNjQ0MS0zMjg5LTQyNWUtOTgyYS05ZjFjZDdhYTY1ZDQiLCJleHAiOjE0ODkwMjc3NjQsIm5iZiI6MCwiaWF0IjoxNDg5MDI1OTY0LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvYWt2byIsImF1ZCI6ImFrdm8tbHVtZW4tY29uZmlkZW50aWFsIiwic3ViIjoiMDM0MzlkMjItNTgwZi00NTlhLWJkOGUtM2I0NGU0M2FmZjEwIiwidHlwIjoiUmVmcmVzaCIsImF6cCI6ImFrdm8tbHVtZW4tY29uZmlkZW50aWFsIiwiYXV0aF90aW1lIjowLCJzZXNzaW9uX3N0YXRlIjoiNzg4YjRjYTctOTEzOC00MWFmLWE0MGEtMWYzZDYxYTQ0ZDE4IiwiY2xpZW50X3Nlc3Npb24iOiJiNDhiMDcwZi1jYmQ3LTRmNzItYTNhNi0zOWZlYWJhZjc2ZTUiLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsidW1hX2F1dGhvcml6YXRpb24iXX0sInJlc291cmNlX2FjY2VzcyI6eyJyZWFsbS1tYW5hZ2VtZW50Ijp7InJvbGVzIjpbInZpZXctaWRlbnRpdHktcHJvdmlkZXJzIiwidmlldy1yZWFsbSIsIm1hbmFnZS1pZGVudGl0eS1wcm92aWRlcnMiLCJpbXBlcnNvbmF0aW9uIiwicmVhbG0tYWRtaW4iLCJjcmVhdGUtY2xpZW50IiwibWFuYWdlLXVzZXJzIiwidmlldy1hdXRob3JpemF0aW9uIiwibWFuYWdlLWV2ZW50cyIsIm1hbmFnZS1yZWFsbSIsInZpZXctZXZlbnRzIiwidmlldy11c2VycyIsInZpZXctY2xpZW50cyIsIm1hbmFnZS1hdXRob3JpemF0aW9uIiwibWFuYWdlLWNsaWVudHMiXX0sImFrdm8tbHVtZW4tY29uZmlkZW50aWFsIjp7InJvbGVzIjpbInVtYV9wcm90ZWN0aW9uIl19LCJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50Iiwidmlldy1wcm9maWxlIl19fX0.l4vcmRKbMltHq1nN6TDHowd50vgerXvCe7b_lzpWtXt88qFMgjE5q1aInRhL4cPWBjnSGgs8Y-aI1UNow84ROh-Vk9b8fsbhasJhKvx4SwWcOMOlCzGt6i-8t4uK93nJYlFmiraLQ9BW_2Fnq8u61yEiRa8CC_mSJOky_JUp0iR7BQXM22pV4UI-eU0vTwTlgIm3hCZRbZWx1enlO1nKFQD7A3VZGgbuD-cek35i7Jl1W3VwHpij2LpAbF20G6tLHoubV-extPuANXkmgSoGzT6su9uXruR6myfMD88iB3pxt-FVx3gMjd08VdTpsX8TfW0ZthLhG2YyIQPUcxzLHQ\",\"token_type\":\"bearer\",\"id_token\":\"eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIwd2ZVd0pDVXM2YmVHT3ZTdzZTN1ZjSW04djZWd3RzZXlCWmd0MElzTmlZIn0.eyJqdGkiOiI0ZDllNmJhMi02MTg5LTQyMGEtODU0Ni1hMTNjNmYwNGZjNzUiLCJleHAiOjE0ODkwMjYyNjQsIm5iZiI6MCwiaWF0IjoxNDg5MDI1OTY0LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvYWt2byIsImF1ZCI6ImFrdm8tbHVtZW4tY29uZmlkZW50aWFsIiwic3ViIjoiMDM0MzlkMjItNTgwZi00NTlhLWJkOGUtM2I0NGU0M2FmZjEwIiwidHlwIjoiSUQiLCJhenAiOiJha3ZvLWx1bWVuLWNvbmZpZGVudGlhbCIsImF1dGhfdGltZSI6MCwic2Vzc2lvbl9zdGF0ZSI6Ijc4OGI0Y2E3LTkxMzgtNDFhZi1hNDBhLTFmM2Q2MWE0NGQxOCIsImFjciI6IjEiLCJjbGllbnRIb3N0IjoiMTcyLjE3LjAuMSIsImNsaWVudElkIjoiYWt2by1sdW1lbi1jb25maWRlbnRpYWwiLCJuYW1lIjoiIiwicHJlZmVycmVkX3VzZXJuYW1lIjoic2VydmljZS1hY2NvdW50LWFrdm8tbHVtZW4tY29uZmlkZW50aWFsIiwiY2xpZW50QWRkcmVzcyI6IjE3Mi4xNy4wLjEiLCJlbWFpbCI6InNlcnZpY2UtYWNjb3VudC1ha3ZvLWx1bWVuLWNvbmZpZGVudGlhbEBwbGFjZWhvbGRlci5vcmcifQ.q-0tSukdtuJMurv91UURVMKXqLHCGZxYtqNXkI1R3Q-ssd8VzQVXgJjCou0QahjPbX2A9GMsdfayKUiFFUjI-hflf9PVhjnfsu5SiKj2lYkXMfKMkJDhF8_wSOJrOZtChTIvxc5ZR541LLlqOiD7qa889dPByb3uRNtkBBZyqHl0QP1LgZaPItlPuU4QOj4_w57aEj2N1qZx3p_83SXsh2sEa9043I8IiyuRODhmDb6a5iIaJdnolS1v5GnWDjs00vfT8p7vDJ7uQPdQXfjkz4Vg-qG6ykPmOX3ojy8e0FCqbXErBlGilgtvaPWelKcgFolOyQYxX4nneCX690JYdg\",\"not-before-policy\":0,\"session_state\":\"788b4ca7-9138-41af-a40a-1f3d61a44d18\"}" }, "json": { "json.object": { "json.member": { "json.value.string": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIwd2ZVd0pDVXM2YmVHT3ZTdzZTN1ZjSW04djZWd3RzZXlCWmd0MElzTmlZIn0.eyJqdGkiOiI1ZWZiOWE3ZS1jZWRjLTQ2MmUtODI3YS04NjdlZmFjYjhhN2IiLCJleHAiOjE0ODkwMjYyNjQsIm5iZiI6MCwiaWF0IjoxNDg5MDI1OTY0LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvYWt2byIsImF1ZCI6ImFrdm8tbHVtZW4tY29uZmlkZW50aWFsIiwic3ViIjoiMDM0MzlkMjItNTgwZi00NTlhLWJkOGUtM2I0NGU0M2FmZjEwIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiYWt2by1sdW1lbi1jb25maWRlbnRpYWwiLCJhdXRoX3RpbWUiOjAsInNlc3Npb25fc3RhdGUiOiI3ODhiNGNhNy05MTM4LTQxYWYtYTQwYS0xZjNkNjFhNDRkMTgiLCJhY3IiOiIxIiwiY2xpZW50X3Nlc3Npb24iOiJiNDhiMDcwZi1jYmQ3LTRmNzItYTNhNi0zOWZlYWJhZjc2ZTUiLCJhbGxvd2VkLW9yaWdpbnMiOlsiaHR0cDovL3QxLmx1bWVuLmxvY2FsaG9zdCIsImh0dHA6Ly90MS5sdW1lbi5sb2NhbGhvc3Q6MzAzMCIsImh0dHA6Ly90Mi5sdW1lbi5sb2NhbGhvc3QiXSwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsicmVhbG0tbWFuYWdlbWVudCI6eyJyb2xlcyI6WyJ2aWV3LWlkZW50aXR5LXByb3ZpZGVycyIsInZpZXctcmVhbG0iLCJtYW5hZ2UtaWRlbnRpdHktcHJvdmlkZXJzIiwiaW1wZXJzb25hdGlvbiIsInJlYWxtLWFkbWluIiwiY3JlYXRlLWNsaWVudCIsIm1hbmFnZS11c2VycyIsInZpZXctYXV0aG9yaXphdGlvbiIsIm1hbmFnZS1ldmVudHMiLCJtYW5hZ2UtcmVhbG0iLCJ2aWV3LWV2ZW50cyIsInZpZXctdXNlcnMiLCJ2aWV3LWNsaWVudHMiLCJtYW5hZ2UtYXV0aG9yaXphdGlvbiIsIm1hbmFnZS1jbGllbnRzIl19LCJha3ZvLWx1bWVuLWNvbmZpZGVudGlhbCI6eyJyb2xlcyI6WyJ1bWFfcHJvdGVjdGlvbiJdfSwiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsInZpZXctcHJvZmlsZSJdfX0sImNsaWVudEhvc3QiOiIxNzIuMTcuMC4xIiwiY2xpZW50SWQiOiJha3ZvLWx1bWVuLWNvbmZpZGVudGlhbCIsIm5hbWUiOiIiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJzZXJ2aWNlLWFjY291bnQtYWt2by1sdW1lbi1jb25maWRlbnRpYWwiLCJjbGllbnRBZGRyZXNzIjoiMTcyLjE3LjAuMSIsImVtYWlsIjoic2VydmljZS1hY2NvdW50LWFrdm8tbHVtZW4tY29uZmlkZW50aWFsQHBsYWNlaG9sZGVyLm9yZyJ9.dsmUDD_Igc8wzUYFmioTt_5Nt25qheuiVRBNm5pqXlUj-m3o4k4DjKRtF2Z7mCvfzRIF8cxxHj_N4citRA9B12mTUaxfX7pOsS8l2G6f4VE6Qw8WjX8OmuWFDHu7lvW7STshzr_wpbir63OaP8YuploOwVKblqVa7kXToZ-24YDsaVbtajGSWXlVJY4DAr54iELrsyUw_4ZgHSWPoXCQf3Le4XXvFF0moxLMd5tkWzawheqiFHQRU_QEya5D5IzGfOhWI1PtbvI8oy0BwQTJWnVw43BGkx04W9r1US1EIo4RgqfTGJguoCS1lAI9VhGEyxho2Jl1TQcRb_zhi9nEgg", "json.key": "access_token" }, "json.member": { "json.value.number": "300", "json.key": "expires_in" }, "json.member": { "json.value.number": "1800", "json.key": "refresh_expires_in" }, "json.member": { "json.value.string": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIwd2ZVd0pDVXM2YmVHT3ZTdzZTN1ZjSW04djZWd3RzZXlCWmd0MElzTmlZIn0.eyJqdGkiOiIwMjNjNjQ0MS0zMjg5LTQyNWUtOTgyYS05ZjFjZDdhYTY1ZDQiLCJleHAiOjE0ODkwMjc3NjQsIm5iZiI6MCwiaWF0IjoxNDg5MDI1OTY0LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvYWt2byIsImF1ZCI6ImFrdm8tbHVtZW4tY29uZmlkZW50aWFsIiwic3ViIjoiMDM0MzlkMjItNTgwZi00NTlhLWJkOGUtM2I0NGU0M2FmZjEwIiwidHlwIjoiUmVmcmVzaCIsImF6cCI6ImFrdm8tbHVtZW4tY29uZmlkZW50aWFsIiwiYXV0aF90aW1lIjowLCJzZXNzaW9uX3N0YXRlIjoiNzg4YjRjYTctOTEzOC00MWFmLWE0MGEtMWYzZDYxYTQ0ZDE4IiwiY2xpZW50X3Nlc3Npb24iOiJiNDhiMDcwZi1jYmQ3LTRmNzItYTNhNi0zOWZlYWJhZjc2ZTUiLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsidW1hX2F1dGhvcml6YXRpb24iXX0sInJlc291cmNlX2FjY2VzcyI6eyJyZWFsbS1tYW5hZ2VtZW50Ijp7InJvbGVzIjpbInZpZXctaWRlbnRpdHktcHJvdmlkZXJzIiwidmlldy1yZWFsbSIsIm1hbmFnZS1pZGVudGl0eS1wcm92aWRlcnMiLCJpbXBlcnNvbmF0aW9uIiwicmVhbG0tYWRtaW4iLCJjcmVhdGUtY2xpZW50IiwibWFuYWdlLXVzZXJzIiwidmlldy1hdXRob3JpemF0aW9uIiwibWFuYWdlLWV2ZW50cyIsIm1hbmFnZS1yZWFsbSIsInZpZXctZXZlbnRzIiwidmlldy11c2VycyIsInZpZXctY2xpZW50cyIsIm1hbmFnZS1hdXRob3JpemF0aW9uIiwibWFuYWdlLWNsaWVudHMiXX0sImFrdm8tbHVtZW4tY29uZmlkZW50aWFsIjp7InJvbGVzIjpbInVtYV9wcm90ZWN0aW9uIl19LCJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50Iiwidmlldy1wcm9maWxlIl19fX0.l4vcmRKbMltHq1nN6TDHowd50vgerXvCe7b_lzpWtXt88qFMgjE5q1aInRhL4cPWBjnSGgs8Y-aI1UNow84ROh-Vk9b8fsbhasJhKvx4SwWcOMOlCzGt6i-8t4uK93nJYlFmiraLQ9BW_2Fnq8u61yEiRa8CC_mSJOky_JUp0iR7BQXM22pV4UI-eU0vTwTlgIm3hCZRbZWx1enlO1nKFQD7A3VZGgbuD-cek35i7Jl1W3VwHpij2LpAbF20G6tLHoubV-extPuANXkmgSoGzT6su9uXruR6myfMD88iB3pxt-FVx3gMjd08VdTpsX8TfW0ZthLhG2YyIQPUcxzLHQ", "json.key": "refresh_token" }, "json.member": { "json.value.string": "bearer", "json.key": "token_type" }, "json.member": { "json.value.string": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIwd2ZVd0pDVXM2YmVHT3ZTdzZTN1ZjSW04djZWd3RzZXlCWmd0MElzTmlZIn0.eyJqdGkiOiI0ZDllNmJhMi02MTg5LTQyMGEtODU0Ni1hMTNjNmYwNGZjNzUiLCJleHAiOjE0ODkwMjYyNjQsIm5iZiI6MCwiaWF0IjoxNDg5MDI1OTY0LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvYWt2byIsImF1ZCI6ImFrdm8tbHVtZW4tY29uZmlkZW50aWFsIiwic3ViIjoiMDM0MzlkMjItNTgwZi00NTlhLWJkOGUtM2I0NGU0M2FmZjEwIiwidHlwIjoiSUQiLCJhenAiOiJha3ZvLWx1bWVuLWNvbmZpZGVudGlhbCIsImF1dGhfdGltZSI6MCwic2Vzc2lvbl9zdGF0ZSI6Ijc4OGI0Y2E3LTkxMzgtNDFhZi1hNDBhLTFmM2Q2MWE0NGQxOCIsImFjciI6IjEiLCJjbGllbnRIb3N0IjoiMTcyLjE3LjAuMSIsImNsaWVudElkIjoiYWt2by1sdW1lbi1jb25maWRlbnRpYWwiLCJuYW1lIjoiIiwicHJlZmVycmVkX3VzZXJuYW1lIjoic2VydmljZS1hY2NvdW50LWFrdm8tbHVtZW4tY29uZmlkZW50aWFsIiwiY2xpZW50QWRkcmVzcyI6IjE3Mi4xNy4wLjEiLCJlbWFpbCI6InNlcnZpY2UtYWNjb3VudC1ha3ZvLWx1bWVuLWNvbmZpZGVudGlhbEBwbGFjZWhvbGRlci5vcmcifQ.q-0tSukdtuJMurv91UURVMKXqLHCGZxYtqNXkI1R3Q-ssd8VzQVXgJjCou0QahjPbX2A9GMsdfayKUiFFUjI-hflf9PVhjnfsu5SiKj2lYkXMfKMkJDhF8_wSOJrOZtChTIvxc5ZR541LLlqOiD7qa889dPByb3uRNtkBBZyqHl0QP1LgZaPItlPuU4QOj4_w57aEj2N1qZx3p_83SXsh2sEa9043I8IiyuRODhmDb6a5iIaJdnolS1v5GnWDjs00vfT8p7vDJ7uQPdQXfjkz4Vg-qG6ykPmOX3ojy8e0FCqbXErBlGilgtvaPWelKcgFolOyQYxX4nneCX690JYdg", "json.key": "id_token" }, "json.member": { "json.value.number": "0", "json.key": "not-before-policy" }, "json.member": { "json.value.string": "788b4ca7-9138-41af-a40a-1f3d61a44d18", "json.key": "session_state" } } } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:24.987742000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025964.987742000", "frame.time_delta": "0.012188000", "frame.time_delta_displayed": "0.012228000", "frame.time_relative": "15.264869000", "frame.number": "239", "frame.len": "2404", "frame.cap_len": "2404", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ip:tcp:http:json", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "2" }, "ip": { "ip.version": "4", "ip.hdr_len": "20", "ip.dsfield": "0x00000000", "ip.dsfield_tree": { "ip.dsfield.dscp": "0", "ip.dsfield.ecn": "0" }, "ip.len": "2400", "ip.id": "0x0000bea9", "ip.flags": "0x00000002", "ip.flags_tree": { "ip.flags.rb": "0", "ip.flags.df": "1", "ip.flags.mf": "0" }, "ip.frag_offset": "0", "ip.ttl": "64", "ip.proto": "6", "ip.checksum": "0x00000000", "ip.checksum.status": "2", "ip.src": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.src_host": "127.0.0.1", "ip.host": "127.0.0.1", "ip.dst": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.dst_host": "127.0.0.1", "ip.host": "127.0.0.1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "53730", "tcp.dstport": "8080", "tcp.port": "53730", "tcp.port": "8080", "tcp.stream": "21", "tcp.len": "2348", "tcp.seq": "328", "tcp.nxtseq": "2676", "tcp.ack": "5237", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12144", "tcp.window_size": "12144", "tcp.window_size_scalefactor": "-1", "tcp.checksum": "0x00000755", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:52:e1:48:49:52:d5", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212764897, TSecr 1212764885": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212764897", "tcp.options.timestamp.tsecr": "1212764885" } }, "tcp.analysis": { "tcp.analysis.bytes_in_flight": "2348", "tcp.analysis.push_bytes_sent": "2348" } }, "http": { "POST \/auth\/realms\/akvo\/authz\/protection\/permission HTTP\/1.1\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "POST \/auth\/realms\/akvo\/authz\/protection\/permission HTTP\/1.1\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.method": "POST", "http.request.uri": "\/auth\/realms\/akvo\/authz\/protection\/permission", "http.request.version": "HTTP\/1.1" }, "http.authorization": "Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIwd2ZVd0pDVXM2YmVHT3ZTdzZTN1ZjSW04djZWd3RzZXlCWmd0MElzTmlZIn0.eyJqdGkiOiI1ZWZiOWE3ZS1jZWRjLTQ2MmUtODI3YS04NjdlZmFjYjhhN2IiLCJleHAiOjE0ODkwMjYyNjQsIm5iZiI6MCwiaWF0IjoxNDg5MDI1OTY0LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvYWt2byIsImF1ZCI6ImFrdm8tbHVtZW4tY29uZmlkZW50aWFsIiwic3ViIjoiMDM0MzlkMjItNTgwZi00NTlhLWJkOGUtM2I0NGU0M2FmZjEwIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiYWt2by1sdW1lbi1jb25maWRlbnRpYWwiLCJhdXRoX3RpbWUiOjAsInNlc3Npb25fc3RhdGUiOiI3ODhiNGNhNy05MTM4LTQxYWYtYTQwYS0xZjNkNjFhNDRkMTgiLCJhY3IiOiIxIiwiY2xpZW50X3Nlc3Npb24iOiJiNDhiMDcwZi1jYmQ3LTRmNzItYTNhNi0zOWZlYWJhZjc2ZTUiLCJhbGxvd2VkLW9yaWdpbnMiOlsiaHR0cDovL3QxLmx1bWVuLmxvY2FsaG9zdCIsImh0dHA6Ly90MS5sdW1lbi5sb2NhbGhvc3Q6MzAzMCIsImh0dHA6Ly90Mi5sdW1lbi5sb2NhbGhvc3QiXSwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsicmVhbG0tbWFuYWdlbWVudCI6eyJyb2xlcyI6WyJ2aWV3LWlkZW50aXR5LXByb3ZpZGVycyIsInZpZXctcmVhbG0iLCJtYW5hZ2UtaWRlbnRpdHktcHJvdmlkZXJzIiwiaW1wZXJzb25hdGlvbiIsInJlYWxtLWFkbWluIiwiY3JlYXRlLWNsaWVudCIsIm1hbmFnZS11c2VycyIsInZpZXctYXV0aG9yaXphdGlvbiIsIm1hbmFnZS1ldmVudHMiLCJtYW5hZ2UtcmVhbG0iLCJ2aWV3LWV2ZW50cyIsInZpZXctdXNlcnMiLCJ2aWV3LWNsaWVudHMiLCJtYW5hZ2UtYXV0aG9yaXphdGlvbiIsIm1hbmFnZS1jbGllbnRzIl19LCJha3ZvLWx1bWVuLWNvbmZpZGVudGlhbCI6eyJyb2xlcyI6WyJ1bWFfcHJvdGVjdGlvbiJdfSwiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsInZpZXctcHJvZmlsZSJdfX0sImNsaWVudEhvc3QiOiIxNzIuMTcuMC4xIiwiY2xpZW50SWQiOiJha3ZvLWx1bWVuLWNvbmZpZGVudGlhbCIsIm5hbWUiOiIiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJzZXJ2aWNlLWFjY291bnQtYWt2by1sdW1lbi1jb25maWRlbnRpYWwiLCJjbGllbnRBZGRyZXNzIjoiMTcyLjE3LjAuMSIsImVtYWlsIjoic2VydmljZS1hY2NvdW50LWFrdm8tbHVtZW4tY29uZmlkZW50aWFsQHBsYWNlaG9sZGVyLm9yZyJ9.dsmUDD_Igc8wzUYFmioTt_5Nt25qheuiVRBNm5pqXlUj-m3o4k4DjKRtF2Z7mCvfzRIF8cxxHj_N4citRA9B12mTUaxfX7pOsS8l2G6f4VE6Qw8WjX8OmuWFDHu7lvW7STshzr_wpbir63OaP8YuploOwVKblqVa7kXToZ-24YDsaVbtajGSWXlVJY4DAr54iELrsyUw_4ZgHSWPoXCQf3Le4XXvFF0moxLMd5tkWzawheqiFHQRU_QEya5D5IzGfOhWI1PtbvI8oy0BwQTJWnVw43BGkx04W9r1US1EIo4RgqfTGJguoCS1lAI9VhGEyxho2Jl1TQcRb_zhi9nEgg", "http.request.line": "Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIwd2ZVd0pDVXM2YmVHT3ZTdzZTN1ZjSW04djZWd3RzZXlCWmd0MElzTmlZIn0.eyJqdGkiOiI1ZWZiOWE3ZS1jZWRjLTQ2MmUtODI3YS04NjdlZmFjYjhhN2IiLCJleHAiOjE0ODkwMjYyNjQsIm5iZiI6MCwiaWF0IjoxNDg5MDI1OTY0LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvYWt2byIsImF1ZCI6ImFrdm8tbHVtZW4tY29uZmlkZW50aWFsIiwic3ViIjoiMDM0MzlkMjItNTgwZi00NTlhLWJkOGUtM2I0NGU0M2FmZjEwIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiYWt2by1sdW1lbi1jb25maWRlbnRpYWwiLCJhdXRoX3RpbWUiOjAsInNlc3Npb25fc3RhdGUiOiI3ODhiNGNhNy05MTM4LTQxYWYtYTQwYS0xZjNkNjFhNDRkMTgiLCJhY3IiOiIxIiwiY2xpZW50X3Nlc3Npb24iOiJiNDhiMDcwZi1jYmQ3LTRmNzItYTNhNi0zOWZlYWJhZjc2ZTUiLCJhbGxvd2VkLW9yaWdpbnMiOlsiaHR0cDovL3QxLmx1bWVuLmxvY2FsaG9zdCIsImh0dHA6Ly90MS5sdW1lbi5sb2NhbGhvc3Q6MzAzMCIsImh0dHA6Ly90Mi5sdW1lbi5sb2NhbGhvc3QiXSwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsicmVhbG0tbWFuYWdlbWVudCI6eyJyb2xlcyI6WyJ2aWV3LWlkZW50aXR5LXByb3ZpZGVycyIsInZpZXctcmVhbG0iLCJtYW5hZ2UtaWRlbnRpdHktcHJvdmlkZXJzIiwiaW1wZXJzb25hdGlvbiIsInJlYWxtLWFkbWluIiwiY3JlYXRlLWNsaWVudCIsIm1hbmFnZS11c2VycyIsInZpZXctYXV0aG9yaXphdGlvbiIsIm1hbmFnZS1ldmVudHMiLCJtYW5hZ2UtcmVhbG0iLCJ2aWV3LWV2ZW50cyIsInZpZXctdXNlcnMiLCJ2aWV3LWNsaWVudHMiLCJtYW5hZ2UtYXV0aG9yaXphdGlvbiIsIm1hbmFnZS1jbGllbnRzIl19LCJha3ZvLWx1bWVuLWNvbmZpZGVudGlhbCI6eyJyb2xlcyI6WyJ1bWFfcHJvdGVjdGlvbiJdfSwiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsInZpZXctcHJvZmlsZSJdfX0sImNsaWVudEhvc3QiOiIxNzIuMTcuMC4xIiwiY2xpZW50SWQiOiJha3ZvLWx1bWVuLWNvbmZpZGVudGlhbCIsIm5hbWUiOiIiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJzZXJ2aWNlLWFjY291bnQtYWt2by1sdW1lbi1jb25maWRlbnRpYWwiLCJjbGllbnRBZGRyZXNzIjoiMTcyLjE3LjAuMSIsImVtYWlsIjoic2VydmljZS1hY2NvdW50LWFrdm8tbHVtZW4tY29uZmlkZW50aWFsQHBsYWNlaG9sZGVyLm9yZyJ9.dsmUDD_Igc8wzUYFmioTt_5Nt25qheuiVRBNm5pqXlUj-m3o4k4DjKRtF2Z7mCvfzRIF8cxxHj_N4citRA9B12mTUaxfX7pOsS8l2G6f4VE6Qw8WjX8OmuWFDHu7lvW7STshzr_wpbir63OaP8YuploOwVKblqVa7kXToZ-24YDsaVbtajGSWXlVJY4DAr54iELrsyUw_4ZgHSWPoXCQf3Le4XXvFF0moxLMd5tkWzawheqiFHQRU_QEya5D5IzGfOhWI1PtbvI8oy0BwQTJWnVw43BGkx04W9r1US1EIo4RgqfTGJguoCS1lAI9VhGEyxho2Jl1TQcRb_zhi9nEgg\r\n", "http.content_type": "application\/json", "http.request.line": "Content-Type: application\/json\r\n", "http.content_length_header": "103", "http.content_length_header_tree": { "http.content_length": "103" }, "http.request.line": "Content-Length: 103\r\n", "http.host": "localhost:8080", "http.request.line": "Host: localhost:8080\r\n", "http.connection": "Keep-Alive", "http.request.line": "Connection: Keep-Alive\r\n", "\\r\\n": "", "http.request.full_uri": "http:\/\/localhost:8080\/auth\/realms\/akvo\/authz\/protection\/permission", "http.request": "1", "http.request_number": "2", "http.prev_request_in": "235", "http.response_in": "241", "http.file_data": "{\"scopes\":[\"urn:lumen:scopes:dashboard:view\"],\"resource_set_id\":\"475a9b2c-0877-43e3-b09c-7a6ea33a657e\"}" }, "json": { "json.object": { "json.member": { "json.array": { "json.value.string": "urn:lumen:scopes:dashboard:view" }, "json.key": "scopes" }, "json.member": { "json.value.string": "475a9b2c-0877-43e3-b09c-7a6ea33a657e", "json.key": "resource_set_id" } } } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:25.035530000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025965.035530000", "frame.time_delta": "0.047744000", "frame.time_delta_displayed": "0.047788000", "frame.time_relative": "15.312657000", "frame.number": "241", "frame.len": "1123", "frame.cap_len": "1123", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ip:tcp:http:json", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "2" }, "ip": { "ip.version": "4", "ip.hdr_len": "20", "ip.dsfield": "0x00000000", "ip.dsfield_tree": { "ip.dsfield.dscp": "0", "ip.dsfield.ecn": "0" }, "ip.len": "1119", "ip.id": "0x00004a7e", "ip.flags": "0x00000002", "ip.flags_tree": { "ip.flags.rb": "0", "ip.flags.df": "1", "ip.flags.mf": "0" }, "ip.frag_offset": "0", "ip.ttl": "64", "ip.proto": "6", "ip.checksum": "0x00000000", "ip.checksum.status": "2", "ip.src": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.src_host": "127.0.0.1", "ip.host": "127.0.0.1", "ip.dst": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.dst_host": "127.0.0.1", "ip.host": "127.0.0.1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "8080", "tcp.dstport": "53730", "tcp.port": "8080", "tcp.port": "53730", "tcp.stream": "21", "tcp.len": "1067", "tcp.seq": "5237", "tcp.nxtseq": "6304", "tcp.ack": "2676", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12436", "tcp.window_size": "12436", "tcp.window_size_scalefactor": "-1", "tcp.checksum": "0x00000254", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:53:10:48:49:52:e1", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212764944, TSecr 1212764897": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212764944", "tcp.options.timestamp.tsecr": "1212764897" } }, "tcp.analysis": { "tcp.analysis.bytes_in_flight": "1067", "tcp.analysis.push_bytes_sent": "1067" } }, "http": { "HTTP\/1.1 201 Created\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "HTTP\/1.1 201 Created\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.version": "HTTP\/1.1", "http.response.code": "201", "http.response.phrase": "Created" }, "http.connection": "keep-alive", "http.response.line": "Connection: keep-alive\r\n", "http.response.line": "X-Powered-By: Undertow\/1\r\n", "http.server": "WildFly\/10", "http.response.line": "Server: WildFly\/10\r\n", "http.content_type": "application\/json", "http.response.line": "Content-Type: application\/json\r\n", "http.content_length_header": "883", "http.content_length_header_tree": { "http.content_length": "883" }, "http.response.line": "Content-Length: 883\r\n", "http.date": "Thu, 09 Mar 2017 02:19:25 GMT", "http.response.line": "Date: Thu, 09 Mar 2017 02:19:25 GMT\r\n", "\\r\\n": "", "http.response": "1", "http.response_number": "2", "http.time": "0.047788000", "http.prev_request_in": "235", "http.prev_response_in": "237", "http.request_in": "239", "http.file_data": "{\"ticket\":\"eyJhbGciOiJSUzI1NiIsImtpZCIgOiAiMHdmVXdKQ1VzNmJlR092U3c2UzdWY0ltOHY2Vnd0c2V5QlpndDBJc05pWSJ9.eyJyZXNvdXJjZXMiOlt7Im5hbWUiOiIvbGlicmFyeSIsInNjb3BlcyI6W3sibmFtZSI6InVybjpsdW1lbjpzY29wZXM6ZGFzaGJvYXJkOnZpZXcifV19XSwicmVzb3VyY2VTZXJ2ZXJJZCI6IjllNTNlZWFjLTk5YzktNDA1Yi04N2EyLTRhOTFmNGZkMmYxMCIsImp0aSI6IjZhZWQ3ZGQ2LWFiYjAtNDA2Ni1iOGNlLWVhMDljYTcwOTJlYS0xNDg5MDI1OTY1MDAwIiwiZXhwIjoxNDg5MDI2MjY0LCJuYmYiOjAsImlhdCI6MTQ4OTAyNTk2NCwic3ViIjoiMDM0MzlkMjItNTgwZi00NTlhLWJkOGUtM2I0NGU0M2FmZjEwIiwiYXpwIjoiYWt2by1sdW1lbi1jb25maWRlbnRpYWwifQ.p5pgYrkXGpZQL4ocqRyrCn5qMxRcQHgz_2LE7jMiPcS6daEgNG1ni92JggdxDemuutlOSQ--88kTPScpIr-lFOt6nOlyU8HJA_9CGHtb_j0fkJ8ooIH-BOFjlexv8FLT-ElcFfXlS76cpdKimfg4EV9vIjHfixTKGYG8oj_w4w3W3xZK79k2lKUYyBWH70CEtX53ARL45fF3mC-n_2rf7-tpylc7oBMwyA36O3TnQXm07ugZ9i3zrRMnRYkP0AiqIinFWYSpNLfljUpMxs4l2_yrWoInOAtmphDHTi3Hdh75wI2Ds0h3D-0psuyohtT_6dHluxtlSZ7CB0rQhPMc-A\"}" }, "json": { "json.object": { "json.member": { "json.value.string": "eyJhbGciOiJSUzI1NiIsImtpZCIgOiAiMHdmVXdKQ1VzNmJlR092U3c2UzdWY0ltOHY2Vnd0c2V5QlpndDBJc05pWSJ9.eyJyZXNvdXJjZXMiOlt7Im5hbWUiOiIvbGlicmFyeSIsInNjb3BlcyI6W3sibmFtZSI6InVybjpsdW1lbjpzY29wZXM6ZGFzaGJvYXJkOnZpZXcifV19XSwicmVzb3VyY2VTZXJ2ZXJJZCI6IjllNTNlZWFjLTk5YzktNDA1Yi04N2EyLTRhOTFmNGZkMmYxMCIsImp0aSI6IjZhZWQ3ZGQ2LWFiYjAtNDA2Ni1iOGNlLWVhMDljYTcwOTJlYS0xNDg5MDI1OTY1MDAwIiwiZXhwIjoxNDg5MDI2MjY0LCJuYmYiOjAsImlhdCI6MTQ4OTAyNTk2NCwic3ViIjoiMDM0MzlkMjItNTgwZi00NTlhLWJkOGUtM2I0NGU0M2FmZjEwIiwiYXpwIjoiYWt2by1sdW1lbi1jb25maWRlbnRpYWwifQ.p5pgYrkXGpZQL4ocqRyrCn5qMxRcQHgz_2LE7jMiPcS6daEgNG1ni92JggdxDemuutlOSQ--88kTPScpIr-lFOt6nOlyU8HJA_9CGHtb_j0fkJ8ooIH-BOFjlexv8FLT-ElcFfXlS76cpdKimfg4EV9vIjHfixTKGYG8oj_w4w3W3xZK79k2lKUYyBWH70CEtX53ARL45fF3mC-n_2rf7-tpylc7oBMwyA36O3TnQXm07ugZ9i3zrRMnRYkP0AiqIinFWYSpNLfljUpMxs4l2_yrWoInOAtmphDHTi3Hdh75wI2Ds0h3D-0psuyohtT_6dHluxtlSZ7CB0rQhPMc-A", "json.key": "ticket" } } } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:25.039258000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025965.039258000", "frame.time_delta": "0.003685000", "frame.time_delta_displayed": "0.003728000", "frame.time_relative": "15.316385000", "frame.number": "243", "frame.len": "1177", "frame.cap_len": "1177", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ip:tcp:http", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "2" }, "ip": { "ip.version": "4", "ip.hdr_len": "20", "ip.dsfield": "0x00000000", "ip.dsfield_tree": { "ip.dsfield.dscp": "0", "ip.dsfield.ecn": "0" }, "ip.len": "1173", "ip.id": "0x0000290d", "ip.flags": "0x00000002", "ip.flags_tree": { "ip.flags.rb": "0", "ip.flags.df": "1", "ip.flags.mf": "0" }, "ip.frag_offset": "0", "ip.ttl": "64", "ip.proto": "6", "ip.checksum": "0x00000000", "ip.checksum.status": "2", "ip.src": "192.168.0.14", "ip.addr": "192.168.0.14", "ip.src_host": "192.168.0.14", "ip.host": "192.168.0.14", "ip.dst": "192.168.0.14", "ip.addr": "192.168.0.14", "ip.dst_host": "192.168.0.14", "ip.host": "192.168.0.14", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "3000", "tcp.dstport": "54778", "tcp.port": "3000", "tcp.port": "54778", "tcp.stream": "20", "tcp.len": "1121", "tcp.seq": "1", "tcp.nxtseq": "1122", "tcp.ack": "1954", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12698", "tcp.window_size": "406336", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x000085f4", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:53:13:48:49:52:4c", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212764947, TSecr 1212764748": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212764947", "tcp.options.timestamp.tsecr": "1212764748" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000090000", "tcp.analysis.bytes_in_flight": "1121", "tcp.analysis.push_bytes_sent": "1121" } }, "http": { "HTTP\/1.1 401 Unauthorized\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "HTTP\/1.1 401 Unauthorized\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.version": "HTTP\/1.1", "http.response.code": "401", "http.response.phrase": "Unauthorized" }, "http.connection": "close", "http.response.line": "Connection: close\r\n", "http.www_authenticate": "UMA realm=\"akvo-lumen-confidential\",as_uri=\"http:\/\/localhost:8080\/auth\/realms\/akvo\/authz\/authorize\",ticket=\"eyJhbGciOiJSUzI1NiIsImtpZCIgOiAiMHdmVXdKQ1VzNmJlR092U3c2UzdWY0ltOHY2Vnd0c2V5QlpndDBJc05pWSJ9.eyJyZXNvdXJjZXMiOlt7Im5hbWUiOiIvbGlicmFyeSIsInNjb3BlcyI6W3sibmFtZSI6InVybjpsdW1lbjpzY29wZXM6ZGFzaGJvYXJkOnZpZXcifV19XSwicmVzb3VyY2VTZXJ2ZXJJZCI6IjllNTNlZWFjLTk5YzktNDA1Yi04N2EyLTRhOTFmNGZkMmYxMCIsImp0aSI6IjZhZWQ3ZGQ2LWFiYjAtNDA2Ni1iOGNlLWVhMDljYTcwOTJlYS0xNDg5MDI1OTY1MDAwIiwiZXhwIjoxNDg5MDI2MjY0LCJuYmYiOjAsImlhdCI6MTQ4OTAyNTk2NCwic3ViIjoiMDM0MzlkMjItNTgwZi00NTlhLWJkOGUtM2I0NGU0M2FmZjEwIiwiYXpwIjoiYWt2by1sdW1lbi1jb25maWRlbnRpYWwifQ.p5pgYrkXGpZQL4ocqRyrCn5qMxRcQHgz_2LE7jMiPcS6daEgNG1ni92JggdxDemuutlOSQ--88kTPScpIr-lFOt6nOlyU8HJA_9CGHtb_j0fkJ8ooIH-BOFjlexv8FLT-ElcFfXlS76cpdKimfg4EV9vIjHfixTKGYG8oj_w4w3W3xZK79k2lKUYyBWH70CEtX53ARL45fF3mC-n_2rf7-tpylc7oBMwyA36O3TnQXm07ugZ9i3zrRMnRYkP0AiqIinFWYSpNLfljUpMxs4l2_yrWoInOAtmphDHTi3Hdh75wI2Ds0h3D-0psuyohtT_6dHluxtlSZ7CB0rQhPMc-A\"", "http.response.line": "WWW-Authenticate: UMA realm=\"akvo-lumen-confidential\",as_uri=\"http:\/\/localhost:8080\/auth\/realms\/akvo\/authz\/authorize\",ticket=\"eyJhbGciOiJSUzI1NiIsImtpZCIgOiAiMHdmVXdKQ1VzNmJlR092U3c2UzdWY0ltOHY2Vnd0c2V5QlpndDBJc05pWSJ9.eyJyZXNvdXJjZXMiOlt7Im5hbWUiOiIvbGlicmFyeSIsInNjb3BlcyI6W3sibmFtZSI6InVybjpsdW1lbjpzY29wZXM6ZGFzaGJvYXJkOnZpZXcifV19XSwicmVzb3VyY2VTZXJ2ZXJJZCI6IjllNTNlZWFjLTk5YzktNDA1Yi04N2EyLTRhOTFmNGZkMmYxMCIsImp0aSI6IjZhZWQ3ZGQ2LWFiYjAtNDA2Ni1iOGNlLWVhMDljYTcwOTJlYS0xNDg5MDI1OTY1MDAwIiwiZXhwIjoxNDg5MDI2MjY0LCJuYmYiOjAsImlhdCI6MTQ4OTAyNTk2NCwic3ViIjoiMDM0MzlkMjItNTgwZi00NTlhLWJkOGUtM2I0NGU0M2FmZjEwIiwiYXpwIjoiYWt2by1sdW1lbi1jb25maWRlbnRpYWwifQ.p5pgYrkXGpZQL4ocqRyrCn5qMxRcQHgz_2LE7jMiPcS6daEgNG1ni92JggdxDemuutlOSQ--88kTPScpIr-lFOt6nOlyU8HJA_9CGHtb_j0fkJ8ooIH-BOFjlexv8FLT-ElcFfXlS76cpdKimfg4EV9vIjHfixTKGYG8oj_w4w3W3xZK79k2lKUYyBWH70CEtX53ARL45fF3mC-n_2rf7-tpylc7oBMwyA36O3TnQXm07ugZ9i3zrRMnRYkP0AiqIinFWYSpNLfljUpMxs4l2_yrWoInOAtmphDHTi3Hdh75wI2Ds0h3D-0psuyohtT_6dHluxtlSZ7CB0rQhPMc-A\"\r\n", "http.server": "undertow", "http.response.line": "Server: undertow\r\n", "http.content_length_header": "0", "http.content_length_header_tree": { "http.content_length": "0" }, "http.response.line": "Content-Length: 0\r\n", "http.date": "Thu, 09 Mar 2017 02:19:25 GMT", "http.response.line": "Date: Thu, 09 Mar 2017 02:19:25 GMT\r\n", "\\r\\n": "", "http.response": "1", "http.response_number": "1", "http.next_request_in": "247" } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:25.043069000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025965.043069000", "frame.time_delta": "0.003763000", "frame.time_delta_displayed": "0.003811000", "frame.time_relative": "15.320196000", "frame.number": "247", "frame.len": "56", "frame.cap_len": "56", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ip:tcp:http", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "2" }, "ip": { "ip.version": "4", "ip.hdr_len": "20", "ip.dsfield": "0x00000000", "ip.dsfield_tree": { "ip.dsfield.dscp": "0", "ip.dsfield.ecn": "0" }, "ip.len": "52", "ip.id": "0x00005282", "ip.flags": "0x00000002", "ip.flags_tree": { "ip.flags.rb": "0", "ip.flags.df": "1", "ip.flags.mf": "0" }, "ip.frag_offset": "0", "ip.ttl": "64", "ip.proto": "6", "ip.checksum": "0x00000000", "ip.checksum.status": "2", "ip.src": "192.168.0.14", "ip.addr": "192.168.0.14", "ip.src_host": "192.168.0.14", "ip.host": "192.168.0.14", "ip.dst": "192.168.0.14", "ip.addr": "192.168.0.14", "ip.dst_host": "192.168.0.14", "ip.host": "192.168.0.14", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "54778", "tcp.dstport": "3000", "tcp.port": "54778", "tcp.port": "3000", "tcp.stream": "20", "tcp.len": "0", "tcp.seq": "1954", "tcp.ack": "1123", "tcp.hdr_len": "32", "tcp.flags": "0x00000011", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "0", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "1", "tcp.flags.fin_tree": { "_ws.expert": { "tcp.connection.fin": "", "_ws.expert.message": "Connection finish (FIN)", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" } }, "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" }, "tcp.window_size_value": "12724", "tcp.window_size": "407168", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x00008193", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:53:16:48:49:53:13", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212764950, TSecr 1212764947": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212764950", "tcp.options.timestamp.tsecr": "1212764947" } } }, "tcp.segments": { "tcp.segment": "231", "tcp.segment": "233", "tcp.segment": "247", "tcp.segment.count": "3", "tcp.reassembled.length": "1953", "tcp.reassembled.data": "47:45:54:20:2f:61:70:69:2f:6c:69:62:72:61:72:79:20:48:54:54:50:2f:31:2e:31:0d:0a:61:63:63:65:70:74:2d:6c:61:6e:67:75:61:67:65:3a:20:65:6e:2d:47:42:2c:65:6e:3b:71:3d:30:2e:38:2c:65:6e:2d:55:53:3b:71:3d:30:2e:36:2c:65:73:3b:71:3d:30:2e:34:0d:0a:61:63:63:65:70:74:2d:65:6e:63:6f:64:69:6e:67:3a:20:67:7a:69:70:2c:20:64:65:66:6c:61:74:65:2c:20:73:64:63:68:2c:20:62:72:0d:0a:72:65:66:65:72:65:72:3a:20:68:74:74:70:3a:2f:2f:74:31:2e:6c:75:6d:65:6e:2e:6c:6f:63:61:6c:68:6f:73:74:3a:33:30:33:30:2f:6c:69:62:72:61:72:79:0d:0a:61:63:63:65:70:74:3a:20:2a:2f:2a:0d:0a:63:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:6a:73:6f:6e:0d:0a:75:73:65:72:2d:61:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:35:2e:30:20:28:4d:61:63:69:6e:74:6f:73:68:3b:20:49:6e:74:65:6c:20:4d:61:63:20:4f:53:20:58:20:31:30:5f:31:32:5f:33:29:20:41:70:70:6c:65:57:65:62:4b:69:74:2f:35:33:37:2e:33:36:20:28:4b:48:54:4d:4c:2c:20:6c:69:6b:65:20:47:65:63:6b:6f:29:20:43:68:72:6f:6d:65:2f:35:36:2e:30:2e:32:39:32:34:2e:38:37:20:53:61:66:61:72:69:2f:35:33:37:2e:33:36:0d:0a:61:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:42:65:61:72:65:72:20:65:79:4a:68:62:47:63:69:4f:69:4a:53:55:7a:49:31:4e:69:49:73:49:6e:52:35:63:43:49:67:4f:69:41:69:53:6c:64:55:49:69:77:69:61:32:6c:6b:49:69:41:36:49:43:49:77:64:32:5a:56:64:30:70:44:56:58:4d:32:59:6d:56:48:54:33:5a:54:64:7a:5a:54:4e:31:5a:6a:53:57:30:34:64:6a:5a:57:64:33:52:7a:5a:58:6c:43:57:6d:64:30:4d:45:6c:7a:54:6d:6c:5a:49:6e:30:2e:65:79:4a:71:64:47:6b:69:4f:69:49:78:5a:47:4a:69:4d:6a:52:6a:5a:69:31:6c:5a:47:55:77:4c:54:52:6b:4e:44:6b:74:4f:54:41:31:59:69:31:6d:5a:54:56:6a:4e:6d:51:35:4e:44:6b:78:4d:32:45:69:4c:43:4a:6c:65:48:41:69:4f:6a:45:30:4f:44:6b:77:4d:6a:59:79:4e:6a:51:73:49:6d:35:69:5a:69:49:36:4d:43:77:69:61:57:46:30:49:6a:6f:78:4e:44:67:35:4d:44:49:31:4f:54:59:30:4c:43:4a:70:63:33:4d:69:4f:69:4a:6f:64:48:52:77:4f:69:38:76:62:47:39:6a:59:57:78:6f:62:33:4e:30:4f:6a:67:77:4f:44:41:76:59:58:56:30:61:43:39:79:5a:57:46:73:62:58:4d:76:59:57:74:32:62:79:49:73:49:6d:46:31:5a:43:49:36:49:6d:46:72:64:6d:38:74:62:48:56:74:5a:57:34:69:4c:43:4a:7a:64:57:49:69:4f:69:49:7a:4e:44:4e:6c:5a:6a:41:32:4d:53:30:79:4e:57:4e:68:4c:54:51:34:4d:44:67:74:4f:44:51:78:59:69:30:33:4d:6a:45:34:5a:6a:68:68:4d:6a:5a:69:4e:32:59:69:4c:43:4a:30:65:58:41:69:4f:69:4a:43:5a:57:46:79:5a:58:49:69:4c:43:4a:68:65:6e:41:69:4f:69:4a:68:61:33:5a:76:4c:57:78:31:62:57:56:75:49:69:77:69:62:6d:39:75:59:32:55:69:4f:69:49:32:59:54:41:77:4d:6d:55:32:5a:69:31:6c:4e:57:4a:6a:4c:54:52:6a:4e:44:55:74:59:57:51:33:4f:53:30:35:5a:6a:51:30:5a:6d:59:30:4d:32:4d:34:5a:54:55:69:4c:43:4a:68:64:58:52:6f:58:33:52:70:62:57:55:69:4f:6a:45:30:4f:44:6b:77:4d:6a:55:35:4e:6a:4d:73:49:6e:4e:6c:63:33:4e:70:62:32:35:66:63:33:52:68:64:47:55:69:4f:69:49:77:5a:6d:45:31:59:6a:45:77:59:79:30:34:4d:57:5a:6a:4c:54:51:31:4e:44:55:74:59:54:59:79:4e:79:31:6c:5a:54:49:34:59:6d:5a:68:5a:6d:51:33:4e:47:45:69:4c:43:4a:68:59:33:49:69:4f:69:49:78:49:69:77:69:59:32:78:70:5a:57:35:30:58:33:4e:6c:63:33:4e:70:62:32:34:69:4f:69:49:33:4f:44:5a:69:5a:54:6b:30:4d:53:31:6b:59:6d:4a:6d:4c:54:51:34:4e:6a:41:74:4f:44:42:6a:4d:79:30:79:4e:47:59:30:4e:6a:41:31:4e:7a:63:79:4f:44:59:69:4c:43:4a:68:62:47:78:76:64:32:56:6b:4c:57:39:79:61:57:64:70:62:6e:4d:69:4f:6c:73:69:61:48:52:30:63:44:6f:76:4c:33:51:79:4c:6d:78:31:62:57:56:75:4c:6d:78:76:59:32:46:73:61:47:39:7a:64:44:6f:7a:4d:44:4d:77:49:69:77:69:61:48:52:30:63:44:6f:76:4c:33:51:78:4c:6d:78:31:62:57:56:75:4c:6d:78:76:59:32:46:73:61:47:39:7a:64:44:6f:7a:4d:44:4d:77:49:6c:30:73:49:6e:4a:6c:59:57:78:74:58:32:46:6a:59:32:56:7a:63:79:49:36:65:79:4a:79:62:32:78:6c:63:79:49:36:57:79:4a:68:61:33:5a:76:4f:6d:78:31:62:57:56:75:4f:6e:51:78:49:69:77:69:59:57:74:32:62:7a:70:73:64:57:31:6c:62:6a:70:30:4d:54:70:68:5a:47:31:70:62:69:49:73:49:6e:56:74:59:56:39:68:64:58:52:6f:62:33:4a:70:65:6d:46:30:61:57:39:75:49:6c:31:39:4c:43:4a:79:5a:58:4e:76:64:58:4a:6a:5a:56:39:68:59:32:4e:6c:63:33:4d:69:4f:6e:73:69:59:57:4e:6a:62:33:56:75:64:43:49:36:65:79:4a:79:62:32:78:6c:63:79:49:36:57:79:4a:74:59:57:35:68:5a:32:55:74:59:57:4e:6a:62:33:56:75:64:43:49:73:49:6e:5a:70:5a:58:63:74:63:48:4a:76:5a:6d:6c:73:5a:53:4a:64:66:58:30:73:49:6d:35:68:62:57:55:69:4f:69:4a:4b:5a:58:4a:76:62:57:55:67:52:57:64:70:62:6d:78:68:49:69:77:69:63:48:4a:6c:5a:6d:56:79:63:6d:56:6b:58:33:56:7a:5a:58:4a:75:59:57:31:6c:49:6a:6f:69:61:6d:56:79:62:32:31:6c:49:69:77:69:5a:32:6c:32:5a:57:35:66:62:6d:46:74:5a:53:49:36:49:6b:70:6c:63:6d:39:74:5a:53:49:73:49:6d:5a:68:62:57:6c:73:65:56:39:75:59:57:31:6c:49:6a:6f:69:52:57:64:70:62:6d:78:68:49:69:77:69:5a:57:31:68:61:57:77:69:4f:69:4a:71:5a:58:4a:76:62:57:56:41:64:44:45:75:62:48:56:74:5a:57:34:75:62:47:39:6a:59:57:78:6f:62:33:4e:30:49:6e:30:2e:62:6a:47:59:44:6a:41:33:2d:33:39:35:41:54:65:52:37:4b:54:55:6c:75:4f:4b:41:70:6f:5a:6b:56:32:5f:4d:64:41:37:4a:62:75:7a:33:6d:6f:57:68:56:48:42:44:54:34:2d:33:42:47:75:4c:59:4e:4c:46:77:6c:46:4e:43:76:4f:6f:38:6e:67:6a:43:61:4d:42:48:36:4e:71:61:51:49:78:76:79:62:58:49:39:4c:63:73:69:33:32:30:33:42:49:59:37:71:32:44:72:6a:33:63:38:63:4c:2d:54:36:6b:34:59:6c:4f:52:41:43:77:56:70:73:58:33:39:35:65:71:71:4a:65:5a:53:59:67:41:64:6e:48:77:76:68:35:79:6f:64:32:4b:66:4b:65:44:42:61:74:70:55:74:59:49:59:6b:43:2d:67:43:77:53:43:55:50:73:44:53:62:62:31:4d:38:6c:37:48:52:35:64:51:41:65:61:4f:50:4d:36:42:49:58:61:59:37:63:4e:42:6b:7a:54:48:4f:5f:50:47:6d:50:6b:58:42:66:44:76:52:38:72:54:5f:33:58:43:50:71:56:46:2d:65:30:31:4c:30:6c:58:72:57:36:4d:38:32:71:33:58:41:33:4d:6f:74:33:52:45:36:4f:72:58:46:4e:6d:2d:39:69:6c:57:68:5f:6d:67:36:62:45:4b:57:61:44:31:57:68:69:58:72:76:39:66:7a:45:78:56:30:34:50:5a:35:33:46:4c:50:35:54:67:53:71:43:66:58:30:4b:66:6b:41:76:57:69:6c:63:68:43:30:6f:38:77:4c:76:61:66:39:6e:56:65:43:50:43:77:0d:0a:63:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:68:6f:73:74:3a:20:74:31:2e:6c:75:6d:65:6e:2e:6c:6f:63:61:6c:68:6f:73:74:3a:33:30:33:30:0d:0a:0d:0a" }, "http": { "GET \/api\/library HTTP\/1.1\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "GET \/api\/library HTTP\/1.1\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.method": "GET", "http.request.uri": "\/api\/library", "http.request.version": "HTTP\/1.1" }, "http.accept_language": "en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4", "http.request.line": "accept-language: en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4\r\n", "http.accept_encoding": "gzip, deflate, sdch, br", "http.request.line": "accept-encoding: gzip, deflate, sdch, br\r\n", "http.referer": "http:\/\/t1.lumen.localhost:3030\/library", "http.request.line": "referer: http:\/\/t1.lumen.localhost:3030\/library\r\n", "http.accept": "*\/*", "http.request.line": "accept: *\/*\r\n", "http.content_type": "application\/json", "http.request.line": "content-type: application\/json\r\n", "http.user_agent": "Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36", "http.request.line": "user-agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36\r\n", "http.authorization": "Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIwd2ZVd0pDVXM2YmVHT3ZTdzZTN1ZjSW04djZWd3RzZXlCWmd0MElzTmlZIn0.eyJqdGkiOiIxZGJiMjRjZi1lZGUwLTRkNDktOTA1Yi1mZTVjNmQ5NDkxM2EiLCJleHAiOjE0ODkwMjYyNjQsIm5iZiI6MCwiaWF0IjoxNDg5MDI1OTY0LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvYWt2byIsImF1ZCI6ImFrdm8tbHVtZW4iLCJzdWIiOiIzNDNlZjA2MS0yNWNhLTQ4MDgtODQxYi03MjE4ZjhhMjZiN2YiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJha3ZvLWx1bWVuIiwibm9uY2UiOiI2YTAwMmU2Zi1lNWJjLTRjNDUtYWQ3OS05ZjQ0ZmY0M2M4ZTUiLCJhdXRoX3RpbWUiOjE0ODkwMjU5NjMsInNlc3Npb25fc3RhdGUiOiIwZmE1YjEwYy04MWZjLTQ1NDUtYTYyNy1lZTI4YmZhZmQ3NGEiLCJhY3IiOiIxIiwiY2xpZW50X3Nlc3Npb24iOiI3ODZiZTk0MS1kYmJmLTQ4NjAtODBjMy0yNGY0NjA1NzcyODYiLCJhbGxvd2VkLW9yaWdpbnMiOlsiaHR0cDovL3QyLmx1bWVuLmxvY2FsaG9zdDozMDMwIiwiaHR0cDovL3QxLmx1bWVuLmxvY2FsaG9zdDozMDMwIl0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJha3ZvOmx1bWVuOnQxIiwiYWt2bzpsdW1lbjp0MTphZG1pbiIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsInZpZXctcHJvZmlsZSJdfX0sIm5hbWUiOiJKZXJvbWUgRWdpbmxhIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiamVyb21lIiwiZ2l2ZW5fbmFtZSI6Ikplcm9tZSIsImZhbWlseV9uYW1lIjoiRWdpbmxhIiwiZW1haWwiOiJqZXJvbWVAdDEubHVtZW4ubG9jYWxob3N0In0.bjGYDjA3-395ATeR7KTUluOKApoZkV2_MdA7Jbuz3moWhVHBDT4-3BGuLYNLFwlFNCvOo8ngjCaMBH6NqaQIxvybXI9Lcsi3203BIY7q2Drj3c8cL-T6k4YlORACwVpsX395eqqJeZSYgAdnHwvh5yod2KfKeDBatpUtYIYkC-gCwSCUPsDSbb1M8l7HR5dQAeaOPM6BIXaY7cNBkzTHO_PGmPkXBfDvR8rT_3XCPqVF-e01L0lXrW6M82q3XA3Mot3RE6OrXFNm-9ilWh_mg6bEKWaD1WhiXrv9fzExV04PZ53FLP5TgSqCfX0KfkAvWilchC0o8wLvaf9nVeCPCw", "http.request.line": "authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIwd2ZVd0pDVXM2YmVHT3ZTdzZTN1ZjSW04djZWd3RzZXlCWmd0MElzTmlZIn0.eyJqdGkiOiIxZGJiMjRjZi1lZGUwLTRkNDktOTA1Yi1mZTVjNmQ5NDkxM2EiLCJleHAiOjE0ODkwMjYyNjQsIm5iZiI6MCwiaWF0IjoxNDg5MDI1OTY0LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvYWt2byIsImF1ZCI6ImFrdm8tbHVtZW4iLCJzdWIiOiIzNDNlZjA2MS0yNWNhLTQ4MDgtODQxYi03MjE4ZjhhMjZiN2YiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJha3ZvLWx1bWVuIiwibm9uY2UiOiI2YTAwMmU2Zi1lNWJjLTRjNDUtYWQ3OS05ZjQ0ZmY0M2M4ZTUiLCJhdXRoX3RpbWUiOjE0ODkwMjU5NjMsInNlc3Npb25fc3RhdGUiOiIwZmE1YjEwYy04MWZjLTQ1NDUtYTYyNy1lZTI4YmZhZmQ3NGEiLCJhY3IiOiIxIiwiY2xpZW50X3Nlc3Npb24iOiI3ODZiZTk0MS1kYmJmLTQ4NjAtODBjMy0yNGY0NjA1NzcyODYiLCJhbGxvd2VkLW9yaWdpbnMiOlsiaHR0cDovL3QyLmx1bWVuLmxvY2FsaG9zdDozMDMwIiwiaHR0cDovL3QxLmx1bWVuLmxvY2FsaG9zdDozMDMwIl0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJha3ZvOmx1bWVuOnQxIiwiYWt2bzpsdW1lbjp0MTphZG1pbiIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsInZpZXctcHJvZmlsZSJdfX0sIm5hbWUiOiJKZXJvbWUgRWdpbmxhIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiamVyb21lIiwiZ2l2ZW5fbmFtZSI6Ikplcm9tZSIsImZhbWlseV9uYW1lIjoiRWdpbmxhIiwiZW1haWwiOiJqZXJvbWVAdDEubHVtZW4ubG9jYWxob3N0In0.bjGYDjA3-395ATeR7KTUluOKApoZkV2_MdA7Jbuz3moWhVHBDT4-3BGuLYNLFwlFNCvOo8ngjCaMBH6NqaQIxvybXI9Lcsi3203BIY7q2Drj3c8cL-T6k4YlORACwVpsX395eqqJeZSYgAdnHwvh5yod2KfKeDBatpUtYIYkC-gCwSCUPsDSbb1M8l7HR5dQAeaOPM6BIXaY7cNBkzTHO_PGmPkXBfDvR8rT_3XCPqVF-e01L0lXrW6M82q3XA3Mot3RE6OrXFNm-9ilWh_mg6bEKWaD1WhiXrv9fzExV04PZ53FLP5TgSqCfX0KfkAvWilchC0o8wLvaf9nVeCPCw\r\n", "http.connection": "close", "http.request.line": "connection: close\r\n", "http.host": "t1.lumen.localhost:3030", "http.request.line": "host: t1.lumen.localhost:3030\r\n", "\\r\\n": "", "http.request.full_uri": "http:\/\/t1.lumen.localhost:3030\/api\/library", "http.request": "1", "http.request_number": "2" } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:25.043563000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025965.043563000", "frame.time_delta": "0.000424000", "frame.time_delta_displayed": "0.000494000", "frame.time_relative": "15.320690000", "frame.number": "249", "frame.len": "1200", "frame.cap_len": "1200", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ip:tcp:http", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "2" }, "ip": { "ip.version": "4", "ip.hdr_len": "20", "ip.dsfield": "0x00000002", "ip.dsfield_tree": { "ip.dsfield.dscp": "0", "ip.dsfield.ecn": "2" }, "ip.len": "1196", "ip.id": "0x0000ef66", "ip.flags": "0x00000002", "ip.flags_tree": { "ip.flags.rb": "0", "ip.flags.df": "1", "ip.flags.mf": "0" }, "ip.frag_offset": "0", "ip.ttl": "64", "ip.proto": "6", "ip.checksum": "0x00000000", "ip.checksum.status": "2", "ip.src": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.src_host": "127.0.0.1", "ip.host": "127.0.0.1", "ip.dst": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.dst_host": "127.0.0.1", "ip.host": "127.0.0.1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "3030", "tcp.dstport": "54777", "tcp.port": "3030", "tcp.port": "54777", "tcp.stream": "19", "tcp.len": "1144", "tcp.seq": "1", "tcp.nxtseq": "1145", "tcp.ack": "1959", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12698", "tcp.window_size": "406336", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x000002a1", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:53:16:48:49:52:05", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212764950, TSecr 1212764677": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212764950", "tcp.options.timestamp.tsecr": "1212764677" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000085000", "tcp.analysis.bytes_in_flight": "1144", "tcp.analysis.push_bytes_sent": "1144" } }, "http": { "HTTP\/1.1 401 Unauthorized\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "HTTP\/1.1 401 Unauthorized\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.version": "HTTP\/1.1", "http.response.code": "401", "http.response.phrase": "Unauthorized" }, "http.response.line": "X-Powered-By: Express\r\n", "http.connection": "close", "http.response.line": "connection: close\r\n", "http.www_authenticate": "UMA realm=\"akvo-lumen-confidential\",as_uri=\"http:\/\/localhost:8080\/auth\/realms\/akvo\/authz\/authorize\",ticket=\"eyJhbGciOiJSUzI1NiIsImtpZCIgOiAiMHdmVXdKQ1VzNmJlR092U3c2UzdWY0ltOHY2Vnd0c2V5QlpndDBJc05pWSJ9.eyJyZXNvdXJjZXMiOlt7Im5hbWUiOiIvbGlicmFyeSIsInNjb3BlcyI6W3sibmFtZSI6InVybjpsdW1lbjpzY29wZXM6ZGFzaGJvYXJkOnZpZXcifV19XSwicmVzb3VyY2VTZXJ2ZXJJZCI6IjllNTNlZWFjLTk5YzktNDA1Yi04N2EyLTRhOTFmNGZkMmYxMCIsImp0aSI6IjZhZWQ3ZGQ2LWFiYjAtNDA2Ni1iOGNlLWVhMDljYTcwOTJlYS0xNDg5MDI1OTY1MDAwIiwiZXhwIjoxNDg5MDI2MjY0LCJuYmYiOjAsImlhdCI6MTQ4OTAyNTk2NCwic3ViIjoiMDM0MzlkMjItNTgwZi00NTlhLWJkOGUtM2I0NGU0M2FmZjEwIiwiYXpwIjoiYWt2by1sdW1lbi1jb25maWRlbnRpYWwifQ.p5pgYrkXGpZQL4ocqRyrCn5qMxRcQHgz_2LE7jMiPcS6daEgNG1ni92JggdxDemuutlOSQ--88kTPScpIr-lFOt6nOlyU8HJA_9CGHtb_j0fkJ8ooIH-BOFjlexv8FLT-ElcFfXlS76cpdKimfg4EV9vIjHfixTKGYG8oj_w4w3W3xZK79k2lKUYyBWH70CEtX53ARL45fF3mC-n_2rf7-tpylc7oBMwyA36O3TnQXm07ugZ9i3zrRMnRYkP0AiqIinFWYSpNLfljUpMxs4l2_yrWoInOAtmphDHTi3Hdh75wI2Ds0h3D-0psuyohtT_6dHluxtlSZ7CB0rQhPMc-A\"", "http.response.line": "www-authenticate: UMA realm=\"akvo-lumen-confidential\",as_uri=\"http:\/\/localhost:8080\/auth\/realms\/akvo\/authz\/authorize\",ticket=\"eyJhbGciOiJSUzI1NiIsImtpZCIgOiAiMHdmVXdKQ1VzNmJlR092U3c2UzdWY0ltOHY2Vnd0c2V5QlpndDBJc05pWSJ9.eyJyZXNvdXJjZXMiOlt7Im5hbWUiOiIvbGlicmFyeSIsInNjb3BlcyI6W3sibmFtZSI6InVybjpsdW1lbjpzY29wZXM6ZGFzaGJvYXJkOnZpZXcifV19XSwicmVzb3VyY2VTZXJ2ZXJJZCI6IjllNTNlZWFjLTk5YzktNDA1Yi04N2EyLTRhOTFmNGZkMmYxMCIsImp0aSI6IjZhZWQ3ZGQ2LWFiYjAtNDA2Ni1iOGNlLWVhMDljYTcwOTJlYS0xNDg5MDI1OTY1MDAwIiwiZXhwIjoxNDg5MDI2MjY0LCJuYmYiOjAsImlhdCI6MTQ4OTAyNTk2NCwic3ViIjoiMDM0MzlkMjItNTgwZi00NTlhLWJkOGUtM2I0NGU0M2FmZjEwIiwiYXpwIjoiYWt2by1sdW1lbi1jb25maWRlbnRpYWwifQ.p5pgYrkXGpZQL4ocqRyrCn5qMxRcQHgz_2LE7jMiPcS6daEgNG1ni92JggdxDemuutlOSQ--88kTPScpIr-lFOt6nOlyU8HJA_9CGHtb_j0fkJ8ooIH-BOFjlexv8FLT-ElcFfXlS76cpdKimfg4EV9vIjHfixTKGYG8oj_w4w3W3xZK79k2lKUYyBWH70CEtX53ARL45fF3mC-n_2rf7-tpylc7oBMwyA36O3TnQXm07ugZ9i3zrRMnRYkP0AiqIinFWYSpNLfljUpMxs4l2_yrWoInOAtmphDHTi3Hdh75wI2Ds0h3D-0psuyohtT_6dHluxtlSZ7CB0rQhPMc-A\"\r\n", "http.server": "undertow", "http.response.line": "server: undertow\r\n", "http.content_length_header": "0", "http.content_length_header_tree": { "http.content_length": "0" }, "http.response.line": "content-length: 0\r\n", "http.date": "Thu, 09 Mar 2017 02:19:25 GMT", "http.response.line": "date: Thu, 09 Mar 2017 02:19:25 GMT\r\n", "\\r\\n": "", "http.response": "1", "http.response_number": "1", "http.time": "0.282011000", "http.request_in": "215" } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:25.047184000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025965.047184000", "frame.time_delta": "0.003048000", "frame.time_delta_displayed": "0.003621000", "frame.time_relative": "15.324311000", "frame.number": "255", "frame.len": "606", "frame.cap_len": "606", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ipv6:tcp:http", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "30" }, "ipv6": { "ipv6.version": "6", "ip.version": "6", "ipv6.tclass": "0x00000002", "ipv6.tclass_tree": { "ipv6.tclass.dscp": "0", "ipv6.tclass.ecn": "2" }, "ipv6.flow": "0x0007416a", "ipv6.plen": "562", "ipv6.nxt": "6", "ipv6.hlim": "64", "ipv6.src": "::1", "ipv6.addr": "::1", "ipv6.src_host": "::1", "ipv6.host": "::1", "ipv6.dst": "::1", "ipv6.addr": "::1", "ipv6.dst_host": "::1", "ipv6.host": "::1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "54773", "tcp.dstport": "8080", "tcp.port": "54773", "tcp.port": "8080", "tcp.stream": "15", "tcp.len": "530", "tcp.seq": "2491", "tcp.nxtseq": "3021", "tcp.ack": "1050", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12710", "tcp.window_size": "406720", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x0000023a", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:53:1a:48:49:50:b0", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212764954, TSecr 1212764336": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212764954", "tcp.options.timestamp.tsecr": "1212764336" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000081000", "tcp.analysis.bytes_in_flight": "530", "tcp.analysis.push_bytes_sent": "530" } }, "http": { "OPTIONS \/auth\/realms\/akvo\/authz\/authorize HTTP\/1.1\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "OPTIONS \/auth\/realms\/akvo\/authz\/authorize HTTP\/1.1\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.method": "OPTIONS", "http.request.uri": "\/auth\/realms\/akvo\/authz\/authorize", "http.request.version": "HTTP\/1.1" }, "http.host": "localhost:8080", "http.request.line": "Host: localhost:8080\r\n", "http.connection": "keep-alive", "http.request.line": "Connection: keep-alive\r\n", "http.request.line": "Access-Control-Request-Method: POST\r\n", "http.request.line": "Origin: http:\/\/t1.lumen.localhost:3030\r\n", "http.user_agent": "Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36", "http.request.line": "User-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36\r\n", "http.request.line": "Access-Control-Request-Headers: authorization, content-type\r\n", "http.accept": "*\/*", "http.request.line": "Accept: *\/*\r\n", "http.referer": "http:\/\/t1.lumen.localhost:3030\/library", "http.request.line": "Referer: http:\/\/t1.lumen.localhost:3030\/library\r\n", "http.accept_encoding": "gzip, deflate, sdch, br", "http.request.line": "Accept-Encoding: gzip, deflate, sdch, br\r\n", "http.accept_language": "en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4", "http.request.line": "Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4\r\n", "\\r\\n": "", "http.request.full_uri": "http:\/\/localhost:8080\/auth\/realms\/akvo\/authz\/authorize", "http.request": "1", "http.request_number": "3", "http.prev_request_in": "181", "http.response_in": "257", "http.next_request_in": "260" } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:25.049881000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025965.049881000", "frame.time_delta": "0.002656000", "frame.time_delta_displayed": "0.002697000", "frame.time_relative": "15.327008000", "frame.number": "257", "frame.len": "558", "frame.cap_len": "558", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ipv6:tcp:http", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "30" }, "ipv6": { "ipv6.version": "6", "ip.version": "6", "ipv6.tclass": "0x00000002", "ipv6.tclass_tree": { "ipv6.tclass.dscp": "0", "ipv6.tclass.ecn": "2" }, "ipv6.flow": "0x0003ca37", "ipv6.plen": "514", "ipv6.nxt": "6", "ipv6.hlim": "64", "ipv6.src": "::1", "ipv6.addr": "::1", "ipv6.src_host": "::1", "ipv6.host": "::1", "ipv6.dst": "::1", "ipv6.addr": "::1", "ipv6.dst_host": "::1", "ipv6.host": "::1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "8080", "tcp.dstport": "54773", "tcp.port": "8080", "tcp.port": "54773", "tcp.stream": "15", "tcp.len": "482", "tcp.seq": "1050", "tcp.nxtseq": "1532", "tcp.ack": "3021", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12649", "tcp.window_size": "404768", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x0000020a", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:53:1c:48:49:53:1a", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212764956, TSecr 1212764954": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212764956", "tcp.options.timestamp.tsecr": "1212764954" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000081000", "tcp.analysis.bytes_in_flight": "482", "tcp.analysis.push_bytes_sent": "482" } }, "http": { "HTTP\/1.1 200 OK\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.version": "HTTP\/1.1", "http.response.code": "200", "http.response.phrase": "OK" }, "http.response.line": "X-Powered-By: Undertow\/1\r\n", "http.response.line": "Access-Control-Allow-Headers: Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization\r\n", "http.server": "WildFly\/10", "http.response.line": "Server: WildFly\/10\r\n", "http.date": "Thu, 09 Mar 2017 02:19:25 GMT", "http.response.line": "Date: Thu, 09 Mar 2017 02:19:25 GMT\r\n", "http.connection": "keep-alive", "http.response.line": "Connection: keep-alive\r\n", "http.response.line": "Access-Control-Allow-Origin: http:\/\/t1.lumen.localhost:3030\r\n", "http.response.line": "Access-Control-Allow-Credentials: true\r\n", "http.content_length_header": "0", "http.content_length_header_tree": { "http.content_length": "0" }, "http.response.line": "Content-Length: 0\r\n", "http.response.line": "Access-Control-Allow-Methods: GET, HEAD, OPTIONS\r\n", "http.response.line": "Access-Control-Max-Age: 3600\r\n", "\\r\\n": "", "http.response": "1", "http.response_number": "3", "http.time": "0.002697000", "http.prev_request_in": "181", "http.prev_response_in": "183", "http.request_in": "255", "http.next_request_in": "260", "http.next_response_in": "263" } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:25.051393000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025965.051393000", "frame.time_delta": "0.000022000", "frame.time_delta_displayed": "0.001512000", "frame.time_relative": "15.328520000", "frame.number": "260", "frame.len": "970", "frame.cap_len": "970", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ipv6:tcp:http:json", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "30" }, "ipv6": { "ipv6.version": "6", "ip.version": "6", "ipv6.tclass": "0x00000002", "ipv6.tclass_tree": { "ipv6.tclass.dscp": "0", "ipv6.tclass.ecn": "2" }, "ipv6.flow": "0x0007416a", "ipv6.plen": "926", "ipv6.nxt": "6", "ipv6.hlim": "64", "ipv6.src": "::1", "ipv6.addr": "::1", "ipv6.src_host": "::1", "ipv6.host": "::1", "ipv6.dst": "::1", "ipv6.addr": "::1", "ipv6.dst_host": "::1", "ipv6.host": "::1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "54773", "tcp.dstport": "8080", "tcp.port": "54773", "tcp.port": "8080", "tcp.stream": "15", "tcp.len": "894", "tcp.seq": "5047", "tcp.nxtseq": "5941", "tcp.ack": "1532", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12695", "tcp.window_size": "406240", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x000003a6", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:53:1d:48:49:53:1c", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212764957, TSecr 1212764956": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212764957", "tcp.options.timestamp.tsecr": "1212764956" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000081000", "tcp.analysis.bytes_in_flight": "2920", "tcp.analysis.push_bytes_sent": "894" }, "tcp.segment_data": "7b:22:74:69:63:6b:65:74:22:3a:22:65:79:4a:68:62:47:63:69:4f:69:4a:53:55:7a:49:31:4e:69:49:73:49:6d:74:70:5a:43:49:67:4f:69:41:69:4d:48:64:6d:56:58:64:4b:51:31:56:7a:4e:6d:4a:6c:52:30:39:32:55:33:63:32:55:7a:64:57:59:30:6c:74:4f:48:59:32:56:6e:64:30:63:32:56:35:51:6c:70:6e:64:44:42:4a:63:30:35:70:57:53:4a:39:2e:65:79:4a:79:5a:58:4e:76:64:58:4a:6a:5a:58:4d:69:4f:6c:74:37:49:6d:35:68:62:57:55:69:4f:69:49:76:62:47:6c:69:63:6d:46:79:65:53:49:73:49:6e:4e:6a:62:33:42:6c:63:79:49:36:57:33:73:69:62:6d:46:74:5a:53:49:36:49:6e:56:79:62:6a:70:73:64:57:31:6c:62:6a:70:7a:59:32:39:77:5a:58:4d:36:5a:47:46:7a:61:47:4a:76:59:58:4a:6b:4f:6e:5a:70:5a:58:63:69:66:56:31:39:58:53:77:69:63:6d:56:7a:62:33:56:79:59:32:56:54:5a:58:4a:32:5a:58:4a:4a:5a:43:49:36:49:6a:6c:6c:4e:54:4e:6c:5a:57:46:6a:4c:54:6b:35:59:7a:6b:74:4e:44:41:31:59:69:30:34:4e:32:45:79:4c:54:52:68:4f:54:46:6d:4e:47:5a:6b:4d:6d:59:78:4d:43:49:73:49:6d:70:30:61:53:49:36:49:6a:5a:68:5a:57:51:33:5a:47:51:32:4c:57:46:69:59:6a:41:74:4e:44:41:32:4e:69:31:69:4f:47:4e:6c:4c:57:56:68:4d:44:6c:6a:59:54:63:77:4f:54:4a:6c:59:53:30:78:4e:44:67:35:4d:44:49:31:4f:54:59:31:4d:44:41:77:49:69:77:69:5a:58:68:77:49:6a:6f:78:4e:44:67:35:4d:44:49:32:4d:6a:59:30:4c:43:4a:75:59:6d:59:69:4f:6a:41:73:49:6d:6c:68:64:43:49:36:4d:54:51:34:4f:54:41:79:4e:54:6b:32:4e:43:77:69:63:33:56:69:49:6a:6f:69:4d:44:4d:30:4d:7a:6c:6b:4d:6a:49:74:4e:54:67:77:5a:69:30:30:4e:54:6c:68:4c:57:4a:6b:4f:47:55:74:4d:32:49:30:4e:47:55:30:4d:32:46:6d:5a:6a:45:77:49:69:77:69:59:58:70:77:49:6a:6f:69:59:57:74:32:62:79:31:73:64:57:31:6c:62:69:31:6a:62:32:35:6d:61:57:52:6c:62:6e:52:70:59:57:77:69:66:51:2e:70:35:70:67:59:72:6b:58:47:70:5a:51:4c:34:6f:63:71:52:79:72:43:6e:35:71:4d:78:52:63:51:48:67:7a:5f:32:4c:45:37:6a:4d:69:50:63:53:36:64:61:45:67:4e:47:31:6e:69:39:32:4a:67:67:64:78:44:65:6d:75:75:74:6c:4f:53:51:2d:2d:38:38:6b:54:50:53:63:70:49:72:2d:6c:46:4f:74:36:6e:4f:6c:79:55:38:48:4a:41:5f:39:43:47:48:74:62:5f:6a:30:66:6b:4a:38:6f:6f:49:48:2d:42:4f:46:6a:6c:65:78:76:38:46:4c:54:2d:45:6c:63:46:66:58:6c:53:37:36:63:70:64:4b:69:6d:66:67:34:45:56:39:76:49:6a:48:66:69:78:54:4b:47:59:47:38:6f:6a:5f:77:34:77:33:57:33:78:5a:4b:37:39:6b:32:6c:4b:55:59:79:42:57:48:37:30:43:45:74:58:35:33:41:52:4c:34:35:66:46:33:6d:43:2d:6e:5f:32:72:66:37:2d:74:70:79:6c:63:37:6f:42:4d:77:79:41:33:36:4f:33:54:6e:51:58:6d:30:37:75:67:5a:39:69:33:7a:72:52:4d:6e:52:59:6b:50:30:41:69:71:49:69:6e:46:57:59:53:70:4e:4c:66:6c:6a:55:70:4d:78:73:34:6c:32:5f:79:72:57:6f:49:6e:4f:41:74:6d:70:68:44:48:54:69:33:48:64:68:37:35:77:49:32:44:73:30:68:33:44:2d:30:70:73:75:79:6f:68:74:54:5f:36:64:48:6c:75:78:74:6c:53:5a:37:43:42:30:72:51:68:50:4d:63:2d:41:22:2c:22:72:70:74:22:3a:6e:75:6c:6c:7d" }, "tcp.segments": { "tcp.segment": "259", "tcp.segment": "260", "tcp.segment.count": "2", "tcp.reassembled.length": "2920", "tcp.reassembled.data": "50:4f:53:54:20:2f:61:75:74:68:2f:72:65:61:6c:6d:73:2f:61:6b:76:6f:2f:61:75:74:68:7a:2f:61:75:74:68:6f:72:69:7a:65:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:6c:6f:63:61:6c:68:6f:73:74:3a:38:30:38:30:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:6b:65:65:70:2d:61:6c:69:76:65:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:38:39:34:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:35:2e:30:20:28:4d:61:63:69:6e:74:6f:73:68:3b:20:49:6e:74:65:6c:20:4d:61:63:20:4f:53:20:58:20:31:30:5f:31:32:5f:33:29:20:41:70:70:6c:65:57:65:62:4b:69:74:2f:35:33:37:2e:33:36:20:28:4b:48:54:4d:4c:2c:20:6c:69:6b:65:20:47:65:63:6b:6f:29:20:43:68:72:6f:6d:65:2f:35:36:2e:30:2e:32:39:32:34:2e:38:37:20:53:61:66:61:72:69:2f:35:33:37:2e:33:36:0d:0a:4f:72:69:67:69:6e:3a:20:68:74:74:70:3a:2f:2f:74:31:2e:6c:75:6d:65:6e:2e:6c:6f:63:61:6c:68:6f:73:74:3a:33:30:33:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:42:65:61:72:65:72:20:65:79:4a:68:62:47:63:69:4f:69:4a:53:55:7a:49:31:4e:69:49:73:49:6e:52:35:63:43:49:67:4f:69:41:69:53:6c:64:55:49:69:77:69:61:32:6c:6b:49:69:41:36:49:43:49:77:64:32:5a:56:64:30:70:44:56:58:4d:32:59:6d:56:48:54:33:5a:54:64:7a:5a:54:4e:31:5a:6a:53:57:30:34:64:6a:5a:57:64:33:52:7a:5a:58:6c:43:57:6d:64:30:4d:45:6c:7a:54:6d:6c:5a:49:6e:30:2e:65:79:4a:71:64:47:6b:69:4f:69:49:78:5a:47:4a:69:4d:6a:52:6a:5a:69:31:6c:5a:47:55:77:4c:54:52:6b:4e:44:6b:74:4f:54:41:31:59:69:31:6d:5a:54:56:6a:4e:6d:51:35:4e:44:6b:78:4d:32:45:69:4c:43:4a:6c:65:48:41:69:4f:6a:45:30:4f:44:6b:77:4d:6a:59:79:4e:6a:51:73:49:6d:35:69:5a:69:49:36:4d:43:77:69:61:57:46:30:49:6a:6f:78:4e:44:67:35:4d:44:49:31:4f:54:59:30:4c:43:4a:70:63:33:4d:69:4f:69:4a:6f:64:48:52:77:4f:69:38:76:62:47:39:6a:59:57:78:6f:62:33:4e:30:4f:6a:67:77:4f:44:41:76:59:58:56:30:61:43:39:79:5a:57:46:73:62:58:4d:76:59:57:74:32:62:79:49:73:49:6d:46:31:5a:43:49:36:49:6d:46:72:64:6d:38:74:62:48:56:74:5a:57:34:69:4c:43:4a:7a:64:57:49:69:4f:69:49:7a:4e:44:4e:6c:5a:6a:41:32:4d:53:30:79:4e:57:4e:68:4c:54:51:34:4d:44:67:74:4f:44:51:78:59:69:30:33:4d:6a:45:34:5a:6a:68:68:4d:6a:5a:69:4e:32:59:69:4c:43:4a:30:65:58:41:69:4f:69:4a:43:5a:57:46:79:5a:58:49:69:4c:43:4a:68:65:6e:41:69:4f:69:4a:68:61:33:5a:76:4c:57:78:31:62:57:56:75:49:69:77:69:62:6d:39:75:59:32:55:69:4f:69:49:32:59:54:41:77:4d:6d:55:32:5a:69:31:6c:4e:57:4a:6a:4c:54:52:6a:4e:44:55:74:59:57:51:33:4f:53:30:35:5a:6a:51:30:5a:6d:59:30:4d:32:4d:34:5a:54:55:69:4c:43:4a:68:64:58:52:6f:58:33:52:70:62:57:55:69:4f:6a:45:30:4f:44:6b:77:4d:6a:55:35:4e:6a:4d:73:49:6e:4e:6c:63:33:4e:70:62:32:35:66:63:33:52:68:64:47:55:69:4f:69:49:77:5a:6d:45:31:59:6a:45:77:59:79:30:34:4d:57:5a:6a:4c:54:51:31:4e:44:55:74:59:54:59:79:4e:79:31:6c:5a:54:49:34:59:6d:5a:68:5a:6d:51:33:4e:47:45:69:4c:43:4a:68:59:33:49:69:4f:69:49:78:49:69:77:69:59:32:78:70:5a:57:35:30:58:33:4e:6c:63:33:4e:70:62:32:34:69:4f:69:49:33:4f:44:5a:69:5a:54:6b:30:4d:53:31:6b:59:6d:4a:6d:4c:54:51:34:4e:6a:41:74:4f:44:42:6a:4d:79:30:79:4e:47:59:30:4e:6a:41:31:4e:7a:63:79:4f:44:59:69:4c:43:4a:68:62:47:78:76:64:32:56:6b:4c:57:39:79:61:57:64:70:62:6e:4d:69:4f:6c:73:69:61:48:52:30:63:44:6f:76:4c:33:51:79:4c:6d:78:31:62:57:56:75:4c:6d:78:76:59:32:46:73:61:47:39:7a:64:44:6f:7a:4d:44:4d:77:49:69:77:69:61:48:52:30:63:44:6f:76:4c:33:51:78:4c:6d:78:31:62:57:56:75:4c:6d:78:76:59:32:46:73:61:47:39:7a:64:44:6f:7a:4d:44:4d:77:49:6c:30:73:49:6e:4a:6c:59:57:78:74:58:32:46:6a:59:32:56:7a:63:79:49:36:65:79:4a:79:62:32:78:6c:63:79:49:36:57:79:4a:68:61:33:5a:76:4f:6d:78:31:62:57:56:75:4f:6e:51:78:49:69:77:69:59:57:74:32:62:7a:70:73:64:57:31:6c:62:6a:70:30:4d:54:70:68:5a:47:31:70:62:69:49:73:49:6e:56:74:59:56:39:68:64:58:52:6f:62:33:4a:70:65:6d:46:30:61:57:39:75:49:6c:31:39:4c:43:4a:79:5a:58:4e:76:64:58:4a:6a:5a:56:39:68:59:32:4e:6c:63:33:4d:69:4f:6e:73:69:59:57:4e:6a:62:33:56:75:64:43:49:36:65:79:4a:79:62:32:78:6c:63:79:49:36:57:79:4a:74:59:57:35:68:5a:32:55:74:59:57:4e:6a:62:33:56:75:64:43:49:73:49:6e:5a:70:5a:58:63:74:63:48:4a:76:5a:6d:6c:73:5a:53:4a:64:66:58:30:73:49:6d:35:68:62:57:55:69:4f:69:4a:4b:5a:58:4a:76:62:57:55:67:52:57:64:70:62:6d:78:68:49:69:77:69:63:48:4a:6c:5a:6d:56:79:63:6d:56:6b:58:33:56:7a:5a:58:4a:75:59:57:31:6c:49:6a:6f:69:61:6d:56:79:62:32:31:6c:49:69:77:69:5a:32:6c:32:5a:57:35:66:62:6d:46:74:5a:53:49:36:49:6b:70:6c:63:6d:39:74:5a:53:49:73:49:6d:5a:68:62:57:6c:73:65:56:39:75:59:57:31:6c:49:6a:6f:69:52:57:64:70:62:6d:78:68:49:69:77:69:5a:57:31:68:61:57:77:69:4f:69:4a:71:5a:58:4a:76:62:57:56:41:64:44:45:75:62:48:56:74:5a:57:34:75:62:47:39:6a:59:57:78:6f:62:33:4e:30:49:6e:30:2e:62:6a:47:59:44:6a:41:33:2d:33:39:35:41:54:65:52:37:4b:54:55:6c:75:4f:4b:41:70:6f:5a:6b:56:32:5f:4d:64:41:37:4a:62:75:7a:33:6d:6f:57:68:56:48:42:44:54:34:2d:33:42:47:75:4c:59:4e:4c:46:77:6c:46:4e:43:76:4f:6f:38:6e:67:6a:43:61:4d:42:48:36:4e:71:61:51:49:78:76:79:62:58:49:39:4c:63:73:69:33:32:30:33:42:49:59:37:71:32:44:72:6a:33:63:38:63:4c:2d:54:36:6b:34:59:6c:4f:52:41:43:77:56:70:73:58:33:39:35:65:71:71:4a:65:5a:53:59:67:41:64:6e:48:77:76:68:35:79:6f:64:32:4b:66:4b:65:44:42:61:74:70:55:74:59:49:59:6b:43:2d:67:43:77:53:43:55:50:73:44:53:62:62:31:4d:38:6c:37:48:52:35:64:51:41:65:61:4f:50:4d:36:42:49:58:61:59:37:63:4e:42:6b:7a:54:48:4f:5f:50:47:6d:50:6b:58:42:66:44:76:52:38:72:54:5f:33:58:43:50:71:56:46:2d:65:30:31:4c:30:6c:58:72:57:36:4d:38:32:71:33:58:41:33:4d:6f:74:33:52:45:36:4f:72:58:46:4e:6d:2d:39:69:6c:57:68:5f:6d:67:36:62:45:4b:57:61:44:31:57:68:69:58:72:76:39:66:7a:45:78:56:30:34:50:5a:35:33:46:4c:50:35:54:67:53:71:43:66:58:30:4b:66:6b:41:76:57:69:6c:63:68:43:30:6f:38:77:4c:76:61:66:39:6e:56:65:43:50:43:77:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:6a:73:6f:6e:0d:0a:41:63:63:65:70:74:3a:20:2a:2f:2a:0d:0a:52:65:66:65:72:65:72:3a:20:68:74:74:70:3a:2f:2f:74:31:2e:6c:75:6d:65:6e:2e:6c:6f:63:61:6c:68:6f:73:74:3a:33:30:33:30:2f:6c:69:62:72:61:72:79:0d:0a:41:63:63:65:70:74:2d:45:6e:63:6f:64:69:6e:67:3a:20:67:7a:69:70:2c:20:64:65:66:6c:61:74:65:2c:20:62:72:0d:0a:41:63:63:65:70:74:2d:4c:61:6e:67:75:61:67:65:3a:20:65:6e:2d:47:42:2c:65:6e:3b:71:3d:30:2e:38:2c:65:6e:2d:55:53:3b:71:3d:30:2e:36:2c:65:73:3b:71:3d:30:2e:34:0d:0a:0d:0a:7b:22:74:69:63:6b:65:74:22:3a:22:65:79:4a:68:62:47:63:69:4f:69:4a:53:55:7a:49:31:4e:69:49:73:49:6d:74:70:5a:43:49:67:4f:69:41:69:4d:48:64:6d:56:58:64:4b:51:31:56:7a:4e:6d:4a:6c:52:30:39:32:55:33:63:32:55:7a:64:57:59:30:6c:74:4f:48:59:32:56:6e:64:30:63:32:56:35:51:6c:70:6e:64:44:42:4a:63:30:35:70:57:53:4a:39:2e:65:79:4a:79:5a:58:4e:76:64:58:4a:6a:5a:58:4d:69:4f:6c:74:37:49:6d:35:68:62:57:55:69:4f:69:49:76:62:47:6c:69:63:6d:46:79:65:53:49:73:49:6e:4e:6a:62:33:42:6c:63:79:49:36:57:33:73:69:62:6d:46:74:5a:53:49:36:49:6e:56:79:62:6a:70:73:64:57:31:6c:62:6a:70:7a:59:32:39:77:5a:58:4d:36:5a:47:46:7a:61:47:4a:76:59:58:4a:6b:4f:6e:5a:70:5a:58:63:69:66:56:31:39:58:53:77:69:63:6d:56:7a:62:33:56:79:59:32:56:54:5a:58:4a:32:5a:58:4a:4a:5a:43:49:36:49:6a:6c:6c:4e:54:4e:6c:5a:57:46:6a:4c:54:6b:35:59:7a:6b:74:4e:44:41:31:59:69:30:34:4e:32:45:79:4c:54:52:68:4f:54:46:6d:4e:47:5a:6b:4d:6d:59:78:4d:43:49:73:49:6d:70:30:61:53:49:36:49:6a:5a:68:5a:57:51:33:5a:47:51:32:4c:57:46:69:59:6a:41:74:4e:44:41:32:4e:69:31:69:4f:47:4e:6c:4c:57:56:68:4d:44:6c:6a:59:54:63:77:4f:54:4a:6c:59:53:30:78:4e:44:67:35:4d:44:49:31:4f:54:59:31:4d:44:41:77:49:69:77:69:5a:58:68:77:49:6a:6f:78:4e:44:67:35:4d:44:49:32:4d:6a:59:30:4c:43:4a:75:59:6d:59:69:4f:6a:41:73:49:6d:6c:68:64:43:49:36:4d:54:51:34:4f:54:41:79:4e:54:6b:32:4e:43:77:69:63:33:56:69:49:6a:6f:69:4d:44:4d:30:4d:7a:6c:6b:4d:6a:49:74:4e:54:67:77:5a:69:30:30:4e:54:6c:68:4c:57:4a:6b:4f:47:55:74:4d:32:49:30:4e:47:55:30:4d:32:46:6d:5a:6a:45:77:49:69:77:69:59:58:70:77:49:6a:6f:69:59:57:74:32:62:79:31:73:64:57:31:6c:62:69:31:6a:62:32:35:6d:61:57:52:6c:62:6e:52:70:59:57:77:69:66:51:2e:70:35:70:67:59:72:6b:58:47:70:5a:51:4c:34:6f:63:71:52:79:72:43:6e:35:71:4d:78:52:63:51:48:67:7a:5f:32:4c:45:37:6a:4d:69:50:63:53:36:64:61:45:67:4e:47:31:6e:69:39:32:4a:67:67:64:78:44:65:6d:75:75:74:6c:4f:53:51:2d:2d:38:38:6b:54:50:53:63:70:49:72:2d:6c:46:4f:74:36:6e:4f:6c:79:55:38:48:4a:41:5f:39:43:47:48:74:62:5f:6a:30:66:6b:4a:38:6f:6f:49:48:2d:42:4f:46:6a:6c:65:78:76:38:46:4c:54:2d:45:6c:63:46:66:58:6c:53:37:36:63:70:64:4b:69:6d:66:67:34:45:56:39:76:49:6a:48:66:69:78:54:4b:47:59:47:38:6f:6a:5f:77:34:77:33:57:33:78:5a:4b:37:39:6b:32:6c:4b:55:59:79:42:57:48:37:30:43:45:74:58:35:33:41:52:4c:34:35:66:46:33:6d:43:2d:6e:5f:32:72:66:37:2d:74:70:79:6c:63:37:6f:42:4d:77:79:41:33:36:4f:33:54:6e:51:58:6d:30:37:75:67:5a:39:69:33:7a:72:52:4d:6e:52:59:6b:50:30:41:69:71:49:69:6e:46:57:59:53:70:4e:4c:66:6c:6a:55:70:4d:78:73:34:6c:32:5f:79:72:57:6f:49:6e:4f:41:74:6d:70:68:44:48:54:69:33:48:64:68:37:35:77:49:32:44:73:30:68:33:44:2d:30:70:73:75:79:6f:68:74:54:5f:36:64:48:6c:75:78:74:6c:53:5a:37:43:42:30:72:51:68:50:4d:63:2d:41:22:2c:22:72:70:74:22:3a:6e:75:6c:6c:7d" }, "http": { "POST \/auth\/realms\/akvo\/authz\/authorize HTTP\/1.1\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "POST \/auth\/realms\/akvo\/authz\/authorize HTTP\/1.1\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.method": "POST", "http.request.uri": "\/auth\/realms\/akvo\/authz\/authorize", "http.request.version": "HTTP\/1.1" }, "http.host": "localhost:8080", "http.request.line": "Host: localhost:8080\r\n", "http.connection": "keep-alive", "http.request.line": "Connection: keep-alive\r\n", "http.content_length_header": "894", "http.content_length_header_tree": { "http.content_length": "894" }, "http.request.line": "Content-Length: 894\r\n", "http.user_agent": "Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36", "http.request.line": "User-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36\r\n", "http.request.line": "Origin: http:\/\/t1.lumen.localhost:3030\r\n", "http.authorization": "Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIwd2ZVd0pDVXM2YmVHT3ZTdzZTN1ZjSW04djZWd3RzZXlCWmd0MElzTmlZIn0.eyJqdGkiOiIxZGJiMjRjZi1lZGUwLTRkNDktOTA1Yi1mZTVjNmQ5NDkxM2EiLCJleHAiOjE0ODkwMjYyNjQsIm5iZiI6MCwiaWF0IjoxNDg5MDI1OTY0LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvYWt2byIsImF1ZCI6ImFrdm8tbHVtZW4iLCJzdWIiOiIzNDNlZjA2MS0yNWNhLTQ4MDgtODQxYi03MjE4ZjhhMjZiN2YiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJha3ZvLWx1bWVuIiwibm9uY2UiOiI2YTAwMmU2Zi1lNWJjLTRjNDUtYWQ3OS05ZjQ0ZmY0M2M4ZTUiLCJhdXRoX3RpbWUiOjE0ODkwMjU5NjMsInNlc3Npb25fc3RhdGUiOiIwZmE1YjEwYy04MWZjLTQ1NDUtYTYyNy1lZTI4YmZhZmQ3NGEiLCJhY3IiOiIxIiwiY2xpZW50X3Nlc3Npb24iOiI3ODZiZTk0MS1kYmJmLTQ4NjAtODBjMy0yNGY0NjA1NzcyODYiLCJhbGxvd2VkLW9yaWdpbnMiOlsiaHR0cDovL3QyLmx1bWVuLmxvY2FsaG9zdDozMDMwIiwiaHR0cDovL3QxLmx1bWVuLmxvY2FsaG9zdDozMDMwIl0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJha3ZvOmx1bWVuOnQxIiwiYWt2bzpsdW1lbjp0MTphZG1pbiIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsInZpZXctcHJvZmlsZSJdfX0sIm5hbWUiOiJKZXJvbWUgRWdpbmxhIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiamVyb21lIiwiZ2l2ZW5fbmFtZSI6Ikplcm9tZSIsImZhbWlseV9uYW1lIjoiRWdpbmxhIiwiZW1haWwiOiJqZXJvbWVAdDEubHVtZW4ubG9jYWxob3N0In0.bjGYDjA3-395ATeR7KTUluOKApoZkV2_MdA7Jbuz3moWhVHBDT4-3BGuLYNLFwlFNCvOo8ngjCaMBH6NqaQIxvybXI9Lcsi3203BIY7q2Drj3c8cL-T6k4YlORACwVpsX395eqqJeZSYgAdnHwvh5yod2KfKeDBatpUtYIYkC-gCwSCUPsDSbb1M8l7HR5dQAeaOPM6BIXaY7cNBkzTHO_PGmPkXBfDvR8rT_3XCPqVF-e01L0lXrW6M82q3XA3Mot3RE6OrXFNm-9ilWh_mg6bEKWaD1WhiXrv9fzExV04PZ53FLP5TgSqCfX0KfkAvWilchC0o8wLvaf9nVeCPCw", "http.request.line": "Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIwd2ZVd0pDVXM2YmVHT3ZTdzZTN1ZjSW04djZWd3RzZXlCWmd0MElzTmlZIn0.eyJqdGkiOiIxZGJiMjRjZi1lZGUwLTRkNDktOTA1Yi1mZTVjNmQ5NDkxM2EiLCJleHAiOjE0ODkwMjYyNjQsIm5iZiI6MCwiaWF0IjoxNDg5MDI1OTY0LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvYWt2byIsImF1ZCI6ImFrdm8tbHVtZW4iLCJzdWIiOiIzNDNlZjA2MS0yNWNhLTQ4MDgtODQxYi03MjE4ZjhhMjZiN2YiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJha3ZvLWx1bWVuIiwibm9uY2UiOiI2YTAwMmU2Zi1lNWJjLTRjNDUtYWQ3OS05ZjQ0ZmY0M2M4ZTUiLCJhdXRoX3RpbWUiOjE0ODkwMjU5NjMsInNlc3Npb25fc3RhdGUiOiIwZmE1YjEwYy04MWZjLTQ1NDUtYTYyNy1lZTI4YmZhZmQ3NGEiLCJhY3IiOiIxIiwiY2xpZW50X3Nlc3Npb24iOiI3ODZiZTk0MS1kYmJmLTQ4NjAtODBjMy0yNGY0NjA1NzcyODYiLCJhbGxvd2VkLW9yaWdpbnMiOlsiaHR0cDovL3QyLmx1bWVuLmxvY2FsaG9zdDozMDMwIiwiaHR0cDovL3QxLmx1bWVuLmxvY2FsaG9zdDozMDMwIl0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJha3ZvOmx1bWVuOnQxIiwiYWt2bzpsdW1lbjp0MTphZG1pbiIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsInZpZXctcHJvZmlsZSJdfX0sIm5hbWUiOiJKZXJvbWUgRWdpbmxhIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiamVyb21lIiwiZ2l2ZW5fbmFtZSI6Ikplcm9tZSIsImZhbWlseV9uYW1lIjoiRWdpbmxhIiwiZW1haWwiOiJqZXJvbWVAdDEubHVtZW4ubG9jYWxob3N0In0.bjGYDjA3-395ATeR7KTUluOKApoZkV2_MdA7Jbuz3moWhVHBDT4-3BGuLYNLFwlFNCvOo8ngjCaMBH6NqaQIxvybXI9Lcsi3203BIY7q2Drj3c8cL-T6k4YlORACwVpsX395eqqJeZSYgAdnHwvh5yod2KfKeDBatpUtYIYkC-gCwSCUPsDSbb1M8l7HR5dQAeaOPM6BIXaY7cNBkzTHO_PGmPkXBfDvR8rT_3XCPqVF-e01L0lXrW6M82q3XA3Mot3RE6OrXFNm-9ilWh_mg6bEKWaD1WhiXrv9fzExV04PZ53FLP5TgSqCfX0KfkAvWilchC0o8wLvaf9nVeCPCw\r\n", "http.content_type": "application\/json", "http.request.line": "Content-Type: application\/json\r\n", "http.accept": "*\/*", "http.request.line": "Accept: *\/*\r\n", "http.referer": "http:\/\/t1.lumen.localhost:3030\/library", "http.request.line": "Referer: http:\/\/t1.lumen.localhost:3030\/library\r\n", "http.accept_encoding": "gzip, deflate, br", "http.request.line": "Accept-Encoding: gzip, deflate, br\r\n", "http.accept_language": "en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4", "http.request.line": "Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4\r\n", "\\r\\n": "", "http.request.full_uri": "http:\/\/localhost:8080\/auth\/realms\/akvo\/authz\/authorize", "http.request": "1", "http.request_number": "4", "http.prev_request_in": "255", "http.response_in": "263", "http.file_data": "{\"ticket\":\"eyJhbGciOiJSUzI1NiIsImtpZCIgOiAiMHdmVXdKQ1VzNmJlR092U3c2UzdWY0ltOHY2Vnd0c2V5QlpndDBJc05pWSJ9.eyJyZXNvdXJjZXMiOlt7Im5hbWUiOiIvbGlicmFyeSIsInNjb3BlcyI6W3sibmFtZSI6InVybjpsdW1lbjpzY29wZXM6ZGFzaGJvYXJkOnZpZXcifV19XSwicmVzb3VyY2VTZXJ2ZXJJZCI6IjllNTNlZWFjLTk5YzktNDA1Yi04N2EyLTRhOTFmNGZkMmYxMCIsImp0aSI6IjZhZWQ3ZGQ2LWFiYjAtNDA2Ni1iOGNlLWVhMDljYTcwOTJlYS0xNDg5MDI1OTY1MDAwIiwiZXhwIjoxNDg5MDI2MjY0LCJuYmYiOjAsImlhdCI6MTQ4OTAyNTk2NCwic3ViIjoiMDM0MzlkMjItNTgwZi00NTlhLWJkOGUtM2I0NGU0M2FmZjEwIiwiYXpwIjoiYWt2by1sdW1lbi1jb25maWRlbnRpYWwifQ.p5pgYrkXGpZQL4ocqRyrCn5qMxRcQHgz_2LE7jMiPcS6daEgNG1ni92JggdxDemuutlOSQ--88kTPScpIr-lFOt6nOlyU8HJA_9CGHtb_j0fkJ8ooIH-BOFjlexv8FLT-ElcFfXlS76cpdKimfg4EV9vIjHfixTKGYG8oj_w4w3W3xZK79k2lKUYyBWH70CEtX53ARL45fF3mC-n_2rf7-tpylc7oBMwyA36O3TnQXm07ugZ9i3zrRMnRYkP0AiqIinFWYSpNLfljUpMxs4l2_yrWoInOAtmphDHTi3Hdh75wI2Ds0h3D-0psuyohtT_6dHluxtlSZ7CB0rQhPMc-A\",\"rpt\":null}" }, "json": { "json.object": { "json.member": { "json.value.string": "eyJhbGciOiJSUzI1NiIsImtpZCIgOiAiMHdmVXdKQ1VzNmJlR092U3c2UzdWY0ltOHY2Vnd0c2V5QlpndDBJc05pWSJ9.eyJyZXNvdXJjZXMiOlt7Im5hbWUiOiIvbGlicmFyeSIsInNjb3BlcyI6W3sibmFtZSI6InVybjpsdW1lbjpzY29wZXM6ZGFzaGJvYXJkOnZpZXcifV19XSwicmVzb3VyY2VTZXJ2ZXJJZCI6IjllNTNlZWFjLTk5YzktNDA1Yi04N2EyLTRhOTFmNGZkMmYxMCIsImp0aSI6IjZhZWQ3ZGQ2LWFiYjAtNDA2Ni1iOGNlLWVhMDljYTcwOTJlYS0xNDg5MDI1OTY1MDAwIiwiZXhwIjoxNDg5MDI2MjY0LCJuYmYiOjAsImlhdCI6MTQ4OTAyNTk2NCwic3ViIjoiMDM0MzlkMjItNTgwZi00NTlhLWJkOGUtM2I0NGU0M2FmZjEwIiwiYXpwIjoiYWt2by1sdW1lbi1jb25maWRlbnRpYWwifQ.p5pgYrkXGpZQL4ocqRyrCn5qMxRcQHgz_2LE7jMiPcS6daEgNG1ni92JggdxDemuutlOSQ--88kTPScpIr-lFOt6nOlyU8HJA_9CGHtb_j0fkJ8ooIH-BOFjlexv8FLT-ElcFfXlS76cpdKimfg4EV9vIjHfixTKGYG8oj_w4w3W3xZK79k2lKUYyBWH70CEtX53ARL45fF3mC-n_2rf7-tpylc7oBMwyA36O3TnQXm07ugZ9i3zrRMnRYkP0AiqIinFWYSpNLfljUpMxs4l2_yrWoInOAtmphDHTi3Hdh75wI2Ds0h3D-0psuyohtT_6dHluxtlSZ7CB0rQhPMc-A", "json.key": "ticket" }, "json.member": { "json.value.null": "", "json.key": "rpt" } } } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:25.067089000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025965.067089000", "frame.time_delta": "0.015676000", "frame.time_delta_displayed": "0.015696000", "frame.time_relative": "15.344216000", "frame.number": "263", "frame.len": "2185", "frame.cap_len": "2185", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ipv6:tcp:http:json", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "30" }, "ipv6": { "ipv6.version": "6", "ip.version": "6", "ipv6.tclass": "0x00000002", "ipv6.tclass_tree": { "ipv6.tclass.dscp": "0", "ipv6.tclass.ecn": "2" }, "ipv6.flow": "0x0003ca37", "ipv6.plen": "2141", "ipv6.nxt": "6", "ipv6.hlim": "64", "ipv6.src": "::1", "ipv6.addr": "::1", "ipv6.src_host": "::1", "ipv6.host": "::1", "ipv6.dst": "::1", "ipv6.addr": "::1", "ipv6.dst_host": "::1", "ipv6.host": "::1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "8080", "tcp.dstport": "54773", "tcp.port": "8080", "tcp.port": "54773", "tcp.stream": "15", "tcp.len": "2109", "tcp.seq": "1532", "tcp.nxtseq": "3641", "tcp.ack": "5941", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12558", "tcp.window_size": "401856", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x00000865", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:53:2c:48:49:53:1d", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212764972, TSecr 1212764957": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212764972", "tcp.options.timestamp.tsecr": "1212764957" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000081000", "tcp.analysis.bytes_in_flight": "2109", "tcp.analysis.push_bytes_sent": "2109" } }, "http": { "HTTP\/1.1 201 Created\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "HTTP\/1.1 201 Created\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.version": "HTTP\/1.1", "http.response.code": "201", "http.response.phrase": "Created" }, "http.response.line": "X-Powered-By: Undertow\/1\r\n", "http.server": "WildFly\/10", "http.response.line": "Server: WildFly\/10\r\n", "http.response.line": "Access-Control-Expose-Headers: Access-Control-Allow-Methods\r\n", "http.date": "Thu, 09 Mar 2017 02:19:25 GMT", "http.response.line": "Date: Thu, 09 Mar 2017 02:19:25 GMT\r\n", "http.connection": "keep-alive", "http.response.line": "Connection: keep-alive\r\n", "http.response.line": "Access-Control-Allow-Origin: http:\/\/t1.lumen.localhost:3030\r\n", "http.response.line": "Access-Control-Allow-Credentials: false\r\n", "http.content_type": "application\/json", "http.response.line": "Content-Type: application\/json\r\n", "http.content_length_header": "1761", "http.content_length_header_tree": { "http.content_length": "1761" }, "http.response.line": "Content-Length: 1761\r\n", "\\r\\n": "", "http.response": "1", "http.response_number": "4", "http.time": "0.015696000", "http.prev_request_in": "255", "http.prev_response_in": "257", "http.request_in": "260", "http.file_data": "{\"rpt\":\"eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIwd2ZVd0pDVXM2YmVHT3ZTdzZTN1ZjSW04djZWd3RzZXlCWmd0MElzTmlZIn0.eyJqdGkiOiIxZGJiMjRjZi1lZGUwLTRkNDktOTA1Yi1mZTVjNmQ5NDkxM2EiLCJleHAiOjE0ODkwMjYyNjQsIm5iZiI6MCwiaWF0IjoxNDg5MDI1OTY0LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvYWt2byIsImF1ZCI6ImFrdm8tbHVtZW4iLCJzdWIiOiIzNDNlZjA2MS0yNWNhLTQ4MDgtODQxYi03MjE4ZjhhMjZiN2YiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJha3ZvLWx1bWVuIiwibm9uY2UiOiI2YTAwMmU2Zi1lNWJjLTRjNDUtYWQ3OS05ZjQ0ZmY0M2M4ZTUiLCJhdXRoX3RpbWUiOjE0ODkwMjU5NjMsInNlc3Npb25fc3RhdGUiOiIwZmE1YjEwYy04MWZjLTQ1NDUtYTYyNy1lZTI4YmZhZmQ3NGEiLCJuYW1lIjoiSmVyb21lIEVnaW5sYSIsImdpdmVuX25hbWUiOiJKZXJvbWUiLCJmYW1pbHlfbmFtZSI6IkVnaW5sYSIsInByZWZlcnJlZF91c2VybmFtZSI6Implcm9tZSIsImVtYWlsIjoiamVyb21lQHQxLmx1bWVuLmxvY2FsaG9zdCIsImFjciI6IjEiLCJjbGllbnRfc2Vzc2lvbiI6Ijc4NmJlOTQxLWRiYmYtNDg2MC04MGMzLTI0ZjQ2MDU3NzI4NiIsImFsbG93ZWQtb3JpZ2lucyI6WyJodHRwOi8vdDIubHVtZW4ubG9jYWxob3N0OjMwMzAiLCJodHRwOi8vdDEubHVtZW4ubG9jYWxob3N0OjMwMzAiXSwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbImFrdm86bHVtZW46dDEiLCJha3ZvOmx1bWVuOnQxOmFkbWluIiwidW1hX2F1dGhvcml6YXRpb24iXX0sInJlc291cmNlX2FjY2VzcyI6eyJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50Iiwidmlldy1wcm9maWxlIl19fSwiYXV0aG9yaXphdGlvbiI6eyJwZXJtaXNzaW9ucyI6W3sic2NvcGVzIjpbInVybjpsdW1lbjpzY29wZXM6ZGFzaGJvYXJkOnZpZXciXSwicmVzb3VyY2Vfc2V0X2lkIjoiNDc1YTliMmMtMDg3Ny00M2UzLWIwOWMtN2E2ZWEzM2E2NTdlIiwicmVzb3VyY2Vfc2V0X25hbWUiOiIvbGlicmFyeSJ9XX19.EdhwXFvpKWYsFoxt7APqjpfV4bgXKbVGAOYFVaQscJ-HPLU1wsP0YiURrLVsggz92AFnViQySjSPm8_vwVixjcotJSu_7JLf99ioUCOr2Y8m_K-0XFi1XIG65oLWJ0O_J3hMZDYntLlOsiD9eykqzM_B9C3U1vuGnlU71CsJS9TlkG8aJNB1OkyHfXsOpAE9cWg5qTVNAqqR3zSwx51cwHp7pKX2oQ1AGcczsXhYdFsRDimYn-H9KxbnPWsu_AqUIqVhE9KBHpaV19wtII1mSj1dpIVhe3hJv9sJmUR2a7CQt0E4A-0Y77M7RWgwcDxE8_wj3K3f2qpp4I_JuKsmTg\"}" }, "json": { "json.object": { "json.member": { "json.value.string": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIwd2ZVd0pDVXM2YmVHT3ZTdzZTN1ZjSW04djZWd3RzZXlCWmd0MElzTmlZIn0.eyJqdGkiOiIxZGJiMjRjZi1lZGUwLTRkNDktOTA1Yi1mZTVjNmQ5NDkxM2EiLCJleHAiOjE0ODkwMjYyNjQsIm5iZiI6MCwiaWF0IjoxNDg5MDI1OTY0LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvYWt2byIsImF1ZCI6ImFrdm8tbHVtZW4iLCJzdWIiOiIzNDNlZjA2MS0yNWNhLTQ4MDgtODQxYi03MjE4ZjhhMjZiN2YiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJha3ZvLWx1bWVuIiwibm9uY2UiOiI2YTAwMmU2Zi1lNWJjLTRjNDUtYWQ3OS05ZjQ0ZmY0M2M4ZTUiLCJhdXRoX3RpbWUiOjE0ODkwMjU5NjMsInNlc3Npb25fc3RhdGUiOiIwZmE1YjEwYy04MWZjLTQ1NDUtYTYyNy1lZTI4YmZhZmQ3NGEiLCJuYW1lIjoiSmVyb21lIEVnaW5sYSIsImdpdmVuX25hbWUiOiJKZXJvbWUiLCJmYW1pbHlfbmFtZSI6IkVnaW5sYSIsInByZWZlcnJlZF91c2VybmFtZSI6Implcm9tZSIsImVtYWlsIjoiamVyb21lQHQxLmx1bWVuLmxvY2FsaG9zdCIsImFjciI6IjEiLCJjbGllbnRfc2Vzc2lvbiI6Ijc4NmJlOTQxLWRiYmYtNDg2MC04MGMzLTI0ZjQ2MDU3NzI4NiIsImFsbG93ZWQtb3JpZ2lucyI6WyJodHRwOi8vdDIubHVtZW4ubG9jYWxob3N0OjMwMzAiLCJodHRwOi8vdDEubHVtZW4ubG9jYWxob3N0OjMwMzAiXSwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbImFrdm86bHVtZW46dDEiLCJha3ZvOmx1bWVuOnQxOmFkbWluIiwidW1hX2F1dGhvcml6YXRpb24iXX0sInJlc291cmNlX2FjY2VzcyI6eyJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50Iiwidmlldy1wcm9maWxlIl19fSwiYXV0aG9yaXphdGlvbiI6eyJwZXJtaXNzaW9ucyI6W3sic2NvcGVzIjpbInVybjpsdW1lbjpzY29wZXM6ZGFzaGJvYXJkOnZpZXciXSwicmVzb3VyY2Vfc2V0X2lkIjoiNDc1YTliMmMtMDg3Ny00M2UzLWIwOWMtN2E2ZWEzM2E2NTdlIiwicmVzb3VyY2Vfc2V0X25hbWUiOiIvbGlicmFyeSJ9XX19.EdhwXFvpKWYsFoxt7APqjpfV4bgXKbVGAOYFVaQscJ-HPLU1wsP0YiURrLVsggz92AFnViQySjSPm8_vwVixjcotJSu_7JLf99ioUCOr2Y8m_K-0XFi1XIG65oLWJ0O_J3hMZDYntLlOsiD9eykqzM_B9C3U1vuGnlU71CsJS9TlkG8aJNB1OkyHfXsOpAE9cWg5qTVNAqqR3zSwx51cwHp7pKX2oQ1AGcczsXhYdFsRDimYn-H9KxbnPWsu_AqUIqVhE9KBHpaV19wtII1mSj1dpIVhe3hJv9sJmUR2a7CQt0E4A-0Y77M7RWgwcDxE8_wj3K3f2qpp4I_JuKsmTg", "json.key": "rpt" } } } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:25.069122000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025965.069122000", "frame.time_delta": "0.000170000", "frame.time_delta_displayed": "0.002033000", "frame.time_relative": "15.346249000", "frame.number": "269", "frame.len": "2239", "frame.cap_len": "2239", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ip:tcp:http", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "2" }, "ip": { "ip.version": "4", "ip.hdr_len": "20", "ip.dsfield": "0x00000000", "ip.dsfield_tree": { "ip.dsfield.dscp": "0", "ip.dsfield.ecn": "0" }, "ip.len": "2235", "ip.id": "0x00007432", "ip.flags": "0x00000002", "ip.flags_tree": { "ip.flags.rb": "0", "ip.flags.df": "1", "ip.flags.mf": "0" }, "ip.frag_offset": "0", "ip.ttl": "64", "ip.proto": "6", "ip.checksum": "0x00000000", "ip.checksum.status": "2", "ip.src": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.src_host": "127.0.0.1", "ip.host": "127.0.0.1", "ip.dst": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.dst_host": "127.0.0.1", "ip.host": "127.0.0.1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "54779", "tcp.dstport": "3030", "tcp.port": "54779", "tcp.port": "3030", "tcp.stream": "22", "tcp.len": "2183", "tcp.seq": "1", "tcp.nxtseq": "2184", "tcp.ack": "1", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12759", "tcp.window_size": "408288", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x000006b0", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:53:2d:48:49:53:2d", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212764973, TSecr 1212764973": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212764973", "tcp.options.timestamp.tsecr": "1212764973" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000077000", "tcp.analysis.bytes_in_flight": "2183", "tcp.analysis.push_bytes_sent": "2183" } }, "http": { "GET \/api\/library HTTP\/1.1\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "GET \/api\/library HTTP\/1.1\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.method": "GET", "http.request.uri": "\/api\/library", "http.request.version": "HTTP\/1.1" }, "http.host": "t1.lumen.localhost:3030", "http.request.line": "Host: t1.lumen.localhost:3030\r\n", "http.connection": "keep-alive", "http.request.line": "Connection: keep-alive\r\n", "http.authorization": "Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIwd2ZVd0pDVXM2YmVHT3ZTdzZTN1ZjSW04djZWd3RzZXlCWmd0MElzTmlZIn0.eyJqdGkiOiIxZGJiMjRjZi1lZGUwLTRkNDktOTA1Yi1mZTVjNmQ5NDkxM2EiLCJleHAiOjE0ODkwMjYyNjQsIm5iZiI6MCwiaWF0IjoxNDg5MDI1OTY0LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvYWt2byIsImF1ZCI6ImFrdm8tbHVtZW4iLCJzdWIiOiIzNDNlZjA2MS0yNWNhLTQ4MDgtODQxYi03MjE4ZjhhMjZiN2YiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJha3ZvLWx1bWVuIiwibm9uY2UiOiI2YTAwMmU2Zi1lNWJjLTRjNDUtYWQ3OS05ZjQ0ZmY0M2M4ZTUiLCJhdXRoX3RpbWUiOjE0ODkwMjU5NjMsInNlc3Npb25fc3RhdGUiOiIwZmE1YjEwYy04MWZjLTQ1NDUtYTYyNy1lZTI4YmZhZmQ3NGEiLCJuYW1lIjoiSmVyb21lIEVnaW5sYSIsImdpdmVuX25hbWUiOiJKZXJvbWUiLCJmYW1pbHlfbmFtZSI6IkVnaW5sYSIsInByZWZlcnJlZF91c2VybmFtZSI6Implcm9tZSIsImVtYWlsIjoiamVyb21lQHQxLmx1bWVuLmxvY2FsaG9zdCIsImFjciI6IjEiLCJjbGllbnRfc2Vzc2lvbiI6Ijc4NmJlOTQxLWRiYmYtNDg2MC04MGMzLTI0ZjQ2MDU3NzI4NiIsImFsbG93ZWQtb3JpZ2lucyI6WyJodHRwOi8vdDIubHVtZW4ubG9jYWxob3N0OjMwMzAiLCJodHRwOi8vdDEubHVtZW4ubG9jYWxob3N0OjMwMzAiXSwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbImFrdm86bHVtZW46dDEiLCJha3ZvOmx1bWVuOnQxOmFkbWluIiwidW1hX2F1dGhvcml6YXRpb24iXX0sInJlc291cmNlX2FjY2VzcyI6eyJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50Iiwidmlldy1wcm9maWxlIl19fSwiYXV0aG9yaXphdGlvbiI6eyJwZXJtaXNzaW9ucyI6W3sic2NvcGVzIjpbInVybjpsdW1lbjpzY29wZXM6ZGFzaGJvYXJkOnZpZXciXSwicmVzb3VyY2Vfc2V0X2lkIjoiNDc1YTliMmMtMDg3Ny00M2UzLWIwOWMtN2E2ZWEzM2E2NTdlIiwicmVzb3VyY2Vfc2V0X25hbWUiOiIvbGlicmFyeSJ9XX19.EdhwXFvpKWYsFoxt7APqjpfV4bgXKbVGAOYFVaQscJ-HPLU1wsP0YiURrLVsggz92AFnViQySjSPm8_vwVixjcotJSu_7JLf99ioUCOr2Y8m_K-0XFi1XIG65oLWJ0O_J3hMZDYntLlOsiD9eykqzM_B9C3U1vuGnlU71CsJS9TlkG8aJNB1OkyHfXsOpAE9cWg5qTVNAqqR3zSwx51cwHp7pKX2oQ1AGcczsXhYdFsRDimYn-H9KxbnPWsu_AqUIqVhE9KBHpaV19wtII1mSj1dpIVhe3hJv9sJmUR2a7CQt0E4A-0Y77M7RWgwcDxE8_wj3K3f2qpp4I_JuKsmTg", "http.request.line": "authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIwd2ZVd0pDVXM2YmVHT3ZTdzZTN1ZjSW04djZWd3RzZXlCWmd0MElzTmlZIn0.eyJqdGkiOiIxZGJiMjRjZi1lZGUwLTRkNDktOTA1Yi1mZTVjNmQ5NDkxM2EiLCJleHAiOjE0ODkwMjYyNjQsIm5iZiI6MCwiaWF0IjoxNDg5MDI1OTY0LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvYWt2byIsImF1ZCI6ImFrdm8tbHVtZW4iLCJzdWIiOiIzNDNlZjA2MS0yNWNhLTQ4MDgtODQxYi03MjE4ZjhhMjZiN2YiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJha3ZvLWx1bWVuIiwibm9uY2UiOiI2YTAwMmU2Zi1lNWJjLTRjNDUtYWQ3OS05ZjQ0ZmY0M2M4ZTUiLCJhdXRoX3RpbWUiOjE0ODkwMjU5NjMsInNlc3Npb25fc3RhdGUiOiIwZmE1YjEwYy04MWZjLTQ1NDUtYTYyNy1lZTI4YmZhZmQ3NGEiLCJuYW1lIjoiSmVyb21lIEVnaW5sYSIsImdpdmVuX25hbWUiOiJKZXJvbWUiLCJmYW1pbHlfbmFtZSI6IkVnaW5sYSIsInByZWZlcnJlZF91c2VybmFtZSI6Implcm9tZSIsImVtYWlsIjoiamVyb21lQHQxLmx1bWVuLmxvY2FsaG9zdCIsImFjciI6IjEiLCJjbGllbnRfc2Vzc2lvbiI6Ijc4NmJlOTQxLWRiYmYtNDg2MC04MGMzLTI0ZjQ2MDU3NzI4NiIsImFsbG93ZWQtb3JpZ2lucyI6WyJodHRwOi8vdDIubHVtZW4ubG9jYWxob3N0OjMwMzAiLCJodHRwOi8vdDEubHVtZW4ubG9jYWxob3N0OjMwMzAiXSwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbImFrdm86bHVtZW46dDEiLCJha3ZvOmx1bWVuOnQxOmFkbWluIiwidW1hX2F1dGhvcml6YXRpb24iXX0sInJlc291cmNlX2FjY2VzcyI6eyJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50Iiwidmlldy1wcm9maWxlIl19fSwiYXV0aG9yaXphdGlvbiI6eyJwZXJtaXNzaW9ucyI6W3sic2NvcGVzIjpbInVybjpsdW1lbjpzY29wZXM6ZGFzaGJvYXJkOnZpZXciXSwicmVzb3VyY2Vfc2V0X2lkIjoiNDc1YTliMmMtMDg3Ny00M2UzLWIwOWMtN2E2ZWEzM2E2NTdlIiwicmVzb3VyY2Vfc2V0X25hbWUiOiIvbGlicmFyeSJ9XX19.EdhwXFvpKWYsFoxt7APqjpfV4bgXKbVGAOYFVaQscJ-HPLU1wsP0YiURrLVsggz92AFnViQySjSPm8_vwVixjcotJSu_7JLf99ioUCOr2Y8m_K-0XFi1XIG65oLWJ0O_J3hMZDYntLlOsiD9eykqzM_B9C3U1vuGnlU71CsJS9TlkG8aJNB1OkyHfXsOpAE9cWg5qTVNAqqR3zSwx51cwHp7pKX2oQ1AGcczsXhYdFsRDimYn-H9KxbnPWsu_AqUIqVhE9KBHpaV19wtII1mSj1dpIVhe3hJv9sJmUR2a7CQt0E4A-0Y77M7RWgwcDxE8_wj3K3f2qpp4I_JuKsmTg\r\n", "http.user_agent": "Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36", "http.request.line": "User-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36\r\n", "http.content_type": "application\/json", "http.request.line": "content-type: application\/json\r\n", "http.accept": "*\/*", "http.request.line": "Accept: *\/*\r\n", "http.referer": "http:\/\/t1.lumen.localhost:3030\/library", "http.request.line": "Referer: http:\/\/t1.lumen.localhost:3030\/library\r\n", "http.accept_encoding": "gzip, deflate, sdch, br", "http.request.line": "Accept-Encoding: gzip, deflate, sdch, br\r\n", "http.accept_language": "en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4", "http.request.line": "Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4\r\n", "\\r\\n": "", "http.request.full_uri": "http:\/\/t1.lumen.localhost:3030\/api\/library", "http.request": "1", "http.request_number": "1", "http.response_in": "315" } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:25.243378000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025965.243378000", "frame.time_delta": "0.008575000", "frame.time_delta_displayed": "0.174256000", "frame.time_relative": "15.520505000", "frame.number": "311", "frame.len": "997", "frame.cap_len": "997", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ip:tcp:http:json", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "2" }, "ip": { "ip.version": "4", "ip.hdr_len": "20", "ip.dsfield": "0x00000002", "ip.dsfield_tree": { "ip.dsfield.dscp": "0", "ip.dsfield.ecn": "2" }, "ip.len": "993", "ip.id": "0x0000cc1e", "ip.flags": "0x00000002", "ip.flags_tree": { "ip.flags.rb": "0", "ip.flags.df": "1", "ip.flags.mf": "0" }, "ip.frag_offset": "0", "ip.ttl": "64", "ip.proto": "6", "ip.checksum": "0x00000000", "ip.checksum.status": "2", "ip.src": "192.168.0.14", "ip.addr": "192.168.0.14", "ip.src_host": "192.168.0.14", "ip.host": "192.168.0.14", "ip.dst": "192.168.0.14", "ip.addr": "192.168.0.14", "ip.dst_host": "192.168.0.14", "ip.host": "192.168.0.14", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "3000", "tcp.dstport": "54780", "tcp.port": "3000", "tcp.port": "54780", "tcp.stream": "23", "tcp.len": "941", "tcp.seq": "1", "tcp.nxtseq": "942", "tcp.ack": "2179", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12691", "tcp.window_size": "406112", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x00008540", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:53:d3:48:49:53:51", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212765139, TSecr 1212765009": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212765139", "tcp.options.timestamp.tsecr": "1212765009" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000073000", "tcp.analysis.bytes_in_flight": "941", "tcp.analysis.push_bytes_sent": "941" } }, "http": { "HTTP\/1.1 200 OK\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.version": "HTTP\/1.1", "http.response.code": "200", "http.response.phrase": "OK" }, "http.connection": "close", "http.response.line": "Connection: close\r\n", "http.server": "undertow", "http.response.line": "Server: undertow\r\n", "http.content_type": "application\/json; charset=utf-8", "http.response.line": "Content-Type: application\/json; charset=utf-8\r\n", "http.content_length_header": "780", "http.content_length_header_tree": { "http.content_length": "780" }, "http.response.line": "Content-Length: 780\r\n", "http.date": "Thu, 09 Mar 2017 02:19:25 GMT", "http.response.line": "Date: Thu, 09 Mar 2017 02:19:25 GMT\r\n", "\\r\\n": "", "http.response": "1", "http.response_number": "1", "http.next_request_in": "319", "http.file_data": "{\"dashboards\":[{\"id\":\"58b48956-4c45-44ac-b50f-14094951bb00\",\"title\":\"board!\",\"status\":\"ok\",\"type\":\"dashboard\",\"created\":1488226647020,\"modified\":1488810295605}],\"datasets\":[{\"id\":\"ds-1\",\"name\":\"My dataset\",\"reason\":null,\"status\":\"OK\",\"modified\":1488149912081,\"created\":1488149912081}],\"visualisations\":[{\"id\":\"58b48934-1b8c-4ed3-9226-c899c37a7565\",\"datasetId\":\"ds-1\",\"name\":\"vis\",\"visualisationType\":\"bar\",\"spec\":{\"filters\":[],\"sort\":\"dsc\",\"subBucketColumn\":\"c2\",\"metricAggregation\":\"mean\",\"axisLabelXFromUser\":false,\"axisLabelY\":\"Column 1 - mean\",\"version\":1,\"metricColumnX\":null,\"bucketColumn\":\"c3\",\"metricColumnY\":\"c1\",\"subBucketMethod\":\"split\",\"axisLabelX\":\"Column 3 - top 25\",\"truncateSize\":\"25\",\"axisLabelYFromUser\":false},\"created\":1488226612281,\"modified\":1488226623675}]}" }, "json": { "json.object": { "json.member": { "json.array": { "json.object": { "json.member": { "json.value.string": "58b48956-4c45-44ac-b50f-14094951bb00", "json.key": "id" }, "json.member": { "json.value.string": "board!", "json.key": "title" }, "json.member": { "json.value.string": "ok", "json.key": "status" }, "json.member": { "json.value.string": "dashboard", "json.key": "type" }, "json.member": { "json.value.number": "1488226647020", "json.key": "created" }, "json.member": { "json.value.number": "1488810295605", "json.key": "modified" } } }, "json.key": "dashboards" }, "json.member": { "json.array": { "json.object": { "json.member": { "json.value.string": "ds-1", "json.key": "id" }, "json.member": { "json.value.string": "My dataset", "json.key": "name" }, "json.member": { "json.value.null": "", "json.key": "reason" }, "json.member": { "json.value.string": "OK", "json.key": "status" }, "json.member": { "json.value.number": "1488149912081", "json.key": "modified" }, "json.member": { "json.value.number": "1488149912081", "json.key": "created" } } }, "json.key": "datasets" }, "json.member": { "json.array": { "json.object": { "json.member": { "json.value.string": "58b48934-1b8c-4ed3-9226-c899c37a7565", "json.key": "id" }, "json.member": { "json.value.string": "ds-1", "json.key": "datasetId" }, "json.member": { "json.value.string": "vis", "json.key": "name" }, "json.member": { "json.value.string": "bar", "json.key": "visualisationType" }, "json.member": { "json.object": { "json.member": { "json.array": "", "json.key": "filters" }, "json.member": { "json.value.string": "dsc", "json.key": "sort" }, "json.member": { "json.value.string": "c2", "json.key": "subBucketColumn" }, "json.member": { "json.value.string": "mean", "json.key": "metricAggregation" }, "json.member": { "json.value.false": "", "json.key": "axisLabelXFromUser" }, "json.member": { "json.value.string": "Column 1 - mean", "json.key": "axisLabelY" }, "json.member": { "json.value.number": "1", "json.key": "version" }, "json.member": { "json.value.null": "", "json.key": "metricColumnX" }, "json.member": { "json.value.string": "c3", "json.key": "bucketColumn" }, "json.member": { "json.value.string": "c1", "json.key": "metricColumnY" }, "json.member": { "json.value.string": "split", "json.key": "subBucketMethod" }, "json.member": { "json.value.string": "Column 3 - top 25", "json.key": "axisLabelX" }, "json.member": { "json.value.string": "25", "json.key": "truncateSize" }, "json.member": { "json.value.false": "", "json.key": "axisLabelYFromUser" } }, "json.key": "spec" }, "json.member": { "json.value.number": "1488226612281", "json.key": "created" }, "json.member": { "json.value.number": "1488226623675", "json.key": "modified" } } }, "json.key": "visualisations" } } } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:25.248175000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025965.248175000", "frame.time_delta": "0.004645000", "frame.time_delta_displayed": "0.004797000", "frame.time_relative": "15.525302000", "frame.number": "315", "frame.len": "1020", "frame.cap_len": "1020", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ip:tcp:http:json", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "2" }, "ip": { "ip.version": "4", "ip.hdr_len": "20", "ip.dsfield": "0x00000000", "ip.dsfield_tree": { "ip.dsfield.dscp": "0", "ip.dsfield.ecn": "0" }, "ip.len": "1016", "ip.id": "0x0000e05a", "ip.flags": "0x00000002", "ip.flags_tree": { "ip.flags.rb": "0", "ip.flags.df": "1", "ip.flags.mf": "0" }, "ip.frag_offset": "0", "ip.ttl": "64", "ip.proto": "6", "ip.checksum": "0x00000000", "ip.checksum.status": "2", "ip.src": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.src_host": "127.0.0.1", "ip.host": "127.0.0.1", "ip.dst": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.dst_host": "127.0.0.1", "ip.host": "127.0.0.1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "3030", "tcp.dstport": "54779", "tcp.port": "3030", "tcp.port": "54779", "tcp.stream": "22", "tcp.len": "964", "tcp.seq": "1", "tcp.nxtseq": "965", "tcp.ack": "2184", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12691", "tcp.window_size": "406112", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x000001ed", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:53:d7:48:49:53:2d", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212765143, TSecr 1212764973": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212765143", "tcp.options.timestamp.tsecr": "1212764973" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000077000", "tcp.analysis.bytes_in_flight": "964", "tcp.analysis.push_bytes_sent": "964" } }, "http": { "HTTP\/1.1 200 OK\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.version": "HTTP\/1.1", "http.response.code": "200", "http.response.phrase": "OK" }, "http.response.line": "X-Powered-By: Express\r\n", "http.connection": "close", "http.response.line": "connection: close\r\n", "http.server": "undertow", "http.response.line": "server: undertow\r\n", "http.content_type": "application\/json; charset=utf-8", "http.response.line": "content-type: application\/json; charset=utf-8\r\n", "http.content_length_header": "780", "http.content_length_header_tree": { "http.content_length": "780" }, "http.response.line": "content-length: 780\r\n", "http.date": "Thu, 09 Mar 2017 02:19:25 GMT", "http.response.line": "date: Thu, 09 Mar 2017 02:19:25 GMT\r\n", "\\r\\n": "", "http.response": "1", "http.response_number": "1", "http.time": "0.179053000", "http.request_in": "269", "http.file_data": "{\"dashboards\":[{\"id\":\"58b48956-4c45-44ac-b50f-14094951bb00\",\"title\":\"board!\",\"status\":\"ok\",\"type\":\"dashboard\",\"created\":1488226647020,\"modified\":1488810295605}],\"datasets\":[{\"id\":\"ds-1\",\"name\":\"My dataset\",\"reason\":null,\"status\":\"OK\",\"modified\":1488149912081,\"created\":1488149912081}],\"visualisations\":[{\"id\":\"58b48934-1b8c-4ed3-9226-c899c37a7565\",\"datasetId\":\"ds-1\",\"name\":\"vis\",\"visualisationType\":\"bar\",\"spec\":{\"filters\":[],\"sort\":\"dsc\",\"subBucketColumn\":\"c2\",\"metricAggregation\":\"mean\",\"axisLabelXFromUser\":false,\"axisLabelY\":\"Column 1 - mean\",\"version\":1,\"metricColumnX\":null,\"bucketColumn\":\"c3\",\"metricColumnY\":\"c1\",\"subBucketMethod\":\"split\",\"axisLabelX\":\"Column 3 - top 25\",\"truncateSize\":\"25\",\"axisLabelYFromUser\":false},\"created\":1488226612281,\"modified\":1488226623675}]}" }, "json": { "json.object": { "json.member": { "json.array": { "json.object": { "json.member": { "json.value.string": "58b48956-4c45-44ac-b50f-14094951bb00", "json.key": "id" }, "json.member": { "json.value.string": "board!", "json.key": "title" }, "json.member": { "json.value.string": "ok", "json.key": "status" }, "json.member": { "json.value.string": "dashboard", "json.key": "type" }, "json.member": { "json.value.number": "1488226647020", "json.key": "created" }, "json.member": { "json.value.number": "1488810295605", "json.key": "modified" } } }, "json.key": "dashboards" }, "json.member": { "json.array": { "json.object": { "json.member": { "json.value.string": "ds-1", "json.key": "id" }, "json.member": { "json.value.string": "My dataset", "json.key": "name" }, "json.member": { "json.value.null": "", "json.key": "reason" }, "json.member": { "json.value.string": "OK", "json.key": "status" }, "json.member": { "json.value.number": "1488149912081", "json.key": "modified" }, "json.member": { "json.value.number": "1488149912081", "json.key": "created" } } }, "json.key": "datasets" }, "json.member": { "json.array": { "json.object": { "json.member": { "json.value.string": "58b48934-1b8c-4ed3-9226-c899c37a7565", "json.key": "id" }, "json.member": { "json.value.string": "ds-1", "json.key": "datasetId" }, "json.member": { "json.value.string": "vis", "json.key": "name" }, "json.member": { "json.value.string": "bar", "json.key": "visualisationType" }, "json.member": { "json.object": { "json.member": { "json.array": "", "json.key": "filters" }, "json.member": { "json.value.string": "dsc", "json.key": "sort" }, "json.member": { "json.value.string": "c2", "json.key": "subBucketColumn" }, "json.member": { "json.value.string": "mean", "json.key": "metricAggregation" }, "json.member": { "json.value.false": "", "json.key": "axisLabelXFromUser" }, "json.member": { "json.value.string": "Column 1 - mean", "json.key": "axisLabelY" }, "json.member": { "json.value.number": "1", "json.key": "version" }, "json.member": { "json.value.null": "", "json.key": "metricColumnX" }, "json.member": { "json.value.string": "c3", "json.key": "bucketColumn" }, "json.member": { "json.value.string": "c1", "json.key": "metricColumnY" }, "json.member": { "json.value.string": "split", "json.key": "subBucketMethod" }, "json.member": { "json.value.string": "Column 3 - top 25", "json.key": "axisLabelX" }, "json.member": { "json.value.string": "25", "json.key": "truncateSize" }, "json.member": { "json.value.false": "", "json.key": "axisLabelYFromUser" } }, "json.key": "spec" }, "json.member": { "json.value.number": "1488226612281", "json.key": "created" }, "json.member": { "json.value.number": "1488226623675", "json.key": "modified" } } }, "json.key": "visualisations" } } } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:25.249003000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025965.249003000", "frame.time_delta": "0.000099000", "frame.time_delta_displayed": "0.000828000", "frame.time_relative": "15.526130000", "frame.number": "319", "frame.len": "56", "frame.cap_len": "56", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ip:tcp:http", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "2" }, "ip": { "ip.version": "4", "ip.hdr_len": "20", "ip.dsfield": "0x00000000", "ip.dsfield_tree": { "ip.dsfield.dscp": "0", "ip.dsfield.ecn": "0" }, "ip.len": "52", "ip.id": "0x00004cbe", "ip.flags": "0x00000002", "ip.flags_tree": { "ip.flags.rb": "0", "ip.flags.df": "1", "ip.flags.mf": "0" }, "ip.frag_offset": "0", "ip.ttl": "64", "ip.proto": "6", "ip.checksum": "0x00000000", "ip.checksum.status": "2", "ip.src": "192.168.0.14", "ip.addr": "192.168.0.14", "ip.src_host": "192.168.0.14", "ip.host": "192.168.0.14", "ip.dst": "192.168.0.14", "ip.addr": "192.168.0.14", "ip.dst_host": "192.168.0.14", "ip.host": "192.168.0.14", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "54780", "tcp.dstport": "3000", "tcp.port": "54780", "tcp.port": "3000", "tcp.stream": "23", "tcp.len": "0", "tcp.seq": "2179", "tcp.ack": "943", "tcp.hdr_len": "32", "tcp.flags": "0x00000011", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "0", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "1", "tcp.flags.fin_tree": { "_ws.expert": { "tcp.connection.fin": "", "_ws.expert.message": "Connection finish (FIN)", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" } }, "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" }, "tcp.window_size_value": "12729", "tcp.window_size": "407328", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x00008193", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:53:d7:48:49:53:d3", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212765143, TSecr 1212765139": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212765143", "tcp.options.timestamp.tsecr": "1212765139" } } }, "tcp.segments": { "tcp.segment": "275", "tcp.segment": "277", "tcp.segment": "319", "tcp.segment.count": "3", "tcp.reassembled.length": "2178", "tcp.reassembled.data": "47:45:54:20:2f:61:70:69:2f:6c:69:62:72:61:72:79:20:48:54:54:50:2f:31:2e:31:0d:0a:61:63:63:65:70:74:2d:6c:61:6e:67:75:61:67:65:3a:20:65:6e:2d:47:42:2c:65:6e:3b:71:3d:30:2e:38:2c:65:6e:2d:55:53:3b:71:3d:30:2e:36:2c:65:73:3b:71:3d:30:2e:34:0d:0a:61:63:63:65:70:74:2d:65:6e:63:6f:64:69:6e:67:3a:20:67:7a:69:70:2c:20:64:65:66:6c:61:74:65:2c:20:73:64:63:68:2c:20:62:72:0d:0a:72:65:66:65:72:65:72:3a:20:68:74:74:70:3a:2f:2f:74:31:2e:6c:75:6d:65:6e:2e:6c:6f:63:61:6c:68:6f:73:74:3a:33:30:33:30:2f:6c:69:62:72:61:72:79:0d:0a:61:63:63:65:70:74:3a:20:2a:2f:2a:0d:0a:63:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:6a:73:6f:6e:0d:0a:75:73:65:72:2d:61:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:35:2e:30:20:28:4d:61:63:69:6e:74:6f:73:68:3b:20:49:6e:74:65:6c:20:4d:61:63:20:4f:53:20:58:20:31:30:5f:31:32:5f:33:29:20:41:70:70:6c:65:57:65:62:4b:69:74:2f:35:33:37:2e:33:36:20:28:4b:48:54:4d:4c:2c:20:6c:69:6b:65:20:47:65:63:6b:6f:29:20:43:68:72:6f:6d:65:2f:35:36:2e:30:2e:32:39:32:34:2e:38:37:20:53:61:66:61:72:69:2f:35:33:37:2e:33:36:0d:0a:61:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:42:65:61:72:65:72:20:65:79:4a:68:62:47:63:69:4f:69:4a:53:55:7a:49:31:4e:69:49:73:49:6e:52:35:63:43:49:67:4f:69:41:69:53:6c:64:55:49:69:77:69:61:32:6c:6b:49:69:41:36:49:43:49:77:64:32:5a:56:64:30:70:44:56:58:4d:32:59:6d:56:48:54:33:5a:54:64:7a:5a:54:4e:31:5a:6a:53:57:30:34:64:6a:5a:57:64:33:52:7a:5a:58:6c:43:57:6d:64:30:4d:45:6c:7a:54:6d:6c:5a:49:6e:30:2e:65:79:4a:71:64:47:6b:69:4f:69:49:78:5a:47:4a:69:4d:6a:52:6a:5a:69:31:6c:5a:47:55:77:4c:54:52:6b:4e:44:6b:74:4f:54:41:31:59:69:31:6d:5a:54:56:6a:4e:6d:51:35:4e:44:6b:78:4d:32:45:69:4c:43:4a:6c:65:48:41:69:4f:6a:45:30:4f:44:6b:77:4d:6a:59:79:4e:6a:51:73:49:6d:35:69:5a:69:49:36:4d:43:77:69:61:57:46:30:49:6a:6f:78:4e:44:67:35:4d:44:49:31:4f:54:59:30:4c:43:4a:70:63:33:4d:69:4f:69:4a:6f:64:48:52:77:4f:69:38:76:62:47:39:6a:59:57:78:6f:62:33:4e:30:4f:6a:67:77:4f:44:41:76:59:58:56:30:61:43:39:79:5a:57:46:73:62:58:4d:76:59:57:74:32:62:79:49:73:49:6d:46:31:5a:43:49:36:49:6d:46:72:64:6d:38:74:62:48:56:74:5a:57:34:69:4c:43:4a:7a:64:57:49:69:4f:69:49:7a:4e:44:4e:6c:5a:6a:41:32:4d:53:30:79:4e:57:4e:68:4c:54:51:34:4d:44:67:74:4f:44:51:78:59:69:30:33:4d:6a:45:34:5a:6a:68:68:4d:6a:5a:69:4e:32:59:69:4c:43:4a:30:65:58:41:69:4f:69:4a:43:5a:57:46:79:5a:58:49:69:4c:43:4a:68:65:6e:41:69:4f:69:4a:68:61:33:5a:76:4c:57:78:31:62:57:56:75:49:69:77:69:62:6d:39:75:59:32:55:69:4f:69:49:32:59:54:41:77:4d:6d:55:32:5a:69:31:6c:4e:57:4a:6a:4c:54:52:6a:4e:44:55:74:59:57:51:33:4f:53:30:35:5a:6a:51:30:5a:6d:59:30:4d:32:4d:34:5a:54:55:69:4c:43:4a:68:64:58:52:6f:58:33:52:70:62:57:55:69:4f:6a:45:30:4f:44:6b:77:4d:6a:55:35:4e:6a:4d:73:49:6e:4e:6c:63:33:4e:70:62:32:35:66:63:33:52:68:64:47:55:69:4f:69:49:77:5a:6d:45:31:59:6a:45:77:59:79:30:34:4d:57:5a:6a:4c:54:51:31:4e:44:55:74:59:54:59:79:4e:79:31:6c:5a:54:49:34:59:6d:5a:68:5a:6d:51:33:4e:47:45:69:4c:43:4a:75:59:57:31:6c:49:6a:6f:69:53:6d:56:79:62:32:31:6c:49:45:56:6e:61:57:35:73:59:53:49:73:49:6d:64:70:64:6d:56:75:58:32:35:68:62:57:55:69:4f:69:4a:4b:5a:58:4a:76:62:57:55:69:4c:43:4a:6d:59:57:31:70:62:48:6c:66:62:6d:46:74:5a:53:49:36:49:6b:56:6e:61:57:35:73:59:53:49:73:49:6e:42:79:5a:57:5a:6c:63:6e:4a:6c:5a:46:39:31:63:32:56:79:62:6d:46:74:5a:53:49:36:49:6d:70:6c:63:6d:39:74:5a:53:49:73:49:6d:56:74:59:57:6c:73:49:6a:6f:69:61:6d:56:79:62:32:31:6c:51:48:51:78:4c:6d:78:31:62:57:56:75:4c:6d:78:76:59:32:46:73:61:47:39:7a:64:43:49:73:49:6d:46:6a:63:69:49:36:49:6a:45:69:4c:43:4a:6a:62:47:6c:6c:62:6e:52:66:63:32:56:7a:63:32:6c:76:62:69:49:36:49:6a:63:34:4e:6d:4a:6c:4f:54:51:78:4c:57:52:69:59:6d:59:74:4e:44:67:32:4d:43:30:34:4d:47:4d:7a:4c:54:49:30:5a:6a:51:32:4d:44:55:33:4e:7a:49:34:4e:69:49:73:49:6d:46:73:62:47:39:33:5a:57:51:74:62:33:4a:70:5a:32:6c:75:63:79:49:36:57:79:4a:6f:64:48:52:77:4f:69:38:76:64:44:49:75:62:48:56:74:5a:57:34:75:62:47:39:6a:59:57:78:6f:62:33:4e:30:4f:6a:4d:77:4d:7a:41:69:4c:43:4a:6f:64:48:52:77:4f:69:38:76:64:44:45:75:62:48:56:74:5a:57:34:75:62:47:39:6a:59:57:78:6f:62:33:4e:30:4f:6a:4d:77:4d:7a:41:69:58:53:77:69:63:6d:56:68:62:47:31:66:59:57:4e:6a:5a:58:4e:7a:49:6a:70:37:49:6e:4a:76:62:47:56:7a:49:6a:70:62:49:6d:46:72:64:6d:38:36:62:48:56:74:5a:57:34:36:64:44:45:69:4c:43:4a:68:61:33:5a:76:4f:6d:78:31:62:57:56:75:4f:6e:51:78:4f:6d:46:6b:62:57:6c:75:49:69:77:69:64:57:31:68:58:32:46:31:64:47:68:76:63:6d:6c:36:59:58:52:70:62:32:34:69:58:58:30:73:49:6e:4a:6c:63:32:39:31:63:6d:4e:6c:58:32:46:6a:59:32:56:7a:63:79:49:36:65:79:4a:68:59:32:4e:76:64:57:35:30:49:6a:70:37:49:6e:4a:76:62:47:56:7a:49:6a:70:62:49:6d:31:68:62:6d:46:6e:5a:53:31:68:59:32:4e:76:64:57:35:30:49:69:77:69:64:6d:6c:6c:64:79:31:77:63:6d:39:6d:61:57:78:6c:49:6c:31:39:66:53:77:69:59:58:56:30:61:47:39:79:61:58:70:68:64:47:6c:76:62:69:49:36:65:79:4a:77:5a:58:4a:74:61:58:4e:7a:61:57:39:75:63:79:49:36:57:33:73:69:63:32:4e:76:63:47:56:7a:49:6a:70:62:49:6e:56:79:62:6a:70:73:64:57:31:6c:62:6a:70:7a:59:32:39:77:5a:58:4d:36:5a:47:46:7a:61:47:4a:76:59:58:4a:6b:4f:6e:5a:70:5a:58:63:69:58:53:77:69:63:6d:56:7a:62:33:56:79:59:32:56:66:63:32:56:30:58:32:6c:6b:49:6a:6f:69:4e:44:63:31:59:54:6c:69:4d:6d:4d:74:4d:44:67:33:4e:79:30:30:4d:32:55:7a:4c:57:49:77:4f:57:4d:74:4e:32:45:32:5a:57:45:7a:4d:32:45:32:4e:54:64:6c:49:69:77:69:63:6d:56:7a:62:33:56:79:59:32:56:66:63:32:56:30:58:32:35:68:62:57:55:69:4f:69:49:76:62:47:6c:69:63:6d:46:79:65:53:4a:39:58:58:31:39:2e:45:64:68:77:58:46:76:70:4b:57:59:73:46:6f:78:74:37:41:50:71:6a:70:66:56:34:62:67:58:4b:62:56:47:41:4f:59:46:56:61:51:73:63:4a:2d:48:50:4c:55:31:77:73:50:30:59:69:55:52:72:4c:56:73:67:67:7a:39:32:41:46:6e:56:69:51:79:53:6a:53:50:6d:38:5f:76:77:56:69:78:6a:63:6f:74:4a:53:75:5f:37:4a:4c:66:39:39:69:6f:55:43:4f:72:32:59:38:6d:5f:4b:2d:30:58:46:69:31:58:49:47:36:35:6f:4c:57:4a:30:4f:5f:4a:33:68:4d:5a:44:59:6e:74:4c:6c:4f:73:69:44:39:65:79:6b:71:7a:4d:5f:42:39:43:33:55:31:76:75:47:6e:6c:55:37:31:43:73:4a:53:39:54:6c:6b:47:38:61:4a:4e:42:31:4f:6b:79:48:66:58:73:4f:70:41:45:39:63:57:67:35:71:54:56:4e:41:71:71:52:33:7a:53:77:78:35:31:63:77:48:70:37:70:4b:58:32:6f:51:31:41:47:63:63:7a:73:58:68:59:64:46:73:52:44:69:6d:59:6e:2d:48:39:4b:78:62:6e:50:57:73:75:5f:41:71:55:49:71:56:68:45:39:4b:42:48:70:61:56:31:39:77:74:49:49:31:6d:53:6a:31:64:70:49:56:68:65:33:68:4a:76:39:73:4a:6d:55:52:32:61:37:43:51:74:30:45:34:41:2d:30:59:37:37:4d:37:52:57:67:77:63:44:78:45:38:5f:77:6a:33:4b:33:66:32:71:70:70:34:49:5f:4a:75:4b:73:6d:54:67:0d:0a:63:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:68:6f:73:74:3a:20:74:31:2e:6c:75:6d:65:6e:2e:6c:6f:63:61:6c:68:6f:73:74:3a:33:30:33:30:0d:0a:0d:0a" }, "http": { "GET \/api\/library HTTP\/1.1\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "GET \/api\/library HTTP\/1.1\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.method": "GET", "http.request.uri": "\/api\/library", "http.request.version": "HTTP\/1.1" }, "http.accept_language": "en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4", "http.request.line": "accept-language: en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4\r\n", "http.accept_encoding": "gzip, deflate, sdch, br", "http.request.line": "accept-encoding: gzip, deflate, sdch, br\r\n", "http.referer": "http:\/\/t1.lumen.localhost:3030\/library", "http.request.line": "referer: http:\/\/t1.lumen.localhost:3030\/library\r\n", "http.accept": "*\/*", "http.request.line": "accept: *\/*\r\n", "http.content_type": "application\/json", "http.request.line": "content-type: application\/json\r\n", "http.user_agent": "Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36", "http.request.line": "user-agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36\r\n", "http.authorization": "Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIwd2ZVd0pDVXM2YmVHT3ZTdzZTN1ZjSW04djZWd3RzZXlCWmd0MElzTmlZIn0.eyJqdGkiOiIxZGJiMjRjZi1lZGUwLTRkNDktOTA1Yi1mZTVjNmQ5NDkxM2EiLCJleHAiOjE0ODkwMjYyNjQsIm5iZiI6MCwiaWF0IjoxNDg5MDI1OTY0LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvYWt2byIsImF1ZCI6ImFrdm8tbHVtZW4iLCJzdWIiOiIzNDNlZjA2MS0yNWNhLTQ4MDgtODQxYi03MjE4ZjhhMjZiN2YiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJha3ZvLWx1bWVuIiwibm9uY2UiOiI2YTAwMmU2Zi1lNWJjLTRjNDUtYWQ3OS05ZjQ0ZmY0M2M4ZTUiLCJhdXRoX3RpbWUiOjE0ODkwMjU5NjMsInNlc3Npb25fc3RhdGUiOiIwZmE1YjEwYy04MWZjLTQ1NDUtYTYyNy1lZTI4YmZhZmQ3NGEiLCJuYW1lIjoiSmVyb21lIEVnaW5sYSIsImdpdmVuX25hbWUiOiJKZXJvbWUiLCJmYW1pbHlfbmFtZSI6IkVnaW5sYSIsInByZWZlcnJlZF91c2VybmFtZSI6Implcm9tZSIsImVtYWlsIjoiamVyb21lQHQxLmx1bWVuLmxvY2FsaG9zdCIsImFjciI6IjEiLCJjbGllbnRfc2Vzc2lvbiI6Ijc4NmJlOTQxLWRiYmYtNDg2MC04MGMzLTI0ZjQ2MDU3NzI4NiIsImFsbG93ZWQtb3JpZ2lucyI6WyJodHRwOi8vdDIubHVtZW4ubG9jYWxob3N0OjMwMzAiLCJodHRwOi8vdDEubHVtZW4ubG9jYWxob3N0OjMwMzAiXSwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbImFrdm86bHVtZW46dDEiLCJha3ZvOmx1bWVuOnQxOmFkbWluIiwidW1hX2F1dGhvcml6YXRpb24iXX0sInJlc291cmNlX2FjY2VzcyI6eyJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50Iiwidmlldy1wcm9maWxlIl19fSwiYXV0aG9yaXphdGlvbiI6eyJwZXJtaXNzaW9ucyI6W3sic2NvcGVzIjpbInVybjpsdW1lbjpzY29wZXM6ZGFzaGJvYXJkOnZpZXciXSwicmVzb3VyY2Vfc2V0X2lkIjoiNDc1YTliMmMtMDg3Ny00M2UzLWIwOWMtN2E2ZWEzM2E2NTdlIiwicmVzb3VyY2Vfc2V0X25hbWUiOiIvbGlicmFyeSJ9XX19.EdhwXFvpKWYsFoxt7APqjpfV4bgXKbVGAOYFVaQscJ-HPLU1wsP0YiURrLVsggz92AFnViQySjSPm8_vwVixjcotJSu_7JLf99ioUCOr2Y8m_K-0XFi1XIG65oLWJ0O_J3hMZDYntLlOsiD9eykqzM_B9C3U1vuGnlU71CsJS9TlkG8aJNB1OkyHfXsOpAE9cWg5qTVNAqqR3zSwx51cwHp7pKX2oQ1AGcczsXhYdFsRDimYn-H9KxbnPWsu_AqUIqVhE9KBHpaV19wtII1mSj1dpIVhe3hJv9sJmUR2a7CQt0E4A-0Y77M7RWgwcDxE8_wj3K3f2qpp4I_JuKsmTg", "http.request.line": "authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIwd2ZVd0pDVXM2YmVHT3ZTdzZTN1ZjSW04djZWd3RzZXlCWmd0MElzTmlZIn0.eyJqdGkiOiIxZGJiMjRjZi1lZGUwLTRkNDktOTA1Yi1mZTVjNmQ5NDkxM2EiLCJleHAiOjE0ODkwMjYyNjQsIm5iZiI6MCwiaWF0IjoxNDg5MDI1OTY0LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvYWt2byIsImF1ZCI6ImFrdm8tbHVtZW4iLCJzdWIiOiIzNDNlZjA2MS0yNWNhLTQ4MDgtODQxYi03MjE4ZjhhMjZiN2YiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJha3ZvLWx1bWVuIiwibm9uY2UiOiI2YTAwMmU2Zi1lNWJjLTRjNDUtYWQ3OS05ZjQ0ZmY0M2M4ZTUiLCJhdXRoX3RpbWUiOjE0ODkwMjU5NjMsInNlc3Npb25fc3RhdGUiOiIwZmE1YjEwYy04MWZjLTQ1NDUtYTYyNy1lZTI4YmZhZmQ3NGEiLCJuYW1lIjoiSmVyb21lIEVnaW5sYSIsImdpdmVuX25hbWUiOiJKZXJvbWUiLCJmYW1pbHlfbmFtZSI6IkVnaW5sYSIsInByZWZlcnJlZF91c2VybmFtZSI6Implcm9tZSIsImVtYWlsIjoiamVyb21lQHQxLmx1bWVuLmxvY2FsaG9zdCIsImFjciI6IjEiLCJjbGllbnRfc2Vzc2lvbiI6Ijc4NmJlOTQxLWRiYmYtNDg2MC04MGMzLTI0ZjQ2MDU3NzI4NiIsImFsbG93ZWQtb3JpZ2lucyI6WyJodHRwOi8vdDIubHVtZW4ubG9jYWxob3N0OjMwMzAiLCJodHRwOi8vdDEubHVtZW4ubG9jYWxob3N0OjMwMzAiXSwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbImFrdm86bHVtZW46dDEiLCJha3ZvOmx1bWVuOnQxOmFkbWluIiwidW1hX2F1dGhvcml6YXRpb24iXX0sInJlc291cmNlX2FjY2VzcyI6eyJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50Iiwidmlldy1wcm9maWxlIl19fSwiYXV0aG9yaXphdGlvbiI6eyJwZXJtaXNzaW9ucyI6W3sic2NvcGVzIjpbInVybjpsdW1lbjpzY29wZXM6ZGFzaGJvYXJkOnZpZXciXSwicmVzb3VyY2Vfc2V0X2lkIjoiNDc1YTliMmMtMDg3Ny00M2UzLWIwOWMtN2E2ZWEzM2E2NTdlIiwicmVzb3VyY2Vfc2V0X25hbWUiOiIvbGlicmFyeSJ9XX19.EdhwXFvpKWYsFoxt7APqjpfV4bgXKbVGAOYFVaQscJ-HPLU1wsP0YiURrLVsggz92AFnViQySjSPm8_vwVixjcotJSu_7JLf99ioUCOr2Y8m_K-0XFi1XIG65oLWJ0O_J3hMZDYntLlOsiD9eykqzM_B9C3U1vuGnlU71CsJS9TlkG8aJNB1OkyHfXsOpAE9cWg5qTVNAqqR3zSwx51cwHp7pKX2oQ1AGcczsXhYdFsRDimYn-H9KxbnPWsu_AqUIqVhE9KBHpaV19wtII1mSj1dpIVhe3hJv9sJmUR2a7CQt0E4A-0Y77M7RWgwcDxE8_wj3K3f2qpp4I_JuKsmTg\r\n", "http.connection": "close", "http.request.line": "connection: close\r\n", "http.host": "t1.lumen.localhost:3030", "http.request.line": "host: t1.lumen.localhost:3030\r\n", "\\r\\n": "", "http.request.full_uri": "http:\/\/t1.lumen.localhost:3030\/api\/library", "http.request": "1", "http.request_number": "2" } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:25.269635000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025965.269635000", "frame.time_delta": "0.020566000", "frame.time_delta_displayed": "0.020632000", "frame.time_relative": "15.546762000", "frame.number": "323", "frame.len": "542", "frame.cap_len": "542", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ip:tcp:http", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "2" }, "ip": { "ip.version": "4", "ip.hdr_len": "20", "ip.dsfield": "0x00000000", "ip.dsfield_tree": { "ip.dsfield.dscp": "0", "ip.dsfield.ecn": "0" }, "ip.len": "538", "ip.id": "0x00001fd1", "ip.flags": "0x00000002", "ip.flags_tree": { "ip.flags.rb": "0", "ip.flags.df": "1", "ip.flags.mf": "0" }, "ip.frag_offset": "0", "ip.ttl": "64", "ip.proto": "6", "ip.checksum": "0x00000000", "ip.checksum.status": "2", "ip.src": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.src_host": "127.0.0.1", "ip.host": "127.0.0.1", "ip.dst": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.dst_host": "127.0.0.1", "ip.host": "127.0.0.1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "54775", "tcp.dstport": "3030", "tcp.port": "54775", "tcp.port": "3030", "tcp.stream": "17", "tcp.len": "486", "tcp.seq": "487", "tcp.nxtseq": "973", "tcp.ack": "212", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12752", "tcp.window_size": "408064", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x0000000f", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:53:eb:48:49:52:4a", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212765163, TSecr 1212764746": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212765163", "tcp.options.timestamp.tsecr": "1212764746" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000086000", "tcp.analysis.bytes_in_flight": "486", "tcp.analysis.push_bytes_sent": "486" } }, "http": { "GET \/assets\/d7a40413a4863fc0cd6aeae05610d66f.png HTTP\/1.1\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "GET \/assets\/d7a40413a4863fc0cd6aeae05610d66f.png HTTP\/1.1\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.method": "GET", "http.request.uri": "\/assets\/d7a40413a4863fc0cd6aeae05610d66f.png", "http.request.version": "HTTP\/1.1" }, "http.host": "t1.lumen.localhost:3030", "http.request.line": "Host: t1.lumen.localhost:3030\r\n", "http.connection": "keep-alive", "http.request.line": "Connection: keep-alive\r\n", "http.user_agent": "Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36", "http.request.line": "User-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36\r\n", "http.accept": "image\/webp,image\/*,*\/*;q=0.8", "http.request.line": "Accept: image\/webp,image\/*,*\/*;q=0.8\r\n", "http.referer": "http:\/\/t1.lumen.localhost:3030\/library", "http.request.line": "Referer: http:\/\/t1.lumen.localhost:3030\/library\r\n", "http.accept_encoding": "gzip, deflate, sdch, br", "http.request.line": "Accept-Encoding: gzip, deflate, sdch, br\r\n", "http.accept_language": "en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4", "http.request.line": "Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4\r\n", "http.request.line": "If-None-Match: W\/\"c534-WdOVBgmS2cjJEMuI+7fF3fdMF\/A\"\r\n", "\\r\\n": "", "http.request.full_uri": "http:\/\/t1.lumen.localhost:3030\/assets\/d7a40413a4863fc0cd6aeae05610d66f.png", "http.request": "1", "http.request_number": "2", "http.prev_request_in": "199", "http.response_in": "325", "http.next_request_in": "327" } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:25.271746000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025965.271746000", "frame.time_delta": "0.002086000", "frame.time_delta_displayed": "0.002111000", "frame.time_relative": "15.548873000", "frame.number": "325", "frame.len": "267", "frame.cap_len": "267", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ip:tcp:http", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "2" }, "ip": { "ip.version": "4", "ip.hdr_len": "20", "ip.dsfield": "0x00000000", "ip.dsfield_tree": { "ip.dsfield.dscp": "0", "ip.dsfield.ecn": "0" }, "ip.len": "263", "ip.id": "0x00007850", "ip.flags": "0x00000002", "ip.flags_tree": { "ip.flags.rb": "0", "ip.flags.df": "1", "ip.flags.mf": "0" }, "ip.frag_offset": "0", "ip.ttl": "64", "ip.proto": "6", "ip.checksum": "0x00000000", "ip.checksum.status": "2", "ip.src": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.src_host": "127.0.0.1", "ip.host": "127.0.0.1", "ip.dst": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.dst_host": "127.0.0.1", "ip.host": "127.0.0.1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "3030", "tcp.dstport": "54775", "tcp.port": "3030", "tcp.port": "54775", "tcp.stream": "17", "tcp.len": "211", "tcp.seq": "212", "tcp.nxtseq": "423", "tcp.ack": "973", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12729", "tcp.window_size": "407328", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x0000fefb", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:53:ed:48:49:53:eb", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212765165, TSecr 1212765163": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212765165", "tcp.options.timestamp.tsecr": "1212765163" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000086000", "tcp.analysis.bytes_in_flight": "211", "tcp.analysis.push_bytes_sent": "211" } }, "http": { "HTTP\/1.1 304 Not Modified\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "HTTP\/1.1 304 Not Modified\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.version": "HTTP\/1.1", "http.response.code": "304", "http.response.phrase": "Not Modified" }, "http.response.line": "X-Powered-By: Express\r\n", "http.response.line": "Accept-Ranges: bytes\r\n", "http.response.line": "Access-Control-Allow-Origin: *\r\n", "http.response.line": "ETag: W\/\"c534-WdOVBgmS2cjJEMuI+7fF3fdMF\/A\"\r\n", "http.date": "Thu, 09 Mar 2017 02:19:25 GMT", "http.response.line": "Date: Thu, 09 Mar 2017 02:19:25 GMT\r\n", "http.connection": "keep-alive", "http.response.line": "Connection: keep-alive\r\n", "\\r\\n": "", "http.response": "1", "http.response_number": "2", "http.time": "0.002111000", "http.prev_request_in": "199", "http.prev_response_in": "225", "http.request_in": "323", "http.next_request_in": "327", "http.next_response_in": "329" } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:25.305384000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025965.305384000", "frame.time_delta": "0.033609000", "frame.time_delta_displayed": "0.033638000", "frame.time_relative": "15.582511000", "frame.number": "327", "frame.len": "542", "frame.cap_len": "542", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ip:tcp:http", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "2" }, "ip": { "ip.version": "4", "ip.hdr_len": "20", "ip.dsfield": "0x00000000", "ip.dsfield_tree": { "ip.dsfield.dscp": "0", "ip.dsfield.ecn": "0" }, "ip.len": "538", "ip.id": "0x00000153", "ip.flags": "0x00000002", "ip.flags_tree": { "ip.flags.rb": "0", "ip.flags.df": "1", "ip.flags.mf": "0" }, "ip.frag_offset": "0", "ip.ttl": "64", "ip.proto": "6", "ip.checksum": "0x00000000", "ip.checksum.status": "2", "ip.src": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.src_host": "127.0.0.1", "ip.host": "127.0.0.1", "ip.dst": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.dst_host": "127.0.0.1", "ip.host": "127.0.0.1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "54775", "tcp.dstport": "3030", "tcp.port": "54775", "tcp.port": "3030", "tcp.stream": "17", "tcp.len": "486", "tcp.seq": "973", "tcp.nxtseq": "1459", "tcp.ack": "423", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12746", "tcp.window_size": "407872", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x0000000f", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:54:0e:48:49:53:ed", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212765198, TSecr 1212765165": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212765198", "tcp.options.timestamp.tsecr": "1212765165" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000086000", "tcp.analysis.bytes_in_flight": "486", "tcp.analysis.push_bytes_sent": "486" } }, "http": { "GET \/assets\/7a0f310ff247886f82814a8e04be4fb2.png HTTP\/1.1\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "GET \/assets\/7a0f310ff247886f82814a8e04be4fb2.png HTTP\/1.1\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.method": "GET", "http.request.uri": "\/assets\/7a0f310ff247886f82814a8e04be4fb2.png", "http.request.version": "HTTP\/1.1" }, "http.host": "t1.lumen.localhost:3030", "http.request.line": "Host: t1.lumen.localhost:3030\r\n", "http.connection": "keep-alive", "http.request.line": "Connection: keep-alive\r\n", "http.user_agent": "Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36", "http.request.line": "User-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36\r\n", "http.accept": "image\/webp,image\/*,*\/*;q=0.8", "http.request.line": "Accept: image\/webp,image\/*,*\/*;q=0.8\r\n", "http.referer": "http:\/\/t1.lumen.localhost:3030\/library", "http.request.line": "Referer: http:\/\/t1.lumen.localhost:3030\/library\r\n", "http.accept_encoding": "gzip, deflate, sdch, br", "http.request.line": "Accept-Encoding: gzip, deflate, sdch, br\r\n", "http.accept_language": "en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4", "http.request.line": "Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4\r\n", "http.request.line": "If-None-Match: W\/\"7629-NUuVbiLSd2r4yBtFPQ0TTK5S4hY\"\r\n", "\\r\\n": "", "http.request.full_uri": "http:\/\/t1.lumen.localhost:3030\/assets\/7a0f310ff247886f82814a8e04be4fb2.png", "http.request": "1", "http.request_number": "3", "http.prev_request_in": "323", "http.response_in": "329", "http.next_request_in": "331" } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:25.306971000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025965.306971000", "frame.time_delta": "0.001557000", "frame.time_delta_displayed": "0.001587000", "frame.time_relative": "15.584098000", "frame.number": "329", "frame.len": "267", "frame.cap_len": "267", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ip:tcp:http", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "2" }, "ip": { "ip.version": "4", "ip.hdr_len": "20", "ip.dsfield": "0x00000000", "ip.dsfield_tree": { "ip.dsfield.dscp": "0", "ip.dsfield.ecn": "0" }, "ip.len": "263", "ip.id": "0x000026e2", "ip.flags": "0x00000002", "ip.flags_tree": { "ip.flags.rb": "0", "ip.flags.df": "1", "ip.flags.mf": "0" }, "ip.frag_offset": "0", "ip.ttl": "64", "ip.proto": "6", "ip.checksum": "0x00000000", "ip.checksum.status": "2", "ip.src": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.src_host": "127.0.0.1", "ip.host": "127.0.0.1", "ip.dst": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.dst_host": "127.0.0.1", "ip.host": "127.0.0.1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "3030", "tcp.dstport": "54775", "tcp.port": "3030", "tcp.port": "54775", "tcp.stream": "17", "tcp.len": "211", "tcp.seq": "423", "tcp.nxtseq": "634", "tcp.ack": "1459", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12713", "tcp.window_size": "406816", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x0000fefb", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:54:0f:48:49:54:0e", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212765199, TSecr 1212765198": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212765199", "tcp.options.timestamp.tsecr": "1212765198" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000086000", "tcp.analysis.bytes_in_flight": "211", "tcp.analysis.push_bytes_sent": "211" } }, "http": { "HTTP\/1.1 304 Not Modified\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "HTTP\/1.1 304 Not Modified\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.version": "HTTP\/1.1", "http.response.code": "304", "http.response.phrase": "Not Modified" }, "http.response.line": "X-Powered-By: Express\r\n", "http.response.line": "Accept-Ranges: bytes\r\n", "http.response.line": "Access-Control-Allow-Origin: *\r\n", "http.response.line": "ETag: W\/\"7629-NUuVbiLSd2r4yBtFPQ0TTK5S4hY\"\r\n", "http.date": "Thu, 09 Mar 2017 02:19:25 GMT", "http.response.line": "Date: Thu, 09 Mar 2017 02:19:25 GMT\r\n", "http.connection": "keep-alive", "http.response.line": "Connection: keep-alive\r\n", "\\r\\n": "", "http.response": "1", "http.response_number": "3", "http.time": "0.001587000", "http.prev_request_in": "323", "http.prev_response_in": "325", "http.request_in": "327", "http.next_request_in": "331", "http.next_response_in": "333" } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:25.344643000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025965.344643000", "frame.time_delta": "0.037634000", "frame.time_delta_displayed": "0.037672000", "frame.time_relative": "15.621770000", "frame.number": "331", "frame.len": "542", "frame.cap_len": "542", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ip:tcp:http", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "2" }, "ip": { "ip.version": "4", "ip.hdr_len": "20", "ip.dsfield": "0x00000000", "ip.dsfield_tree": { "ip.dsfield.dscp": "0", "ip.dsfield.ecn": "0" }, "ip.len": "538", "ip.id": "0x0000a6f5", "ip.flags": "0x00000002", "ip.flags_tree": { "ip.flags.rb": "0", "ip.flags.df": "1", "ip.flags.mf": "0" }, "ip.frag_offset": "0", "ip.ttl": "64", "ip.proto": "6", "ip.checksum": "0x00000000", "ip.checksum.status": "2", "ip.src": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.src_host": "127.0.0.1", "ip.host": "127.0.0.1", "ip.dst": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.dst_host": "127.0.0.1", "ip.host": "127.0.0.1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "54775", "tcp.dstport": "3030", "tcp.port": "54775", "tcp.port": "3030", "tcp.stream": "17", "tcp.len": "486", "tcp.seq": "1459", "tcp.nxtseq": "1945", "tcp.ack": "634", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12739", "tcp.window_size": "407648", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x0000000f", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:54:34:48:49:54:0f", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212765236, TSecr 1212765199": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212765236", "tcp.options.timestamp.tsecr": "1212765199" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000086000", "tcp.analysis.bytes_in_flight": "486", "tcp.analysis.push_bytes_sent": "486" } }, "http": { "GET \/assets\/a5e0d38dd4d9df4829d054c11ca53ad5.png HTTP\/1.1\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "GET \/assets\/a5e0d38dd4d9df4829d054c11ca53ad5.png HTTP\/1.1\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.method": "GET", "http.request.uri": "\/assets\/a5e0d38dd4d9df4829d054c11ca53ad5.png", "http.request.version": "HTTP\/1.1" }, "http.host": "t1.lumen.localhost:3030", "http.request.line": "Host: t1.lumen.localhost:3030\r\n", "http.connection": "keep-alive", "http.request.line": "Connection: keep-alive\r\n", "http.user_agent": "Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36", "http.request.line": "User-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/56.0.2924.87 Safari\/537.36\r\n", "http.accept": "image\/webp,image\/*,*\/*;q=0.8", "http.request.line": "Accept: image\/webp,image\/*,*\/*;q=0.8\r\n", "http.referer": "http:\/\/t1.lumen.localhost:3030\/library", "http.request.line": "Referer: http:\/\/t1.lumen.localhost:3030\/library\r\n", "http.accept_encoding": "gzip, deflate, sdch, br", "http.request.line": "Accept-Encoding: gzip, deflate, sdch, br\r\n", "http.accept_language": "en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4", "http.request.line": "Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,es;q=0.4\r\n", "http.request.line": "If-None-Match: W\/\"65be-GMyGMuLP\/U4AVWmU7XJ\/uF+uOMk\"\r\n", "\\r\\n": "", "http.request.full_uri": "http:\/\/t1.lumen.localhost:3030\/assets\/a5e0d38dd4d9df4829d054c11ca53ad5.png", "http.request": "1", "http.request_number": "4", "http.prev_request_in": "327", "http.response_in": "333" } } } } , { "_index": "packets-2017-10-17", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "15", "frame.time": "Mar 9, 2017 03:19:25.346149000 CET", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1489025965.346149000", "frame.time_delta": "0.001471000", "frame.time_delta_displayed": "0.001506000", "frame.time_relative": "15.623276000", "frame.number": "333", "frame.len": "267", "frame.cap_len": "267", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "null:ip:tcp:http", "frame.coloring_rule.name": "HTTP", "frame.coloring_rule.string": "http || tcp.port == 80 || http2" }, "null": { "null.family": "2" }, "ip": { "ip.version": "4", "ip.hdr_len": "20", "ip.dsfield": "0x00000000", "ip.dsfield_tree": { "ip.dsfield.dscp": "0", "ip.dsfield.ecn": "0" }, "ip.len": "263", "ip.id": "0x000078dd", "ip.flags": "0x00000002", "ip.flags_tree": { "ip.flags.rb": "0", "ip.flags.df": "1", "ip.flags.mf": "0" }, "ip.frag_offset": "0", "ip.ttl": "64", "ip.proto": "6", "ip.checksum": "0x00000000", "ip.checksum.status": "2", "ip.src": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.src_host": "127.0.0.1", "ip.host": "127.0.0.1", "ip.dst": "127.0.0.1", "ip.addr": "127.0.0.1", "ip.dst_host": "127.0.0.1", "ip.host": "127.0.0.1", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "3030", "tcp.dstport": "54775", "tcp.port": "3030", "tcp.port": "54775", "tcp.stream": "17", "tcp.len": "211", "tcp.seq": "634", "tcp.nxtseq": "845", "tcp.ack": "1945", "tcp.hdr_len": "32", "tcp.flags": "0x00000018", "tcp.flags_tree": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" }, "tcp.window_size_value": "12698", "tcp.window_size": "406336", "tcp.window_size_scalefactor": "32", "tcp.checksum": "0x0000fefb", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.options": "01:01:08:0a:48:49:54:35:48:49:54:34", "tcp.options_tree": { "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "No-Operation (NOP)": { "tcp.options.type": "1", "tcp.options.type_tree": { "tcp.options.type.copy": "0", "tcp.options.type.class": "0", "tcp.options.type.number": "1" } }, "Timestamps: TSval 1212765237, TSecr 1212765236": { "tcp.option_kind": "8", "tcp.option_len": "10", "tcp.options.timestamp.tsval": "1212765237", "tcp.options.timestamp.tsecr": "1212765236" } }, "tcp.analysis": { "tcp.analysis.initial_rtt": "0.000086000", "tcp.analysis.bytes_in_flight": "211", "tcp.analysis.push_bytes_sent": "211" } }, "http": { "HTTP\/1.1 304 Not Modified\\r\\n": { "_ws.expert": { "http.chat": "", "_ws.expert.message": "HTTP\/1.1 304 Not Modified\\r\\n", "_ws.expert.severity": "2097152", "_ws.expert.group": "33554432" }, "http.request.version": "HTTP\/1.1", "http.response.code": "304", "http.response.phrase": "Not Modified" }, "http.response.line": "X-Powered-By: Express\r\n", "http.response.line": "Accept-Ranges: bytes\r\n", "http.response.line": "Access-Control-Allow-Origin: *\r\n", "http.response.line": "ETag: W\/\"65be-GMyGMuLP\/U4AVWmU7XJ\/uF+uOMk\"\r\n", "http.date": "Thu, 09 Mar 2017 02:19:25 GMT", "http.response.line": "Date: Thu, 09 Mar 2017 02:19:25 GMT\r\n", "http.connection": "keep-alive", "http.response.line": "Connection: keep-alive\r\n", "\\r\\n": "", "http.response": "1", "http.response_number": "4", "http.time": "0.001506000", "http.prev_request_in": "327", "http.prev_response_in": "329", "http.request_in": "331" } } } } ] ================================================ FILE: src/plantuml_uma/core.clj ================================================ (ns plantuml-uma.core (:require [cheshire.core :as json] [clojure.contrib.humanize :as human] clojure.string) (:import (java.io FileOutputStream) (net.sourceforge.plantuml SourceStringReader) (javax.swing ImageIcon JLabel JFrame) (java.awt Toolkit BorderLayout))) (defn http-data [frame] (let [http (-> frame (get "_source") (get "layers") (get "http")) request-method (first (keep #(get % "http.request.method") (vals http))) response-code (first (keep #(get % "http.response.code") (vals http)))] (-> http (select-keys ["http.user_agent" "http.request.full_uri" "http.response_in" "http.set_cookie" "http.host" "http.content_type"]) (assoc :response-code response-code) (assoc :method request-method)))) (defn other-data [frame] {:id (get-in frame ["_source" "layers" "frame" "frame.number"]) :time (long (* 1000 (Double/parseDouble (get-in frame ["_source" "layers" "frame" "frame.time_epoch"])))) :frame-size (Long/parseLong (get-in frame ["_source" "layers" "frame" "frame.len"])) :destination-ip (get-in frame ["_source" "layers" "ip" "ip.dst_host"])}) (defn parse-frame [frame] (merge (http-data frame) (other-data frame))) (defn uri-ends [what] (fn [x] (some-> x ^String (get "http.request.full_uri") (.matches (str ".*\\." what "$"))))) (def ignore-request? (some-fn (fn [x] (some-> x (get :destination-ip) (= "192.168.0.14"))) (uri-ends "js") (uri-ends "ico") (uri-ends "js.map") (uri-ends "png") (fn [x] (some-> x (get "http.request.full_uri") (.contains "login-status-iframe.html"))) (fn [x] (some-> x (get "http.request.full_uri") (.contains "sockjs-node"))))) (defn remove-boring-frames [all-frames] (let [to-ignore (filter ignore-request? (map parse-frame all-frames)) ids-to-remove (set (remove nil? (mapcat (juxt :id #(get % "http.response_in")) to-ignore)))] (remove (comp ids-to-remove :id) (map parse-frame all-frames)))) (defn from? [req] (if (.contains (get req "http.user_agent" "") "Mozilla") :browser :backend)) (defn to? [req] (cond (.contains (get req "http.request.full_uri" "") "http://t1.lumen.localhost:3030/api/") :backend (.contains (get req "http.request.full_uri" "") "http://t1.lumen.localhost:3030/env") :backend (.contains (get req "http.request.full_uri" "") "localhost:8080") :keycloak :default :nginx)) (defn join-req-and-resp [interesting-frames] (let [reqs (filter #(get % "http.response_in") interesting-frames) resp (fn [req] (first (filter (comp (partial = (get req "http.response_in")) :id) interesting-frames)))] (->> reqs (map (juxt identity resp)) (sort-by (comp #(Long/parseLong %) :id first)) (map (fn [[req res]] [(assoc req :from (from? req) :to (to? req)) (assoc res :from (from? req) :to (to? req))]))))) (defn traffic-size [request-response-pairs] (->> request-response-pairs (group-by (comp (juxt :from :to) first)) (map (fn [[from-to request-response-pairs]] [from-to {:from-to from-to :from->to (reduce + (map (comp :frame-size first) request-response-pairs)) :to->from (reduce + (map (comp :frame-size second) request-response-pairs))}])) (into {}))) (defn ->plantuml [request-response-pairs] (let [response? (fn [req-or-resp] (:response-code req-or-resp)) steps (sort-by (comp #(Long/parseLong %) :id) (apply concat request-response-pairs)) content-type (fn [type-str] (cond (nil? type-str) nil (clojure.string/includes? type-str "json") "json" (clojure.string/includes? type-str "html") "html" :default (throw (RuntimeException. type-str)))) path (fn [url] (.getPath (java.net.URL. url))) sequence-diagram-step (fn [{:keys [from to method frame-size] :as req-or-res}] (let [frame-size-str (str " (" (human/filesize frame-size) ")")] (if-not (response? req-or-res) [(str (name from) " -> " (name to) ": " (path (get req-or-res "http.request.full_uri")) (when-not (= "GET" method) (str " [" method "]")) frame-size-str)] [(let [resp-code (:response-code req-or-res) content-type (content-type (get req-or-res "http.content_type")) cookie (some-> (get req-or-res "http.set_cookie") (clojure.string/split #"=") first) request (ffirst (filter (fn [[_ res]] (= (:id res) (:id req-or-res))) request-response-pairs))] (try (str (name from) " <-- " (name to) ": " resp-code " " content-type (when cookie (str " [" cookie "]")) frame-size-str) (catch Exception e (println req-or-res) (throw e))))]))) sizes (traffic-size request-response-pairs) sizes-in-order (map (fn [from-to] (merge {:from-to from-to :from->to 0 :to->from 0} (get sizes from-to))) [[:browser :nginx] [:browser :backend] [:browser :keycloak] [:backend :keycloak]]) size-note-fn (fn [{:keys [from-to from->to to->from]}] (str "note over " (name (first from-to)) ", " (name (second from-to)) ": ->" (human/filesize from->to) "/<-" (human/filesize to->from)))] (clojure.string/join "\n" (concat ["@startuml\n" "actor browser" "participant nginx" "participant backend" "participant keycloak"] (mapcat sequence-diagram-step steps) (map size-note-fn sizes-in-order) ["@enduml"])))) (defn create-image! [input-file output-file] (let [uml (-> input-file remove-boring-frames join-req-and-resp ->plantuml) out (FileOutputStream. (clojure.java.io/file output-file))] (-> (SourceStringReader. uml) (.generateImage out)) (.close out))) (def input-file "sample.json") (def output-img "sample.png") (defonce data (json/parse-string (slurp input-file))) (create-image! data output-img) (defonce img (ImageIcon. output-img)) (defonce jframe (doto (JFrame. "img") (.add (JLabel. img) BorderLayout/CENTER) (.pack) (.setVisible true))) (dotimes [_ 2] (let [img-icon (.getImage (Toolkit/getDefaultToolkit) output-img) max-height 1450 img-icon (if (> (.getHeight img-icon) max-height) (.getScaledInstance img-icon (/ (* (.getWidth img-icon) max-height) (.getHeight img-icon)) max-height 1) img-icon)] (.setImage img img-icon)) (-> img .getImage .flush) (.repaint jframe))