diff --git a/wireshark_twoo_twooo_two_twoo/out.json b/wireshark_twoo_twooo_two_twoo/out.json new file mode 100644 index 0000000..78bcc4b --- /dev/null +++ b/wireshark_twoo_twooo_two_twoo/out.json @@ -0,0 +1,101462 @@ +[ + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f9962040002406c4bc12d90139c0a826680050f895a37f71efbb0b06d5501901e7bd670000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a313920474d540d0a0d0a7069636f4354467b626665343865383530306334353464363437633535613434373139383565373736613037623236636261363435323637313366343337353835393961613938627d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f9962040002406c4bc12d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "9620", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "c4bc", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f895a37f71efbb0b06d5501901e7bd670000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f895", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f895", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "a37f71ef", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "a37f71ef", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "bb0b06d5", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "bb0b06d5", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "bd67", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a313920474d540d0a0d0a7069636f4354467b626665343865383530306334353464363437633535613434373139383565373736613037623236636261363435323637313366343337353835393961613938627d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a313920474d540d0a0d0a7069636f4354467b626665343865383530306334353464363437633535613434373139383565373736613037623236636261363435323637313366343337353835393961613938627d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a313920474d540d0a0d0a7069636f4354467b626665343865383530306334353464363437633535613434373139383565373736613037623236636261363435323637313366343337353835393961613938627d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a313920474d540d0a0d0a7069636f4354467b626665343865383530306334353464363437633535613434373139383565373736613037623236636261363435323637313366343337353835393961613938627d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a313920474d540d0a0d0a7069636f4354467b626665343865383530306334353464363437633535613434373139383565373736613037623236636261363435323637313366343337353835393961613938627d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a313920474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a313920474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a313920474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b626665343865383530306334353464363437633535613434373139383565373736613037623236636261363435323637313366343337353835393961613938627d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b626665343865383530306334353464363437633535613434373139383565373736613037623236636261363435323637313366343337353835393961613938627d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{bfe48e8500c454d647c55a4471985e776a07b26cba64526713f43758599aa98b}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f9456b40002406157212d90139c0a826680050f897e734dc6e38180450501901e7b6960000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323320474d540d0a0d0a7069636f4354467b626461363962646638663537306139616161623065343130386130666135663634636232366261376432323639626236336636386166356439386239383234357d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f9456b40002406157212d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "456b", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "1572", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f897e734dc6e38180450501901e7b6960000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f897", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f897", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "e734dc6e", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "e734dc6e", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "38180450", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "38180450", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "b696", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323320474d540d0a0d0a7069636f4354467b626461363962646638663537306139616161623065343130386130666135663634636232366261376432323639626236336636386166356439386239383234357d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323320474d540d0a0d0a7069636f4354467b626461363962646638663537306139616161623065343130386130666135663634636232366261376432323639626236336636386166356439386239383234357d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323320474d540d0a0d0a7069636f4354467b626461363962646638663537306139616161623065343130386130666135663634636232366261376432323639626236336636386166356439386239383234357d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323320474d540d0a0d0a7069636f4354467b626461363962646638663537306139616161623065343130386130666135663634636232366261376432323639626236336636386166356439386239383234357d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323320474d540d0a0d0a7069636f4354467b626461363962646638663537306139616161623065343130386130666135663634636232366261376432323639626236336636386166356439386239383234357d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323320474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a323320474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a323320474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b626461363962646638663537306139616161623065343130386130666135663634636232366261376432323639626236336636386166356439386239383234357d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b626461363962646638663537306139616161623065343130386130666135663634636232366261376432323639626236336636386166356439386239383234357d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{bda69bdf8f570a9aaab0e4108a0fa5f64cb26ba7d2269bb63f68af5d98b98245}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f9db97400024067f4512d90139c0a826680050f89a7783a8e6f9628b70501901e7d75d0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323420474d540d0a0d0a7069636f4354467b666538336263623663666434336433623739333932663661343233323638356636656434653761373839633263653535396366336331616236616462653334627d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f9db97400024067f4512d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "db97", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "7f45", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f89a7783a8e6f9628b70501901e7d75d0000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f89a", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f89a", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "7783a8e6", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "7783a8e6", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "f9628b70", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "f9628b70", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "d75d", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323420474d540d0a0d0a7069636f4354467b666538336263623663666434336433623739333932663661343233323638356636656434653761373839633263653535396366336331616236616462653334627d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323420474d540d0a0d0a7069636f4354467b666538336263623663666434336433623739333932663661343233323638356636656434653761373839633263653535396366336331616236616462653334627d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323420474d540d0a0d0a7069636f4354467b666538336263623663666434336433623739333932663661343233323638356636656434653761373839633263653535396366336331616236616462653334627d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323420474d540d0a0d0a7069636f4354467b666538336263623663666434336433623739333932663661343233323638356636656434653761373839633263653535396366336331616236616462653334627d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323420474d540d0a0d0a7069636f4354467b666538336263623663666434336433623739333932663661343233323638356636656434653761373839633263653535396366336331616236616462653334627d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323420474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a323420474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a323420474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b666538336263623663666434336433623739333932663661343233323638356636656434653761373839633263653535396366336331616236616462653334627d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b666538336263623663666434336433623739333932663661343233323638356636656434653761373839633263653535396366336331616236616462653334627d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{fe83bcb6cfd43d3b79392f6a4232685f6ed4e7a789c2ce559cf3c1ab6adbe34b}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f9757c40002406e56012d90139c0a826680050f89bf33f8e8da999bc6d501901e7f18b0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323420474d540d0a0d0a7069636f4354467b373131643338393364393066313030633135653130656634383432616265656433613833306638323337633132353763643437333839363436646139373831307d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f9757c40002406e56012d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "757c", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "e560", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f89bf33f8e8da999bc6d501901e7f18b0000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f89b", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f89b", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "f33f8e8d", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "f33f8e8d", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "a999bc6d", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "a999bc6d", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "f18b", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323420474d540d0a0d0a7069636f4354467b373131643338393364393066313030633135653130656634383432616265656433613833306638323337633132353763643437333839363436646139373831307d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323420474d540d0a0d0a7069636f4354467b373131643338393364393066313030633135653130656634383432616265656433613833306638323337633132353763643437333839363436646139373831307d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323420474d540d0a0d0a7069636f4354467b373131643338393364393066313030633135653130656634383432616265656433613833306638323337633132353763643437333839363436646139373831307d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323420474d540d0a0d0a7069636f4354467b373131643338393364393066313030633135653130656634383432616265656433613833306638323337633132353763643437333839363436646139373831307d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323420474d540d0a0d0a7069636f4354467b373131643338393364393066313030633135653130656634383432616265656433613833306638323337633132353763643437333839363436646139373831307d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323420474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a323420474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a323420474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b373131643338393364393066313030633135653130656634383432616265656433613833306638323337633132353763643437333839363436646139373831307d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b373131643338393364393066313030633135653130656634383432616265656433613833306638323337633132353763643437333839363436646139373831307d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{711d3893d90f100c15e10ef4842abeed3a830f8237c1257cd47389646da97810}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f9ff87400024065b5512d90139c0a826680050f89c080a9b7147b9a041501901e7daf30000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323520474d540d0a0d0a7069636f4354467b336366316532326434383966636662366262333132613334663436633836393939383965643034333430363133343333313435326431316365373363643539657d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f9ff87400024065b5512d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "ff87", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "5b55", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f89c080a9b7147b9a041501901e7daf30000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f89c", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f89c", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "080a9b71", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "080a9b71", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "47b9a041", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "47b9a041", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "daf3", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323520474d540d0a0d0a7069636f4354467b336366316532326434383966636662366262333132613334663436633836393939383965643034333430363133343333313435326431316365373363643539657d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323520474d540d0a0d0a7069636f4354467b336366316532326434383966636662366262333132613334663436633836393939383965643034333430363133343333313435326431316365373363643539657d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323520474d540d0a0d0a7069636f4354467b336366316532326434383966636662366262333132613334663436633836393939383965643034333430363133343333313435326431316365373363643539657d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323520474d540d0a0d0a7069636f4354467b336366316532326434383966636662366262333132613334663436633836393939383965643034333430363133343333313435326431316365373363643539657d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323520474d540d0a0d0a7069636f4354467b336366316532326434383966636662366262333132613334663436633836393939383965643034333430363133343333313435326431316365373363643539657d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323520474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a323520474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a323520474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b336366316532326434383966636662366262333132613334663436633836393939383965643034333430363133343333313435326431316365373363643539657d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b336366316532326434383966636662366262333132613334663436633836393939383965643034333430363133343333313435326431316365373363643539657d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{3cf1e22d489fcfb6bb312a34f46c8699989ed043406134331452d11ce73cd59e}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f9e8ba40002406722212d90139c0a826680050f89ef85f65e44ba247d7501901e738eb0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323520474d540d0a0d0a7069636f4354467b623463633133386262306637663964613765333530383565333439353535616136643030626463613362303231633166653836363363306134323263653064377d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f9e8ba40002406722212d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "e8ba", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "7222", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f89ef85f65e44ba247d7501901e738eb0000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f89e", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f89e", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "f85f65e4", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "f85f65e4", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "4ba247d7", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "4ba247d7", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "38eb", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323520474d540d0a0d0a7069636f4354467b623463633133386262306637663964613765333530383565333439353535616136643030626463613362303231633166653836363363306134323263653064377d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323520474d540d0a0d0a7069636f4354467b623463633133386262306637663964613765333530383565333439353535616136643030626463613362303231633166653836363363306134323263653064377d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323520474d540d0a0d0a7069636f4354467b623463633133386262306637663964613765333530383565333439353535616136643030626463613362303231633166653836363363306134323263653064377d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323520474d540d0a0d0a7069636f4354467b623463633133386262306637663964613765333530383565333439353535616136643030626463613362303231633166653836363363306134323263653064377d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323520474d540d0a0d0a7069636f4354467b623463633133386262306637663964613765333530383565333439353535616136643030626463613362303231633166653836363363306134323263653064377d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323520474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a323520474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a323520474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b623463633133386262306637663964613765333530383565333439353535616136643030626463613362303231633166653836363363306134323263653064377d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b623463633133386262306637663964613765333530383565333439353535616136643030626463613362303231633166653836363363306134323263653064377d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{b4cc138bb0f7f9da7e35085e349555aa6d00bdca3b021c1fe8663c0a422ce0d7}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f9f86040002406627c12d90139c0a826680050f89f8566b92c24fe8e45501901e75adb0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323620474d540d0a0d0a7069636f4354467b343162386131613739366264386432303230313666373562633562333838383965396561303630303765366232326663383536643338306662373537333133337d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f9f86040002406627c12d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "f860", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "627c", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f89f8566b92c24fe8e45501901e75adb0000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f89f", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f89f", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "8566b92c", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "8566b92c", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "24fe8e45", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "24fe8e45", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "5adb", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323620474d540d0a0d0a7069636f4354467b343162386131613739366264386432303230313666373562633562333838383965396561303630303765366232326663383536643338306662373537333133337d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323620474d540d0a0d0a7069636f4354467b343162386131613739366264386432303230313666373562633562333838383965396561303630303765366232326663383536643338306662373537333133337d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323620474d540d0a0d0a7069636f4354467b343162386131613739366264386432303230313666373562633562333838383965396561303630303765366232326663383536643338306662373537333133337d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323620474d540d0a0d0a7069636f4354467b343162386131613739366264386432303230313666373562633562333838383965396561303630303765366232326663383536643338306662373537333133337d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323620474d540d0a0d0a7069636f4354467b343162386131613739366264386432303230313666373562633562333838383965396561303630303765366232326663383536643338306662373537333133337d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323620474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a323620474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a323620474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b343162386131613739366264386432303230313666373562633562333838383965396561303630303765366232326663383536643338306662373537333133337d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b343162386131613739366264386432303230313666373562633562333838383965396561303630303765366232326663383536643338306662373537333133337d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{41b8a1a796bd8d202016f75bc5b38889e9ea06007e6b22fc856d380fb7573133}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f9242e4000240636af12d90139c0a826680050f8a06a1a7068426f8aaa501901e745180000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323620474d540d0a0d0a7069636f4354467b393831326263346265303465366639633830333135323331336462336461353362336466623739396264623035616163343666613064643030343564326663327d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f9242e4000240636af12d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "242e", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "36af", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8a06a1a7068426f8aaa501901e745180000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8a0", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8a0", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "6a1a7068", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "6a1a7068", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "426f8aaa", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "426f8aaa", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "4518", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323620474d540d0a0d0a7069636f4354467b393831326263346265303465366639633830333135323331336462336461353362336466623739396264623035616163343666613064643030343564326663327d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323620474d540d0a0d0a7069636f4354467b393831326263346265303465366639633830333135323331336462336461353362336466623739396264623035616163343666613064643030343564326663327d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323620474d540d0a0d0a7069636f4354467b393831326263346265303465366639633830333135323331336462336461353362336466623739396264623035616163343666613064643030343564326663327d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323620474d540d0a0d0a7069636f4354467b393831326263346265303465366639633830333135323331336462336461353362336466623739396264623035616163343666613064643030343564326663327d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323620474d540d0a0d0a7069636f4354467b393831326263346265303465366639633830333135323331336462336461353362336466623739396264623035616163343666613064643030343564326663327d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323620474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a323620474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a323620474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b393831326263346265303465366639633830333135323331336462336461353362336466623739396264623035616163343666613064643030343564326663327d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b393831326263346265303465366639633830333135323331336462336461353362336466623739396264623035616163343666613064643030343564326663327d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{9812bc4be04e6f9c803152313db3da53b3dfb799bdb05aac46fa0dd0045d2fc2}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f9468840002406145512d90139c0a826680050f8a11e22d9b0ae99a485501901e7a1cb0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a7069636f4354467b363463663365646533373336613334306664663239353462653531353163653533626563323931633565343863626363623434666161353239393436653234397d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f9468840002406145512d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "4688", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "1455", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8a11e22d9b0ae99a485501901e7a1cb0000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8a1", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8a1", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "1e22d9b0", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "1e22d9b0", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "ae99a485", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "ae99a485", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "a1cb", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a7069636f4354467b363463663365646533373336613334306664663239353462653531353163653533626563323931633565343863626363623434666161353239393436653234397d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a7069636f4354467b363463663365646533373336613334306664663239353462653531353163653533626563323931633565343863626363623434666161353239393436653234397d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a7069636f4354467b363463663365646533373336613334306664663239353462653531353163653533626563323931633565343863626363623434666161353239393436653234397d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a7069636f4354467b363463663365646533373336613334306664663239353462653531353163653533626563323931633565343863626363623434666161353239393436653234397d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a7069636f4354467b363463663365646533373336613334306664663239353462653531353163653533626563323931633565343863626363623434666161353239393436653234397d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b363463663365646533373336613334306664663239353462653531353163653533626563323931633565343863626363623434666161353239393436653234397d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b363463663365646533373336613334306664663239353462653531353163653533626563323931633565343863626363623434666161353239393436653234397d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{64cf3ede3736a340fdf2954be5151ce53bec291c5e48cbccb44faa529946e249}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f95a9f40002406003e12d90139c0a826680050f8a2d00ed2c2e005c4ba501901e7047b0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a7069636f4354467b633530643235396134653137326663623265646462616265656264323732343733653438383262373663396566636431326330336163303434323964383834617d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f95a9f40002406003e12d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "5a9f", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "003e", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8a2d00ed2c2e005c4ba501901e7047b0000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8a2", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8a2", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "d00ed2c2", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "d00ed2c2", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "e005c4ba", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "e005c4ba", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "047b", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a7069636f4354467b633530643235396134653137326663623265646462616265656264323732343733653438383262373663396566636431326330336163303434323964383834617d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a7069636f4354467b633530643235396134653137326663623265646462616265656264323732343733653438383262373663396566636431326330336163303434323964383834617d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a7069636f4354467b633530643235396134653137326663623265646462616265656264323732343733653438383262373663396566636431326330336163303434323964383834617d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a7069636f4354467b633530643235396134653137326663623265646462616265656264323732343733653438383262373663396566636431326330336163303434323964383834617d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a7069636f4354467b633530643235396134653137326663623265646462616265656264323732343733653438383262373663396566636431326330336163303434323964383834617d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b633530643235396134653137326663623265646462616265656264323732343733653438383262373663396566636431326330336163303434323964383834617d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b633530643235396134653137326663623265646462616265656264323732343733653438383262373663396566636431326330336163303434323964383834617d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{c50d259a4e172fcb2eddbabeebd272473e4882b76c9efcd12c03ac04429d884a}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f9c78d40002406934f12d90139c0a826680050f8a31b7ae1debdf1e7ea501901e7da3a0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a7069636f4354467b306130323462376433393630333735366665616661326262616131363033623134613939656165356463643539663164393537663531316438323263386330367d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f9c78d40002406934f12d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "c78d", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "934f", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8a31b7ae1debdf1e7ea501901e7da3a0000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8a3", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8a3", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "1b7ae1de", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "1b7ae1de", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "bdf1e7ea", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "bdf1e7ea", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "da3a", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a7069636f4354467b306130323462376433393630333735366665616661326262616131363033623134613939656165356463643539663164393537663531316438323263386330367d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a7069636f4354467b306130323462376433393630333735366665616661326262616131363033623134613939656165356463643539663164393537663531316438323263386330367d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a7069636f4354467b306130323462376433393630333735366665616661326262616131363033623134613939656165356463643539663164393537663531316438323263386330367d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a7069636f4354467b306130323462376433393630333735366665616661326262616131363033623134613939656165356463643539663164393537663531316438323263386330367d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a7069636f4354467b306130323462376433393630333735366665616661326262616131363033623134613939656165356463643539663164393537663531316438323263386330367d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b306130323462376433393630333735366665616661326262616131363033623134613939656165356463643539663164393537663531316438323263386330367d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b306130323462376433393630333735366665616661326262616131363033623134613939656165356463643539663164393537663531316438323263386330367d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{0a024b7d39603756feafa2bbaa1603b14a99eae5dcd59f1d957f511d822c8c06}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f9d9304000240681ac12d90139c0a826680050f8a409a7286bde924d8e501901e72a380000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a7069636f4354467b393732313165656339323238626232343764373632353237626163653862336534656332313130633838333461663132616566643363353532636463323162327d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f9d9304000240681ac12d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "d930", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "81ac", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8a409a7286bde924d8e501901e72a380000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8a4", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8a4", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "09a7286b", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "09a7286b", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "de924d8e", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "de924d8e", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "2a38", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a7069636f4354467b393732313165656339323238626232343764373632353237626163653862336534656332313130633838333461663132616566643363353532636463323162327d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a7069636f4354467b393732313165656339323238626232343764373632353237626163653862336534656332313130633838333461663132616566643363353532636463323162327d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a7069636f4354467b393732313165656339323238626232343764373632353237626163653862336534656332313130633838333461663132616566643363353532636463323162327d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a7069636f4354467b393732313165656339323238626232343764373632353237626163653862336534656332313130633838333461663132616566643363353532636463323162327d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a7069636f4354467b393732313165656339323238626232343764373632353237626163653862336534656332313130633838333461663132616566643363353532636463323162327d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b393732313165656339323238626232343764373632353237626163653862336534656332313130633838333461663132616566643363353532636463323162327d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b393732313165656339323238626232343764373632353237626163653862336534656332313130633838333461663132616566643363353532636463323162327d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{97211eec9228bb247d762527bace8b3e4ec2110c8834af12aefd3c552cdc21b2}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f960c040002406fa1c12d90139c0a826680050f8a54d1606b9b78d302c501901e79b370000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a7069636f4354467b323936373939313063343764386166633733376131633231643762663735386364336438313030316264626565633863366638316136616438386664633237397d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f960c040002406fa1c12d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "60c0", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "fa1c", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8a54d1606b9b78d302c501901e79b370000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8a5", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8a5", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "4d1606b9", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "4d1606b9", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "b78d302c", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "b78d302c", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "9b37", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a7069636f4354467b323936373939313063343764386166633733376131633231643762663735386364336438313030316264626565633863366638316136616438386664633237397d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a7069636f4354467b323936373939313063343764386166633733376131633231643762663735386364336438313030316264626565633863366638316136616438386664633237397d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a7069636f4354467b323936373939313063343764386166633733376131633231643762663735386364336438313030316264626565633863366638316136616438386664633237397d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a7069636f4354467b323936373939313063343764386166633733376131633231643762663735386364336438313030316264626565633863366638316136616438386664633237397d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a7069636f4354467b323936373939313063343764386166633733376131633231643762663735386364336438313030316264626565633863366638316136616438386664633237397d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b323936373939313063343764386166633733376131633231643762663735386364336438313030316264626565633863366638316136616438386664633237397d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b323936373939313063343764386166633733376131633231643762663735386364336438313030316264626565633863366638316136616438386664633237397d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{29679910c47d8afc737a1c21d7bf758cd3d81001bdbeec8c6f81a6ad88fdc279}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f91f29400024063bb412d90139c0a826680050f8a61e0f5605499e2189501901e7e8d80000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a7069636f4354467b393936393739653935343062653066653933323065383065623633333630343766383134306138303833303730303930376239393734313331306163663038667d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f91f29400024063bb412d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "1f29", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "3bb4", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8a61e0f5605499e2189501901e7e8d80000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8a6", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8a6", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "1e0f5605", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "1e0f5605", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "499e2189", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "499e2189", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "e8d8", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a7069636f4354467b393936393739653935343062653066653933323065383065623633333630343766383134306138303833303730303930376239393734313331306163663038667d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a7069636f4354467b393936393739653935343062653066653933323065383065623633333630343766383134306138303833303730303930376239393734313331306163663038667d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a7069636f4354467b393936393739653935343062653066653933323065383065623633333630343766383134306138303833303730303930376239393734313331306163663038667d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a7069636f4354467b393936393739653935343062653066653933323065383065623633333630343766383134306138303833303730303930376239393734313331306163663038667d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a7069636f4354467b393936393739653935343062653066653933323065383065623633333630343766383134306138303833303730303930376239393734313331306163663038667d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b393936393739653935343062653066653933323065383065623633333630343766383134306138303833303730303930376239393734313331306163663038667d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b393936393739653935343062653066653933323065383065623633333630343766383134306138303833303730303930376239393734313331306163663038667d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{996979e9540be0fe9320e80eb6336047f8140a80830700907b99741310acf08f}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f90e9a400024064c4312d90139c0a826680050f8a77d8a8d0820d36a62501901e792be0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a7069636f4354467b386232373261313863313030356339356134323064346130646634323663623834343164323965623936323130343933613936666132356163356536353761617d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f90e9a400024064c4312d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "0e9a", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "4c43", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8a77d8a8d0820d36a62501901e792be0000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8a7", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8a7", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "7d8a8d08", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "7d8a8d08", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "20d36a62", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "20d36a62", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "92be", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a7069636f4354467b386232373261313863313030356339356134323064346130646634323663623834343164323965623936323130343933613936666132356163356536353761617d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a7069636f4354467b386232373261313863313030356339356134323064346130646634323663623834343164323965623936323130343933613936666132356163356536353761617d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a7069636f4354467b386232373261313863313030356339356134323064346130646634323663623834343164323965623936323130343933613936666132356163356536353761617d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a7069636f4354467b386232373261313863313030356339356134323064346130646634323663623834343164323965623936323130343933613936666132356163356536353761617d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a7069636f4354467b386232373261313863313030356339356134323064346130646634323663623834343164323965623936323130343933613936666132356163356536353761617d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b386232373261313863313030356339356134323064346130646634323663623834343164323965623936323130343933613936666132356163356536353761617d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b386232373261313863313030356339356134323064346130646634323663623834343164323965623936323130343933613936666132356163356536353761617d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{8b272a18c1005c95a420d4a0df426cb8441d29eb96210493a96fa25ac5e657aa}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f9014e40002406598f12d90139c0a826680050f8a847aa414d362fb054501901e7234b0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a7069636f4354467b653164306137353264633731313231323030663462636231623863633265303365383434383864663232396238323139366166626530303435656630323563347d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f9014e40002406598f12d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "014e", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "598f", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8a847aa414d362fb054501901e7234b0000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8a8", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8a8", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "47aa414d", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "47aa414d", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "362fb054", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "362fb054", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "234b", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a7069636f4354467b653164306137353264633731313231323030663462636231623863633265303365383434383864663232396238323139366166626530303435656630323563347d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a7069636f4354467b653164306137353264633731313231323030663462636231623863633265303365383434383864663232396238323139366166626530303435656630323563347d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a7069636f4354467b653164306137353264633731313231323030663462636231623863633265303365383434383864663232396238323139366166626530303435656630323563347d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a7069636f4354467b653164306137353264633731313231323030663462636231623863633265303365383434383864663232396238323139366166626530303435656630323563347d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a7069636f4354467b653164306137353264633731313231323030663462636231623863633265303365383434383864663232396238323139366166626530303435656630323563347d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b653164306137353264633731313231323030663462636231623863633265303365383434383864663232396238323139366166626530303435656630323563347d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b653164306137353264633731313231323030663462636231623863633265303365383434383864663232396238323139366166626530303435656630323563347d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{e1d0a752dc71121200f4bcb1b8cc2e03e84488df229b82196afbe0045ef025c4}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f945154000240615c812d90139c0a826680050f8abf85380c4dbb33ea3501901e78e040000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a7069636f4354467b306261353131383434613261623338666530373039626364623262386264666562333761306234363664633930326539323036326462346332623366343535637d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f945154000240615c812d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "4515", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "15c8", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8abf85380c4dbb33ea3501901e78e040000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8ab", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8ab", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "f85380c4", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "f85380c4", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "dbb33ea3", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "dbb33ea3", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "8e04", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a7069636f4354467b306261353131383434613261623338666530373039626364623262386264666562333761306234363664633930326539323036326462346332623366343535637d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a7069636f4354467b306261353131383434613261623338666530373039626364623262386264666562333761306234363664633930326539323036326462346332623366343535637d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a7069636f4354467b306261353131383434613261623338666530373039626364623262386264666562333761306234363664633930326539323036326462346332623366343535637d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a7069636f4354467b306261353131383434613261623338666530373039626364623262386264666562333761306234363664633930326539323036326462346332623366343535637d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a7069636f4354467b306261353131383434613261623338666530373039626364623262386264666562333761306234363664633930326539323036326462346332623366343535637d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b306261353131383434613261623338666530373039626364623262386264666562333761306234363664633930326539323036326462346332623366343535637d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b306261353131383434613261623338666530373039626364623262386264666562333761306234363664633930326539323036326462346332623366343535637d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{0ba511844a2ab38fe0709bcdb2b8bdfeb37a0b466dc902e92062db4c2b3f455c}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f906054000240654d812d90139c0a826680050f8acc49b650065d62775501901e7febc0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b646164646134386538353534323165313435393766666337323739343362353765666438633961313564313062666434393166303339303635393136326662317d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f906054000240654d812d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "0605", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "54d8", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8acc49b650065d62775501901e7febc0000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8ac", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8ac", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "c49b6500", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "c49b6500", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "65d62775", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "65d62775", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "febc", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b646164646134386538353534323165313435393766666337323739343362353765666438633961313564313062666434393166303339303635393136326662317d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b646164646134386538353534323165313435393766666337323739343362353765666438633961313564313062666434393166303339303635393136326662317d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b646164646134386538353534323165313435393766666337323739343362353765666438633961313564313062666434393166303339303635393136326662317d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b646164646134386538353534323165313435393766666337323739343362353765666438633961313564313062666434393166303339303635393136326662317d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b646164646134386538353534323165313435393766666337323739343362353765666438633961313564313062666434393166303339303635393136326662317d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b646164646134386538353534323165313435393766666337323739343362353765666438633961313564313062666434393166303339303635393136326662317d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b646164646134386538353534323165313435393766666337323739343362353765666438633961313564313062666434393166303339303635393136326662317d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{dadda48e855421e14597ffc727943b57efd8c9a15d10bfd491f0390659162fb1}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f949ba40002406112312d90139c0a826680050f8adefd104e8f251bead501901e78f3a0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b663464643837373935333935633734663330383366386361613465633232643135333132383135353461363030336431633437633566303337303938346162367d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f949ba40002406112312d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "49ba", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "1123", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8adefd104e8f251bead501901e78f3a0000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8ad", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8ad", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "efd104e8", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "efd104e8", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "f251bead", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "f251bead", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "8f3a", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b663464643837373935333935633734663330383366386361613465633232643135333132383135353461363030336431633437633566303337303938346162367d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b663464643837373935333935633734663330383366386361613465633232643135333132383135353461363030336431633437633566303337303938346162367d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b663464643837373935333935633734663330383366386361613465633232643135333132383135353461363030336431633437633566303337303938346162367d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b663464643837373935333935633734663330383366386361613465633232643135333132383135353461363030336431633437633566303337303938346162367d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b663464643837373935333935633734663330383366386361613465633232643135333132383135353461363030336431633437633566303337303938346162367d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b663464643837373935333935633734663330383366386361613465633232643135333132383135353461363030336431633437633566303337303938346162367d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b663464643837373935333935633734663330383366386361613465633232643135333132383135353461363030336431633437633566303337303938346162367d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{f4dd87795395c74f3083f8caa4ec22d1531281554a6003d1c47c5f0370984ab6}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f9386140002406227c12d90139c0a826680050f8ae01f32e0e1aae3767501901e719a10000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b306633306135383436383064623965373063376531633663613935346332663032336237376633666432623035626439616565653665303064633464613564377d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f9386140002406227c12d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "3861", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "227c", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8ae01f32e0e1aae3767501901e719a10000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8ae", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8ae", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "01f32e0e", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "01f32e0e", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "1aae3767", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "1aae3767", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "19a1", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b306633306135383436383064623965373063376531633663613935346332663032336237376633666432623035626439616565653665303064633464613564377d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b306633306135383436383064623965373063376531633663613935346332663032336237376633666432623035626439616565653665303064633464613564377d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b306633306135383436383064623965373063376531633663613935346332663032336237376633666432623035626439616565653665303064633464613564377d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b306633306135383436383064623965373063376531633663613935346332663032336237376633666432623035626439616565653665303064633464613564377d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b306633306135383436383064623965373063376531633663613935346332663032336237376633666432623035626439616565653665303064633464613564377d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b306633306135383436383064623965373063376531633663613935346332663032336237376633666432623035626439616565653665303064633464613564377d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b306633306135383436383064623965373063376531633663613935346332663032336237376633666432623035626439616565653665303064633464613564377d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{0f30a584680db9e70c7e1c6ca954c2f023b77f3fd2b05bd9aeee6e00dc4da5d7}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f93b0e400024061fcf12d90139c0a826680050f8af0175abaf07896c61501901e7d41a0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b373135653464306431363765383632616638383235663632643366346666386165663230343433343435613036623163363835373233393061323832356432397d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f93b0e400024061fcf12d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "3b0e", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "1fcf", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8af0175abaf07896c61501901e7d41a0000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8af", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8af", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "0175abaf", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "0175abaf", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "07896c61", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "07896c61", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "d41a", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b373135653464306431363765383632616638383235663632643366346666386165663230343433343435613036623163363835373233393061323832356432397d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b373135653464306431363765383632616638383235663632643366346666386165663230343433343435613036623163363835373233393061323832356432397d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b373135653464306431363765383632616638383235663632643366346666386165663230343433343435613036623163363835373233393061323832356432397d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b373135653464306431363765383632616638383235663632643366346666386165663230343433343435613036623163363835373233393061323832356432397d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b373135653464306431363765383632616638383235663632643366346666386165663230343433343435613036623163363835373233393061323832356432397d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b373135653464306431363765383632616638383235663632643366346666386165663230343433343435613036623163363835373233393061323832356432397d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b373135653464306431363765383632616638383235663632643366346666386165663230343433343435613036623163363835373233393061323832356432397d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{715e4d0d167e862af8825f62d3f4ff8aef20443445a06b1c68572390a2825d29}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f9ff9d400024065b3f12d90139c0a826680050f8b0b5bd71a399beca6e501901e7aabc0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b373635346565303366333135373665386564343437393966633466613565653035336433353035303030303530326538373864316662383032323631383932337d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f9ff9d400024065b3f12d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "ff9d", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "5b3f", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8b0b5bd71a399beca6e501901e7aabc0000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8b0", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8b0", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "b5bd71a3", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "b5bd71a3", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "99beca6e", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "99beca6e", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "aabc", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b373635346565303366333135373665386564343437393966633466613565653035336433353035303030303530326538373864316662383032323631383932337d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b373635346565303366333135373665386564343437393966633466613565653035336433353035303030303530326538373864316662383032323631383932337d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b373635346565303366333135373665386564343437393966633466613565653035336433353035303030303530326538373864316662383032323631383932337d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b373635346565303366333135373665386564343437393966633466613565653035336433353035303030303530326538373864316662383032323631383932337d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b373635346565303366333135373665386564343437393966633466613565653035336433353035303030303530326538373864316662383032323631383932337d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b373635346565303366333135373665386564343437393966633466613565653035336433353035303030303530326538373864316662383032323631383932337d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b373635346565303366333135373665386564343437393966633466613565653035336433353035303030303530326538373864316662383032323631383932337d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{7654ee03f31576e8ed44799fc4fa5ee053d35050000502e878d1fb8022618923}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f987f340002406d2e912d90139c0a826680050f8b196f700460abaa661501901e7b8710000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b303638363036623566616361303439316439376132623436666463613766366638316163626439303963653639313037376665373765303361336330393339617d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f987f340002406d2e912d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "87f3", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "d2e9", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8b196f700460abaa661501901e7b8710000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8b1", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8b1", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "96f70046", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "96f70046", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "0abaa661", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "0abaa661", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "b871", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b303638363036623566616361303439316439376132623436666463613766366638316163626439303963653639313037376665373765303361336330393339617d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b303638363036623566616361303439316439376132623436666463613766366638316163626439303963653639313037376665373765303361336330393339617d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b303638363036623566616361303439316439376132623436666463613766366638316163626439303963653639313037376665373765303361336330393339617d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b303638363036623566616361303439316439376132623436666463613766366638316163626439303963653639313037376665373765303361336330393339617d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b303638363036623566616361303439316439376132623436666463613766366638316163626439303963653639313037376665373765303361336330393339617d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b303638363036623566616361303439316439376132623436666463613766366638316163626439303963653639313037376665373765303361336330393339617d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b303638363036623566616361303439316439376132623436666463613766366638316163626439303963653639313037376665373765303361336330393339617d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{068606b5faca0491d97a2b46fdca7f6f81acbd909ce691077fe77e03a3c0939a}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f9479c40002406134112d90139c0a826680050f8b2a8db9e66694a14cd501901e7a4870000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b363461623638316666656433336334396235653861653035373665323238353765396131306165333063646265653431356662353134623834616135386165617d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f9479c40002406134112d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "479c", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "1341", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8b2a8db9e66694a14cd501901e7a4870000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8b2", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8b2", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "a8db9e66", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "a8db9e66", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "694a14cd", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "694a14cd", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "a487", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b363461623638316666656433336334396235653861653035373665323238353765396131306165333063646265653431356662353134623834616135386165617d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b363461623638316666656433336334396235653861653035373665323238353765396131306165333063646265653431356662353134623834616135386165617d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b363461623638316666656433336334396235653861653035373665323238353765396131306165333063646265653431356662353134623834616135386165617d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b363461623638316666656433336334396235653861653035373665323238353765396131306165333063646265653431356662353134623834616135386165617d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b363461623638316666656433336334396235653861653035373665323238353765396131306165333063646265653431356662353134623834616135386165617d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b363461623638316666656433336334396235653861653035373665323238353765396131306165333063646265653431356662353134623834616135386165617d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b363461623638316666656433336334396235653861653035373665323238353765396131306165333063646265653431356662353134623834616135386165617d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{64ab681ffed33c49b5e8ae0576e22857e9a10ae30cdbee415fb514b84aa58aea}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f98a6c40002406d07012d90139c0a826680050f8b330e86c086a839eb4501901e71aeb0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b386165333939356537323666386632633337323465326530353232663033386162613636343966616364333738643839363563363438323333643739613235327d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f98a6c40002406d07012d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "8a6c", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "d070", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8b330e86c086a839eb4501901e71aeb0000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8b3", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8b3", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "30e86c08", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "30e86c08", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "6a839eb4", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "6a839eb4", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "1aeb", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b386165333939356537323666386632633337323465326530353232663033386162613636343966616364333738643839363563363438323333643739613235327d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b386165333939356537323666386632633337323465326530353232663033386162613636343966616364333738643839363563363438323333643739613235327d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b386165333939356537323666386632633337323465326530353232663033386162613636343966616364333738643839363563363438323333643739613235327d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b386165333939356537323666386632633337323465326530353232663033386162613636343966616364333738643839363563363438323333643739613235327d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b386165333939356537323666386632633337323465326530353232663033386162613636343966616364333738643839363563363438323333643739613235327d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b386165333939356537323666386632633337323465326530353232663033386162613636343966616364333738643839363563363438323333643739613235327d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b386165333939356537323666386632633337323465326530353232663033386162613636343966616364333738643839363563363438323333643739613235327d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{8ae3995e726f8f2c3724e2e0522f038aba6649facd378d8965c648233d79a252}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f9bf2e400024069bae12d90139c0a826680050f8b4abf69686fe12f14d501901e736650000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b316331323564323637623538313163643235636361326435313765303232323730616136306633633834363166343039376336383562636361363337613661397d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f9bf2e400024069bae12d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "bf2e", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "9bae", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8b4abf69686fe12f14d501901e736650000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8b4", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8b4", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "abf69686", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "abf69686", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "fe12f14d", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "fe12f14d", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "3665", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b316331323564323637623538313163643235636361326435313765303232323730616136306633633834363166343039376336383562636361363337613661397d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b316331323564323637623538313163643235636361326435313765303232323730616136306633633834363166343039376336383562636361363337613661397d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b316331323564323637623538313163643235636361326435313765303232323730616136306633633834363166343039376336383562636361363337613661397d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b316331323564323637623538313163643235636361326435313765303232323730616136306633633834363166343039376336383562636361363337613661397d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b316331323564323637623538313163643235636361326435313765303232323730616136306633633834363166343039376336383562636361363337613661397d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b316331323564323637623538313163643235636361326435313765303232323730616136306633633834363166343039376336383562636361363337613661397d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b316331323564323637623538313163643235636361326435313765303232323730616136306633633834363166343039376336383562636361363337613661397d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{1c125d267b5811cd25cca2d517e022270aa60f3c8461f4097c685bcca637a6a9}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f94ec1400024060c1c12d90139c0a826680050f8b52792703c9e84518b501901e74a900000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b383234633239386431346531666533363964663939316166373261623037323564326537633764303562393635353438363837336363633436376634626436627d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f94ec1400024060c1c12d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "4ec1", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "0c1c", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8b52792703c9e84518b501901e74a900000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8b5", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8b5", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "2792703c", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "2792703c", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "9e84518b", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "9e84518b", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "4a90", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b383234633239386431346531666533363964663939316166373261623037323564326537633764303562393635353438363837336363633436376634626436627d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b383234633239386431346531666533363964663939316166373261623037323564326537633764303562393635353438363837336363633436376634626436627d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b383234633239386431346531666533363964663939316166373261623037323564326537633764303562393635353438363837336363633436376634626436627d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b383234633239386431346531666533363964663939316166373261623037323564326537633764303562393635353438363837336363633436376634626436627d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b383234633239386431346531666533363964663939316166373261623037323564326537633764303562393635353438363837336363633436376634626436627d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b383234633239386431346531666533363964663939316166373261623037323564326537633764303562393635353438363837336363633436376634626436627d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b383234633239386431346531666533363964663939316166373261623037323564326537633764303562393635353438363837336363633436376634626436627d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{824c298d14e1fe369df991af72ab0725d2e7c7d05b9655486873ccc467f4bd6b}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f9f8004000240662dc12d90139c0a826680050f8b6cd7e87a85d45b5e2501901e7dfb30000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b653164386464316237336435666437373034613136633932346464656536396463366266396265656631346363336131303134323730346238316630666130377d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f9f8004000240662dc12d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "f800", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "62dc", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8b6cd7e87a85d45b5e2501901e7dfb30000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8b6", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8b6", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "cd7e87a8", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "cd7e87a8", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "5d45b5e2", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "5d45b5e2", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "dfb3", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b653164386464316237336435666437373034613136633932346464656536396463366266396265656631346363336131303134323730346238316630666130377d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b653164386464316237336435666437373034613136633932346464656536396463366266396265656631346363336131303134323730346238316630666130377d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b653164386464316237336435666437373034613136633932346464656536396463366266396265656631346363336131303134323730346238316630666130377d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b653164386464316237336435666437373034613136633932346464656536396463366266396265656631346363336131303134323730346238316630666130377d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b653164386464316237336435666437373034613136633932346464656536396463366266396265656631346363336131303134323730346238316630666130377d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b653164386464316237336435666437373034613136633932346464656536396463366266396265656631346363336131303134323730346238316630666130377d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b653164386464316237336435666437373034613136633932346464656536396463366266396265656631346363336131303134323730346238316630666130377d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{e1d8dd1b73d5fd7704a16c924ddee69dc6bf9beef14cc3a10142704b81f0fa07}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f9ac9a40002406ae4212d90139c0a826680050f8b79a99b1fa0327f1a4501901e72f320000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b383264323630666530363730643535313334376231363463353431383364393936633532656265656262316363666363326332656262393132363864633934347d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f9ac9a40002406ae4212d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "ac9a", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "ae42", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8b79a99b1fa0327f1a4501901e72f320000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8b7", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8b7", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "9a99b1fa", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "9a99b1fa", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "0327f1a4", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "0327f1a4", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "2f32", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b383264323630666530363730643535313334376231363463353431383364393936633532656265656262316363666363326332656262393132363864633934347d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b383264323630666530363730643535313334376231363463353431383364393936633532656265656262316363666363326332656262393132363864633934347d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b383264323630666530363730643535313334376231363463353431383364393936633532656265656262316363666363326332656262393132363864633934347d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b383264323630666530363730643535313334376231363463353431383364393936633532656265656262316363666363326332656262393132363864633934347d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b383264323630666530363730643535313334376231363463353431383364393936633532656265656262316363666363326332656262393132363864633934347d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b383264323630666530363730643535313334376231363463353431383364393936633532656265656262316363666363326332656262393132363864633934347d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b383264323630666530363730643535313334376231363463353431383364393936633532656265656262316363666363326332656262393132363864633934347d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{82d260fe0670d551347b164c54183d996c52ebeebb1ccfcc2c2ebb91268dc944}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f957cf40002406030e12d90139c0a826680050f8b86f7af93efa7b23e3501901e707290000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b373438373666633631656263396339303266383938333937396364346332313230366336396132336630646363303831376531353064643735653434363833387d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f957cf40002406030e12d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "57cf", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "030e", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8b86f7af93efa7b23e3501901e707290000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8b8", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8b8", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "6f7af93e", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "6f7af93e", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "fa7b23e3", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "fa7b23e3", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "0729", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b373438373666633631656263396339303266383938333937396364346332313230366336396132336630646363303831376531353064643735653434363833387d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b373438373666633631656263396339303266383938333937396364346332313230366336396132336630646363303831376531353064643735653434363833387d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b373438373666633631656263396339303266383938333937396364346332313230366336396132336630646363303831376531353064643735653434363833387d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b373438373666633631656263396339303266383938333937396364346332313230366336396132336630646363303831376531353064643735653434363833387d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b373438373666633631656263396339303266383938333937396364346332313230366336396132336630646363303831376531353064643735653434363833387d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b373438373666633631656263396339303266383938333937396364346332313230366336396132336630646363303831376531353064643735653434363833387d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b373438373666633631656263396339303266383938333937396364346332313230366336396132336630646363303831376531353064643735653434363833387d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{74876fc61ebc9c902f8983979cd4c21206c69a23f0dcc0817e150dd75e446838}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f9512c4000240609b112d90139c0a826680050f8b9700b2adfd2733892501901e7fefc0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b343963353264316633303937336639303731366262636265333633336531316366373062396133316564373835383731636362383034373333303261353964627d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f9512c4000240609b112d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "512c", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "09b1", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8b9700b2adfd2733892501901e7fefc0000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8b9", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8b9", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "700b2adf", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "700b2adf", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "d2733892", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "d2733892", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "fefc", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b343963353264316633303937336639303731366262636265333633336531316366373062396133316564373835383731636362383034373333303261353964627d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b343963353264316633303937336639303731366262636265333633336531316366373062396133316564373835383731636362383034373333303261353964627d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b343963353264316633303937336639303731366262636265333633336531316366373062396133316564373835383731636362383034373333303261353964627d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b343963353264316633303937336639303731366262636265333633336531316366373062396133316564373835383731636362383034373333303261353964627d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b343963353264316633303937336639303731366262636265333633336531316366373062396133316564373835383731636362383034373333303261353964627d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b343963353264316633303937336639303731366262636265333633336531316366373062396133316564373835383731636362383034373333303261353964627d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b343963353264316633303937336639303731366262636265333633336531316366373062396133316564373835383731636362383034373333303261353964627d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{49c52d1f30973f90716bbcbe3633e11cf70b9a31ed785871ccb80473302a59db}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f937a540002406233812d90139c0a826680050f8bae5781a5000d464ef501901e7afcc0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b383964393364626239366133383537616338376261306365613363313061396534633762333464373962326564623436336365663033306433343239376264307d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f937a540002406233812d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "37a5", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "2338", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8bae5781a5000d464ef501901e7afcc0000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8ba", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8ba", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "e5781a50", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "e5781a50", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "00d464ef", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "00d464ef", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "afcc", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b383964393364626239366133383537616338376261306365613363313061396534633762333464373962326564623436336365663033306433343239376264307d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b383964393364626239366133383537616338376261306365613363313061396534633762333464373962326564623436336365663033306433343239376264307d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b383964393364626239366133383537616338376261306365613363313061396534633762333464373962326564623436336365663033306433343239376264307d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b383964393364626239366133383537616338376261306365613363313061396534633762333464373962326564623436336365663033306433343239376264307d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b383964393364626239366133383537616338376261306365613363313061396534633762333464373962326564623436336365663033306433343239376264307d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b383964393364626239366133383537616338376261306365613363313061396534633762333464373962326564623436336365663033306433343239376264307d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b383964393364626239366133383537616338376261306365613363313061396534633762333464373962326564623436336365663033306433343239376264307d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{89d93dbb96a3857ac87ba0cea3c10a9e4c7b34d79b2edb463cef030d34297bd0}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f955174000240605c612d90139c0a826680050f8bb04c368b6ee43c62c501901e72cc20000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b356365616364636535346331336133666464666366623232356130303234373330346662623135663239663963393034333433383366323737353637393932647d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f955174000240605c612d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "5517", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "05c6", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8bb04c368b6ee43c62c501901e72cc20000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8bb", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8bb", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "04c368b6", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "04c368b6", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "ee43c62c", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "ee43c62c", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "2cc2", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b356365616364636535346331336133666464666366623232356130303234373330346662623135663239663963393034333433383366323737353637393932647d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b356365616364636535346331336133666464666366623232356130303234373330346662623135663239663963393034333433383366323737353637393932647d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b356365616364636535346331336133666464666366623232356130303234373330346662623135663239663963393034333433383366323737353637393932647d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b356365616364636535346331336133666464666366623232356130303234373330346662623135663239663963393034333433383366323737353637393932647d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b356365616364636535346331336133666464666366623232356130303234373330346662623135663239663963393034333433383366323737353637393932647d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b356365616364636535346331336133666464666366623232356130303234373330346662623135663239663963393034333433383366323737353637393932647d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b356365616364636535346331336133666464666366623232356130303234373330346662623135663239663963393034333433383366323737353637393932647d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{5ceacdce54c13a3fddfcfb225a00247304fbb15f29f9c90434383f277567992d}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f92cc8400024062e1512d90139c0a826680050f8bc798e28b7aa17e0b1501901e71ca20000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b633232613430613433656437303334626439333538303566353936303361343664336131663264366238653331323831656230373231353937623663366436327d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f92cc8400024062e1512d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "2cc8", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "2e15", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8bc798e28b7aa17e0b1501901e71ca20000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8bc", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8bc", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "798e28b7", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "798e28b7", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "aa17e0b1", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "aa17e0b1", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "1ca2", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b633232613430613433656437303334626439333538303566353936303361343664336131663264366238653331323831656230373231353937623663366436327d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b633232613430613433656437303334626439333538303566353936303361343664336131663264366238653331323831656230373231353937623663366436327d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b633232613430613433656437303334626439333538303566353936303361343664336131663264366238653331323831656230373231353937623663366436327d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b633232613430613433656437303334626439333538303566353936303361343664336131663264366238653331323831656230373231353937623663366436327d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b633232613430613433656437303334626439333538303566353936303361343664336131663264366238653331323831656230373231353937623663366436327d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b633232613430613433656437303334626439333538303566353936303361343664336131663264366238653331323831656230373231353937623663366436327d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b633232613430613433656437303334626439333538303566353936303361343664336131663264366238653331323831656230373231353937623663366436327d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{c22a40a43ed7034bd935805f59603a46d3a1f2d6b8e31281eb0721597b6c6d62}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f9c9244000240691b812d90139c0a826680050f8bdb986ccb13052a39f501901e735530000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b363037316263613564613036643466393735613532333537636461306364366630363134373837633163373062316237653161663263376662323732643238317d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f9c9244000240691b812d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "c924", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "91b8", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8bdb986ccb13052a39f501901e735530000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8bd", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8bd", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "b986ccb1", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "b986ccb1", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "3052a39f", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "3052a39f", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "3553", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b363037316263613564613036643466393735613532333537636461306364366630363134373837633163373062316237653161663263376662323732643238317d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b363037316263613564613036643466393735613532333537636461306364366630363134373837633163373062316237653161663263376662323732643238317d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b363037316263613564613036643466393735613532333537636461306364366630363134373837633163373062316237653161663263376662323732643238317d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b363037316263613564613036643466393735613532333537636461306364366630363134373837633163373062316237653161663263376662323732643238317d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b363037316263613564613036643466393735613532333537636461306364366630363134373837633163373062316237653161663263376662323732643238317d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b363037316263613564613036643466393735613532333537636461306364366630363134373837633163373062316237653161663263376662323732643238317d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b363037316263613564613036643466393735613532333537636461306364366630363134373837633163373062316237653161663263376662323732643238317d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{6071bca5da06d4f975a52357cda0cd6f0614787c1c70b1b7e1af2c7fb272d281}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f929154000240631c812d90139c0a826680050f8be4308359bce0353d1501901e7e2710000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b363561386231343166303139353036666565613338613131393938386164363435626361623161356661383639336566646632366531666433636234346234637d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f929154000240631c812d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "2915", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "31c8", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8be4308359bce0353d1501901e7e2710000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8be", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8be", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "4308359b", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "4308359b", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "ce0353d1", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "ce0353d1", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "e271", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b363561386231343166303139353036666565613338613131393938386164363435626361623161356661383639336566646632366531666433636234346234637d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b363561386231343166303139353036666565613338613131393938386164363435626361623161356661383639336566646632366531666433636234346234637d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b363561386231343166303139353036666565613338613131393938386164363435626361623161356661383639336566646632366531666433636234346234637d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b363561386231343166303139353036666565613338613131393938386164363435626361623161356661383639336566646632366531666433636234346234637d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b363561386231343166303139353036666565613338613131393938386164363435626361623161356661383639336566646632366531666433636234346234637d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b363561386231343166303139353036666565613338613131393938386164363435626361623161356661383639336566646632366531666433636234346234637d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b363561386231343166303139353036666565613338613131393938386164363435626361623161356661383639336566646632366531666433636234346234637d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{65a8b141f019506feea38a119988ad645bcab1a5fa8693efdf26e1fd3cb44b4c}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f928c840002406321512d90139c0a826680050f8bf651357c8536981dd501901e7ea150000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b643766356362373861383935643338303536303135323262393564353939636236643236383963366138353665336662656536616163326663613063323066337d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f928c840002406321512d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "28c8", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "3215", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8bf651357c8536981dd501901e7ea150000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8bf", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8bf", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "651357c8", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "651357c8", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "536981dd", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "536981dd", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "ea15", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b643766356362373861383935643338303536303135323262393564353939636236643236383963366138353665336662656536616163326663613063323066337d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b643766356362373861383935643338303536303135323262393564353939636236643236383963366138353665336662656536616163326663613063323066337d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b643766356362373861383935643338303536303135323262393564353939636236643236383963366138353665336662656536616163326663613063323066337d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b643766356362373861383935643338303536303135323262393564353939636236643236383963366138353665336662656536616163326663613063323066337d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b643766356362373861383935643338303536303135323262393564353939636236643236383963366138353665336662656536616163326663613063323066337d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b643766356362373861383935643338303536303135323262393564353939636236643236383963366138353665336662656536616163326663613063323066337d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b643766356362373861383935643338303536303135323262393564353939636236643236383963366138353665336662656536616163326663613063323066337d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{d7f5cb78a895d3805601522b95d599cb6d2689c6a856e3fbee6aac2fca0c20f3}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f9158b40002406455212d90139c0a826680050f8c01b4a0fccdb119477501901e752220000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b373339626230663061613137333331383139613065393432643337626665653735376338643963643038396364666533323530393032376239323438353231337d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f9158b40002406455212d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "158b", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "4552", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8c01b4a0fccdb119477501901e752220000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8c0", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8c0", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "1b4a0fcc", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "1b4a0fcc", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "db119477", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "db119477", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "5222", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b373339626230663061613137333331383139613065393432643337626665653735376338643963643038396364666533323530393032376239323438353231337d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b373339626230663061613137333331383139613065393432643337626665653735376338643963643038396364666533323530393032376239323438353231337d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b373339626230663061613137333331383139613065393432643337626665653735376338643963643038396364666533323530393032376239323438353231337d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b373339626230663061613137333331383139613065393432643337626665653735376338643963643038396364666533323530393032376239323438353231337d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b373339626230663061613137333331383139613065393432643337626665653735376338643963643038396364666533323530393032376239323438353231337d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b373339626230663061613137333331383139613065393432643337626665653735376338643963643038396364666533323530393032376239323438353231337d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b373339626230663061613137333331383139613065393432643337626665653735376338643963643038396364666533323530393032376239323438353231337d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{739bb0f0aa17331819a0e942d37bfee757c8d9cd089cdfe32509027b92485213}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f98c9d40002406ce3f12d90139c0a826680050f8c13e524d70781a4ba5501901e781710000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b376138393165326334616430646133373462633135616437616430656530383130373764643337366630363135323738316637383063323031363931373133647d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f98c9d40002406ce3f12d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "8c9d", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "ce3f", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8c13e524d70781a4ba5501901e781710000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8c1", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8c1", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "3e524d70", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "3e524d70", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "781a4ba5", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "781a4ba5", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "8171", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b376138393165326334616430646133373462633135616437616430656530383130373764643337366630363135323738316637383063323031363931373133647d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b376138393165326334616430646133373462633135616437616430656530383130373764643337366630363135323738316637383063323031363931373133647d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b376138393165326334616430646133373462633135616437616430656530383130373764643337366630363135323738316637383063323031363931373133647d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b376138393165326334616430646133373462633135616437616430656530383130373764643337366630363135323738316637383063323031363931373133647d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b376138393165326334616430646133373462633135616437616430656530383130373764643337366630363135323738316637383063323031363931373133647d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b376138393165326334616430646133373462633135616437616430656530383130373764643337366630363135323738316637383063323031363931373133647d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b376138393165326334616430646133373462633135616437616430656530383130373764643337366630363135323738316637383063323031363931373133647d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{7a891e2c4ad0da374bc15ad7ad0ee081077dd376f06152781f780c201691713d}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f9857f40002406d55d12d90139c0a826680050f8c2123316bc3217c507501901e784e80000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b613937643365653934333232313838386264313135373432396534613030656435653939303561363130653634363634663765333663376635653061346566397d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f9857f40002406d55d12d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "857f", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "d55d", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8c2123316bc3217c507501901e784e80000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8c2", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8c2", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "123316bc", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "123316bc", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "3217c507", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "3217c507", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "84e8", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b613937643365653934333232313838386264313135373432396534613030656435653939303561363130653634363634663765333663376635653061346566397d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b613937643365653934333232313838386264313135373432396534613030656435653939303561363130653634363634663765333663376635653061346566397d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b613937643365653934333232313838386264313135373432396534613030656435653939303561363130653634363634663765333663376635653061346566397d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b613937643365653934333232313838386264313135373432396534613030656435653939303561363130653634363634663765333663376635653061346566397d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b613937643365653934333232313838386264313135373432396534613030656435653939303561363130653634363634663765333663376635653061346566397d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b613937643365653934333232313838386264313135373432396534613030656435653939303561363130653634363634663765333663376635653061346566397d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b613937643365653934333232313838386264313135373432396534613030656435653939303561363130653634363634663765333663376635653061346566397d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{a97d3ee943221888bd1157429e4a00ed5e9905a610e64664f7e36c7f5e0a4ef9}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f9462c4000240614b112d90139c0a826680050f8c498406c8c9ceac887501901e7c8e60000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b633338643264373464633231626262326533613935623532653233353465653532333337396366653466386233343863396335623564376264376362383731627d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f9462c4000240614b112d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "462c", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "14b1", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8c498406c8c9ceac887501901e7c8e60000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8c4", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8c4", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "98406c8c", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "98406c8c", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "9ceac887", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "9ceac887", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "c8e6", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b633338643264373464633231626262326533613935623532653233353465653532333337396366653466386233343863396335623564376264376362383731627d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b633338643264373464633231626262326533613935623532653233353465653532333337396366653466386233343863396335623564376264376362383731627d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b633338643264373464633231626262326533613935623532653233353465653532333337396366653466386233343863396335623564376264376362383731627d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b633338643264373464633231626262326533613935623532653233353465653532333337396366653466386233343863396335623564376264376362383731627d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b633338643264373464633231626262326533613935623532653233353465653532333337396366653466386233343863396335623564376264376362383731627d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b633338643264373464633231626262326533613935623532653233353465653532333337396366653466386233343863396335623564376264376362383731627d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b633338643264373464633231626262326533613935623532653233353465653532333337396366653466386233343863396335623564376264376362383731627d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{c38d2d74dc21bbb2e3a95b52e2354ee523379cfe4f8b348c9c5b5d7bd7cb871b}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f949d340002406110a12d90139c0a826680050f8c6c2e05ac7f7c237a7501901e75cbc0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b653464633838366333396135336666313138626632393034313036376364653438646365626238396233646165363161386162613631383764363731393939617d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f949d340002406110a12d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "49d3", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "110a", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8c6c2e05ac7f7c237a7501901e75cbc0000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8c6", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8c6", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "c2e05ac7", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "c2e05ac7", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "f7c237a7", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "f7c237a7", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "5cbc", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b653464633838366333396135336666313138626632393034313036376364653438646365626238396233646165363161386162613631383764363731393939617d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b653464633838366333396135336666313138626632393034313036376364653438646365626238396233646165363161386162613631383764363731393939617d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b653464633838366333396135336666313138626632393034313036376364653438646365626238396233646165363161386162613631383764363731393939617d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b653464633838366333396135336666313138626632393034313036376364653438646365626238396233646165363161386162613631383764363731393939617d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b653464633838366333396135336666313138626632393034313036376364653438646365626238396233646165363161386162613631383764363731393939617d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b653464633838366333396135336666313138626632393034313036376364653438646365626238396233646165363161386162613631383764363731393939617d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b653464633838366333396135336666313138626632393034313036376364653438646365626238396233646165363161386162613631383764363731393939617d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{e4dc886c39a53ff118bf29041067cde48dcebb89b3dae61a8aba6187d671999a}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f97e2240002406dcba12d90139c0a826680050f8c739495583aa1f28c2501901e71d980000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b396662643064313861613161626664323839626139373761653433353462383231636337343539313236303838396166626131623062366537373633616133317d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f97e2240002406dcba12d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "7e22", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "dcba", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8c739495583aa1f28c2501901e71d980000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8c7", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8c7", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "39495583", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "39495583", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "aa1f28c2", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "aa1f28c2", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "1d98", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b396662643064313861613161626664323839626139373761653433353462383231636337343539313236303838396166626131623062366537373633616133317d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b396662643064313861613161626664323839626139373761653433353462383231636337343539313236303838396166626131623062366537373633616133317d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b396662643064313861613161626664323839626139373761653433353462383231636337343539313236303838396166626131623062366537373633616133317d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b396662643064313861613161626664323839626139373761653433353462383231636337343539313236303838396166626131623062366537373633616133317d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b396662643064313861613161626664323839626139373761653433353462383231636337343539313236303838396166626131623062366537373633616133317d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b396662643064313861613161626664323839626139373761653433353462383231636337343539313236303838396166626131623062366537373633616133317d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b396662643064313861613161626664323839626139373761653433353462383231636337343539313236303838396166626131623062366537373633616133317d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{9fbd0d18aa1abfd289ba977ae4354b821cc74591260889afba1b0b6e7763aa31}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f9bfe1400024069afb12d90139c0a826680050f8c855cd3a102cd742ab501901e7e1470000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b336663303830316263643336333336613263303330633665356634353266353739356265316435363265303034313133363566623634633661326636383865667d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f9bfe1400024069afb12d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "bfe1", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "9afb", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8c855cd3a102cd742ab501901e7e1470000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8c8", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8c8", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "55cd3a10", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "55cd3a10", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "2cd742ab", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "2cd742ab", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "e147", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b336663303830316263643336333336613263303330633665356634353266353739356265316435363265303034313133363566623634633661326636383865667d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b336663303830316263643336333336613263303330633665356634353266353739356265316435363265303034313133363566623634633661326636383865667d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b336663303830316263643336333336613263303330633665356634353266353739356265316435363265303034313133363566623634633661326636383865667d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b336663303830316263643336333336613263303330633665356634353266353739356265316435363265303034313133363566623634633661326636383865667d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b336663303830316263643336333336613263303330633665356634353266353739356265316435363265303034313133363566623634633661326636383865667d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b336663303830316263643336333336613263303330633665356634353266353739356265316435363265303034313133363566623634633661326636383865667d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b336663303830316263643336333336613263303330633665356634353266353739356265316435363265303034313133363566623634633661326636383865667d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{3fc0801bcd36336a2c030c6e5f452f5795be1d562e00411365fb64c6a2f688ef}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f9513d4000240609a012d90139c0a826680050f8c95b366a057d9e7d8b501901e7013e0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b346161383636343365623264646235373039373235333434636430653633653663353265333563326536346133396633613461306565376262643564336164657d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f9513d4000240609a012d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "513d", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "09a0", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8c95b366a057d9e7d8b501901e7013e0000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8c9", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8c9", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "5b366a05", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "5b366a05", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "7d9e7d8b", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "7d9e7d8b", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "013e", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b346161383636343365623264646235373039373235333434636430653633653663353265333563326536346133396633613461306565376262643564336164657d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b346161383636343365623264646235373039373235333434636430653633653663353265333563326536346133396633613461306565376262643564336164657d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b346161383636343365623264646235373039373235333434636430653633653663353265333563326536346133396633613461306565376262643564336164657d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b346161383636343365623264646235373039373235333434636430653633653663353265333563326536346133396633613461306565376262643564336164657d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b346161383636343365623264646235373039373235333434636430653633653663353265333563326536346133396633613461306565376262643564336164657d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b346161383636343365623264646235373039373235333434636430653633653663353265333563326536346133396633613461306565376262643564336164657d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b346161383636343365623264646235373039373235333434636430653633653663353265333563326536346133396633613461306565376262643564336164657d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{4aa86643eb2ddb5709725344cd0e63e6c52e35c2e64a39f3a4a0ee7bbd5d3ade}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f9a24e40002406b88e12d90139c0a826680050f8caf0302c165ae25ddc501901e7de290000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b346166386466343135643137653664663939613565666464656263623333613638633063386266323664343831656564313662356637373637353033306437667d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f9a24e40002406b88e12d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "a24e", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "b88e", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8caf0302c165ae25ddc501901e7de290000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8ca", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8ca", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "f0302c16", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "f0302c16", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "5ae25ddc", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "5ae25ddc", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "de29", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b346166386466343135643137653664663939613565666464656263623333613638633063386266323664343831656564313662356637373637353033306437667d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b346166386466343135643137653664663939613565666464656263623333613638633063386266323664343831656564313662356637373637353033306437667d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b346166386466343135643137653664663939613565666464656263623333613638633063386266323664343831656564313662356637373637353033306437667d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b346166386466343135643137653664663939613565666464656263623333613638633063386266323664343831656564313662356637373637353033306437667d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b346166386466343135643137653664663939613565666464656263623333613638633063386266323664343831656564313662356637373637353033306437667d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b346166386466343135643137653664663939613565666464656263623333613638633063386266323664343831656564313662356637373637353033306437667d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b346166386466343135643137653664663939613565666464656263623333613638633063386266323664343831656564313662356637373637353033306437667d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{4af8df415d17e6df99a5efddebcb33a68c0c8bf26d481eed16b5f77675030d7f}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f90f37400024064ba612d90139c0a826680050f8cb0c7fc36f5cce81a5501901e76bab0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b653466353261306432613932343930366163313032613332633532616239313238626639636436653532393435313861643365643637343866383533623061627d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f90f37400024064ba612d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "0f37", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "4ba6", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8cb0c7fc36f5cce81a5501901e76bab0000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8cb", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8cb", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "0c7fc36f", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "0c7fc36f", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "5cce81a5", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "5cce81a5", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "6bab", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b653466353261306432613932343930366163313032613332633532616239313238626639636436653532393435313861643365643637343866383533623061627d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b653466353261306432613932343930366163313032613332633532616239313238626639636436653532393435313861643365643637343866383533623061627d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b653466353261306432613932343930366163313032613332633532616239313238626639636436653532393435313861643365643637343866383533623061627d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b653466353261306432613932343930366163313032613332633532616239313238626639636436653532393435313861643365643637343866383533623061627d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b653466353261306432613932343930366163313032613332633532616239313238626639636436653532393435313861643365643637343866383533623061627d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b653466353261306432613932343930366163313032613332633532616239313238626639636436653532393435313861643365643637343866383533623061627d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b653466353261306432613932343930366163313032613332633532616239313238626639636436653532393435313861643365643637343866383533623061627d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{e4f52a0d2a924906ac102a32c52ab9128bf9cd6e5294518ad3ed6748f853b0ab}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f9781340002406e2c912d90139c0a826680050f8cc4caf6692e2c14d63501901e79acd0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b636331303465373461396635303136346565353635326431363865663338613231623761326435653331393630363265363639653361323730356631613064337d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f9781340002406e2c912d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "7813", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "e2c9", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8cc4caf6692e2c14d63501901e79acd0000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8cc", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8cc", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "4caf6692", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "4caf6692", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "e2c14d63", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "e2c14d63", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "9acd", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b636331303465373461396635303136346565353635326431363865663338613231623761326435653331393630363265363639653361323730356631613064337d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b636331303465373461396635303136346565353635326431363865663338613231623761326435653331393630363265363639653361323730356631613064337d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b636331303465373461396635303136346565353635326431363865663338613231623761326435653331393630363265363639653361323730356631613064337d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b636331303465373461396635303136346565353635326431363865663338613231623761326435653331393630363265363639653361323730356631613064337d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b636331303465373461396635303136346565353635326431363865663338613231623761326435653331393630363265363639653361323730356631613064337d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b636331303465373461396635303136346565353635326431363865663338613231623761326435653331393630363265363639653361323730356631613064337d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b636331303465373461396635303136346565353635326431363865663338613231623761326435653331393630363265363639653361323730356631613064337d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{cc104e74a9f50164ee5652d168ef38a21b7a2d5e3196062e669e3a2705f1a0d3}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f9ef89400024066b5312d90139c0a826680050f8cd979b53903e5e7233501901e754580000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b326161633632306230626464326536393436643632633564323332636133326261316635613964386563383263303630373738623534666665623866626431667d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f9ef89400024066b5312d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "ef89", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "6b53", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8cd979b53903e5e7233501901e754580000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8cd", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8cd", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "979b5390", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "979b5390", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "3e5e7233", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "3e5e7233", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "5458", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b326161633632306230626464326536393436643632633564323332636133326261316635613964386563383263303630373738623534666665623866626431667d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b326161633632306230626464326536393436643632633564323332636133326261316635613964386563383263303630373738623534666665623866626431667d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b326161633632306230626464326536393436643632633564323332636133326261316635613964386563383263303630373738623534666665623866626431667d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b326161633632306230626464326536393436643632633564323332636133326261316635613964386563383263303630373738623534666665623866626431667d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b326161633632306230626464326536393436643632633564323332636133326261316635613964386563383263303630373738623534666665623866626431667d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b326161633632306230626464326536393436643632633564323332636133326261316635613964386563383263303630373738623534666665623866626431667d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b326161633632306230626464326536393436643632633564323332636133326261316635613964386563383263303630373738623534666665623866626431667d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{2aac620b0bdd2e6946d62c5d232ca32ba1f5a9d8ec82c060778b54ffeb8fbd1f}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f9a61740002406b4c512d90139c0a826680050f8cf2ff742ad388c5f6b501901e7c48b0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b346535356265303731353964656632303761666331343239353466353637336130363531643566333266356634303930666237373464393630363238653335327d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f9a61740002406b4c512d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "a617", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "b4c5", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8cf2ff742ad388c5f6b501901e7c48b0000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8cf", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8cf", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "2ff742ad", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "2ff742ad", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "388c5f6b", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "388c5f6b", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "c48b", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b346535356265303731353964656632303761666331343239353466353637336130363531643566333266356634303930666237373464393630363238653335327d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b346535356265303731353964656632303761666331343239353466353637336130363531643566333266356634303930666237373464393630363238653335327d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b346535356265303731353964656632303761666331343239353466353637336130363531643566333266356634303930666237373464393630363238653335327d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b346535356265303731353964656632303761666331343239353466353637336130363531643566333266356634303930666237373464393630363238653335327d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b346535356265303731353964656632303761666331343239353466353637336130363531643566333266356634303930666237373464393630363238653335327d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b346535356265303731353964656632303761666331343239353466353637336130363531643566333266356634303930666237373464393630363238653335327d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b346535356265303731353964656632303761666331343239353466353637336130363531643566333266356634303930666237373464393630363238653335327d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{4e55be07159def207afc142954f5673a0651d5f32f5f4090fb774d960628e352}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f963a040002406f73c12d90139c0a826680050f8d08b76a989c5a85cf7501901e75bdc0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b393833653565323730336131333261343934373965343338626662613135656535643032333435623033643431306238313633623638353937333933376461377d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f963a040002406f73c12d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "63a0", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "f73c", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8d08b76a989c5a85cf7501901e75bdc0000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8d0", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8d0", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "8b76a989", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "8b76a989", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "c5a85cf7", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "c5a85cf7", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "5bdc", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b393833653565323730336131333261343934373965343338626662613135656535643032333435623033643431306238313633623638353937333933376461377d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b393833653565323730336131333261343934373965343338626662613135656535643032333435623033643431306238313633623638353937333933376461377d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b393833653565323730336131333261343934373965343338626662613135656535643032333435623033643431306238313633623638353937333933376461377d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b393833653565323730336131333261343934373965343338626662613135656535643032333435623033643431306238313633623638353937333933376461377d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b393833653565323730336131333261343934373965343338626662613135656535643032333435623033643431306238313633623638353937333933376461377d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b393833653565323730336131333261343934373965343338626662613135656535643032333435623033643431306238313633623638353937333933376461377d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b393833653565323730336131333261343934373965343338626662613135656535643032333435623033643431306238313633623638353937333933376461377d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{983e5e2703a132a49479e438bfba15ee5d02345b03d410b8163b685973937da7}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f9dda6400024067d3612d90139c0a826680050f8d16af577461f44f08f501901e7e9f80000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b643334326134366538313739646539393431373230633565306565616330643066616539643330313464326464636635333161373836356139393762303065357d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f9dda6400024067d3612d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "dda6", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "7d36", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8d16af577461f44f08f501901e7e9f80000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8d1", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8d1", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "6af57746", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "6af57746", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "1f44f08f", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "1f44f08f", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "e9f8", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b643334326134366538313739646539393431373230633565306565616330643066616539643330313464326464636635333161373836356139393762303065357d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b643334326134366538313739646539393431373230633565306565616330643066616539643330313464326464636635333161373836356139393762303065357d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b643334326134366538313739646539393431373230633565306565616330643066616539643330313464326464636635333161373836356139393762303065357d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b643334326134366538313739646539393431373230633565306565616330643066616539643330313464326464636635333161373836356139393762303065357d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b643334326134366538313739646539393431373230633565306565616330643066616539643330313464326464636635333161373836356139393762303065357d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b643334326134366538313739646539393431373230633565306565616330643066616539643330313464326464636635333161373836356139393762303065357d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b643334326134366538313739646539393431373230633565306565616330643066616539643330313464326464636635333161373836356139393762303065357d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{d342a46e8179de9941720c5e0eeac0d0fae9d3014d2ddcf531a7865a997b00e5}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f95aca40002406001312d90139c0a826680050f8d2247d4c203a8f7dce501901e7029b0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b323133333930346366653735376263366336386333653566333734396233376436376437666136666662323736383431306265353933643366653863346264347d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f95aca40002406001312d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "5aca", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "0013", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8d2247d4c203a8f7dce501901e7029b0000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8d2", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8d2", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "247d4c20", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "247d4c20", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "3a8f7dce", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "3a8f7dce", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "029b", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b323133333930346366653735376263366336386333653566333734396233376436376437666136666662323736383431306265353933643366653863346264347d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b323133333930346366653735376263366336386333653566333734396233376436376437666136666662323736383431306265353933643366653863346264347d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b323133333930346366653735376263366336386333653566333734396233376436376437666136666662323736383431306265353933643366653863346264347d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b323133333930346366653735376263366336386333653566333734396233376436376437666136666662323736383431306265353933643366653863346264347d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b323133333930346366653735376263366336386333653566333734396233376436376437666136666662323736383431306265353933643366653863346264347d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b323133333930346366653735376263366336386333653566333734396233376436376437666136666662323736383431306265353933643366653863346264347d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b323133333930346366653735376263366336386333653566333734396233376436376437666136666662323736383431306265353933643366653863346264347d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{2133904cfe757bc6c68c3e5f3749b37d67d7fa6ffb2768410be593d3fe8c4bd4}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f993ec40002406c6f012d90139c0a826680050f8d37dae99b77a6824ab501901e762fb0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b323962373236623961353764313736653134383764313539343734656537653635303862363663303563353236613030633934326138636562623662623439367d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f993ec40002406c6f012d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "93ec", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "c6f0", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8d37dae99b77a6824ab501901e762fb0000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8d3", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8d3", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "7dae99b7", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "7dae99b7", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "7a6824ab", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "7a6824ab", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "62fb", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b323962373236623961353764313736653134383764313539343734656537653635303862363663303563353236613030633934326138636562623662623439367d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b323962373236623961353764313736653134383764313539343734656537653635303862363663303563353236613030633934326138636562623662623439367d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b323962373236623961353764313736653134383764313539343734656537653635303862363663303563353236613030633934326138636562623662623439367d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b323962373236623961353764313736653134383764313539343734656537653635303862363663303563353236613030633934326138636562623662623439367d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b323962373236623961353764313736653134383764313539343734656537653635303862363663303563353236613030633934326138636562623662623439367d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b323962373236623961353764313736653134383764313539343734656537653635303862363663303563353236613030633934326138636562623662623439367d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b323962373236623961353764313736653134383764313539343734656537653635303862363663303563353236613030633934326138636562623662623439367d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{29b726b9a57d176e1487d159474ee7e6508b66c05c526a00c942a8cebb6bb496}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f9fcf4400024065de812d90139c0a826680050f8d44dfb79e2a2fa7e19501901e72c890000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b373330326230646361303763643839306337356533386437386437653734643762626632623933326635353561616635623637353466353665373738653366637d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f9fcf4400024065de812d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "fcf4", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "5de8", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8d44dfb79e2a2fa7e19501901e72c890000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8d4", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8d4", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "4dfb79e2", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "4dfb79e2", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "a2fa7e19", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "a2fa7e19", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "2c89", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b373330326230646361303763643839306337356533386437386437653734643762626632623933326635353561616635623637353466353665373738653366637d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b373330326230646361303763643839306337356533386437386437653734643762626632623933326635353561616635623637353466353665373738653366637d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b373330326230646361303763643839306337356533386437386437653734643762626632623933326635353561616635623637353466353665373738653366637d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b373330326230646361303763643839306337356533386437386437653734643762626632623933326635353561616635623637353466353665373738653366637d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b373330326230646361303763643839306337356533386437386437653734643762626632623933326635353561616635623637353466353665373738653366637d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b373330326230646361303763643839306337356533386437386437653734643762626632623933326635353561616635623637353466353665373738653366637d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b373330326230646361303763643839306337356533386437386437653734643762626632623933326635353561616635623637353466353665373738653366637d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{7302b0dca07cd890c75e38d78d7e74d7bbf2b932f555aaf5b6754f56e778e3fc}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f968a340002406f23912d90139c0a826680050f8d5b8549e924f114f01501901e7202b0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b323265303138626238323832653964373835326564346536356637306132363532346461626566373863663431653164623435633037306339343632316335377d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f968a340002406f23912d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "68a3", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "f239", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8d5b8549e924f114f01501901e7202b0000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8d5", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8d5", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "b8549e92", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "b8549e92", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "4f114f01", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "4f114f01", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "202b", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b323265303138626238323832653964373835326564346536356637306132363532346461626566373863663431653164623435633037306339343632316335377d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b323265303138626238323832653964373835326564346536356637306132363532346461626566373863663431653164623435633037306339343632316335377d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b323265303138626238323832653964373835326564346536356637306132363532346461626566373863663431653164623435633037306339343632316335377d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b323265303138626238323832653964373835326564346536356637306132363532346461626566373863663431653164623435633037306339343632316335377d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b323265303138626238323832653964373835326564346536356637306132363532346461626566373863663431653164623435633037306339343632316335377d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b323265303138626238323832653964373835326564346536356637306132363532346461626566373863663431653164623435633037306339343632316335377d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b323265303138626238323832653964373835326564346536356637306132363532346461626566373863663431653164623435633037306339343632316335377d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{22e018bb8282e9d7852ed4e65f70a26524dabef78cf41e1db45c070c94621c57}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f906a140002406543c12d90139c0a826680050f8d6f8325d5a8994bfe7501901e7c6680000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b343066333636636366306636343632663562386231646334643733383461363261613935353635616663616164393661393337623863316631313334303939627d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f906a140002406543c12d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "06a1", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "543c", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8d6f8325d5a8994bfe7501901e7c6680000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8d6", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8d6", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "f8325d5a", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "f8325d5a", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "8994bfe7", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "8994bfe7", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "c668", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b343066333636636366306636343632663562386231646334643733383461363261613935353635616663616164393661393337623863316631313334303939627d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b343066333636636366306636343632663562386231646334643733383461363261613935353635616663616164393661393337623863316631313334303939627d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b343066333636636366306636343632663562386231646334643733383461363261613935353635616663616164393661393337623863316631313334303939627d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b343066333636636366306636343632663562386231646334643733383461363261613935353635616663616164393661393337623863316631313334303939627d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b343066333636636366306636343632663562386231646334643733383461363261613935353635616663616164393661393337623863316631313334303939627d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b343066333636636366306636343632663562386231646334643733383461363261613935353635616663616164393661393337623863316631313334303939627d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b343066333636636366306636343632663562386231646334643733383461363261613935353635616663616164393661393337623863316631313334303939627d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{40f366ccf0f6462f5b8b1dc4d7384a62aa95565afcaad96a937b8c1f1134099b}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f91b4e400024063f8f12d90139c0a826680050f8d762793aece90beba5501901e7b2550000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b646233386362633231356364653064396364353263626361323339306465666462353433303365393938303139613563346464616639383631623534656663627d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f91b4e400024063f8f12d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "1b4e", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "3f8f", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8d762793aece90beba5501901e7b2550000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8d7", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8d7", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "62793aec", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "62793aec", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "e90beba5", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "e90beba5", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "b255", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b646233386362633231356364653064396364353263626361323339306465666462353433303365393938303139613563346464616639383631623534656663627d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b646233386362633231356364653064396364353263626361323339306465666462353433303365393938303139613563346464616639383631623534656663627d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b646233386362633231356364653064396364353263626361323339306465666462353433303365393938303139613563346464616639383631623534656663627d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b646233386362633231356364653064396364353263626361323339306465666462353433303365393938303139613563346464616639383631623534656663627d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b646233386362633231356364653064396364353263626361323339306465666462353433303365393938303139613563346464616639383631623534656663627d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b646233386362633231356364653064396364353263626361323339306465666462353433303365393938303139613563346464616639383631623534656663627d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b646233386362633231356364653064396364353263626361323339306465666462353433303365393938303139613563346464616639383631623534656663627d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{db38cbc215cde0d9cd52cbca2390defdb54303e998019a5c4ddaf9861b54efcb}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f994f840002406c5e412d90139c0a826680050f8d8b9322f8cf17b3843501901e73e070000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b303930666138656339393561623966633966393763626539656133366362383163343530346133636130323436366464643230376366653766373835636235637d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f994f840002406c5e412d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "94f8", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "c5e4", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8d8b9322f8cf17b3843501901e73e070000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8d8", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8d8", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "b9322f8c", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "b9322f8c", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "f17b3843", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "f17b3843", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "3e07", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b303930666138656339393561623966633966393763626539656133366362383163343530346133636130323436366464643230376366653766373835636235637d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b303930666138656339393561623966633966393763626539656133366362383163343530346133636130323436366464643230376366653766373835636235637d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b303930666138656339393561623966633966393763626539656133366362383163343530346133636130323436366464643230376366653766373835636235637d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b303930666138656339393561623966633966393763626539656133366362383163343530346133636130323436366464643230376366653766373835636235637d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b303930666138656339393561623966633966393763626539656133366362383163343530346133636130323436366464643230376366653766373835636235637d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b303930666138656339393561623966633966393763626539656133366362383163343530346133636130323436366464643230376366653766373835636235637d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b303930666138656339393561623966633966393763626539656133366362383163343530346133636130323436366464643230376366653766373835636235637d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{090fa8ec995ab9fc9f97cbe9ea36cb81c4504a3ca02466ddd207cfe7f785cb5c}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f998c240002406c21a12d90139c0a826680050f8d96454aa68c65f79bf501901e71ad90000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b393437623931613938336339333231373330346638653562313132653933656166363139653661393338366162393362653933613962363765353362326664617d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f998c240002406c21a12d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "98c2", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "c21a", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8d96454aa68c65f79bf501901e71ad90000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8d9", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8d9", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "6454aa68", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "6454aa68", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "c65f79bf", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "c65f79bf", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "1ad9", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b393437623931613938336339333231373330346638653562313132653933656166363139653661393338366162393362653933613962363765353362326664617d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b393437623931613938336339333231373330346638653562313132653933656166363139653661393338366162393362653933613962363765353362326664617d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b393437623931613938336339333231373330346638653562313132653933656166363139653661393338366162393362653933613962363765353362326664617d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b393437623931613938336339333231373330346638653562313132653933656166363139653661393338366162393362653933613962363765353362326664617d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b393437623931613938336339333231373330346638653562313132653933656166363139653661393338366162393362653933613962363765353362326664617d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b393437623931613938336339333231373330346638653562313132653933656166363139653661393338366162393362653933613962363765353362326664617d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b393437623931613938336339333231373330346638653562313132653933656166363139653661393338366162393362653933613962363765353362326664617d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{947b91a983c93217304f8e5b112e93eaf619e6a9386ab93be93a9b67e53b2fda}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f9dbce400024067f0e12d90139c0a826680050f8da868c5839e316a844501901e7b6a20000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b613365643266363032333232663734396634636230313635313565323562363737343965666430386163326632633533303233353936636266306463626430667d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f9dbce400024067f0e12d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "dbce", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "7f0e", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8da868c5839e316a844501901e7b6a20000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8da", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8da", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "868c5839", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "868c5839", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "e316a844", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "e316a844", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "b6a2", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b613365643266363032333232663734396634636230313635313565323562363737343965666430386163326632633533303233353936636266306463626430667d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b613365643266363032333232663734396634636230313635313565323562363737343965666430386163326632633533303233353936636266306463626430667d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b613365643266363032333232663734396634636230313635313565323562363737343965666430386163326632633533303233353936636266306463626430667d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b613365643266363032333232663734396634636230313635313565323562363737343965666430386163326632633533303233353936636266306463626430667d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b613365643266363032333232663734396634636230313635313565323562363737343965666430386163326632633533303233353936636266306463626430667d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b613365643266363032333232663734396634636230313635313565323562363737343965666430386163326632633533303233353936636266306463626430667d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b613365643266363032333232663734396634636230313635313565323562363737343965666430386163326632633533303233353936636266306463626430667d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{a3ed2f602322f749f4cb016515e25b67749efd08ac2f2c53023596cbf0dcbd0f}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f912394000240648a412d90139c0a826680050f8db94dd0464aebea451501901e7ae040000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b386536323538353965623332356432613639393334653461343463393366636331333265383133656662336664616161353134333134373637386539636266397d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f912394000240648a412d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "1239", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "48a4", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8db94dd0464aebea451501901e7ae040000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8db", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8db", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "94dd0464", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "94dd0464", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "aebea451", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "aebea451", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "ae04", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b386536323538353965623332356432613639393334653461343463393366636331333265383133656662336664616161353134333134373637386539636266397d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b386536323538353965623332356432613639393334653461343463393366636331333265383133656662336664616161353134333134373637386539636266397d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b386536323538353965623332356432613639393334653461343463393366636331333265383133656662336664616161353134333134373637386539636266397d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b386536323538353965623332356432613639393334653461343463393366636331333265383133656662336664616161353134333134373637386539636266397d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b386536323538353965623332356432613639393334653461343463393366636331333265383133656662336664616161353134333134373637386539636266397d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b386536323538353965623332356432613639393334653461343463393366636331333265383133656662336664616161353134333134373637386539636266397d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b386536323538353965623332356432613639393334653461343463393366636331333265383133656662336664616161353134333134373637386539636266397d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{8e625859eb325d2a69934e4a44c93fcc132e813efb3fdaaa5143147678e9cbf9}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f9680a40002406f2d212d90139c0a826680050f8dca5c179b48f747ac8501901e74ecd0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b386434336334383839656535623530376431373835616466613235393266326662336437636632306562663337636534363539356564633436666261336636647d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f9680a40002406f2d212d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "680a", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "f2d2", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8dca5c179b48f747ac8501901e74ecd0000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8dc", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8dc", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "a5c179b4", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "a5c179b4", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "8f747ac8", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "8f747ac8", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "4ecd", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b386434336334383839656535623530376431373835616466613235393266326662336437636632306562663337636534363539356564633436666261336636647d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b386434336334383839656535623530376431373835616466613235393266326662336437636632306562663337636534363539356564633436666261336636647d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b386434336334383839656535623530376431373835616466613235393266326662336437636632306562663337636534363539356564633436666261336636647d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b386434336334383839656535623530376431373835616466613235393266326662336437636632306562663337636534363539356564633436666261336636647d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b386434336334383839656535623530376431373835616466613235393266326662336437636632306562663337636534363539356564633436666261336636647d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b386434336334383839656535623530376431373835616466613235393266326662336437636632306562663337636534363539356564633436666261336636647d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b386434336334383839656535623530376431373835616466613235393266326662336437636632306562663337636534363539356564633436666261336636647d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{8d43c4889ee5b507d1785adfa2592f2fb3d7cf20ebf37ce46595edc46fba3f6d}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f942334000240618aa12d90139c0a826680050f8df5a3cdce60fff5d18501901e779b50000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b303032306430323165396533386462623561356661343332313735303839643862373665346139303036313863393566386361653134666564616134356236337d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f942334000240618aa12d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "4233", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "18aa", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8df5a3cdce60fff5d18501901e779b50000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8df", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8df", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "5a3cdce6", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "5a3cdce6", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "0fff5d18", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "0fff5d18", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "79b5", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b303032306430323165396533386462623561356661343332313735303839643862373665346139303036313863393566386361653134666564616134356236337d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b303032306430323165396533386462623561356661343332313735303839643862373665346139303036313863393566386361653134666564616134356236337d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b303032306430323165396533386462623561356661343332313735303839643862373665346139303036313863393566386361653134666564616134356236337d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b303032306430323165396533386462623561356661343332313735303839643862373665346139303036313863393566386361653134666564616134356236337d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b303032306430323165396533386462623561356661343332313735303839643862373665346139303036313863393566386361653134666564616134356236337d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b303032306430323165396533386462623561356661343332313735303839643862373665346139303036313863393566386361653134666564616134356236337d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b303032306430323165396533386462623561356661343332313735303839643862373665346139303036313863393566386361653134666564616134356236337d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{0020d021e9e38dbb5a5fa432175089d8b76e4a900618c95f8cae14fedaa45b63}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f9bf2a400024069bb212d90139c0a826680050f8e09f8894a1404ab3f3501901e778bc0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b363965393662313066353630613661303635366136643935306537336534316263663432323663343234626235363232383339646461306336363735356231347d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f9bf2a400024069bb212d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "bf2a", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "9bb2", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8e09f8894a1404ab3f3501901e778bc0000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8e0", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8e0", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "9f8894a1", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "9f8894a1", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "404ab3f3", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "404ab3f3", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "78bc", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b363965393662313066353630613661303635366136643935306537336534316263663432323663343234626235363232383339646461306336363735356231347d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b363965393662313066353630613661303635366136643935306537336534316263663432323663343234626235363232383339646461306336363735356231347d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b363965393662313066353630613661303635366136643935306537336534316263663432323663343234626235363232383339646461306336363735356231347d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b363965393662313066353630613661303635366136643935306537336534316263663432323663343234626235363232383339646461306336363735356231347d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b363965393662313066353630613661303635366136643935306537336534316263663432323663343234626235363232383339646461306336363735356231347d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b363965393662313066353630613661303635366136643935306537336534316263663432323663343234626235363232383339646461306336363735356231347d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b363965393662313066353630613661303635366136643935306537336534316263663432323663343234626235363232383339646461306336363735356231347d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{69e96b10f560a6a0656a6d950e73e41bcf4226c424bb5622839dda0c66755b14}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f9e6f44000240673e812d90139c0a826680050f8e1e0bd5c3486e661c6501901e72f090000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b333463366361343764383538616231386161323030386634616333316333313537306334363138363933396536623436343538623139303832313232643462647d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f9e6f44000240673e812d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "e6f4", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "73e8", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8e1e0bd5c3486e661c6501901e72f090000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8e1", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8e1", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "e0bd5c34", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "e0bd5c34", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "86e661c6", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "86e661c6", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "2f09", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b333463366361343764383538616231386161323030386634616333316333313537306334363138363933396536623436343538623139303832313232643462647d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b333463366361343764383538616231386161323030386634616333316333313537306334363138363933396536623436343538623139303832313232643462647d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b333463366361343764383538616231386161323030386634616333316333313537306334363138363933396536623436343538623139303832313232643462647d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b333463366361343764383538616231386161323030386634616333316333313537306334363138363933396536623436343538623139303832313232643462647d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b333463366361343764383538616231386161323030386634616333316333313537306334363138363933396536623436343538623139303832313232643462647d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b333463366361343764383538616231386161323030386634616333316333313537306334363138363933396536623436343538623139303832313232643462647d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b333463366361343764383538616231386161323030386634616333316333313537306334363138363933396536623436343538623139303832313232643462647d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{34c6ca47d858ab18aa2008f4ac31c31570c46186939e6b46458b19082122d4bd}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f927fc4000240632e112d90139c0a826680050f8e23d8f896db6c7383a501901e789060000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b656266636562653639366231666462626132616262336230303331363531353234353662643833623664646662663138306361333636646530646563316230637d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f927fc4000240632e112d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "27fc", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "32e1", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8e23d8f896db6c7383a501901e789060000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8e2", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8e2", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "3d8f896d", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "3d8f896d", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "b6c7383a", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "b6c7383a", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "8906", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b656266636562653639366231666462626132616262336230303331363531353234353662643833623664646662663138306361333636646530646563316230637d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b656266636562653639366231666462626132616262336230303331363531353234353662643833623664646662663138306361333636646530646563316230637d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b656266636562653639366231666462626132616262336230303331363531353234353662643833623664646662663138306361333636646530646563316230637d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b656266636562653639366231666462626132616262336230303331363531353234353662643833623664646662663138306361333636646530646563316230637d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b656266636562653639366231666462626132616262336230303331363531353234353662643833623664646662663138306361333636646530646563316230637d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b656266636562653639366231666462626132616262336230303331363531353234353662643833623664646662663138306361333636646530646563316230637d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b656266636562653639366231666462626132616262336230303331363531353234353662643833623664646662663138306361333636646530646563316230637d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{ebfcebe696b1fdbba2abb3b003165152456bd83b6ddfbf180ca366de0dec1b0c}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f934194000240626c412d90139c0a826680050f8e3182aa4e69b432004501901e7b0f30000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b616131323561616562343732336636396463656161393031323561383039396136663366653032353965303638666438326463626562373631333134343862627d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f934194000240626c412d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "3419", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "26c4", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8e3182aa4e69b432004501901e7b0f30000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8e3", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8e3", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "182aa4e6", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "182aa4e6", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "9b432004", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "9b432004", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "b0f3", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b616131323561616562343732336636396463656161393031323561383039396136663366653032353965303638666438326463626562373631333134343862627d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b616131323561616562343732336636396463656161393031323561383039396136663366653032353965303638666438326463626562373631333134343862627d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b616131323561616562343732336636396463656161393031323561383039396136663366653032353965303638666438326463626562373631333134343862627d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b616131323561616562343732336636396463656161393031323561383039396136663366653032353965303638666438326463626562373631333134343862627d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b616131323561616562343732336636396463656161393031323561383039396136663366653032353965303638666438326463626562373631333134343862627d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b616131323561616562343732336636396463656161393031323561383039396136663366653032353965303638666438326463626562373631333134343862627d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b616131323561616562343732336636396463656161393031323561383039396136663366653032353965303638666438326463626562373631333134343862627d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{aa125aaeb4723f69dceaa90125a8099a6f3fe0259e068fd82dcbeb76131448bb}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f9b35340002406a78912d90139c0a826680050f8e40b4c8968a75ed628501901e78c070000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b383064363538353764386438316139323736396538636431333633373635323264313133633432393862333331333138636537616463626635653730313034647d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f9b35340002406a78912d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "b353", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "a789", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8e40b4c8968a75ed628501901e78c070000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8e4", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8e4", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "0b4c8968", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "0b4c8968", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "a75ed628", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "a75ed628", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "8c07", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b383064363538353764386438316139323736396538636431333633373635323264313133633432393862333331333138636537616463626635653730313034647d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b383064363538353764386438316139323736396538636431333633373635323264313133633432393862333331333138636537616463626635653730313034647d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b383064363538353764386438316139323736396538636431333633373635323264313133633432393862333331333138636537616463626635653730313034647d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b383064363538353764386438316139323736396538636431333633373635323264313133633432393862333331333138636537616463626635653730313034647d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b383064363538353764386438316139323736396538636431333633373635323264313133633432393862333331333138636537616463626635653730313034647d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b383064363538353764386438316139323736396538636431333633373635323264313133633432393862333331333138636537616463626635653730313034647d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b383064363538353764386438316139323736396538636431333633373635323264313133633432393862333331333138636537616463626635653730313034647d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{80d65857d8d81a92769e8cd136376522d113c4298b331318ce7adcbf5e70104d}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f9c85e40002406927e12d90139c0a826680050f8e5c96006a7cee38029501901e7f8df0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b303061653737336365346134623363663332383766303732633133656337313339613734323037646536333564653964313135303837626334663331326261657d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f9c85e40002406927e12d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "c85e", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "927e", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8e5c96006a7cee38029501901e7f8df0000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8e5", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8e5", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "c96006a7", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "c96006a7", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "cee38029", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "cee38029", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "f8df", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b303061653737336365346134623363663332383766303732633133656337313339613734323037646536333564653964313135303837626334663331326261657d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b303061653737336365346134623363663332383766303732633133656337313339613734323037646536333564653964313135303837626334663331326261657d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b303061653737336365346134623363663332383766303732633133656337313339613734323037646536333564653964313135303837626334663331326261657d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b303061653737336365346134623363663332383766303732633133656337313339613734323037646536333564653964313135303837626334663331326261657d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b303061653737336365346134623363663332383766303732633133656337313339613734323037646536333564653964313135303837626334663331326261657d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b303061653737336365346134623363663332383766303732633133656337313339613734323037646536333564653964313135303837626334663331326261657d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b303061653737336365346134623363663332383766303732633133656337313339613734323037646536333564653964313135303837626334663331326261657d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{00ae773ce4a4b3cf3287f072c13ec7139a74207de635de9d115087bc4f312bae}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f9b50e40002406a5ce12d90139c0a826680050f8e6b4d06add9cf79cd3501901e72d260000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b376538303837373862373235303839333932326131376435336631303336356230303961373632343933353835306163356338313430343631653439643537397d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f9b50e40002406a5ce12d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "b50e", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "a5ce", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8e6b4d06add9cf79cd3501901e72d260000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8e6", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8e6", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "b4d06add", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "b4d06add", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "9cf79cd3", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "9cf79cd3", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "2d26", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b376538303837373862373235303839333932326131376435336631303336356230303961373632343933353835306163356338313430343631653439643537397d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b376538303837373862373235303839333932326131376435336631303336356230303961373632343933353835306163356338313430343631653439643537397d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b376538303837373862373235303839333932326131376435336631303336356230303961373632343933353835306163356338313430343631653439643537397d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b376538303837373862373235303839333932326131376435336631303336356230303961373632343933353835306163356338313430343631653439643537397d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b376538303837373862373235303839333932326131376435336631303336356230303961373632343933353835306163356338313430343631653439643537397d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b376538303837373862373235303839333932326131376435336631303336356230303961373632343933353835306163356338313430343631653439643537397d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b376538303837373862373235303839333932326131376435336631303336356230303961373632343933353835306163356338313430343631653439643537397d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{7e808778b7250893922a17d53f10365b009a7624935850ac5c8140461e49d579}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f9b7fb40002406a2e112d90139c0a826680050f8e74fdbc78ec2e401b6501901e790b10000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b333365383064366539663536633166373730356337333536366433343763636233326234363632313731663232346236646663623663386663653466313630317d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f9b7fb40002406a2e112d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "b7fb", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "a2e1", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8e74fdbc78ec2e401b6501901e790b10000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8e7", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8e7", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "4fdbc78e", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "4fdbc78e", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "c2e401b6", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "c2e401b6", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "90b1", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b333365383064366539663536633166373730356337333536366433343763636233326234363632313731663232346236646663623663386663653466313630317d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b333365383064366539663536633166373730356337333536366433343763636233326234363632313731663232346236646663623663386663653466313630317d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b333365383064366539663536633166373730356337333536366433343763636233326234363632313731663232346236646663623663386663653466313630317d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b333365383064366539663536633166373730356337333536366433343763636233326234363632313731663232346236646663623663386663653466313630317d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b333365383064366539663536633166373730356337333536366433343763636233326234363632313731663232346236646663623663386663653466313630317d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b333365383064366539663536633166373730356337333536366433343763636233326234363632313731663232346236646663623663386663653466313630317d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b333365383064366539663536633166373730356337333536366433343763636233326234363632313731663232346236646663623663386663653466313630317d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{33e80d6e9f56c1f7705c73566d347ccb32b4662171f224b6dfcb6c8fce4f1601}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f9738d40002406e74f12d90139c0a826680050f8e8fb80be47e91ad255501901e7d9310000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b356439323166666265323730396261383264303936303361303935353330616564616534316162393666643035323134306362633634333139623761623061637d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f9738d40002406e74f12d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "738d", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "e74f", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8e8fb80be47e91ad255501901e7d9310000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8e8", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8e8", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "fb80be47", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "fb80be47", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "e91ad255", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "e91ad255", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "d931", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b356439323166666265323730396261383264303936303361303935353330616564616534316162393666643035323134306362633634333139623761623061637d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b356439323166666265323730396261383264303936303361303935353330616564616534316162393666643035323134306362633634333139623761623061637d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b356439323166666265323730396261383264303936303361303935353330616564616534316162393666643035323134306362633634333139623761623061637d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b356439323166666265323730396261383264303936303361303935353330616564616534316162393666643035323134306362633634333139623761623061637d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b356439323166666265323730396261383264303936303361303935353330616564616534316162393666643035323134306362633634333139623761623061637d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b356439323166666265323730396261383264303936303361303935353330616564616534316162393666643035323134306362633634333139623761623061637d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b356439323166666265323730396261383264303936303361303935353330616564616534316162393666643035323134306362633634333139623761623061637d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{5d921ffbe2709ba82d09603a095530aedae41ab96fd052140cbc64319b7ab0ac}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f9ebe4400024066ef812d90139c0a826680050f8e94285adf38a709d56501901e78adf0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b393737623338356435646436616264653963623839656539343062356366623731373964373364393839633639393333343664323738626666303033633135347d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f9ebe4400024066ef812d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "ebe4", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "6ef8", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8e94285adf38a709d56501901e78adf0000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8e9", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8e9", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "4285adf3", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "4285adf3", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "8a709d56", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "8a709d56", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "8adf", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b393737623338356435646436616264653963623839656539343062356366623731373964373364393839633639393333343664323738626666303033633135347d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b393737623338356435646436616264653963623839656539343062356366623731373964373364393839633639393333343664323738626666303033633135347d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b393737623338356435646436616264653963623839656539343062356366623731373964373364393839633639393333343664323738626666303033633135347d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b393737623338356435646436616264653963623839656539343062356366623731373964373364393839633639393333343664323738626666303033633135347d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b393737623338356435646436616264653963623839656539343062356366623731373964373364393839633639393333343664323738626666303033633135347d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b393737623338356435646436616264653963623839656539343062356366623731373964373364393839633639393333343664323738626666303033633135347d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b393737623338356435646436616264653963623839656539343062356366623731373964373364393839633639393333343664323738626666303033633135347d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{977b385d5dd6abde9cb89ee940b5cfb7179d73d989c6993346d278bff003c154}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f9655940002406f58312d90139c0a826680050f8ea6c7d059f234fbbed501901e7dbe50000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b636137643362303239383137646538663331386438666135323161643162353639663465386133373335383337333139333532326363376635363238656434397d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f9655940002406f58312d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "6559", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "f583", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8ea6c7d059f234fbbed501901e7dbe50000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8ea", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8ea", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "6c7d059f", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "6c7d059f", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "234fbbed", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "234fbbed", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "dbe5", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b636137643362303239383137646538663331386438666135323161643162353639663465386133373335383337333139333532326363376635363238656434397d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b636137643362303239383137646538663331386438666135323161643162353639663465386133373335383337333139333532326363376635363238656434397d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b636137643362303239383137646538663331386438666135323161643162353639663465386133373335383337333139333532326363376635363238656434397d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b636137643362303239383137646538663331386438666135323161643162353639663465386133373335383337333139333532326363376635363238656434397d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b636137643362303239383137646538663331386438666135323161643162353639663465386133373335383337333139333532326363376635363238656434397d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b636137643362303239383137646538663331386438666135323161643162353639663465386133373335383337333139333532326363376635363238656434397d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b636137643362303239383137646538663331386438666135323161643162353639663465386133373335383337333139333532326363376635363238656434397d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{ca7d3b029817de8f318d8fa521ad1b569f4e8a37358373193522cc7f5628ed49}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f9fa004000240660dc12d90139c0a826680050f8eb187004a40765f0c3501901e733a20000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b613832303638306162363434346231646166353238313139326633333761656662346161393561333133633966323730383034656637383236656363323938637d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f9fa004000240660dc12d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "fa00", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "60dc", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8eb187004a40765f0c3501901e733a20000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8eb", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8eb", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "187004a4", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "187004a4", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "0765f0c3", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "0765f0c3", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "33a2", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b613832303638306162363434346231646166353238313139326633333761656662346161393561333133633966323730383034656637383236656363323938637d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b613832303638306162363434346231646166353238313139326633333761656662346161393561333133633966323730383034656637383236656363323938637d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b613832303638306162363434346231646166353238313139326633333761656662346161393561333133633966323730383034656637383236656363323938637d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b613832303638306162363434346231646166353238313139326633333761656662346161393561333133633966323730383034656637383236656363323938637d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b613832303638306162363434346231646166353238313139326633333761656662346161393561333133633966323730383034656637383236656363323938637d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b613832303638306162363434346231646166353238313139326633333761656662346161393561333133633966323730383034656637383236656363323938637d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b613832303638306162363434346231646166353238313139326633333761656662346161393561333133633966323730383034656637383236656363323938637d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{a820680ab6444b1daf5281192f337aefb4aa95a313c9f270804ef7826ecc298c}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f9b0fc40002406a9e012d90139c0a826680050f8ece94887b5b23145e2501901e7ea670000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b393938643031646164663162343465623465633762376538666131316631316263643264376438366633663965343936366464653232643461383463613131337d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f9b0fc40002406a9e012d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "b0fc", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "a9e0", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8ece94887b5b23145e2501901e7ea670000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8ec", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8ec", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "e94887b5", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "e94887b5", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "b23145e2", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "b23145e2", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "ea67", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b393938643031646164663162343465623465633762376538666131316631316263643264376438366633663965343936366464653232643461383463613131337d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b393938643031646164663162343465623465633762376538666131316631316263643264376438366633663965343936366464653232643461383463613131337d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b393938643031646164663162343465623465633762376538666131316631316263643264376438366633663965343936366464653232643461383463613131337d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b393938643031646164663162343465623465633762376538666131316631316263643264376438366633663965343936366464653232643461383463613131337d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b393938643031646164663162343465623465633762376538666131316631316263643264376438366633663965343936366464653232643461383463613131337d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b393938643031646164663162343465623465633762376538666131316631316263643264376438366633663965343936366464653232643461383463613131337d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b393938643031646164663162343465623465633762376538666131316631316263643264376438366633663965343936366464653232643461383463613131337d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{998d01dadf1b44eb4ec7b7e8fa11f11bcd2d7d86f3f9e4966dde22d4a84ca113}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f91dfd400024063ce012d90139c0a826680050f8ed53193259ff0854f7501901e749da0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b636238666533656336356638393065326630353730633938633465646433666534313135626330353961633261666233393330306337623636663233303263347d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f91dfd400024063ce012d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "1dfd", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "3ce0", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8ed53193259ff0854f7501901e749da0000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8ed", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8ed", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "53193259", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "53193259", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "ff0854f7", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "ff0854f7", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "49da", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b636238666533656336356638393065326630353730633938633465646433666534313135626330353961633261666233393330306337623636663233303263347d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b636238666533656336356638393065326630353730633938633465646433666534313135626330353961633261666233393330306337623636663233303263347d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b636238666533656336356638393065326630353730633938633465646433666534313135626330353961633261666233393330306337623636663233303263347d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b636238666533656336356638393065326630353730633938633465646433666534313135626330353961633261666233393330306337623636663233303263347d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b636238666533656336356638393065326630353730633938633465646433666534313135626330353961633261666233393330306337623636663233303263347d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b636238666533656336356638393065326630353730633938633465646433666534313135626330353961633261666233393330306337623636663233303263347d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b636238666533656336356638393065326630353730633938633465646433666534313135626330353961633261666233393330306337623636663233303263347d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{cb8fe3ec65f890e2f0570c98c4edd3fe4115bc059ac2afb39300c7b66f2302c4}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f94c31400024060eac12d90139c0a826680050f8ee78814ae0fd1df90f501901e7a1930000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b626332616638636265306165306265666464323862313434313232393532343333353463643363376363373465383864386661636232666435653665663334647d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f94c31400024060eac12d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "4c31", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "0eac", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8ee78814ae0fd1df90f501901e7a1930000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8ee", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8ee", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "78814ae0", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "78814ae0", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "fd1df90f", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "fd1df90f", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "a193", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b626332616638636265306165306265666464323862313434313232393532343333353463643363376363373465383864386661636232666435653665663334647d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b626332616638636265306165306265666464323862313434313232393532343333353463643363376363373465383864386661636232666435653665663334647d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b626332616638636265306165306265666464323862313434313232393532343333353463643363376363373465383864386661636232666435653665663334647d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b626332616638636265306165306265666464323862313434313232393532343333353463643363376363373465383864386661636232666435653665663334647d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b626332616638636265306165306265666464323862313434313232393532343333353463643363376363373465383864386661636232666435653665663334647d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b626332616638636265306165306265666464323862313434313232393532343333353463643363376363373465383864386661636232666435653665663334647d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b626332616638636265306165306265666464323862313434313232393532343333353463643363376363373465383864386661636232666435653665663334647d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{bc2af8cbe0ae0befdd28b14412295243354cd3c7cc74e88d8facb2fd5e6ef34d}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f9692740002406f1b512d90139c0a826680050f8ef3290f214d61c8a53501901e78a250000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b303930383261303331336531366663333666383037366666383665353465383330343861383536386635633232393466656135666233626364323132653766327d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f9692740002406f1b512d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "6927", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "f1b5", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8ef3290f214d61c8a53501901e78a250000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8ef", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8ef", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "3290f214", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "3290f214", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "d61c8a53", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "d61c8a53", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "8a25", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b303930383261303331336531366663333666383037366666383665353465383330343861383536386635633232393466656135666233626364323132653766327d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b303930383261303331336531366663333666383037366666383665353465383330343861383536386635633232393466656135666233626364323132653766327d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b303930383261303331336531366663333666383037366666383665353465383330343861383536386635633232393466656135666233626364323132653766327d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b303930383261303331336531366663333666383037366666383665353465383330343861383536386635633232393466656135666233626364323132653766327d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b303930383261303331336531366663333666383037366666383665353465383330343861383536386635633232393466656135666233626364323132653766327d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b303930383261303331336531366663333666383037366666383665353465383330343861383536386635633232393466656135666233626364323132653766327d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b303930383261303331336531366663333666383037366666383665353465383330343861383536386635633232393466656135666233626364323132653766327d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{09082a0313e16fc36f8076ff86e54e83048a8568f5c2294fea5fb3bcd212e7f2}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f9140c4000240646d112d90139c0a826680050f8f08b51e1f56b17aead501901e7df980000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b323338363734366165623235383931343334396463383161383563623564653732653437393330633766313137353962346164396638363465666137623561617d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f9140c4000240646d112d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "140c", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "46d1", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8f08b51e1f56b17aead501901e7df980000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8f0", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8f0", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "8b51e1f5", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "8b51e1f5", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "6b17aead", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "6b17aead", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "df98", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b323338363734366165623235383931343334396463383161383563623564653732653437393330633766313137353962346164396638363465666137623561617d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b323338363734366165623235383931343334396463383161383563623564653732653437393330633766313137353962346164396638363465666137623561617d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b323338363734366165623235383931343334396463383161383563623564653732653437393330633766313137353962346164396638363465666137623561617d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b323338363734366165623235383931343334396463383161383563623564653732653437393330633766313137353962346164396638363465666137623561617d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b323338363734366165623235383931343334396463383161383563623564653732653437393330633766313137353962346164396638363465666137623561617d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b323338363734366165623235383931343334396463383161383563623564653732653437393330633766313137353962346164396638363465666137623561617d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b323338363734366165623235383931343334396463383161383563623564653732653437393330633766313137353962346164396638363465666137623561617d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{2386746aeb258914349dc81a85cb5de72e47930c7f11759b4ad9f864efa7b5aa}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f9da5440002406808812d90139c0a826680050f8f10ca648cd0d84a21a501901e775b30000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b313733333036643762383836343233643966373964336430643035323039383037616537623833633434353933313331393833306534653061643264326630397d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f9da5440002406808812d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "da54", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "8088", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8f10ca648cd0d84a21a501901e775b30000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8f1", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8f1", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "0ca648cd", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "0ca648cd", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "0d84a21a", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "0d84a21a", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "75b3", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b313733333036643762383836343233643966373964336430643035323039383037616537623833633434353933313331393833306534653061643264326630397d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b313733333036643762383836343233643966373964336430643035323039383037616537623833633434353933313331393833306534653061643264326630397d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b313733333036643762383836343233643966373964336430643035323039383037616537623833633434353933313331393833306534653061643264326630397d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b313733333036643762383836343233643966373964336430643035323039383037616537623833633434353933313331393833306534653061643264326630397d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b313733333036643762383836343233643966373964336430643035323039383037616537623833633434353933313331393833306534653061643264326630397d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b313733333036643762383836343233643966373964336430643035323039383037616537623833633434353933313331393833306534653061643264326630397d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b313733333036643762383836343233643966373964336430643035323039383037616537623833633434353933313331393833306534653061643264326630397d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{173306d7b886423d9f79d3d0d05209807ae7b83c445931319830e4e0ad2d2f09}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f9928140002406c85b12d90139c0a826680050f8f22b44409a8964788e501901e7714a0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b366362393865323239356262653166313566643862386235393038646533363064333836623938613063653765303430376530303162343533623035626532327d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f9928140002406c85b12d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "9281", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "c85b", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8f22b44409a8964788e501901e7714a0000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8f2", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8f2", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "2b44409a", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "2b44409a", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "8964788e", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "8964788e", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "714a", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b366362393865323239356262653166313566643862386235393038646533363064333836623938613063653765303430376530303162343533623035626532327d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b366362393865323239356262653166313566643862386235393038646533363064333836623938613063653765303430376530303162343533623035626532327d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b366362393865323239356262653166313566643862386235393038646533363064333836623938613063653765303430376530303162343533623035626532327d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b366362393865323239356262653166313566643862386235393038646533363064333836623938613063653765303430376530303162343533623035626532327d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b366362393865323239356262653166313566643862386235393038646533363064333836623938613063653765303430376530303162343533623035626532327d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b366362393865323239356262653166313566643862386235393038646533363064333836623938613063653765303430376530303162343533623035626532327d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b366362393865323239356262653166313566643862386235393038646533363064333836623938613063653765303430376530303162343533623035626532327d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{6cb98e2295bbe1f15fd8b8b5908de360d386b98a0ce7e0407e001b453b05be22}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f949e14000240610fc12d90139c0a826680050f8f3a5fce3fcdc017d71501901e7715a0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b313332653634336338666461646235346333363630373263623333393430343131666366643335353230396663316365396232303232616431636431623036307d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f949e14000240610fc12d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "49e1", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "10fc", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8f3a5fce3fcdc017d71501901e7715a0000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8f3", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8f3", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "a5fce3fc", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "a5fce3fc", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "dc017d71", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "dc017d71", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "715a", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b313332653634336338666461646235346333363630373263623333393430343131666366643335353230396663316365396232303232616431636431623036307d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b313332653634336338666461646235346333363630373263623333393430343131666366643335353230396663316365396232303232616431636431623036307d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b313332653634336338666461646235346333363630373263623333393430343131666366643335353230396663316365396232303232616431636431623036307d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b313332653634336338666461646235346333363630373263623333393430343131666366643335353230396663316365396232303232616431636431623036307d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b313332653634336338666461646235346333363630373263623333393430343131666366643335353230396663316365396232303232616431636431623036307d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b313332653634336338666461646235346333363630373263623333393430343131666366643335353230396663316365396232303232616431636431623036307d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b313332653634336338666461646235346333363630373263623333393430343131666366643335353230396663316365396232303232616431636431623036307d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{132e643c8fdadb54c366072cb33940411fcfd355209fc1ce9b2022ad1cd1b060}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f970d740002406ea0512d90139c0a826680050f8f4225982f3fbcc8128501901e72da40000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b303434666663613732663066313931623037313566663161396266663138326338313063623237383633373063626638636463313934336332653761656466367d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f970d740002406ea0512d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "70d7", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "ea05", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8f4225982f3fbcc8128501901e72da40000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8f4", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8f4", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "225982f3", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "225982f3", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "fbcc8128", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "fbcc8128", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "2da4", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b303434666663613732663066313931623037313566663161396266663138326338313063623237383633373063626638636463313934336332653761656466367d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b303434666663613732663066313931623037313566663161396266663138326338313063623237383633373063626638636463313934336332653761656466367d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b303434666663613732663066313931623037313566663161396266663138326338313063623237383633373063626638636463313934336332653761656466367d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b303434666663613732663066313931623037313566663161396266663138326338313063623237383633373063626638636463313934336332653761656466367d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b303434666663613732663066313931623037313566663161396266663138326338313063623237383633373063626638636463313934336332653761656466367d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b303434666663613732663066313931623037313566663161396266663138326338313063623237383633373063626638636463313934336332653761656466367d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b303434666663613732663066313931623037313566663161396266663138326338313063623237383633373063626638636463313934336332653761656466367d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{044ffca72f0f191b0715ff1a9bff182c810cb2786370cbf8cdc1943c2e7aedf6}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f9719b40002406e94112d90139c0a826680050f8f5451b4529f982ee6d501901e79f820000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b623237383130346332363032343432653364623430313734396333303532376438306261353630663961303263393339636234666636656131383961313430647d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f9719b40002406e94112d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "719b", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "e941", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8f5451b4529f982ee6d501901e79f820000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8f5", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8f5", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "451b4529", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "451b4529", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "f982ee6d", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "f982ee6d", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "9f82", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b623237383130346332363032343432653364623430313734396333303532376438306261353630663961303263393339636234666636656131383961313430647d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b623237383130346332363032343432653364623430313734396333303532376438306261353630663961303263393339636234666636656131383961313430647d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b623237383130346332363032343432653364623430313734396333303532376438306261353630663961303263393339636234666636656131383961313430647d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b623237383130346332363032343432653364623430313734396333303532376438306261353630663961303263393339636234666636656131383961313430647d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b623237383130346332363032343432653364623430313734396333303532376438306261353630663961303263393339636234666636656131383961313430647d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b623237383130346332363032343432653364623430313734396333303532376438306261353630663961303263393339636234666636656131383961313430647d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b623237383130346332363032343432653364623430313734396333303532376438306261353630663961303263393339636234666636656131383961313430647d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{b278104c2602442e3db401749c30527d80ba560f9a02c939cb4ff6ea189a140d}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f9b78d40002406a34f12d90139c0a826680050f8f63b59edf0d3211041501901e708b30000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b373238326530343864366433323338336236356633613033623131303132313961633733663766353338343436623738643162326233333465303938353434377d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f9b78d40002406a34f12d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "b78d", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "a34f", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8f63b59edf0d3211041501901e708b30000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8f6", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8f6", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "3b59edf0", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "3b59edf0", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "d3211041", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "d3211041", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "08b3", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b373238326530343864366433323338336236356633613033623131303132313961633733663766353338343436623738643162326233333465303938353434377d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b373238326530343864366433323338336236356633613033623131303132313961633733663766353338343436623738643162326233333465303938353434377d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b373238326530343864366433323338336236356633613033623131303132313961633733663766353338343436623738643162326233333465303938353434377d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b373238326530343864366433323338336236356633613033623131303132313961633733663766353338343436623738643162326233333465303938353434377d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b373238326530343864366433323338336236356633613033623131303132313961633733663766353338343436623738643162326233333465303938353434377d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b373238326530343864366433323338336236356633613033623131303132313961633733663766353338343436623738643162326233333465303938353434377d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b373238326530343864366433323338336236356633613033623131303132313961633733663766353338343436623738643162326233333465303938353434377d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{7282e048d6d32383b65f3a03b1101219ac73f7f538446b78d1b2b334e0985447}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f9f3dc40002406670012d90139c0a826680050f8f716802a1f1dbbbf81501901e7cb210000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b393834303663346163626630663537623363636263393233616162356136303364373066383664353037663432326439626438363536333938663533343333657d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f9f3dc40002406670012d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "f3dc", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "6700", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8f716802a1f1dbbbf81501901e7cb210000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8f7", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8f7", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "16802a1f", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "16802a1f", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "1dbbbf81", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "1dbbbf81", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "cb21", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b393834303663346163626630663537623363636263393233616162356136303364373066383664353037663432326439626438363536333938663533343333657d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b393834303663346163626630663537623363636263393233616162356136303364373066383664353037663432326439626438363536333938663533343333657d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b393834303663346163626630663537623363636263393233616162356136303364373066383664353037663432326439626438363536333938663533343333657d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b393834303663346163626630663537623363636263393233616162356136303364373066383664353037663432326439626438363536333938663533343333657d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b393834303663346163626630663537623363636263393233616162356136303364373066383664353037663432326439626438363536333938663533343333657d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b393834303663346163626630663537623363636263393233616162356136303364373066383664353037663432326439626438363536333938663533343333657d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b393834303663346163626630663537623363636263393233616162356136303364373066383664353037663432326439626438363536333938663533343333657d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{98406c4acbf0f57b3ccbc923aab5a603d70f86d507f422d9bd8656398f53433e}": "" + } + } + } + }, + { + "_index": "packets-2020-08-10", + "_type": "doc", + "_score": null, + "_source": { + "layers": { + "frame_raw": [ + "023bc61aaef502fb684ce9410800450000f9234740002406379612d90139c0a826680050f8f821ed3f3a5032a5ce501901e70a760000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343220474d540d0a0d0a7069636f4354467b336665306232373838663330643963623966373764336232373532663133633535346665376630653761323838336535376338613434623334663335363735637d", + 0, + 263, + 0, + 1 + ], + "frame": { + "frame.section_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.interface_id_tree": { + "frame.interface_name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.interface_description_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "frame.encap_type_raw": [ + "", + 0, + 0, + 0, + 13 + ], + "frame.time_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_utc_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.time_epoch_raw": [ + "", + 0, + 0, + 0, + 24 + ], + "frame.offset_shift_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_delta_displayed_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.time_relative_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "frame.number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.cap_len_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "frame.marked_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.ignored_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "frame.protocols_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.name_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "frame.coloring_rule.string_raw": [ + "", + 0, + 0, + 0, + 26 + ] + }, + "eth_raw": [ + "023bc61aaef502fb684ce9410800", + 0, + 14, + 0, + 1 + ], + "eth": { + "eth.dst_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.dst_tree": { + "eth.dst_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.dst.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "023bc61aaef5", + 0, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "023bc6", + 0, + 3, + 0, + 6 + ], + "eth.dst.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 0, + 3, + 131072, + 2 + ], + "eth.dst.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 0, + 3, + 65536, + 2 + ] + }, + "eth.src_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.src_tree": { + "eth.src_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.src.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.addr_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 29 + ], + "eth.addr_resolved_raw": [ + "02fb684ce941", + 6, + 6, + 0, + 26 + ], + "eth.addr.oui_raw": [ + "02fb68", + 6, + 3, + 0, + 6 + ], + "eth.src.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.lg_raw": [ + "1", + 6, + 3, + 131072, + 2 + ], + "eth.src.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ], + "eth.ig_raw": [ + "0", + 6, + 3, + 65536, + 2 + ] + }, + "eth.type_raw": [ + "0800", + 12, + 2, + 0, + 5 + ] + }, + "ip_raw": [ + "450000f9234740002406379612d90139c0a82668", + 14, + 20, + 0, + 1 + ], + "ip": { + "ip.version_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.hdr_len_raw": [ + "45", + 14, + 1, + 0, + 4 + ], + "ip.dsfield_raw": [ + "00", + 15, + 1, + 0, + 4 + ], + "ip.dsfield_tree": { + "ip.dsfield.dscp_raw": [ + "0", + 15, + 1, + 252, + 4 + ], + "ip.dsfield.ecn_raw": [ + "0", + 15, + 1, + 3, + 4 + ] + }, + "ip.len_raw": [ + "00f9", + 16, + 2, + 0, + 5 + ], + "ip.id_raw": [ + "2347", + 18, + 2, + 0, + 5 + ], + "ip.flags_raw": [ + "2", + 20, + 1, + 224, + 4 + ], + "ip.flags_tree": { + "ip.flags.rb_raw": [ + "0", + 20, + 1, + 128, + 2 + ], + "ip.flags.df_raw": [ + "1", + 20, + 1, + 64, + 2 + ], + "ip.flags.mf_raw": [ + "0", + 20, + 1, + 32, + 2 + ] + }, + "ip.frag_offset_raw": [ + "0", + 20, + 2, + 8191, + 5 + ], + "ip.ttl_raw": [ + "24", + 22, + 1, + 0, + 4 + ], + "ip.proto_raw": [ + "06", + 23, + 1, + 0, + 4 + ], + "ip.checksum_raw": [ + "3796", + 24, + 2, + 0, + 5 + ], + "ip.checksum.status_raw": [ + "", + 24, + 0, + 0, + 4 + ], + "ip.src_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "12d90139", + 26, + 4, + 0, + 32 + ], + "ip.src_host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "12d90139", + 26, + 4, + 0, + 26 + ], + "ip.dst_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.addr_raw": [ + "c0a82668", + 30, + 4, + 0, + 32 + ], + "ip.dst_host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ], + "ip.host_raw": [ + "c0a82668", + 30, + 4, + 0, + 26 + ] + }, + "tcp_raw": [ + "0050f8f821ed3f3a5032a5ce501901e70a760000", + 34, + 20, + 0, + 1 + ], + "tcp": { + "tcp.srcport_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.dstport_raw": [ + "f8f8", + 36, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "0050", + 34, + 2, + 0, + 5 + ], + "tcp.port_raw": [ + "f8f8", + 36, + 2, + 0, + 5 + ], + "tcp.stream_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.completeness_raw": [ + 0, + 0, + 0, + 4 + ], + "tcp.completeness_tree": { + "tcp.completeness.rst_raw": [ + "0", + 0, + 0, + 32, + 2 + ], + "tcp.completeness.fin_raw": [ + "1", + 0, + 0, + 16, + 2 + ], + "tcp.completeness.data_raw": [ + "1", + 0, + 0, + 8, + 2 + ], + "tcp.completeness.ack_raw": [ + "1", + 0, + 0, + 4, + 2 + ], + "tcp.completeness.syn-ack_raw": [ + "1", + 0, + 0, + 2, + 2 + ], + "tcp.completeness.syn_raw": [ + "1", + 0, + 0, + 1, + 2 + ], + "tcp.completeness.str_raw": [ + "", + 34, + 0, + 0, + 26 + ] + }, + "tcp.len_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.seq_raw": [ + "21ed3f3a", + 38, + 4, + 0, + 7 + ], + "tcp.seq_raw_raw": [ + "21ed3f3a", + 38, + 4, + 0, + 7 + ], + "tcp.nxtseq_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.ack_raw": [ + "5032a5ce", + 42, + 4, + 0, + 7 + ], + "tcp.ack_raw_raw": [ + "5032a5ce", + 42, + 4, + 0, + 7 + ], + "tcp.hdr_len_raw": [ + "50", + 46, + 1, + 0, + 4 + ], + "tcp.flags_raw": [ + "19", + 46, + 2, + 4095, + 5 + ], + "tcp.flags_tree": { + "tcp.flags.res_raw": [ + "0", + 46, + 1, + 3584, + 2 + ], + "tcp.flags.ae_raw": [ + "0", + 46, + 1, + 256, + 2 + ], + "tcp.flags.cwr_raw": [ + "0", + 47, + 1, + 128, + 2 + ], + "tcp.flags.ece_raw": [ + "0", + 47, + 1, + 64, + 2 + ], + "tcp.flags.urg_raw": [ + "0", + 47, + 1, + 32, + 2 + ], + "tcp.flags.ack_raw": [ + "1", + 47, + 1, + 16, + 2 + ], + "tcp.flags.push_raw": [ + "1", + 47, + 1, + 8, + 2 + ], + "tcp.flags.reset_raw": [ + "0", + 47, + 1, + 4, + 2 + ], + "tcp.flags.syn_raw": [ + "0", + 47, + 1, + 2, + 2 + ], + "tcp.flags.fin_raw": [ + "1", + 47, + 1, + 1, + 2 + ], + "tcp.flags.fin_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + }, + "tcp.flags.str_raw": [ + "5019", + 46, + 2, + 0, + 26 + ], + "tcp.flags.str_tree": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "tcp.connection.fin_active_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + } + } + }, + "tcp.window_size_value_raw": [ + "01e7", + 48, + 2, + 0, + 5 + ], + "tcp.window_size_raw": [ + "01e7", + 48, + 2, + 0, + 7 + ], + "tcp.window_size_scalefactor_raw": [ + "01e7", + 48, + 2, + 0, + 15 + ], + "tcp.checksum_raw": [ + "0a76", + 50, + 2, + 0, + 5 + ], + "tcp.checksum.status_raw": [ + "", + 50, + 0, + 0, + 4 + ], + "tcp.urgent_pointer_raw": [ + "0000", + 52, + 2, + 0, + 5 + ], + "Timestamps": { + "tcp.time_relative_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.time_delta_raw": [ + "", + 34, + 0, + 0, + 25 + ] + }, + "tcp.analysis_raw": [ + "", + 34, + 0, + 0, + 0 + ], + "tcp.analysis": { + "tcp.analysis.initial_rtt_raw": [ + "", + 34, + 0, + 0, + 25 + ], + "tcp.analysis.bytes_in_flight_raw": [ + "", + 34, + 0, + 0, + 7 + ], + "tcp.analysis.push_bytes_sent_raw": [ + "", + 34, + 0, + 0, + 7 + ] + }, + "tcp.payload_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343220474d540d0a0d0a7069636f4354467b336665306232373838663330643963623966373764336232373532663133633535346665376630653761323838336535376338613434623334663335363735637d", + 54, + 209, + 0, + 30 + ], + "tcp.segment_data_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343220474d540d0a0d0a7069636f4354467b336665306232373838663330643963623966373764336232373532663133633535346665376630653761323838336535376338613434623334663335363735637d", + 54, + 209, + 0, + 30 + ] + }, + "tcp.segments_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343220474d540d0a0d0a7069636f4354467b336665306232373838663330643963623966373764336232373532663133633535346665376630653761323838336535376338613434623334663335363735637d", + 0, + 226, + 0, + 0 + ], + "tcp.segments": { + "tcp.segment_raw": [ + "485454502f312e3020323030204f4b0d0a", + 0, + 17, + 0, + 35 + ], + "tcp.segment_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343220474d540d0a0d0a7069636f4354467b336665306232373838663330643963623966373764336232373532663133633535346665376630653761323838336535376338613434623334663335363735637d", + 17, + 209, + 0, + 35 + ], + "tcp.segment.count_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.length_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "tcp.reassembled.data_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343220474d540d0a0d0a7069636f4354467b336665306232373838663330643963623966373764336232373532663133633535346665376630653761323838336535376338613434623334663335363735637d", + 0, + 226, + 0, + 30 + ] + }, + "http_raw": [ + "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343220474d540d0a0d0a", + 0, + 153, + 0, + 1 + ], + "http": { + "HTTP/1.0 200 OK\\r\\n": { + "_ws.expert_raw": [ + 0, + 0, + 0, + 1 + ], + "_ws.expert": { + "http.chat_raw": [ + 0, + 0, + 0, + 0 + ], + "_ws.expert.message_raw": [ + 0, + 0, + 0, + 26 + ], + "_ws.expert.severity_raw": [ + 0, + 0, + 0, + 7 + ], + "_ws.expert.group_raw": [ + 0, + 0, + 0, + 7 + ] + }, + "http.response.version_raw": [ + "485454502f312e30", + 0, + 8, + 0, + 26 + ], + "http.response.code_raw": [ + "323030", + 9, + 3, + 0, + 6 + ], + "http.response.code.desc_raw": [ + "323030", + 9, + 3, + 0, + 26 + ], + "http.response.phrase_raw": [ + "4f4b", + 13, + 2, + 0, + 26 + ] + }, + "http.content_type_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.response.line_raw": [ + "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", + 17, + 40, + 0, + 26 + ], + "http.content_length_header_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.content_length_header_tree": { + "http.content_length_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 11 + ] + }, + "http.response.line_raw": [ + "436f6e74656e742d4c656e6774683a2037330d0a", + 57, + 20, + 0, + 26 + ], + "http.server_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", + 77, + 37, + 0, + 26 + ], + "http.date_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a343220474d540d0a", + 114, + 37, + 0, + 26 + ], + "http.response.line_raw": [ + "446174653a204d6f6e2c2031302041756720323032302030313a33393a343220474d540d0a", + 114, + 37, + 0, + 26 + ], + "\\r\\n": "", + "http.response_raw": [ + "", + 0, + 0, + 0, + 2 + ], + "http.response_number_raw": [ + "", + 0, + 0, + 0, + 7 + ], + "http.time_raw": [ + "", + 0, + 0, + 0, + 25 + ], + "http.request_in_raw": [ + "", + 0, + 0, + 0, + 35 + ], + "http.response_for.uri_raw": [ + "", + 0, + 0, + 0, + 26 + ], + "http.file_data_raw": [ + "7069636f4354467b336665306232373838663330643963623966373764336232373532663133633535346665376630653761323838336535376338613434623334663335363735637d", + 153, + 73, + 0, + 30 + ] + }, + "data-text-lines_raw": [ + "7069636f4354467b336665306232373838663330643963623966373764336232373532663133633535346665376630653761323838336535376338613434623334663335363735637d", + 153, + 73, + 0, + 1 + ], + "data-text-lines": { + "picoCTF{3fe0b2788f30d9cb9f77d3b2752f13c554fe7f0e7a2883e57c8a44b34f35675c}": "" + } + } + } + } +] diff --git a/wireshark_twoo_twooo_two_twoo/shark2.pcapng b/wireshark_twoo_twooo_two_twoo/shark2.pcapng new file mode 100755 index 0000000..1e167a4 Binary files /dev/null and b/wireshark_twoo_twooo_two_twoo/shark2.pcapng differ diff --git a/wireshark_twoo_twooo_two_twoo/sol.py b/wireshark_twoo_twooo_two_twoo/sol.py new file mode 100755 index 0000000..904293c --- /dev/null +++ b/wireshark_twoo_twooo_two_twoo/sol.py @@ -0,0 +1,14 @@ +#!/home/maxime/.pyvenv/bin/python3 +from json import loads +from pwn import * + +with open("out.json", 'r') as f: + text = f.read() + json = loads(text) + for frame in json: + pflag = list(frame["_source"]["layers"]["data-text-lines"].keys())[0].strip() + pflag_content = pflag[8:-1] + pflag_content = unhex(pflag_content) + if pflag_content.isascii(): + print(pflag_content) +