[ { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f9962040002406c4bc12d90139c0a826680050f895a37f71efbb0b06d5501901e7bd670000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a313920474d540d0a0d0a7069636f4354467b626665343865383530306334353464363437633535613434373139383565373736613037623236636261363435323637313366343337353835393961613938627d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f9962040002406c4bc12d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "9620", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "c4bc", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f895a37f71efbb0b06d5501901e7bd670000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f895", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f895", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "a37f71ef", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "a37f71ef", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "bb0b06d5", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "bb0b06d5", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "bd67", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a313920474d540d0a0d0a7069636f4354467b626665343865383530306334353464363437633535613434373139383565373736613037623236636261363435323637313366343337353835393961613938627d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a313920474d540d0a0d0a7069636f4354467b626665343865383530306334353464363437633535613434373139383565373736613037623236636261363435323637313366343337353835393961613938627d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a313920474d540d0a0d0a7069636f4354467b626665343865383530306334353464363437633535613434373139383565373736613037623236636261363435323637313366343337353835393961613938627d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a313920474d540d0a0d0a7069636f4354467b626665343865383530306334353464363437633535613434373139383565373736613037623236636261363435323637313366343337353835393961613938627d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a313920474d540d0a0d0a7069636f4354467b626665343865383530306334353464363437633535613434373139383565373736613037623236636261363435323637313366343337353835393961613938627d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a313920474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a313920474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a313920474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b626665343865383530306334353464363437633535613434373139383565373736613037623236636261363435323637313366343337353835393961613938627d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b626665343865383530306334353464363437633535613434373139383565373736613037623236636261363435323637313366343337353835393961613938627d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{bfe48e8500c454d647c55a4471985e776a07b26cba64526713f43758599aa98b}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f9456b40002406157212d90139c0a826680050f897e734dc6e38180450501901e7b6960000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323320474d540d0a0d0a7069636f4354467b626461363962646638663537306139616161623065343130386130666135663634636232366261376432323639626236336636386166356439386239383234357d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f9456b40002406157212d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "456b", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "1572", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f897e734dc6e38180450501901e7b6960000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f897", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f897", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "e734dc6e", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "e734dc6e", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "38180450", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "38180450", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "b696", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323320474d540d0a0d0a7069636f4354467b626461363962646638663537306139616161623065343130386130666135663634636232366261376432323639626236336636386166356439386239383234357d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323320474d540d0a0d0a7069636f4354467b626461363962646638663537306139616161623065343130386130666135663634636232366261376432323639626236336636386166356439386239383234357d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323320474d540d0a0d0a7069636f4354467b626461363962646638663537306139616161623065343130386130666135663634636232366261376432323639626236336636386166356439386239383234357d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323320474d540d0a0d0a7069636f4354467b626461363962646638663537306139616161623065343130386130666135663634636232366261376432323639626236336636386166356439386239383234357d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323320474d540d0a0d0a7069636f4354467b626461363962646638663537306139616161623065343130386130666135663634636232366261376432323639626236336636386166356439386239383234357d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323320474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a323320474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a323320474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b626461363962646638663537306139616161623065343130386130666135663634636232366261376432323639626236336636386166356439386239383234357d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b626461363962646638663537306139616161623065343130386130666135663634636232366261376432323639626236336636386166356439386239383234357d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{bda69bdf8f570a9aaab0e4108a0fa5f64cb26ba7d2269bb63f68af5d98b98245}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f9db97400024067f4512d90139c0a826680050f89a7783a8e6f9628b70501901e7d75d0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323420474d540d0a0d0a7069636f4354467b666538336263623663666434336433623739333932663661343233323638356636656434653761373839633263653535396366336331616236616462653334627d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f9db97400024067f4512d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "db97", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "7f45", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f89a7783a8e6f9628b70501901e7d75d0000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f89a", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f89a", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "7783a8e6", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "7783a8e6", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "f9628b70", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "f9628b70", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "d75d", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323420474d540d0a0d0a7069636f4354467b666538336263623663666434336433623739333932663661343233323638356636656434653761373839633263653535396366336331616236616462653334627d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323420474d540d0a0d0a7069636f4354467b666538336263623663666434336433623739333932663661343233323638356636656434653761373839633263653535396366336331616236616462653334627d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323420474d540d0a0d0a7069636f4354467b666538336263623663666434336433623739333932663661343233323638356636656434653761373839633263653535396366336331616236616462653334627d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323420474d540d0a0d0a7069636f4354467b666538336263623663666434336433623739333932663661343233323638356636656434653761373839633263653535396366336331616236616462653334627d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323420474d540d0a0d0a7069636f4354467b666538336263623663666434336433623739333932663661343233323638356636656434653761373839633263653535396366336331616236616462653334627d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323420474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a323420474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a323420474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b666538336263623663666434336433623739333932663661343233323638356636656434653761373839633263653535396366336331616236616462653334627d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b666538336263623663666434336433623739333932663661343233323638356636656434653761373839633263653535396366336331616236616462653334627d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{fe83bcb6cfd43d3b79392f6a4232685f6ed4e7a789c2ce559cf3c1ab6adbe34b}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f9757c40002406e56012d90139c0a826680050f89bf33f8e8da999bc6d501901e7f18b0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323420474d540d0a0d0a7069636f4354467b373131643338393364393066313030633135653130656634383432616265656433613833306638323337633132353763643437333839363436646139373831307d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f9757c40002406e56012d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "757c", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "e560", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f89bf33f8e8da999bc6d501901e7f18b0000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f89b", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f89b", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "f33f8e8d", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "f33f8e8d", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "a999bc6d", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "a999bc6d", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "f18b", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323420474d540d0a0d0a7069636f4354467b373131643338393364393066313030633135653130656634383432616265656433613833306638323337633132353763643437333839363436646139373831307d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323420474d540d0a0d0a7069636f4354467b373131643338393364393066313030633135653130656634383432616265656433613833306638323337633132353763643437333839363436646139373831307d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323420474d540d0a0d0a7069636f4354467b373131643338393364393066313030633135653130656634383432616265656433613833306638323337633132353763643437333839363436646139373831307d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323420474d540d0a0d0a7069636f4354467b373131643338393364393066313030633135653130656634383432616265656433613833306638323337633132353763643437333839363436646139373831307d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323420474d540d0a0d0a7069636f4354467b373131643338393364393066313030633135653130656634383432616265656433613833306638323337633132353763643437333839363436646139373831307d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323420474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a323420474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a323420474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b373131643338393364393066313030633135653130656634383432616265656433613833306638323337633132353763643437333839363436646139373831307d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b373131643338393364393066313030633135653130656634383432616265656433613833306638323337633132353763643437333839363436646139373831307d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{711d3893d90f100c15e10ef4842abeed3a830f8237c1257cd47389646da97810}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f9ff87400024065b5512d90139c0a826680050f89c080a9b7147b9a041501901e7daf30000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323520474d540d0a0d0a7069636f4354467b336366316532326434383966636662366262333132613334663436633836393939383965643034333430363133343333313435326431316365373363643539657d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f9ff87400024065b5512d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "ff87", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "5b55", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f89c080a9b7147b9a041501901e7daf30000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f89c", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f89c", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "080a9b71", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "080a9b71", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "47b9a041", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "47b9a041", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "daf3", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323520474d540d0a0d0a7069636f4354467b336366316532326434383966636662366262333132613334663436633836393939383965643034333430363133343333313435326431316365373363643539657d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323520474d540d0a0d0a7069636f4354467b336366316532326434383966636662366262333132613334663436633836393939383965643034333430363133343333313435326431316365373363643539657d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323520474d540d0a0d0a7069636f4354467b336366316532326434383966636662366262333132613334663436633836393939383965643034333430363133343333313435326431316365373363643539657d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323520474d540d0a0d0a7069636f4354467b336366316532326434383966636662366262333132613334663436633836393939383965643034333430363133343333313435326431316365373363643539657d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323520474d540d0a0d0a7069636f4354467b336366316532326434383966636662366262333132613334663436633836393939383965643034333430363133343333313435326431316365373363643539657d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323520474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a323520474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a323520474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b336366316532326434383966636662366262333132613334663436633836393939383965643034333430363133343333313435326431316365373363643539657d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b336366316532326434383966636662366262333132613334663436633836393939383965643034333430363133343333313435326431316365373363643539657d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{3cf1e22d489fcfb6bb312a34f46c8699989ed043406134331452d11ce73cd59e}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f9e8ba40002406722212d90139c0a826680050f89ef85f65e44ba247d7501901e738eb0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323520474d540d0a0d0a7069636f4354467b623463633133386262306637663964613765333530383565333439353535616136643030626463613362303231633166653836363363306134323263653064377d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f9e8ba40002406722212d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "e8ba", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "7222", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f89ef85f65e44ba247d7501901e738eb0000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f89e", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f89e", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "f85f65e4", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "f85f65e4", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "4ba247d7", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "4ba247d7", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "38eb", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323520474d540d0a0d0a7069636f4354467b623463633133386262306637663964613765333530383565333439353535616136643030626463613362303231633166653836363363306134323263653064377d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323520474d540d0a0d0a7069636f4354467b623463633133386262306637663964613765333530383565333439353535616136643030626463613362303231633166653836363363306134323263653064377d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323520474d540d0a0d0a7069636f4354467b623463633133386262306637663964613765333530383565333439353535616136643030626463613362303231633166653836363363306134323263653064377d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323520474d540d0a0d0a7069636f4354467b623463633133386262306637663964613765333530383565333439353535616136643030626463613362303231633166653836363363306134323263653064377d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323520474d540d0a0d0a7069636f4354467b623463633133386262306637663964613765333530383565333439353535616136643030626463613362303231633166653836363363306134323263653064377d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323520474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a323520474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a323520474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b623463633133386262306637663964613765333530383565333439353535616136643030626463613362303231633166653836363363306134323263653064377d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b623463633133386262306637663964613765333530383565333439353535616136643030626463613362303231633166653836363363306134323263653064377d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{b4cc138bb0f7f9da7e35085e349555aa6d00bdca3b021c1fe8663c0a422ce0d7}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f9f86040002406627c12d90139c0a826680050f89f8566b92c24fe8e45501901e75adb0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323620474d540d0a0d0a7069636f4354467b343162386131613739366264386432303230313666373562633562333838383965396561303630303765366232326663383536643338306662373537333133337d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f9f86040002406627c12d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "f860", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "627c", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f89f8566b92c24fe8e45501901e75adb0000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f89f", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f89f", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "8566b92c", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "8566b92c", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "24fe8e45", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "24fe8e45", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "5adb", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323620474d540d0a0d0a7069636f4354467b343162386131613739366264386432303230313666373562633562333838383965396561303630303765366232326663383536643338306662373537333133337d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323620474d540d0a0d0a7069636f4354467b343162386131613739366264386432303230313666373562633562333838383965396561303630303765366232326663383536643338306662373537333133337d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323620474d540d0a0d0a7069636f4354467b343162386131613739366264386432303230313666373562633562333838383965396561303630303765366232326663383536643338306662373537333133337d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323620474d540d0a0d0a7069636f4354467b343162386131613739366264386432303230313666373562633562333838383965396561303630303765366232326663383536643338306662373537333133337d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323620474d540d0a0d0a7069636f4354467b343162386131613739366264386432303230313666373562633562333838383965396561303630303765366232326663383536643338306662373537333133337d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323620474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a323620474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a323620474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b343162386131613739366264386432303230313666373562633562333838383965396561303630303765366232326663383536643338306662373537333133337d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b343162386131613739366264386432303230313666373562633562333838383965396561303630303765366232326663383536643338306662373537333133337d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{41b8a1a796bd8d202016f75bc5b38889e9ea06007e6b22fc856d380fb7573133}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f9242e4000240636af12d90139c0a826680050f8a06a1a7068426f8aaa501901e745180000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323620474d540d0a0d0a7069636f4354467b393831326263346265303465366639633830333135323331336462336461353362336466623739396264623035616163343666613064643030343564326663327d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f9242e4000240636af12d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "242e", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "36af", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8a06a1a7068426f8aaa501901e745180000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8a0", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8a0", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "6a1a7068", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "6a1a7068", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "426f8aaa", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "426f8aaa", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "4518", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323620474d540d0a0d0a7069636f4354467b393831326263346265303465366639633830333135323331336462336461353362336466623739396264623035616163343666613064643030343564326663327d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323620474d540d0a0d0a7069636f4354467b393831326263346265303465366639633830333135323331336462336461353362336466623739396264623035616163343666613064643030343564326663327d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323620474d540d0a0d0a7069636f4354467b393831326263346265303465366639633830333135323331336462336461353362336466623739396264623035616163343666613064643030343564326663327d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323620474d540d0a0d0a7069636f4354467b393831326263346265303465366639633830333135323331336462336461353362336466623739396264623035616163343666613064643030343564326663327d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323620474d540d0a0d0a7069636f4354467b393831326263346265303465366639633830333135323331336462336461353362336466623739396264623035616163343666613064643030343564326663327d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323620474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a323620474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a323620474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b393831326263346265303465366639633830333135323331336462336461353362336466623739396264623035616163343666613064643030343564326663327d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b393831326263346265303465366639633830333135323331336462336461353362336466623739396264623035616163343666613064643030343564326663327d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{9812bc4be04e6f9c803152313db3da53b3dfb799bdb05aac46fa0dd0045d2fc2}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f9468840002406145512d90139c0a826680050f8a11e22d9b0ae99a485501901e7a1cb0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a7069636f4354467b363463663365646533373336613334306664663239353462653531353163653533626563323931633565343863626363623434666161353239393436653234397d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f9468840002406145512d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "4688", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "1455", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8a11e22d9b0ae99a485501901e7a1cb0000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8a1", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8a1", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "1e22d9b0", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "1e22d9b0", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "ae99a485", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "ae99a485", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "a1cb", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a7069636f4354467b363463663365646533373336613334306664663239353462653531353163653533626563323931633565343863626363623434666161353239393436653234397d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a7069636f4354467b363463663365646533373336613334306664663239353462653531353163653533626563323931633565343863626363623434666161353239393436653234397d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a7069636f4354467b363463663365646533373336613334306664663239353462653531353163653533626563323931633565343863626363623434666161353239393436653234397d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a7069636f4354467b363463663365646533373336613334306664663239353462653531353163653533626563323931633565343863626363623434666161353239393436653234397d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a7069636f4354467b363463663365646533373336613334306664663239353462653531353163653533626563323931633565343863626363623434666161353239393436653234397d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b363463663365646533373336613334306664663239353462653531353163653533626563323931633565343863626363623434666161353239393436653234397d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b363463663365646533373336613334306664663239353462653531353163653533626563323931633565343863626363623434666161353239393436653234397d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{64cf3ede3736a340fdf2954be5151ce53bec291c5e48cbccb44faa529946e249}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f95a9f40002406003e12d90139c0a826680050f8a2d00ed2c2e005c4ba501901e7047b0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a7069636f4354467b633530643235396134653137326663623265646462616265656264323732343733653438383262373663396566636431326330336163303434323964383834617d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f95a9f40002406003e12d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "5a9f", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "003e", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8a2d00ed2c2e005c4ba501901e7047b0000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8a2", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8a2", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "d00ed2c2", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "d00ed2c2", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "e005c4ba", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "e005c4ba", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "047b", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a7069636f4354467b633530643235396134653137326663623265646462616265656264323732343733653438383262373663396566636431326330336163303434323964383834617d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a7069636f4354467b633530643235396134653137326663623265646462616265656264323732343733653438383262373663396566636431326330336163303434323964383834617d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a7069636f4354467b633530643235396134653137326663623265646462616265656264323732343733653438383262373663396566636431326330336163303434323964383834617d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a7069636f4354467b633530643235396134653137326663623265646462616265656264323732343733653438383262373663396566636431326330336163303434323964383834617d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a7069636f4354467b633530643235396134653137326663623265646462616265656264323732343733653438383262373663396566636431326330336163303434323964383834617d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b633530643235396134653137326663623265646462616265656264323732343733653438383262373663396566636431326330336163303434323964383834617d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b633530643235396134653137326663623265646462616265656264323732343733653438383262373663396566636431326330336163303434323964383834617d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{c50d259a4e172fcb2eddbabeebd272473e4882b76c9efcd12c03ac04429d884a}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f9c78d40002406934f12d90139c0a826680050f8a31b7ae1debdf1e7ea501901e7da3a0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a7069636f4354467b306130323462376433393630333735366665616661326262616131363033623134613939656165356463643539663164393537663531316438323263386330367d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f9c78d40002406934f12d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "c78d", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "934f", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8a31b7ae1debdf1e7ea501901e7da3a0000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8a3", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8a3", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "1b7ae1de", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "1b7ae1de", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "bdf1e7ea", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "bdf1e7ea", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "da3a", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a7069636f4354467b306130323462376433393630333735366665616661326262616131363033623134613939656165356463643539663164393537663531316438323263386330367d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a7069636f4354467b306130323462376433393630333735366665616661326262616131363033623134613939656165356463643539663164393537663531316438323263386330367d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a7069636f4354467b306130323462376433393630333735366665616661326262616131363033623134613939656165356463643539663164393537663531316438323263386330367d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a7069636f4354467b306130323462376433393630333735366665616661326262616131363033623134613939656165356463643539663164393537663531316438323263386330367d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a7069636f4354467b306130323462376433393630333735366665616661326262616131363033623134613939656165356463643539663164393537663531316438323263386330367d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b306130323462376433393630333735366665616661326262616131363033623134613939656165356463643539663164393537663531316438323263386330367d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b306130323462376433393630333735366665616661326262616131363033623134613939656165356463643539663164393537663531316438323263386330367d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{0a024b7d39603756feafa2bbaa1603b14a99eae5dcd59f1d957f511d822c8c06}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f9d9304000240681ac12d90139c0a826680050f8a409a7286bde924d8e501901e72a380000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a7069636f4354467b393732313165656339323238626232343764373632353237626163653862336534656332313130633838333461663132616566643363353532636463323162327d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f9d9304000240681ac12d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "d930", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "81ac", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8a409a7286bde924d8e501901e72a380000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8a4", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8a4", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "09a7286b", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "09a7286b", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "de924d8e", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "de924d8e", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "2a38", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a7069636f4354467b393732313165656339323238626232343764373632353237626163653862336534656332313130633838333461663132616566643363353532636463323162327d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a7069636f4354467b393732313165656339323238626232343764373632353237626163653862336534656332313130633838333461663132616566643363353532636463323162327d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a7069636f4354467b393732313165656339323238626232343764373632353237626163653862336534656332313130633838333461663132616566643363353532636463323162327d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a7069636f4354467b393732313165656339323238626232343764373632353237626163653862336534656332313130633838333461663132616566643363353532636463323162327d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a7069636f4354467b393732313165656339323238626232343764373632353237626163653862336534656332313130633838333461663132616566643363353532636463323162327d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b393732313165656339323238626232343764373632353237626163653862336534656332313130633838333461663132616566643363353532636463323162327d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b393732313165656339323238626232343764373632353237626163653862336534656332313130633838333461663132616566643363353532636463323162327d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{97211eec9228bb247d762527bace8b3e4ec2110c8834af12aefd3c552cdc21b2}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f960c040002406fa1c12d90139c0a826680050f8a54d1606b9b78d302c501901e79b370000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a7069636f4354467b323936373939313063343764386166633733376131633231643762663735386364336438313030316264626565633863366638316136616438386664633237397d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f960c040002406fa1c12d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "60c0", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "fa1c", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8a54d1606b9b78d302c501901e79b370000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8a5", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8a5", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "4d1606b9", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "4d1606b9", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "b78d302c", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "b78d302c", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "9b37", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a7069636f4354467b323936373939313063343764386166633733376131633231643762663735386364336438313030316264626565633863366638316136616438386664633237397d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a7069636f4354467b323936373939313063343764386166633733376131633231643762663735386364336438313030316264626565633863366638316136616438386664633237397d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a7069636f4354467b323936373939313063343764386166633733376131633231643762663735386364336438313030316264626565633863366638316136616438386664633237397d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a7069636f4354467b323936373939313063343764386166633733376131633231643762663735386364336438313030316264626565633863366638316136616438386664633237397d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a7069636f4354467b323936373939313063343764386166633733376131633231643762663735386364336438313030316264626565633863366638316136616438386664633237397d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b323936373939313063343764386166633733376131633231643762663735386364336438313030316264626565633863366638316136616438386664633237397d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b323936373939313063343764386166633733376131633231643762663735386364336438313030316264626565633863366638316136616438386664633237397d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{29679910c47d8afc737a1c21d7bf758cd3d81001bdbeec8c6f81a6ad88fdc279}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f91f29400024063bb412d90139c0a826680050f8a61e0f5605499e2189501901e7e8d80000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a7069636f4354467b393936393739653935343062653066653933323065383065623633333630343766383134306138303833303730303930376239393734313331306163663038667d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f91f29400024063bb412d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "1f29", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "3bb4", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8a61e0f5605499e2189501901e7e8d80000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8a6", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8a6", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "1e0f5605", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "1e0f5605", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "499e2189", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "499e2189", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "e8d8", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a7069636f4354467b393936393739653935343062653066653933323065383065623633333630343766383134306138303833303730303930376239393734313331306163663038667d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a7069636f4354467b393936393739653935343062653066653933323065383065623633333630343766383134306138303833303730303930376239393734313331306163663038667d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a7069636f4354467b393936393739653935343062653066653933323065383065623633333630343766383134306138303833303730303930376239393734313331306163663038667d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a7069636f4354467b393936393739653935343062653066653933323065383065623633333630343766383134306138303833303730303930376239393734313331306163663038667d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a7069636f4354467b393936393739653935343062653066653933323065383065623633333630343766383134306138303833303730303930376239393734313331306163663038667d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b393936393739653935343062653066653933323065383065623633333630343766383134306138303833303730303930376239393734313331306163663038667d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b393936393739653935343062653066653933323065383065623633333630343766383134306138303833303730303930376239393734313331306163663038667d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{996979e9540be0fe9320e80eb6336047f8140a80830700907b99741310acf08f}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f90e9a400024064c4312d90139c0a826680050f8a77d8a8d0820d36a62501901e792be0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a7069636f4354467b386232373261313863313030356339356134323064346130646634323663623834343164323965623936323130343933613936666132356163356536353761617d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f90e9a400024064c4312d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "0e9a", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "4c43", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8a77d8a8d0820d36a62501901e792be0000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8a7", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8a7", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "7d8a8d08", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "7d8a8d08", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "20d36a62", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "20d36a62", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "92be", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a7069636f4354467b386232373261313863313030356339356134323064346130646634323663623834343164323965623936323130343933613936666132356163356536353761617d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a7069636f4354467b386232373261313863313030356339356134323064346130646634323663623834343164323965623936323130343933613936666132356163356536353761617d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a7069636f4354467b386232373261313863313030356339356134323064346130646634323663623834343164323965623936323130343933613936666132356163356536353761617d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a7069636f4354467b386232373261313863313030356339356134323064346130646634323663623834343164323965623936323130343933613936666132356163356536353761617d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a7069636f4354467b386232373261313863313030356339356134323064346130646634323663623834343164323965623936323130343933613936666132356163356536353761617d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b386232373261313863313030356339356134323064346130646634323663623834343164323965623936323130343933613936666132356163356536353761617d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b386232373261313863313030356339356134323064346130646634323663623834343164323965623936323130343933613936666132356163356536353761617d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{8b272a18c1005c95a420d4a0df426cb8441d29eb96210493a96fa25ac5e657aa}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f9014e40002406598f12d90139c0a826680050f8a847aa414d362fb054501901e7234b0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a7069636f4354467b653164306137353264633731313231323030663462636231623863633265303365383434383864663232396238323139366166626530303435656630323563347d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f9014e40002406598f12d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "014e", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "598f", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8a847aa414d362fb054501901e7234b0000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8a8", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8a8", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "47aa414d", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "47aa414d", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "362fb054", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "362fb054", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "234b", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a7069636f4354467b653164306137353264633731313231323030663462636231623863633265303365383434383864663232396238323139366166626530303435656630323563347d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a7069636f4354467b653164306137353264633731313231323030663462636231623863633265303365383434383864663232396238323139366166626530303435656630323563347d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a7069636f4354467b653164306137353264633731313231323030663462636231623863633265303365383434383864663232396238323139366166626530303435656630323563347d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a7069636f4354467b653164306137353264633731313231323030663462636231623863633265303365383434383864663232396238323139366166626530303435656630323563347d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a7069636f4354467b653164306137353264633731313231323030663462636231623863633265303365383434383864663232396238323139366166626530303435656630323563347d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b653164306137353264633731313231323030663462636231623863633265303365383434383864663232396238323139366166626530303435656630323563347d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b653164306137353264633731313231323030663462636231623863633265303365383434383864663232396238323139366166626530303435656630323563347d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{e1d0a752dc71121200f4bcb1b8cc2e03e84488df229b82196afbe0045ef025c4}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f945154000240615c812d90139c0a826680050f8abf85380c4dbb33ea3501901e78e040000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a7069636f4354467b306261353131383434613261623338666530373039626364623262386264666562333761306234363664633930326539323036326462346332623366343535637d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f945154000240615c812d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "4515", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "15c8", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8abf85380c4dbb33ea3501901e78e040000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8ab", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8ab", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "f85380c4", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "f85380c4", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "dbb33ea3", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "dbb33ea3", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "8e04", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a7069636f4354467b306261353131383434613261623338666530373039626364623262386264666562333761306234363664633930326539323036326462346332623366343535637d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a7069636f4354467b306261353131383434613261623338666530373039626364623262386264666562333761306234363664633930326539323036326462346332623366343535637d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a7069636f4354467b306261353131383434613261623338666530373039626364623262386264666562333761306234363664633930326539323036326462346332623366343535637d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a7069636f4354467b306261353131383434613261623338666530373039626364623262386264666562333761306234363664633930326539323036326462346332623366343535637d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a7069636f4354467b306261353131383434613261623338666530373039626364623262386264666562333761306234363664633930326539323036326462346332623366343535637d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b306261353131383434613261623338666530373039626364623262386264666562333761306234363664633930326539323036326462346332623366343535637d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b306261353131383434613261623338666530373039626364623262386264666562333761306234363664633930326539323036326462346332623366343535637d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{0ba511844a2ab38fe0709bcdb2b8bdfeb37a0b466dc902e92062db4c2b3f455c}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f906054000240654d812d90139c0a826680050f8acc49b650065d62775501901e7febc0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b646164646134386538353534323165313435393766666337323739343362353765666438633961313564313062666434393166303339303635393136326662317d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f906054000240654d812d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "0605", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "54d8", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8acc49b650065d62775501901e7febc0000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8ac", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8ac", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "c49b6500", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "c49b6500", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "65d62775", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "65d62775", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "febc", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b646164646134386538353534323165313435393766666337323739343362353765666438633961313564313062666434393166303339303635393136326662317d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b646164646134386538353534323165313435393766666337323739343362353765666438633961313564313062666434393166303339303635393136326662317d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b646164646134386538353534323165313435393766666337323739343362353765666438633961313564313062666434393166303339303635393136326662317d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b646164646134386538353534323165313435393766666337323739343362353765666438633961313564313062666434393166303339303635393136326662317d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b646164646134386538353534323165313435393766666337323739343362353765666438633961313564313062666434393166303339303635393136326662317d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b646164646134386538353534323165313435393766666337323739343362353765666438633961313564313062666434393166303339303635393136326662317d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b646164646134386538353534323165313435393766666337323739343362353765666438633961313564313062666434393166303339303635393136326662317d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{dadda48e855421e14597ffc727943b57efd8c9a15d10bfd491f0390659162fb1}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f949ba40002406112312d90139c0a826680050f8adefd104e8f251bead501901e78f3a0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b663464643837373935333935633734663330383366386361613465633232643135333132383135353461363030336431633437633566303337303938346162367d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f949ba40002406112312d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "49ba", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "1123", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8adefd104e8f251bead501901e78f3a0000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8ad", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8ad", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "efd104e8", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "efd104e8", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "f251bead", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "f251bead", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "8f3a", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b663464643837373935333935633734663330383366386361613465633232643135333132383135353461363030336431633437633566303337303938346162367d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b663464643837373935333935633734663330383366386361613465633232643135333132383135353461363030336431633437633566303337303938346162367d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b663464643837373935333935633734663330383366386361613465633232643135333132383135353461363030336431633437633566303337303938346162367d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b663464643837373935333935633734663330383366386361613465633232643135333132383135353461363030336431633437633566303337303938346162367d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b663464643837373935333935633734663330383366386361613465633232643135333132383135353461363030336431633437633566303337303938346162367d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b663464643837373935333935633734663330383366386361613465633232643135333132383135353461363030336431633437633566303337303938346162367d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b663464643837373935333935633734663330383366386361613465633232643135333132383135353461363030336431633437633566303337303938346162367d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{f4dd87795395c74f3083f8caa4ec22d1531281554a6003d1c47c5f0370984ab6}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f9386140002406227c12d90139c0a826680050f8ae01f32e0e1aae3767501901e719a10000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b306633306135383436383064623965373063376531633663613935346332663032336237376633666432623035626439616565653665303064633464613564377d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f9386140002406227c12d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "3861", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "227c", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8ae01f32e0e1aae3767501901e719a10000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8ae", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8ae", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "01f32e0e", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "01f32e0e", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "1aae3767", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "1aae3767", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "19a1", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b306633306135383436383064623965373063376531633663613935346332663032336237376633666432623035626439616565653665303064633464613564377d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b306633306135383436383064623965373063376531633663613935346332663032336237376633666432623035626439616565653665303064633464613564377d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b306633306135383436383064623965373063376531633663613935346332663032336237376633666432623035626439616565653665303064633464613564377d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b306633306135383436383064623965373063376531633663613935346332663032336237376633666432623035626439616565653665303064633464613564377d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b306633306135383436383064623965373063376531633663613935346332663032336237376633666432623035626439616565653665303064633464613564377d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b306633306135383436383064623965373063376531633663613935346332663032336237376633666432623035626439616565653665303064633464613564377d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b306633306135383436383064623965373063376531633663613935346332663032336237376633666432623035626439616565653665303064633464613564377d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{0f30a584680db9e70c7e1c6ca954c2f023b77f3fd2b05bd9aeee6e00dc4da5d7}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f93b0e400024061fcf12d90139c0a826680050f8af0175abaf07896c61501901e7d41a0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b373135653464306431363765383632616638383235663632643366346666386165663230343433343435613036623163363835373233393061323832356432397d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f93b0e400024061fcf12d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "3b0e", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "1fcf", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8af0175abaf07896c61501901e7d41a0000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8af", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8af", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "0175abaf", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "0175abaf", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "07896c61", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "07896c61", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "d41a", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b373135653464306431363765383632616638383235663632643366346666386165663230343433343435613036623163363835373233393061323832356432397d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b373135653464306431363765383632616638383235663632643366346666386165663230343433343435613036623163363835373233393061323832356432397d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b373135653464306431363765383632616638383235663632643366346666386165663230343433343435613036623163363835373233393061323832356432397d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b373135653464306431363765383632616638383235663632643366346666386165663230343433343435613036623163363835373233393061323832356432397d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b373135653464306431363765383632616638383235663632643366346666386165663230343433343435613036623163363835373233393061323832356432397d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b373135653464306431363765383632616638383235663632643366346666386165663230343433343435613036623163363835373233393061323832356432397d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b373135653464306431363765383632616638383235663632643366346666386165663230343433343435613036623163363835373233393061323832356432397d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{715e4d0d167e862af8825f62d3f4ff8aef20443445a06b1c68572390a2825d29}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f9ff9d400024065b3f12d90139c0a826680050f8b0b5bd71a399beca6e501901e7aabc0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b373635346565303366333135373665386564343437393966633466613565653035336433353035303030303530326538373864316662383032323631383932337d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f9ff9d400024065b3f12d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "ff9d", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "5b3f", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8b0b5bd71a399beca6e501901e7aabc0000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8b0", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8b0", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "b5bd71a3", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "b5bd71a3", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "99beca6e", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "99beca6e", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "aabc", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b373635346565303366333135373665386564343437393966633466613565653035336433353035303030303530326538373864316662383032323631383932337d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b373635346565303366333135373665386564343437393966633466613565653035336433353035303030303530326538373864316662383032323631383932337d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b373635346565303366333135373665386564343437393966633466613565653035336433353035303030303530326538373864316662383032323631383932337d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b373635346565303366333135373665386564343437393966633466613565653035336433353035303030303530326538373864316662383032323631383932337d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b373635346565303366333135373665386564343437393966633466613565653035336433353035303030303530326538373864316662383032323631383932337d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b373635346565303366333135373665386564343437393966633466613565653035336433353035303030303530326538373864316662383032323631383932337d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b373635346565303366333135373665386564343437393966633466613565653035336433353035303030303530326538373864316662383032323631383932337d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{7654ee03f31576e8ed44799fc4fa5ee053d35050000502e878d1fb8022618923}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f987f340002406d2e912d90139c0a826680050f8b196f700460abaa661501901e7b8710000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b303638363036623566616361303439316439376132623436666463613766366638316163626439303963653639313037376665373765303361336330393339617d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f987f340002406d2e912d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "87f3", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "d2e9", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8b196f700460abaa661501901e7b8710000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8b1", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8b1", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "96f70046", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "96f70046", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "0abaa661", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "0abaa661", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "b871", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b303638363036623566616361303439316439376132623436666463613766366638316163626439303963653639313037376665373765303361336330393339617d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b303638363036623566616361303439316439376132623436666463613766366638316163626439303963653639313037376665373765303361336330393339617d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b303638363036623566616361303439316439376132623436666463613766366638316163626439303963653639313037376665373765303361336330393339617d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b303638363036623566616361303439316439376132623436666463613766366638316163626439303963653639313037376665373765303361336330393339617d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b303638363036623566616361303439316439376132623436666463613766366638316163626439303963653639313037376665373765303361336330393339617d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b303638363036623566616361303439316439376132623436666463613766366638316163626439303963653639313037376665373765303361336330393339617d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b303638363036623566616361303439316439376132623436666463613766366638316163626439303963653639313037376665373765303361336330393339617d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{068606b5faca0491d97a2b46fdca7f6f81acbd909ce691077fe77e03a3c0939a}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f9479c40002406134112d90139c0a826680050f8b2a8db9e66694a14cd501901e7a4870000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b363461623638316666656433336334396235653861653035373665323238353765396131306165333063646265653431356662353134623834616135386165617d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f9479c40002406134112d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "479c", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "1341", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8b2a8db9e66694a14cd501901e7a4870000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8b2", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8b2", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "a8db9e66", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "a8db9e66", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "694a14cd", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "694a14cd", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "a487", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b363461623638316666656433336334396235653861653035373665323238353765396131306165333063646265653431356662353134623834616135386165617d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b363461623638316666656433336334396235653861653035373665323238353765396131306165333063646265653431356662353134623834616135386165617d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b363461623638316666656433336334396235653861653035373665323238353765396131306165333063646265653431356662353134623834616135386165617d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b363461623638316666656433336334396235653861653035373665323238353765396131306165333063646265653431356662353134623834616135386165617d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b363461623638316666656433336334396235653861653035373665323238353765396131306165333063646265653431356662353134623834616135386165617d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b363461623638316666656433336334396235653861653035373665323238353765396131306165333063646265653431356662353134623834616135386165617d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b363461623638316666656433336334396235653861653035373665323238353765396131306165333063646265653431356662353134623834616135386165617d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{64ab681ffed33c49b5e8ae0576e22857e9a10ae30cdbee415fb514b84aa58aea}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f98a6c40002406d07012d90139c0a826680050f8b330e86c086a839eb4501901e71aeb0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b386165333939356537323666386632633337323465326530353232663033386162613636343966616364333738643839363563363438323333643739613235327d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f98a6c40002406d07012d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "8a6c", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "d070", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8b330e86c086a839eb4501901e71aeb0000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8b3", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8b3", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "30e86c08", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "30e86c08", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "6a839eb4", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "6a839eb4", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "1aeb", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b386165333939356537323666386632633337323465326530353232663033386162613636343966616364333738643839363563363438323333643739613235327d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b386165333939356537323666386632633337323465326530353232663033386162613636343966616364333738643839363563363438323333643739613235327d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b386165333939356537323666386632633337323465326530353232663033386162613636343966616364333738643839363563363438323333643739613235327d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b386165333939356537323666386632633337323465326530353232663033386162613636343966616364333738643839363563363438323333643739613235327d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b386165333939356537323666386632633337323465326530353232663033386162613636343966616364333738643839363563363438323333643739613235327d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b386165333939356537323666386632633337323465326530353232663033386162613636343966616364333738643839363563363438323333643739613235327d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b386165333939356537323666386632633337323465326530353232663033386162613636343966616364333738643839363563363438323333643739613235327d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{8ae3995e726f8f2c3724e2e0522f038aba6649facd378d8965c648233d79a252}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f9bf2e400024069bae12d90139c0a826680050f8b4abf69686fe12f14d501901e736650000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b316331323564323637623538313163643235636361326435313765303232323730616136306633633834363166343039376336383562636361363337613661397d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f9bf2e400024069bae12d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "bf2e", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "9bae", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8b4abf69686fe12f14d501901e736650000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8b4", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8b4", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "abf69686", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "abf69686", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "fe12f14d", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "fe12f14d", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "3665", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b316331323564323637623538313163643235636361326435313765303232323730616136306633633834363166343039376336383562636361363337613661397d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b316331323564323637623538313163643235636361326435313765303232323730616136306633633834363166343039376336383562636361363337613661397d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b316331323564323637623538313163643235636361326435313765303232323730616136306633633834363166343039376336383562636361363337613661397d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b316331323564323637623538313163643235636361326435313765303232323730616136306633633834363166343039376336383562636361363337613661397d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b316331323564323637623538313163643235636361326435313765303232323730616136306633633834363166343039376336383562636361363337613661397d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b316331323564323637623538313163643235636361326435313765303232323730616136306633633834363166343039376336383562636361363337613661397d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b316331323564323637623538313163643235636361326435313765303232323730616136306633633834363166343039376336383562636361363337613661397d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{1c125d267b5811cd25cca2d517e022270aa60f3c8461f4097c685bcca637a6a9}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f94ec1400024060c1c12d90139c0a826680050f8b52792703c9e84518b501901e74a900000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b383234633239386431346531666533363964663939316166373261623037323564326537633764303562393635353438363837336363633436376634626436627d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f94ec1400024060c1c12d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "4ec1", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "0c1c", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8b52792703c9e84518b501901e74a900000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8b5", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8b5", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "2792703c", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "2792703c", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "9e84518b", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "9e84518b", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "4a90", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b383234633239386431346531666533363964663939316166373261623037323564326537633764303562393635353438363837336363633436376634626436627d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b383234633239386431346531666533363964663939316166373261623037323564326537633764303562393635353438363837336363633436376634626436627d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b383234633239386431346531666533363964663939316166373261623037323564326537633764303562393635353438363837336363633436376634626436627d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b383234633239386431346531666533363964663939316166373261623037323564326537633764303562393635353438363837336363633436376634626436627d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b383234633239386431346531666533363964663939316166373261623037323564326537633764303562393635353438363837336363633436376634626436627d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b383234633239386431346531666533363964663939316166373261623037323564326537633764303562393635353438363837336363633436376634626436627d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b383234633239386431346531666533363964663939316166373261623037323564326537633764303562393635353438363837336363633436376634626436627d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{824c298d14e1fe369df991af72ab0725d2e7c7d05b9655486873ccc467f4bd6b}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f9f8004000240662dc12d90139c0a826680050f8b6cd7e87a85d45b5e2501901e7dfb30000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b653164386464316237336435666437373034613136633932346464656536396463366266396265656631346363336131303134323730346238316630666130377d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f9f8004000240662dc12d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "f800", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "62dc", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8b6cd7e87a85d45b5e2501901e7dfb30000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8b6", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8b6", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "cd7e87a8", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "cd7e87a8", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "5d45b5e2", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "5d45b5e2", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "dfb3", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b653164386464316237336435666437373034613136633932346464656536396463366266396265656631346363336131303134323730346238316630666130377d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b653164386464316237336435666437373034613136633932346464656536396463366266396265656631346363336131303134323730346238316630666130377d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b653164386464316237336435666437373034613136633932346464656536396463366266396265656631346363336131303134323730346238316630666130377d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b653164386464316237336435666437373034613136633932346464656536396463366266396265656631346363336131303134323730346238316630666130377d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b653164386464316237336435666437373034613136633932346464656536396463366266396265656631346363336131303134323730346238316630666130377d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b653164386464316237336435666437373034613136633932346464656536396463366266396265656631346363336131303134323730346238316630666130377d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b653164386464316237336435666437373034613136633932346464656536396463366266396265656631346363336131303134323730346238316630666130377d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{e1d8dd1b73d5fd7704a16c924ddee69dc6bf9beef14cc3a10142704b81f0fa07}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f9ac9a40002406ae4212d90139c0a826680050f8b79a99b1fa0327f1a4501901e72f320000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b383264323630666530363730643535313334376231363463353431383364393936633532656265656262316363666363326332656262393132363864633934347d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f9ac9a40002406ae4212d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "ac9a", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "ae42", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8b79a99b1fa0327f1a4501901e72f320000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8b7", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8b7", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "9a99b1fa", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "9a99b1fa", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "0327f1a4", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "0327f1a4", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "2f32", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b383264323630666530363730643535313334376231363463353431383364393936633532656265656262316363666363326332656262393132363864633934347d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b383264323630666530363730643535313334376231363463353431383364393936633532656265656262316363666363326332656262393132363864633934347d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b383264323630666530363730643535313334376231363463353431383364393936633532656265656262316363666363326332656262393132363864633934347d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b383264323630666530363730643535313334376231363463353431383364393936633532656265656262316363666363326332656262393132363864633934347d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b383264323630666530363730643535313334376231363463353431383364393936633532656265656262316363666363326332656262393132363864633934347d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b383264323630666530363730643535313334376231363463353431383364393936633532656265656262316363666363326332656262393132363864633934347d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b383264323630666530363730643535313334376231363463353431383364393936633532656265656262316363666363326332656262393132363864633934347d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{82d260fe0670d551347b164c54183d996c52ebeebb1ccfcc2c2ebb91268dc944}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f957cf40002406030e12d90139c0a826680050f8b86f7af93efa7b23e3501901e707290000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b373438373666633631656263396339303266383938333937396364346332313230366336396132336630646363303831376531353064643735653434363833387d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f957cf40002406030e12d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "57cf", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "030e", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8b86f7af93efa7b23e3501901e707290000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8b8", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8b8", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "6f7af93e", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "6f7af93e", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "fa7b23e3", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "fa7b23e3", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "0729", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b373438373666633631656263396339303266383938333937396364346332313230366336396132336630646363303831376531353064643735653434363833387d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b373438373666633631656263396339303266383938333937396364346332313230366336396132336630646363303831376531353064643735653434363833387d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b373438373666633631656263396339303266383938333937396364346332313230366336396132336630646363303831376531353064643735653434363833387d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b373438373666633631656263396339303266383938333937396364346332313230366336396132336630646363303831376531353064643735653434363833387d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b373438373666633631656263396339303266383938333937396364346332313230366336396132336630646363303831376531353064643735653434363833387d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b373438373666633631656263396339303266383938333937396364346332313230366336396132336630646363303831376531353064643735653434363833387d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b373438373666633631656263396339303266383938333937396364346332313230366336396132336630646363303831376531353064643735653434363833387d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{74876fc61ebc9c902f8983979cd4c21206c69a23f0dcc0817e150dd75e446838}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f9512c4000240609b112d90139c0a826680050f8b9700b2adfd2733892501901e7fefc0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b343963353264316633303937336639303731366262636265333633336531316366373062396133316564373835383731636362383034373333303261353964627d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f9512c4000240609b112d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "512c", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "09b1", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8b9700b2adfd2733892501901e7fefc0000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8b9", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8b9", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "700b2adf", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "700b2adf", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "d2733892", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "d2733892", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "fefc", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b343963353264316633303937336639303731366262636265333633336531316366373062396133316564373835383731636362383034373333303261353964627d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b343963353264316633303937336639303731366262636265333633336531316366373062396133316564373835383731636362383034373333303261353964627d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b343963353264316633303937336639303731366262636265333633336531316366373062396133316564373835383731636362383034373333303261353964627d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b343963353264316633303937336639303731366262636265333633336531316366373062396133316564373835383731636362383034373333303261353964627d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b343963353264316633303937336639303731366262636265333633336531316366373062396133316564373835383731636362383034373333303261353964627d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b343963353264316633303937336639303731366262636265333633336531316366373062396133316564373835383731636362383034373333303261353964627d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b343963353264316633303937336639303731366262636265333633336531316366373062396133316564373835383731636362383034373333303261353964627d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{49c52d1f30973f90716bbcbe3633e11cf70b9a31ed785871ccb80473302a59db}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f937a540002406233812d90139c0a826680050f8bae5781a5000d464ef501901e7afcc0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b383964393364626239366133383537616338376261306365613363313061396534633762333464373962326564623436336365663033306433343239376264307d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f937a540002406233812d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "37a5", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "2338", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8bae5781a5000d464ef501901e7afcc0000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8ba", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8ba", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "e5781a50", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "e5781a50", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "00d464ef", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "00d464ef", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "afcc", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b383964393364626239366133383537616338376261306365613363313061396534633762333464373962326564623436336365663033306433343239376264307d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b383964393364626239366133383537616338376261306365613363313061396534633762333464373962326564623436336365663033306433343239376264307d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b383964393364626239366133383537616338376261306365613363313061396534633762333464373962326564623436336365663033306433343239376264307d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b383964393364626239366133383537616338376261306365613363313061396534633762333464373962326564623436336365663033306433343239376264307d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b383964393364626239366133383537616338376261306365613363313061396534633762333464373962326564623436336365663033306433343239376264307d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b383964393364626239366133383537616338376261306365613363313061396534633762333464373962326564623436336365663033306433343239376264307d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b383964393364626239366133383537616338376261306365613363313061396534633762333464373962326564623436336365663033306433343239376264307d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{89d93dbb96a3857ac87ba0cea3c10a9e4c7b34d79b2edb463cef030d34297bd0}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f955174000240605c612d90139c0a826680050f8bb04c368b6ee43c62c501901e72cc20000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b356365616364636535346331336133666464666366623232356130303234373330346662623135663239663963393034333433383366323737353637393932647d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f955174000240605c612d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "5517", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "05c6", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8bb04c368b6ee43c62c501901e72cc20000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8bb", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8bb", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "04c368b6", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "04c368b6", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "ee43c62c", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "ee43c62c", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "2cc2", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b356365616364636535346331336133666464666366623232356130303234373330346662623135663239663963393034333433383366323737353637393932647d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b356365616364636535346331336133666464666366623232356130303234373330346662623135663239663963393034333433383366323737353637393932647d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b356365616364636535346331336133666464666366623232356130303234373330346662623135663239663963393034333433383366323737353637393932647d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b356365616364636535346331336133666464666366623232356130303234373330346662623135663239663963393034333433383366323737353637393932647d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b356365616364636535346331336133666464666366623232356130303234373330346662623135663239663963393034333433383366323737353637393932647d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b356365616364636535346331336133666464666366623232356130303234373330346662623135663239663963393034333433383366323737353637393932647d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b356365616364636535346331336133666464666366623232356130303234373330346662623135663239663963393034333433383366323737353637393932647d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{5ceacdce54c13a3fddfcfb225a00247304fbb15f29f9c90434383f277567992d}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f92cc8400024062e1512d90139c0a826680050f8bc798e28b7aa17e0b1501901e71ca20000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b633232613430613433656437303334626439333538303566353936303361343664336131663264366238653331323831656230373231353937623663366436327d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f92cc8400024062e1512d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "2cc8", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "2e15", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8bc798e28b7aa17e0b1501901e71ca20000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8bc", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8bc", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "798e28b7", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "798e28b7", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "aa17e0b1", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "aa17e0b1", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "1ca2", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b633232613430613433656437303334626439333538303566353936303361343664336131663264366238653331323831656230373231353937623663366436327d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b633232613430613433656437303334626439333538303566353936303361343664336131663264366238653331323831656230373231353937623663366436327d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b633232613430613433656437303334626439333538303566353936303361343664336131663264366238653331323831656230373231353937623663366436327d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b633232613430613433656437303334626439333538303566353936303361343664336131663264366238653331323831656230373231353937623663366436327d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b633232613430613433656437303334626439333538303566353936303361343664336131663264366238653331323831656230373231353937623663366436327d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b633232613430613433656437303334626439333538303566353936303361343664336131663264366238653331323831656230373231353937623663366436327d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b633232613430613433656437303334626439333538303566353936303361343664336131663264366238653331323831656230373231353937623663366436327d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{c22a40a43ed7034bd935805f59603a46d3a1f2d6b8e31281eb0721597b6c6d62}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f9c9244000240691b812d90139c0a826680050f8bdb986ccb13052a39f501901e735530000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b363037316263613564613036643466393735613532333537636461306364366630363134373837633163373062316237653161663263376662323732643238317d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f9c9244000240691b812d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "c924", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "91b8", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8bdb986ccb13052a39f501901e735530000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8bd", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8bd", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "b986ccb1", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "b986ccb1", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "3052a39f", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "3052a39f", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "3553", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b363037316263613564613036643466393735613532333537636461306364366630363134373837633163373062316237653161663263376662323732643238317d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b363037316263613564613036643466393735613532333537636461306364366630363134373837633163373062316237653161663263376662323732643238317d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b363037316263613564613036643466393735613532333537636461306364366630363134373837633163373062316237653161663263376662323732643238317d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b363037316263613564613036643466393735613532333537636461306364366630363134373837633163373062316237653161663263376662323732643238317d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b363037316263613564613036643466393735613532333537636461306364366630363134373837633163373062316237653161663263376662323732643238317d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b363037316263613564613036643466393735613532333537636461306364366630363134373837633163373062316237653161663263376662323732643238317d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b363037316263613564613036643466393735613532333537636461306364366630363134373837633163373062316237653161663263376662323732643238317d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{6071bca5da06d4f975a52357cda0cd6f0614787c1c70b1b7e1af2c7fb272d281}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f929154000240631c812d90139c0a826680050f8be4308359bce0353d1501901e7e2710000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b363561386231343166303139353036666565613338613131393938386164363435626361623161356661383639336566646632366531666433636234346234637d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f929154000240631c812d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "2915", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "31c8", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8be4308359bce0353d1501901e7e2710000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8be", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8be", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "4308359b", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "4308359b", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "ce0353d1", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "ce0353d1", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "e271", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b363561386231343166303139353036666565613338613131393938386164363435626361623161356661383639336566646632366531666433636234346234637d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b363561386231343166303139353036666565613338613131393938386164363435626361623161356661383639336566646632366531666433636234346234637d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b363561386231343166303139353036666565613338613131393938386164363435626361623161356661383639336566646632366531666433636234346234637d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b363561386231343166303139353036666565613338613131393938386164363435626361623161356661383639336566646632366531666433636234346234637d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b363561386231343166303139353036666565613338613131393938386164363435626361623161356661383639336566646632366531666433636234346234637d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b363561386231343166303139353036666565613338613131393938386164363435626361623161356661383639336566646632366531666433636234346234637d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b363561386231343166303139353036666565613338613131393938386164363435626361623161356661383639336566646632366531666433636234346234637d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{65a8b141f019506feea38a119988ad645bcab1a5fa8693efdf26e1fd3cb44b4c}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f928c840002406321512d90139c0a826680050f8bf651357c8536981dd501901e7ea150000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b643766356362373861383935643338303536303135323262393564353939636236643236383963366138353665336662656536616163326663613063323066337d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f928c840002406321512d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "28c8", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "3215", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8bf651357c8536981dd501901e7ea150000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8bf", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8bf", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "651357c8", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "651357c8", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "536981dd", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "536981dd", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "ea15", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b643766356362373861383935643338303536303135323262393564353939636236643236383963366138353665336662656536616163326663613063323066337d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b643766356362373861383935643338303536303135323262393564353939636236643236383963366138353665336662656536616163326663613063323066337d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b643766356362373861383935643338303536303135323262393564353939636236643236383963366138353665336662656536616163326663613063323066337d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b643766356362373861383935643338303536303135323262393564353939636236643236383963366138353665336662656536616163326663613063323066337d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b643766356362373861383935643338303536303135323262393564353939636236643236383963366138353665336662656536616163326663613063323066337d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b643766356362373861383935643338303536303135323262393564353939636236643236383963366138353665336662656536616163326663613063323066337d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b643766356362373861383935643338303536303135323262393564353939636236643236383963366138353665336662656536616163326663613063323066337d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{d7f5cb78a895d3805601522b95d599cb6d2689c6a856e3fbee6aac2fca0c20f3}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f9158b40002406455212d90139c0a826680050f8c01b4a0fccdb119477501901e752220000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b373339626230663061613137333331383139613065393432643337626665653735376338643963643038396364666533323530393032376239323438353231337d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f9158b40002406455212d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "158b", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "4552", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8c01b4a0fccdb119477501901e752220000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8c0", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8c0", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "1b4a0fcc", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "1b4a0fcc", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "db119477", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "db119477", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "5222", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b373339626230663061613137333331383139613065393432643337626665653735376338643963643038396364666533323530393032376239323438353231337d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b373339626230663061613137333331383139613065393432643337626665653735376338643963643038396364666533323530393032376239323438353231337d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b373339626230663061613137333331383139613065393432643337626665653735376338643963643038396364666533323530393032376239323438353231337d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b373339626230663061613137333331383139613065393432643337626665653735376338643963643038396364666533323530393032376239323438353231337d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b373339626230663061613137333331383139613065393432643337626665653735376338643963643038396364666533323530393032376239323438353231337d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b373339626230663061613137333331383139613065393432643337626665653735376338643963643038396364666533323530393032376239323438353231337d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b373339626230663061613137333331383139613065393432643337626665653735376338643963643038396364666533323530393032376239323438353231337d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{739bb0f0aa17331819a0e942d37bfee757c8d9cd089cdfe32509027b92485213}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f98c9d40002406ce3f12d90139c0a826680050f8c13e524d70781a4ba5501901e781710000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b376138393165326334616430646133373462633135616437616430656530383130373764643337366630363135323738316637383063323031363931373133647d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f98c9d40002406ce3f12d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "8c9d", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "ce3f", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8c13e524d70781a4ba5501901e781710000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8c1", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8c1", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "3e524d70", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "3e524d70", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "781a4ba5", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "781a4ba5", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "8171", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b376138393165326334616430646133373462633135616437616430656530383130373764643337366630363135323738316637383063323031363931373133647d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b376138393165326334616430646133373462633135616437616430656530383130373764643337366630363135323738316637383063323031363931373133647d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b376138393165326334616430646133373462633135616437616430656530383130373764643337366630363135323738316637383063323031363931373133647d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b376138393165326334616430646133373462633135616437616430656530383130373764643337366630363135323738316637383063323031363931373133647d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b376138393165326334616430646133373462633135616437616430656530383130373764643337366630363135323738316637383063323031363931373133647d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b376138393165326334616430646133373462633135616437616430656530383130373764643337366630363135323738316637383063323031363931373133647d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b376138393165326334616430646133373462633135616437616430656530383130373764643337366630363135323738316637383063323031363931373133647d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{7a891e2c4ad0da374bc15ad7ad0ee081077dd376f06152781f780c201691713d}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f9857f40002406d55d12d90139c0a826680050f8c2123316bc3217c507501901e784e80000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b613937643365653934333232313838386264313135373432396534613030656435653939303561363130653634363634663765333663376635653061346566397d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f9857f40002406d55d12d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "857f", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "d55d", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8c2123316bc3217c507501901e784e80000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8c2", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8c2", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "123316bc", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "123316bc", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "3217c507", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "3217c507", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "84e8", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b613937643365653934333232313838386264313135373432396534613030656435653939303561363130653634363634663765333663376635653061346566397d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b613937643365653934333232313838386264313135373432396534613030656435653939303561363130653634363634663765333663376635653061346566397d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b613937643365653934333232313838386264313135373432396534613030656435653939303561363130653634363634663765333663376635653061346566397d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b613937643365653934333232313838386264313135373432396534613030656435653939303561363130653634363634663765333663376635653061346566397d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b613937643365653934333232313838386264313135373432396534613030656435653939303561363130653634363634663765333663376635653061346566397d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b613937643365653934333232313838386264313135373432396534613030656435653939303561363130653634363634663765333663376635653061346566397d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b613937643365653934333232313838386264313135373432396534613030656435653939303561363130653634363634663765333663376635653061346566397d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{a97d3ee943221888bd1157429e4a00ed5e9905a610e64664f7e36c7f5e0a4ef9}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f9462c4000240614b112d90139c0a826680050f8c498406c8c9ceac887501901e7c8e60000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b633338643264373464633231626262326533613935623532653233353465653532333337396366653466386233343863396335623564376264376362383731627d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f9462c4000240614b112d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "462c", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "14b1", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8c498406c8c9ceac887501901e7c8e60000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8c4", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8c4", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "98406c8c", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "98406c8c", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "9ceac887", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "9ceac887", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "c8e6", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b633338643264373464633231626262326533613935623532653233353465653532333337396366653466386233343863396335623564376264376362383731627d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b633338643264373464633231626262326533613935623532653233353465653532333337396366653466386233343863396335623564376264376362383731627d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b633338643264373464633231626262326533613935623532653233353465653532333337396366653466386233343863396335623564376264376362383731627d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b633338643264373464633231626262326533613935623532653233353465653532333337396366653466386233343863396335623564376264376362383731627d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b633338643264373464633231626262326533613935623532653233353465653532333337396366653466386233343863396335623564376264376362383731627d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b633338643264373464633231626262326533613935623532653233353465653532333337396366653466386233343863396335623564376264376362383731627d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b633338643264373464633231626262326533613935623532653233353465653532333337396366653466386233343863396335623564376264376362383731627d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{c38d2d74dc21bbb2e3a95b52e2354ee523379cfe4f8b348c9c5b5d7bd7cb871b}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f949d340002406110a12d90139c0a826680050f8c6c2e05ac7f7c237a7501901e75cbc0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b653464633838366333396135336666313138626632393034313036376364653438646365626238396233646165363161386162613631383764363731393939617d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f949d340002406110a12d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "49d3", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "110a", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8c6c2e05ac7f7c237a7501901e75cbc0000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8c6", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8c6", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "c2e05ac7", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "c2e05ac7", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "f7c237a7", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "f7c237a7", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "5cbc", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b653464633838366333396135336666313138626632393034313036376364653438646365626238396233646165363161386162613631383764363731393939617d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b653464633838366333396135336666313138626632393034313036376364653438646365626238396233646165363161386162613631383764363731393939617d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b653464633838366333396135336666313138626632393034313036376364653438646365626238396233646165363161386162613631383764363731393939617d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b653464633838366333396135336666313138626632393034313036376364653438646365626238396233646165363161386162613631383764363731393939617d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b653464633838366333396135336666313138626632393034313036376364653438646365626238396233646165363161386162613631383764363731393939617d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b653464633838366333396135336666313138626632393034313036376364653438646365626238396233646165363161386162613631383764363731393939617d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b653464633838366333396135336666313138626632393034313036376364653438646365626238396233646165363161386162613631383764363731393939617d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{e4dc886c39a53ff118bf29041067cde48dcebb89b3dae61a8aba6187d671999a}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f97e2240002406dcba12d90139c0a826680050f8c739495583aa1f28c2501901e71d980000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b396662643064313861613161626664323839626139373761653433353462383231636337343539313236303838396166626131623062366537373633616133317d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f97e2240002406dcba12d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "7e22", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "dcba", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8c739495583aa1f28c2501901e71d980000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8c7", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8c7", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "39495583", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "39495583", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "aa1f28c2", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "aa1f28c2", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "1d98", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b396662643064313861613161626664323839626139373761653433353462383231636337343539313236303838396166626131623062366537373633616133317d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b396662643064313861613161626664323839626139373761653433353462383231636337343539313236303838396166626131623062366537373633616133317d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b396662643064313861613161626664323839626139373761653433353462383231636337343539313236303838396166626131623062366537373633616133317d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b396662643064313861613161626664323839626139373761653433353462383231636337343539313236303838396166626131623062366537373633616133317d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b396662643064313861613161626664323839626139373761653433353462383231636337343539313236303838396166626131623062366537373633616133317d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b396662643064313861613161626664323839626139373761653433353462383231636337343539313236303838396166626131623062366537373633616133317d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b396662643064313861613161626664323839626139373761653433353462383231636337343539313236303838396166626131623062366537373633616133317d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{9fbd0d18aa1abfd289ba977ae4354b821cc74591260889afba1b0b6e7763aa31}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f9bfe1400024069afb12d90139c0a826680050f8c855cd3a102cd742ab501901e7e1470000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b336663303830316263643336333336613263303330633665356634353266353739356265316435363265303034313133363566623634633661326636383865667d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f9bfe1400024069afb12d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "bfe1", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "9afb", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8c855cd3a102cd742ab501901e7e1470000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8c8", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8c8", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "55cd3a10", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "55cd3a10", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "2cd742ab", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "2cd742ab", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "e147", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b336663303830316263643336333336613263303330633665356634353266353739356265316435363265303034313133363566623634633661326636383865667d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b336663303830316263643336333336613263303330633665356634353266353739356265316435363265303034313133363566623634633661326636383865667d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b336663303830316263643336333336613263303330633665356634353266353739356265316435363265303034313133363566623634633661326636383865667d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b336663303830316263643336333336613263303330633665356634353266353739356265316435363265303034313133363566623634633661326636383865667d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b336663303830316263643336333336613263303330633665356634353266353739356265316435363265303034313133363566623634633661326636383865667d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b336663303830316263643336333336613263303330633665356634353266353739356265316435363265303034313133363566623634633661326636383865667d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b336663303830316263643336333336613263303330633665356634353266353739356265316435363265303034313133363566623634633661326636383865667d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{3fc0801bcd36336a2c030c6e5f452f5795be1d562e00411365fb64c6a2f688ef}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f9513d4000240609a012d90139c0a826680050f8c95b366a057d9e7d8b501901e7013e0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b346161383636343365623264646235373039373235333434636430653633653663353265333563326536346133396633613461306565376262643564336164657d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f9513d4000240609a012d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "513d", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "09a0", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8c95b366a057d9e7d8b501901e7013e0000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8c9", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8c9", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "5b366a05", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "5b366a05", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "7d9e7d8b", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "7d9e7d8b", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "013e", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b346161383636343365623264646235373039373235333434636430653633653663353265333563326536346133396633613461306565376262643564336164657d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b346161383636343365623264646235373039373235333434636430653633653663353265333563326536346133396633613461306565376262643564336164657d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b346161383636343365623264646235373039373235333434636430653633653663353265333563326536346133396633613461306565376262643564336164657d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b346161383636343365623264646235373039373235333434636430653633653663353265333563326536346133396633613461306565376262643564336164657d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b346161383636343365623264646235373039373235333434636430653633653663353265333563326536346133396633613461306565376262643564336164657d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b346161383636343365623264646235373039373235333434636430653633653663353265333563326536346133396633613461306565376262643564336164657d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b346161383636343365623264646235373039373235333434636430653633653663353265333563326536346133396633613461306565376262643564336164657d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{4aa86643eb2ddb5709725344cd0e63e6c52e35c2e64a39f3a4a0ee7bbd5d3ade}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f9a24e40002406b88e12d90139c0a826680050f8caf0302c165ae25ddc501901e7de290000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b346166386466343135643137653664663939613565666464656263623333613638633063386266323664343831656564313662356637373637353033306437667d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f9a24e40002406b88e12d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "a24e", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "b88e", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8caf0302c165ae25ddc501901e7de290000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8ca", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8ca", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "f0302c16", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "f0302c16", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "5ae25ddc", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "5ae25ddc", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "de29", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b346166386466343135643137653664663939613565666464656263623333613638633063386266323664343831656564313662356637373637353033306437667d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b346166386466343135643137653664663939613565666464656263623333613638633063386266323664343831656564313662356637373637353033306437667d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b346166386466343135643137653664663939613565666464656263623333613638633063386266323664343831656564313662356637373637353033306437667d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b346166386466343135643137653664663939613565666464656263623333613638633063386266323664343831656564313662356637373637353033306437667d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b346166386466343135643137653664663939613565666464656263623333613638633063386266323664343831656564313662356637373637353033306437667d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b346166386466343135643137653664663939613565666464656263623333613638633063386266323664343831656564313662356637373637353033306437667d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b346166386466343135643137653664663939613565666464656263623333613638633063386266323664343831656564313662356637373637353033306437667d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{4af8df415d17e6df99a5efddebcb33a68c0c8bf26d481eed16b5f77675030d7f}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f90f37400024064ba612d90139c0a826680050f8cb0c7fc36f5cce81a5501901e76bab0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b653466353261306432613932343930366163313032613332633532616239313238626639636436653532393435313861643365643637343866383533623061627d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f90f37400024064ba612d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "0f37", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "4ba6", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8cb0c7fc36f5cce81a5501901e76bab0000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8cb", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8cb", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "0c7fc36f", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "0c7fc36f", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "5cce81a5", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "5cce81a5", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "6bab", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b653466353261306432613932343930366163313032613332633532616239313238626639636436653532393435313861643365643637343866383533623061627d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b653466353261306432613932343930366163313032613332633532616239313238626639636436653532393435313861643365643637343866383533623061627d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b653466353261306432613932343930366163313032613332633532616239313238626639636436653532393435313861643365643637343866383533623061627d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b653466353261306432613932343930366163313032613332633532616239313238626639636436653532393435313861643365643637343866383533623061627d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b653466353261306432613932343930366163313032613332633532616239313238626639636436653532393435313861643365643637343866383533623061627d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b653466353261306432613932343930366163313032613332633532616239313238626639636436653532393435313861643365643637343866383533623061627d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b653466353261306432613932343930366163313032613332633532616239313238626639636436653532393435313861643365643637343866383533623061627d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{e4f52a0d2a924906ac102a32c52ab9128bf9cd6e5294518ad3ed6748f853b0ab}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f9781340002406e2c912d90139c0a826680050f8cc4caf6692e2c14d63501901e79acd0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b636331303465373461396635303136346565353635326431363865663338613231623761326435653331393630363265363639653361323730356631613064337d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f9781340002406e2c912d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "7813", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "e2c9", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8cc4caf6692e2c14d63501901e79acd0000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8cc", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8cc", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "4caf6692", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "4caf6692", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "e2c14d63", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "e2c14d63", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "9acd", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b636331303465373461396635303136346565353635326431363865663338613231623761326435653331393630363265363639653361323730356631613064337d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b636331303465373461396635303136346565353635326431363865663338613231623761326435653331393630363265363639653361323730356631613064337d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b636331303465373461396635303136346565353635326431363865663338613231623761326435653331393630363265363639653361323730356631613064337d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b636331303465373461396635303136346565353635326431363865663338613231623761326435653331393630363265363639653361323730356631613064337d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b636331303465373461396635303136346565353635326431363865663338613231623761326435653331393630363265363639653361323730356631613064337d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b636331303465373461396635303136346565353635326431363865663338613231623761326435653331393630363265363639653361323730356631613064337d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b636331303465373461396635303136346565353635326431363865663338613231623761326435653331393630363265363639653361323730356631613064337d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{cc104e74a9f50164ee5652d168ef38a21b7a2d5e3196062e669e3a2705f1a0d3}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f9ef89400024066b5312d90139c0a826680050f8cd979b53903e5e7233501901e754580000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b326161633632306230626464326536393436643632633564323332636133326261316635613964386563383263303630373738623534666665623866626431667d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f9ef89400024066b5312d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "ef89", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "6b53", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8cd979b53903e5e7233501901e754580000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8cd", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8cd", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "979b5390", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "979b5390", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "3e5e7233", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "3e5e7233", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "5458", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b326161633632306230626464326536393436643632633564323332636133326261316635613964386563383263303630373738623534666665623866626431667d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b326161633632306230626464326536393436643632633564323332636133326261316635613964386563383263303630373738623534666665623866626431667d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b326161633632306230626464326536393436643632633564323332636133326261316635613964386563383263303630373738623534666665623866626431667d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b326161633632306230626464326536393436643632633564323332636133326261316635613964386563383263303630373738623534666665623866626431667d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b326161633632306230626464326536393436643632633564323332636133326261316635613964386563383263303630373738623534666665623866626431667d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b326161633632306230626464326536393436643632633564323332636133326261316635613964386563383263303630373738623534666665623866626431667d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b326161633632306230626464326536393436643632633564323332636133326261316635613964386563383263303630373738623534666665623866626431667d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{2aac620b0bdd2e6946d62c5d232ca32ba1f5a9d8ec82c060778b54ffeb8fbd1f}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f9a61740002406b4c512d90139c0a826680050f8cf2ff742ad388c5f6b501901e7c48b0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b346535356265303731353964656632303761666331343239353466353637336130363531643566333266356634303930666237373464393630363238653335327d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f9a61740002406b4c512d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "a617", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "b4c5", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8cf2ff742ad388c5f6b501901e7c48b0000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8cf", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8cf", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "2ff742ad", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "2ff742ad", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "388c5f6b", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "388c5f6b", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "c48b", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b346535356265303731353964656632303761666331343239353466353637336130363531643566333266356634303930666237373464393630363238653335327d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b346535356265303731353964656632303761666331343239353466353637336130363531643566333266356634303930666237373464393630363238653335327d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b346535356265303731353964656632303761666331343239353466353637336130363531643566333266356634303930666237373464393630363238653335327d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b346535356265303731353964656632303761666331343239353466353637336130363531643566333266356634303930666237373464393630363238653335327d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b346535356265303731353964656632303761666331343239353466353637336130363531643566333266356634303930666237373464393630363238653335327d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b346535356265303731353964656632303761666331343239353466353637336130363531643566333266356634303930666237373464393630363238653335327d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b346535356265303731353964656632303761666331343239353466353637336130363531643566333266356634303930666237373464393630363238653335327d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{4e55be07159def207afc142954f5673a0651d5f32f5f4090fb774d960628e352}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f963a040002406f73c12d90139c0a826680050f8d08b76a989c5a85cf7501901e75bdc0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b393833653565323730336131333261343934373965343338626662613135656535643032333435623033643431306238313633623638353937333933376461377d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f963a040002406f73c12d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "63a0", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "f73c", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8d08b76a989c5a85cf7501901e75bdc0000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8d0", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8d0", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "8b76a989", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "8b76a989", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "c5a85cf7", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "c5a85cf7", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "5bdc", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b393833653565323730336131333261343934373965343338626662613135656535643032333435623033643431306238313633623638353937333933376461377d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b393833653565323730336131333261343934373965343338626662613135656535643032333435623033643431306238313633623638353937333933376461377d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b393833653565323730336131333261343934373965343338626662613135656535643032333435623033643431306238313633623638353937333933376461377d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b393833653565323730336131333261343934373965343338626662613135656535643032333435623033643431306238313633623638353937333933376461377d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b393833653565323730336131333261343934373965343338626662613135656535643032333435623033643431306238313633623638353937333933376461377d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b393833653565323730336131333261343934373965343338626662613135656535643032333435623033643431306238313633623638353937333933376461377d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b393833653565323730336131333261343934373965343338626662613135656535643032333435623033643431306238313633623638353937333933376461377d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{983e5e2703a132a49479e438bfba15ee5d02345b03d410b8163b685973937da7}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f9dda6400024067d3612d90139c0a826680050f8d16af577461f44f08f501901e7e9f80000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b643334326134366538313739646539393431373230633565306565616330643066616539643330313464326464636635333161373836356139393762303065357d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f9dda6400024067d3612d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "dda6", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "7d36", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8d16af577461f44f08f501901e7e9f80000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8d1", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8d1", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "6af57746", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "6af57746", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "1f44f08f", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "1f44f08f", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "e9f8", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b643334326134366538313739646539393431373230633565306565616330643066616539643330313464326464636635333161373836356139393762303065357d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b643334326134366538313739646539393431373230633565306565616330643066616539643330313464326464636635333161373836356139393762303065357d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b643334326134366538313739646539393431373230633565306565616330643066616539643330313464326464636635333161373836356139393762303065357d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b643334326134366538313739646539393431373230633565306565616330643066616539643330313464326464636635333161373836356139393762303065357d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b643334326134366538313739646539393431373230633565306565616330643066616539643330313464326464636635333161373836356139393762303065357d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b643334326134366538313739646539393431373230633565306565616330643066616539643330313464326464636635333161373836356139393762303065357d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b643334326134366538313739646539393431373230633565306565616330643066616539643330313464326464636635333161373836356139393762303065357d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{d342a46e8179de9941720c5e0eeac0d0fae9d3014d2ddcf531a7865a997b00e5}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f95aca40002406001312d90139c0a826680050f8d2247d4c203a8f7dce501901e7029b0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b323133333930346366653735376263366336386333653566333734396233376436376437666136666662323736383431306265353933643366653863346264347d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f95aca40002406001312d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "5aca", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "0013", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8d2247d4c203a8f7dce501901e7029b0000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8d2", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8d2", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "247d4c20", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "247d4c20", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "3a8f7dce", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "3a8f7dce", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "029b", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b323133333930346366653735376263366336386333653566333734396233376436376437666136666662323736383431306265353933643366653863346264347d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b323133333930346366653735376263366336386333653566333734396233376436376437666136666662323736383431306265353933643366653863346264347d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b323133333930346366653735376263366336386333653566333734396233376436376437666136666662323736383431306265353933643366653863346264347d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b323133333930346366653735376263366336386333653566333734396233376436376437666136666662323736383431306265353933643366653863346264347d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b323133333930346366653735376263366336386333653566333734396233376436376437666136666662323736383431306265353933643366653863346264347d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b323133333930346366653735376263366336386333653566333734396233376436376437666136666662323736383431306265353933643366653863346264347d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b323133333930346366653735376263366336386333653566333734396233376436376437666136666662323736383431306265353933643366653863346264347d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{2133904cfe757bc6c68c3e5f3749b37d67d7fa6ffb2768410be593d3fe8c4bd4}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f993ec40002406c6f012d90139c0a826680050f8d37dae99b77a6824ab501901e762fb0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b323962373236623961353764313736653134383764313539343734656537653635303862363663303563353236613030633934326138636562623662623439367d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f993ec40002406c6f012d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "93ec", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "c6f0", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8d37dae99b77a6824ab501901e762fb0000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8d3", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8d3", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "7dae99b7", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "7dae99b7", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "7a6824ab", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "7a6824ab", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "62fb", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b323962373236623961353764313736653134383764313539343734656537653635303862363663303563353236613030633934326138636562623662623439367d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b323962373236623961353764313736653134383764313539343734656537653635303862363663303563353236613030633934326138636562623662623439367d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b323962373236623961353764313736653134383764313539343734656537653635303862363663303563353236613030633934326138636562623662623439367d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b323962373236623961353764313736653134383764313539343734656537653635303862363663303563353236613030633934326138636562623662623439367d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b323962373236623961353764313736653134383764313539343734656537653635303862363663303563353236613030633934326138636562623662623439367d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b323962373236623961353764313736653134383764313539343734656537653635303862363663303563353236613030633934326138636562623662623439367d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b323962373236623961353764313736653134383764313539343734656537653635303862363663303563353236613030633934326138636562623662623439367d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{29b726b9a57d176e1487d159474ee7e6508b66c05c526a00c942a8cebb6bb496}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f9fcf4400024065de812d90139c0a826680050f8d44dfb79e2a2fa7e19501901e72c890000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b373330326230646361303763643839306337356533386437386437653734643762626632623933326635353561616635623637353466353665373738653366637d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f9fcf4400024065de812d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "fcf4", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "5de8", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8d44dfb79e2a2fa7e19501901e72c890000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8d4", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8d4", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "4dfb79e2", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "4dfb79e2", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "a2fa7e19", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "a2fa7e19", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "2c89", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b373330326230646361303763643839306337356533386437386437653734643762626632623933326635353561616635623637353466353665373738653366637d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b373330326230646361303763643839306337356533386437386437653734643762626632623933326635353561616635623637353466353665373738653366637d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b373330326230646361303763643839306337356533386437386437653734643762626632623933326635353561616635623637353466353665373738653366637d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b373330326230646361303763643839306337356533386437386437653734643762626632623933326635353561616635623637353466353665373738653366637d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b373330326230646361303763643839306337356533386437386437653734643762626632623933326635353561616635623637353466353665373738653366637d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b373330326230646361303763643839306337356533386437386437653734643762626632623933326635353561616635623637353466353665373738653366637d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b373330326230646361303763643839306337356533386437386437653734643762626632623933326635353561616635623637353466353665373738653366637d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{7302b0dca07cd890c75e38d78d7e74d7bbf2b932f555aaf5b6754f56e778e3fc}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f968a340002406f23912d90139c0a826680050f8d5b8549e924f114f01501901e7202b0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b323265303138626238323832653964373835326564346536356637306132363532346461626566373863663431653164623435633037306339343632316335377d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f968a340002406f23912d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "68a3", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "f239", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8d5b8549e924f114f01501901e7202b0000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8d5", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8d5", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "b8549e92", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "b8549e92", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "4f114f01", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "4f114f01", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "202b", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b323265303138626238323832653964373835326564346536356637306132363532346461626566373863663431653164623435633037306339343632316335377d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b323265303138626238323832653964373835326564346536356637306132363532346461626566373863663431653164623435633037306339343632316335377d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b323265303138626238323832653964373835326564346536356637306132363532346461626566373863663431653164623435633037306339343632316335377d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b323265303138626238323832653964373835326564346536356637306132363532346461626566373863663431653164623435633037306339343632316335377d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b323265303138626238323832653964373835326564346536356637306132363532346461626566373863663431653164623435633037306339343632316335377d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b323265303138626238323832653964373835326564346536356637306132363532346461626566373863663431653164623435633037306339343632316335377d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b323265303138626238323832653964373835326564346536356637306132363532346461626566373863663431653164623435633037306339343632316335377d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{22e018bb8282e9d7852ed4e65f70a26524dabef78cf41e1db45c070c94621c57}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f906a140002406543c12d90139c0a826680050f8d6f8325d5a8994bfe7501901e7c6680000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b343066333636636366306636343632663562386231646334643733383461363261613935353635616663616164393661393337623863316631313334303939627d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f906a140002406543c12d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "06a1", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "543c", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8d6f8325d5a8994bfe7501901e7c6680000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8d6", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8d6", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "f8325d5a", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "f8325d5a", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "8994bfe7", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "8994bfe7", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "c668", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b343066333636636366306636343632663562386231646334643733383461363261613935353635616663616164393661393337623863316631313334303939627d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b343066333636636366306636343632663562386231646334643733383461363261613935353635616663616164393661393337623863316631313334303939627d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b343066333636636366306636343632663562386231646334643733383461363261613935353635616663616164393661393337623863316631313334303939627d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b343066333636636366306636343632663562386231646334643733383461363261613935353635616663616164393661393337623863316631313334303939627d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b343066333636636366306636343632663562386231646334643733383461363261613935353635616663616164393661393337623863316631313334303939627d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b343066333636636366306636343632663562386231646334643733383461363261613935353635616663616164393661393337623863316631313334303939627d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b343066333636636366306636343632663562386231646334643733383461363261613935353635616663616164393661393337623863316631313334303939627d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{40f366ccf0f6462f5b8b1dc4d7384a62aa95565afcaad96a937b8c1f1134099b}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f91b4e400024063f8f12d90139c0a826680050f8d762793aece90beba5501901e7b2550000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b646233386362633231356364653064396364353263626361323339306465666462353433303365393938303139613563346464616639383631623534656663627d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f91b4e400024063f8f12d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "1b4e", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "3f8f", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8d762793aece90beba5501901e7b2550000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8d7", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8d7", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "62793aec", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "62793aec", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "e90beba5", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "e90beba5", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "b255", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b646233386362633231356364653064396364353263626361323339306465666462353433303365393938303139613563346464616639383631623534656663627d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b646233386362633231356364653064396364353263626361323339306465666462353433303365393938303139613563346464616639383631623534656663627d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b646233386362633231356364653064396364353263626361323339306465666462353433303365393938303139613563346464616639383631623534656663627d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b646233386362633231356364653064396364353263626361323339306465666462353433303365393938303139613563346464616639383631623534656663627d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b646233386362633231356364653064396364353263626361323339306465666462353433303365393938303139613563346464616639383631623534656663627d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b646233386362633231356364653064396364353263626361323339306465666462353433303365393938303139613563346464616639383631623534656663627d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b646233386362633231356364653064396364353263626361323339306465666462353433303365393938303139613563346464616639383631623534656663627d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{db38cbc215cde0d9cd52cbca2390defdb54303e998019a5c4ddaf9861b54efcb}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f994f840002406c5e412d90139c0a826680050f8d8b9322f8cf17b3843501901e73e070000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b303930666138656339393561623966633966393763626539656133366362383163343530346133636130323436366464643230376366653766373835636235637d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f994f840002406c5e412d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "94f8", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "c5e4", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8d8b9322f8cf17b3843501901e73e070000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8d8", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8d8", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "b9322f8c", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "b9322f8c", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "f17b3843", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "f17b3843", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "3e07", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b303930666138656339393561623966633966393763626539656133366362383163343530346133636130323436366464643230376366653766373835636235637d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b303930666138656339393561623966633966393763626539656133366362383163343530346133636130323436366464643230376366653766373835636235637d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b303930666138656339393561623966633966393763626539656133366362383163343530346133636130323436366464643230376366653766373835636235637d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b303930666138656339393561623966633966393763626539656133366362383163343530346133636130323436366464643230376366653766373835636235637d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b303930666138656339393561623966633966393763626539656133366362383163343530346133636130323436366464643230376366653766373835636235637d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b303930666138656339393561623966633966393763626539656133366362383163343530346133636130323436366464643230376366653766373835636235637d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b303930666138656339393561623966633966393763626539656133366362383163343530346133636130323436366464643230376366653766373835636235637d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{090fa8ec995ab9fc9f97cbe9ea36cb81c4504a3ca02466ddd207cfe7f785cb5c}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f998c240002406c21a12d90139c0a826680050f8d96454aa68c65f79bf501901e71ad90000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b393437623931613938336339333231373330346638653562313132653933656166363139653661393338366162393362653933613962363765353362326664617d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f998c240002406c21a12d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "98c2", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "c21a", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8d96454aa68c65f79bf501901e71ad90000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8d9", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8d9", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "6454aa68", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "6454aa68", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "c65f79bf", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "c65f79bf", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "1ad9", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b393437623931613938336339333231373330346638653562313132653933656166363139653661393338366162393362653933613962363765353362326664617d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b393437623931613938336339333231373330346638653562313132653933656166363139653661393338366162393362653933613962363765353362326664617d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b393437623931613938336339333231373330346638653562313132653933656166363139653661393338366162393362653933613962363765353362326664617d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b393437623931613938336339333231373330346638653562313132653933656166363139653661393338366162393362653933613962363765353362326664617d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b393437623931613938336339333231373330346638653562313132653933656166363139653661393338366162393362653933613962363765353362326664617d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b393437623931613938336339333231373330346638653562313132653933656166363139653661393338366162393362653933613962363765353362326664617d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b393437623931613938336339333231373330346638653562313132653933656166363139653661393338366162393362653933613962363765353362326664617d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{947b91a983c93217304f8e5b112e93eaf619e6a9386ab93be93a9b67e53b2fda}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f9dbce400024067f0e12d90139c0a826680050f8da868c5839e316a844501901e7b6a20000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b613365643266363032333232663734396634636230313635313565323562363737343965666430386163326632633533303233353936636266306463626430667d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f9dbce400024067f0e12d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "dbce", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "7f0e", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8da868c5839e316a844501901e7b6a20000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8da", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8da", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "868c5839", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "868c5839", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "e316a844", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "e316a844", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "b6a2", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b613365643266363032333232663734396634636230313635313565323562363737343965666430386163326632633533303233353936636266306463626430667d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b613365643266363032333232663734396634636230313635313565323562363737343965666430386163326632633533303233353936636266306463626430667d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b613365643266363032333232663734396634636230313635313565323562363737343965666430386163326632633533303233353936636266306463626430667d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b613365643266363032333232663734396634636230313635313565323562363737343965666430386163326632633533303233353936636266306463626430667d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b613365643266363032333232663734396634636230313635313565323562363737343965666430386163326632633533303233353936636266306463626430667d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b613365643266363032333232663734396634636230313635313565323562363737343965666430386163326632633533303233353936636266306463626430667d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b613365643266363032333232663734396634636230313635313565323562363737343965666430386163326632633533303233353936636266306463626430667d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{a3ed2f602322f749f4cb016515e25b67749efd08ac2f2c53023596cbf0dcbd0f}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f912394000240648a412d90139c0a826680050f8db94dd0464aebea451501901e7ae040000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b386536323538353965623332356432613639393334653461343463393366636331333265383133656662336664616161353134333134373637386539636266397d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f912394000240648a412d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "1239", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "48a4", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8db94dd0464aebea451501901e7ae040000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8db", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8db", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "94dd0464", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "94dd0464", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "aebea451", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "aebea451", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "ae04", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b386536323538353965623332356432613639393334653461343463393366636331333265383133656662336664616161353134333134373637386539636266397d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b386536323538353965623332356432613639393334653461343463393366636331333265383133656662336664616161353134333134373637386539636266397d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b386536323538353965623332356432613639393334653461343463393366636331333265383133656662336664616161353134333134373637386539636266397d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b386536323538353965623332356432613639393334653461343463393366636331333265383133656662336664616161353134333134373637386539636266397d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b386536323538353965623332356432613639393334653461343463393366636331333265383133656662336664616161353134333134373637386539636266397d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b386536323538353965623332356432613639393334653461343463393366636331333265383133656662336664616161353134333134373637386539636266397d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b386536323538353965623332356432613639393334653461343463393366636331333265383133656662336664616161353134333134373637386539636266397d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{8e625859eb325d2a69934e4a44c93fcc132e813efb3fdaaa5143147678e9cbf9}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f9680a40002406f2d212d90139c0a826680050f8dca5c179b48f747ac8501901e74ecd0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b386434336334383839656535623530376431373835616466613235393266326662336437636632306562663337636534363539356564633436666261336636647d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f9680a40002406f2d212d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "680a", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "f2d2", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8dca5c179b48f747ac8501901e74ecd0000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8dc", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8dc", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "a5c179b4", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "a5c179b4", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "8f747ac8", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "8f747ac8", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "4ecd", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b386434336334383839656535623530376431373835616466613235393266326662336437636632306562663337636534363539356564633436666261336636647d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b386434336334383839656535623530376431373835616466613235393266326662336437636632306562663337636534363539356564633436666261336636647d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b386434336334383839656535623530376431373835616466613235393266326662336437636632306562663337636534363539356564633436666261336636647d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b386434336334383839656535623530376431373835616466613235393266326662336437636632306562663337636534363539356564633436666261336636647d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b386434336334383839656535623530376431373835616466613235393266326662336437636632306562663337636534363539356564633436666261336636647d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b386434336334383839656535623530376431373835616466613235393266326662336437636632306562663337636534363539356564633436666261336636647d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b386434336334383839656535623530376431373835616466613235393266326662336437636632306562663337636534363539356564633436666261336636647d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{8d43c4889ee5b507d1785adfa2592f2fb3d7cf20ebf37ce46595edc46fba3f6d}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f942334000240618aa12d90139c0a826680050f8df5a3cdce60fff5d18501901e779b50000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b303032306430323165396533386462623561356661343332313735303839643862373665346139303036313863393566386361653134666564616134356236337d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f942334000240618aa12d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "4233", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "18aa", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8df5a3cdce60fff5d18501901e779b50000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8df", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8df", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "5a3cdce6", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "5a3cdce6", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "0fff5d18", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "0fff5d18", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "79b5", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b303032306430323165396533386462623561356661343332313735303839643862373665346139303036313863393566386361653134666564616134356236337d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b303032306430323165396533386462623561356661343332313735303839643862373665346139303036313863393566386361653134666564616134356236337d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b303032306430323165396533386462623561356661343332313735303839643862373665346139303036313863393566386361653134666564616134356236337d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b303032306430323165396533386462623561356661343332313735303839643862373665346139303036313863393566386361653134666564616134356236337d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b303032306430323165396533386462623561356661343332313735303839643862373665346139303036313863393566386361653134666564616134356236337d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b303032306430323165396533386462623561356661343332313735303839643862373665346139303036313863393566386361653134666564616134356236337d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b303032306430323165396533386462623561356661343332313735303839643862373665346139303036313863393566386361653134666564616134356236337d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{0020d021e9e38dbb5a5fa432175089d8b76e4a900618c95f8cae14fedaa45b63}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f9bf2a400024069bb212d90139c0a826680050f8e09f8894a1404ab3f3501901e778bc0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b363965393662313066353630613661303635366136643935306537336534316263663432323663343234626235363232383339646461306336363735356231347d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f9bf2a400024069bb212d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "bf2a", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "9bb2", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8e09f8894a1404ab3f3501901e778bc0000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8e0", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8e0", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "9f8894a1", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "9f8894a1", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "404ab3f3", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "404ab3f3", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "78bc", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b363965393662313066353630613661303635366136643935306537336534316263663432323663343234626235363232383339646461306336363735356231347d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b363965393662313066353630613661303635366136643935306537336534316263663432323663343234626235363232383339646461306336363735356231347d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b363965393662313066353630613661303635366136643935306537336534316263663432323663343234626235363232383339646461306336363735356231347d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b363965393662313066353630613661303635366136643935306537336534316263663432323663343234626235363232383339646461306336363735356231347d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b363965393662313066353630613661303635366136643935306537336534316263663432323663343234626235363232383339646461306336363735356231347d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b363965393662313066353630613661303635366136643935306537336534316263663432323663343234626235363232383339646461306336363735356231347d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b363965393662313066353630613661303635366136643935306537336534316263663432323663343234626235363232383339646461306336363735356231347d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{69e96b10f560a6a0656a6d950e73e41bcf4226c424bb5622839dda0c66755b14}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f9e6f44000240673e812d90139c0a826680050f8e1e0bd5c3486e661c6501901e72f090000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b333463366361343764383538616231386161323030386634616333316333313537306334363138363933396536623436343538623139303832313232643462647d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f9e6f44000240673e812d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "e6f4", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "73e8", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8e1e0bd5c3486e661c6501901e72f090000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8e1", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8e1", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "e0bd5c34", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "e0bd5c34", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "86e661c6", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "86e661c6", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "2f09", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b333463366361343764383538616231386161323030386634616333316333313537306334363138363933396536623436343538623139303832313232643462647d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b333463366361343764383538616231386161323030386634616333316333313537306334363138363933396536623436343538623139303832313232643462647d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b333463366361343764383538616231386161323030386634616333316333313537306334363138363933396536623436343538623139303832313232643462647d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b333463366361343764383538616231386161323030386634616333316333313537306334363138363933396536623436343538623139303832313232643462647d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b333463366361343764383538616231386161323030386634616333316333313537306334363138363933396536623436343538623139303832313232643462647d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b333463366361343764383538616231386161323030386634616333316333313537306334363138363933396536623436343538623139303832313232643462647d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b333463366361343764383538616231386161323030386634616333316333313537306334363138363933396536623436343538623139303832313232643462647d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{34c6ca47d858ab18aa2008f4ac31c31570c46186939e6b46458b19082122d4bd}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f927fc4000240632e112d90139c0a826680050f8e23d8f896db6c7383a501901e789060000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b656266636562653639366231666462626132616262336230303331363531353234353662643833623664646662663138306361333636646530646563316230637d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f927fc4000240632e112d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "27fc", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "32e1", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8e23d8f896db6c7383a501901e789060000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8e2", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8e2", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "3d8f896d", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "3d8f896d", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "b6c7383a", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "b6c7383a", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "8906", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b656266636562653639366231666462626132616262336230303331363531353234353662643833623664646662663138306361333636646530646563316230637d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b656266636562653639366231666462626132616262336230303331363531353234353662643833623664646662663138306361333636646530646563316230637d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b656266636562653639366231666462626132616262336230303331363531353234353662643833623664646662663138306361333636646530646563316230637d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b656266636562653639366231666462626132616262336230303331363531353234353662643833623664646662663138306361333636646530646563316230637d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b656266636562653639366231666462626132616262336230303331363531353234353662643833623664646662663138306361333636646530646563316230637d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b656266636562653639366231666462626132616262336230303331363531353234353662643833623664646662663138306361333636646530646563316230637d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b656266636562653639366231666462626132616262336230303331363531353234353662643833623664646662663138306361333636646530646563316230637d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{ebfcebe696b1fdbba2abb3b003165152456bd83b6ddfbf180ca366de0dec1b0c}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f934194000240626c412d90139c0a826680050f8e3182aa4e69b432004501901e7b0f30000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b616131323561616562343732336636396463656161393031323561383039396136663366653032353965303638666438326463626562373631333134343862627d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f934194000240626c412d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "3419", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "26c4", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8e3182aa4e69b432004501901e7b0f30000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8e3", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8e3", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "182aa4e6", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "182aa4e6", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "9b432004", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "9b432004", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "b0f3", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b616131323561616562343732336636396463656161393031323561383039396136663366653032353965303638666438326463626562373631333134343862627d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b616131323561616562343732336636396463656161393031323561383039396136663366653032353965303638666438326463626562373631333134343862627d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b616131323561616562343732336636396463656161393031323561383039396136663366653032353965303638666438326463626562373631333134343862627d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b616131323561616562343732336636396463656161393031323561383039396136663366653032353965303638666438326463626562373631333134343862627d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b616131323561616562343732336636396463656161393031323561383039396136663366653032353965303638666438326463626562373631333134343862627d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b616131323561616562343732336636396463656161393031323561383039396136663366653032353965303638666438326463626562373631333134343862627d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b616131323561616562343732336636396463656161393031323561383039396136663366653032353965303638666438326463626562373631333134343862627d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{aa125aaeb4723f69dceaa90125a8099a6f3fe0259e068fd82dcbeb76131448bb}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f9b35340002406a78912d90139c0a826680050f8e40b4c8968a75ed628501901e78c070000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b383064363538353764386438316139323736396538636431333633373635323264313133633432393862333331333138636537616463626635653730313034647d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f9b35340002406a78912d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "b353", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "a789", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8e40b4c8968a75ed628501901e78c070000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8e4", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8e4", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "0b4c8968", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "0b4c8968", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "a75ed628", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "a75ed628", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "8c07", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b383064363538353764386438316139323736396538636431333633373635323264313133633432393862333331333138636537616463626635653730313034647d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b383064363538353764386438316139323736396538636431333633373635323264313133633432393862333331333138636537616463626635653730313034647d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b383064363538353764386438316139323736396538636431333633373635323264313133633432393862333331333138636537616463626635653730313034647d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b383064363538353764386438316139323736396538636431333633373635323264313133633432393862333331333138636537616463626635653730313034647d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b383064363538353764386438316139323736396538636431333633373635323264313133633432393862333331333138636537616463626635653730313034647d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b383064363538353764386438316139323736396538636431333633373635323264313133633432393862333331333138636537616463626635653730313034647d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b383064363538353764386438316139323736396538636431333633373635323264313133633432393862333331333138636537616463626635653730313034647d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{80d65857d8d81a92769e8cd136376522d113c4298b331318ce7adcbf5e70104d}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f9c85e40002406927e12d90139c0a826680050f8e5c96006a7cee38029501901e7f8df0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b303061653737336365346134623363663332383766303732633133656337313339613734323037646536333564653964313135303837626334663331326261657d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f9c85e40002406927e12d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "c85e", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "927e", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8e5c96006a7cee38029501901e7f8df0000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8e5", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8e5", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "c96006a7", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "c96006a7", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "cee38029", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "cee38029", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "f8df", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b303061653737336365346134623363663332383766303732633133656337313339613734323037646536333564653964313135303837626334663331326261657d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b303061653737336365346134623363663332383766303732633133656337313339613734323037646536333564653964313135303837626334663331326261657d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b303061653737336365346134623363663332383766303732633133656337313339613734323037646536333564653964313135303837626334663331326261657d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b303061653737336365346134623363663332383766303732633133656337313339613734323037646536333564653964313135303837626334663331326261657d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b303061653737336365346134623363663332383766303732633133656337313339613734323037646536333564653964313135303837626334663331326261657d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b303061653737336365346134623363663332383766303732633133656337313339613734323037646536333564653964313135303837626334663331326261657d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b303061653737336365346134623363663332383766303732633133656337313339613734323037646536333564653964313135303837626334663331326261657d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{00ae773ce4a4b3cf3287f072c13ec7139a74207de635de9d115087bc4f312bae}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f9b50e40002406a5ce12d90139c0a826680050f8e6b4d06add9cf79cd3501901e72d260000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b376538303837373862373235303839333932326131376435336631303336356230303961373632343933353835306163356338313430343631653439643537397d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f9b50e40002406a5ce12d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "b50e", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "a5ce", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8e6b4d06add9cf79cd3501901e72d260000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8e6", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8e6", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "b4d06add", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "b4d06add", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "9cf79cd3", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "9cf79cd3", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "2d26", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b376538303837373862373235303839333932326131376435336631303336356230303961373632343933353835306163356338313430343631653439643537397d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b376538303837373862373235303839333932326131376435336631303336356230303961373632343933353835306163356338313430343631653439643537397d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b376538303837373862373235303839333932326131376435336631303336356230303961373632343933353835306163356338313430343631653439643537397d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b376538303837373862373235303839333932326131376435336631303336356230303961373632343933353835306163356338313430343631653439643537397d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b376538303837373862373235303839333932326131376435336631303336356230303961373632343933353835306163356338313430343631653439643537397d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b376538303837373862373235303839333932326131376435336631303336356230303961373632343933353835306163356338313430343631653439643537397d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b376538303837373862373235303839333932326131376435336631303336356230303961373632343933353835306163356338313430343631653439643537397d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{7e808778b7250893922a17d53f10365b009a7624935850ac5c8140461e49d579}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f9b7fb40002406a2e112d90139c0a826680050f8e74fdbc78ec2e401b6501901e790b10000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b333365383064366539663536633166373730356337333536366433343763636233326234363632313731663232346236646663623663386663653466313630317d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f9b7fb40002406a2e112d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "b7fb", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "a2e1", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8e74fdbc78ec2e401b6501901e790b10000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8e7", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8e7", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "4fdbc78e", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "4fdbc78e", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "c2e401b6", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "c2e401b6", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "90b1", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b333365383064366539663536633166373730356337333536366433343763636233326234363632313731663232346236646663623663386663653466313630317d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b333365383064366539663536633166373730356337333536366433343763636233326234363632313731663232346236646663623663386663653466313630317d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b333365383064366539663536633166373730356337333536366433343763636233326234363632313731663232346236646663623663386663653466313630317d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b333365383064366539663536633166373730356337333536366433343763636233326234363632313731663232346236646663623663386663653466313630317d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b333365383064366539663536633166373730356337333536366433343763636233326234363632313731663232346236646663623663386663653466313630317d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b333365383064366539663536633166373730356337333536366433343763636233326234363632313731663232346236646663623663386663653466313630317d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b333365383064366539663536633166373730356337333536366433343763636233326234363632313731663232346236646663623663386663653466313630317d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{33e80d6e9f56c1f7705c73566d347ccb32b4662171f224b6dfcb6c8fce4f1601}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f9738d40002406e74f12d90139c0a826680050f8e8fb80be47e91ad255501901e7d9310000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b356439323166666265323730396261383264303936303361303935353330616564616534316162393666643035323134306362633634333139623761623061637d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f9738d40002406e74f12d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "738d", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "e74f", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8e8fb80be47e91ad255501901e7d9310000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8e8", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8e8", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "fb80be47", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "fb80be47", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "e91ad255", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "e91ad255", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "d931", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b356439323166666265323730396261383264303936303361303935353330616564616534316162393666643035323134306362633634333139623761623061637d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b356439323166666265323730396261383264303936303361303935353330616564616534316162393666643035323134306362633634333139623761623061637d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b356439323166666265323730396261383264303936303361303935353330616564616534316162393666643035323134306362633634333139623761623061637d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b356439323166666265323730396261383264303936303361303935353330616564616534316162393666643035323134306362633634333139623761623061637d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b356439323166666265323730396261383264303936303361303935353330616564616534316162393666643035323134306362633634333139623761623061637d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b356439323166666265323730396261383264303936303361303935353330616564616534316162393666643035323134306362633634333139623761623061637d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b356439323166666265323730396261383264303936303361303935353330616564616534316162393666643035323134306362633634333139623761623061637d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{5d921ffbe2709ba82d09603a095530aedae41ab96fd052140cbc64319b7ab0ac}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f9ebe4400024066ef812d90139c0a826680050f8e94285adf38a709d56501901e78adf0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b393737623338356435646436616264653963623839656539343062356366623731373964373364393839633639393333343664323738626666303033633135347d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f9ebe4400024066ef812d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "ebe4", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "6ef8", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8e94285adf38a709d56501901e78adf0000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8e9", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8e9", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "4285adf3", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "4285adf3", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "8a709d56", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "8a709d56", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "8adf", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b393737623338356435646436616264653963623839656539343062356366623731373964373364393839633639393333343664323738626666303033633135347d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b393737623338356435646436616264653963623839656539343062356366623731373964373364393839633639393333343664323738626666303033633135347d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b393737623338356435646436616264653963623839656539343062356366623731373964373364393839633639393333343664323738626666303033633135347d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b393737623338356435646436616264653963623839656539343062356366623731373964373364393839633639393333343664323738626666303033633135347d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b393737623338356435646436616264653963623839656539343062356366623731373964373364393839633639393333343664323738626666303033633135347d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b393737623338356435646436616264653963623839656539343062356366623731373964373364393839633639393333343664323738626666303033633135347d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b393737623338356435646436616264653963623839656539343062356366623731373964373364393839633639393333343664323738626666303033633135347d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{977b385d5dd6abde9cb89ee940b5cfb7179d73d989c6993346d278bff003c154}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f9655940002406f58312d90139c0a826680050f8ea6c7d059f234fbbed501901e7dbe50000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b636137643362303239383137646538663331386438666135323161643162353639663465386133373335383337333139333532326363376635363238656434397d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f9655940002406f58312d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "6559", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "f583", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8ea6c7d059f234fbbed501901e7dbe50000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8ea", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8ea", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "6c7d059f", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "6c7d059f", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "234fbbed", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "234fbbed", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "dbe5", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b636137643362303239383137646538663331386438666135323161643162353639663465386133373335383337333139333532326363376635363238656434397d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b636137643362303239383137646538663331386438666135323161643162353639663465386133373335383337333139333532326363376635363238656434397d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b636137643362303239383137646538663331386438666135323161643162353639663465386133373335383337333139333532326363376635363238656434397d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b636137643362303239383137646538663331386438666135323161643162353639663465386133373335383337333139333532326363376635363238656434397d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b636137643362303239383137646538663331386438666135323161643162353639663465386133373335383337333139333532326363376635363238656434397d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b636137643362303239383137646538663331386438666135323161643162353639663465386133373335383337333139333532326363376635363238656434397d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b636137643362303239383137646538663331386438666135323161643162353639663465386133373335383337333139333532326363376635363238656434397d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{ca7d3b029817de8f318d8fa521ad1b569f4e8a37358373193522cc7f5628ed49}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f9fa004000240660dc12d90139c0a826680050f8eb187004a40765f0c3501901e733a20000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b613832303638306162363434346231646166353238313139326633333761656662346161393561333133633966323730383034656637383236656363323938637d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f9fa004000240660dc12d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "fa00", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "60dc", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8eb187004a40765f0c3501901e733a20000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8eb", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8eb", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "187004a4", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "187004a4", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "0765f0c3", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "0765f0c3", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "33a2", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b613832303638306162363434346231646166353238313139326633333761656662346161393561333133633966323730383034656637383236656363323938637d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b613832303638306162363434346231646166353238313139326633333761656662346161393561333133633966323730383034656637383236656363323938637d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b613832303638306162363434346231646166353238313139326633333761656662346161393561333133633966323730383034656637383236656363323938637d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b613832303638306162363434346231646166353238313139326633333761656662346161393561333133633966323730383034656637383236656363323938637d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b613832303638306162363434346231646166353238313139326633333761656662346161393561333133633966323730383034656637383236656363323938637d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b613832303638306162363434346231646166353238313139326633333761656662346161393561333133633966323730383034656637383236656363323938637d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b613832303638306162363434346231646166353238313139326633333761656662346161393561333133633966323730383034656637383236656363323938637d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{a820680ab6444b1daf5281192f337aefb4aa95a313c9f270804ef7826ecc298c}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f9b0fc40002406a9e012d90139c0a826680050f8ece94887b5b23145e2501901e7ea670000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b393938643031646164663162343465623465633762376538666131316631316263643264376438366633663965343936366464653232643461383463613131337d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f9b0fc40002406a9e012d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "b0fc", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "a9e0", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8ece94887b5b23145e2501901e7ea670000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8ec", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8ec", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "e94887b5", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "e94887b5", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "b23145e2", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "b23145e2", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "ea67", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b393938643031646164663162343465623465633762376538666131316631316263643264376438366633663965343936366464653232643461383463613131337d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b393938643031646164663162343465623465633762376538666131316631316263643264376438366633663965343936366464653232643461383463613131337d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b393938643031646164663162343465623465633762376538666131316631316263643264376438366633663965343936366464653232643461383463613131337d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b393938643031646164663162343465623465633762376538666131316631316263643264376438366633663965343936366464653232643461383463613131337d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b393938643031646164663162343465623465633762376538666131316631316263643264376438366633663965343936366464653232643461383463613131337d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b393938643031646164663162343465623465633762376538666131316631316263643264376438366633663965343936366464653232643461383463613131337d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b393938643031646164663162343465623465633762376538666131316631316263643264376438366633663965343936366464653232643461383463613131337d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{998d01dadf1b44eb4ec7b7e8fa11f11bcd2d7d86f3f9e4966dde22d4a84ca113}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f91dfd400024063ce012d90139c0a826680050f8ed53193259ff0854f7501901e749da0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b636238666533656336356638393065326630353730633938633465646433666534313135626330353961633261666233393330306337623636663233303263347d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f91dfd400024063ce012d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "1dfd", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "3ce0", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8ed53193259ff0854f7501901e749da0000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8ed", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8ed", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "53193259", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "53193259", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "ff0854f7", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "ff0854f7", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "49da", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b636238666533656336356638393065326630353730633938633465646433666534313135626330353961633261666233393330306337623636663233303263347d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b636238666533656336356638393065326630353730633938633465646433666534313135626330353961633261666233393330306337623636663233303263347d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b636238666533656336356638393065326630353730633938633465646433666534313135626330353961633261666233393330306337623636663233303263347d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b636238666533656336356638393065326630353730633938633465646433666534313135626330353961633261666233393330306337623636663233303263347d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b636238666533656336356638393065326630353730633938633465646433666534313135626330353961633261666233393330306337623636663233303263347d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b636238666533656336356638393065326630353730633938633465646433666534313135626330353961633261666233393330306337623636663233303263347d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b636238666533656336356638393065326630353730633938633465646433666534313135626330353961633261666233393330306337623636663233303263347d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{cb8fe3ec65f890e2f0570c98c4edd3fe4115bc059ac2afb39300c7b66f2302c4}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f94c31400024060eac12d90139c0a826680050f8ee78814ae0fd1df90f501901e7a1930000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b626332616638636265306165306265666464323862313434313232393532343333353463643363376363373465383864386661636232666435653665663334647d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f94c31400024060eac12d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "4c31", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "0eac", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8ee78814ae0fd1df90f501901e7a1930000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8ee", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8ee", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "78814ae0", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "78814ae0", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "fd1df90f", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "fd1df90f", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "a193", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b626332616638636265306165306265666464323862313434313232393532343333353463643363376363373465383864386661636232666435653665663334647d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b626332616638636265306165306265666464323862313434313232393532343333353463643363376363373465383864386661636232666435653665663334647d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b626332616638636265306165306265666464323862313434313232393532343333353463643363376363373465383864386661636232666435653665663334647d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b626332616638636265306165306265666464323862313434313232393532343333353463643363376363373465383864386661636232666435653665663334647d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b626332616638636265306165306265666464323862313434313232393532343333353463643363376363373465383864386661636232666435653665663334647d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b626332616638636265306165306265666464323862313434313232393532343333353463643363376363373465383864386661636232666435653665663334647d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b626332616638636265306165306265666464323862313434313232393532343333353463643363376363373465383864386661636232666435653665663334647d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{bc2af8cbe0ae0befdd28b14412295243354cd3c7cc74e88d8facb2fd5e6ef34d}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f9692740002406f1b512d90139c0a826680050f8ef3290f214d61c8a53501901e78a250000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b303930383261303331336531366663333666383037366666383665353465383330343861383536386635633232393466656135666233626364323132653766327d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f9692740002406f1b512d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "6927", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "f1b5", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8ef3290f214d61c8a53501901e78a250000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8ef", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8ef", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "3290f214", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "3290f214", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "d61c8a53", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "d61c8a53", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "8a25", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b303930383261303331336531366663333666383037366666383665353465383330343861383536386635633232393466656135666233626364323132653766327d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b303930383261303331336531366663333666383037366666383665353465383330343861383536386635633232393466656135666233626364323132653766327d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b303930383261303331336531366663333666383037366666383665353465383330343861383536386635633232393466656135666233626364323132653766327d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b303930383261303331336531366663333666383037366666383665353465383330343861383536386635633232393466656135666233626364323132653766327d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b303930383261303331336531366663333666383037366666383665353465383330343861383536386635633232393466656135666233626364323132653766327d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b303930383261303331336531366663333666383037366666383665353465383330343861383536386635633232393466656135666233626364323132653766327d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b303930383261303331336531366663333666383037366666383665353465383330343861383536386635633232393466656135666233626364323132653766327d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{09082a0313e16fc36f8076ff86e54e83048a8568f5c2294fea5fb3bcd212e7f2}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f9140c4000240646d112d90139c0a826680050f8f08b51e1f56b17aead501901e7df980000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b323338363734366165623235383931343334396463383161383563623564653732653437393330633766313137353962346164396638363465666137623561617d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f9140c4000240646d112d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "140c", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "46d1", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8f08b51e1f56b17aead501901e7df980000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8f0", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8f0", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "8b51e1f5", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "8b51e1f5", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "6b17aead", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "6b17aead", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "df98", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b323338363734366165623235383931343334396463383161383563623564653732653437393330633766313137353962346164396638363465666137623561617d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b323338363734366165623235383931343334396463383161383563623564653732653437393330633766313137353962346164396638363465666137623561617d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b323338363734366165623235383931343334396463383161383563623564653732653437393330633766313137353962346164396638363465666137623561617d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b323338363734366165623235383931343334396463383161383563623564653732653437393330633766313137353962346164396638363465666137623561617d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b323338363734366165623235383931343334396463383161383563623564653732653437393330633766313137353962346164396638363465666137623561617d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b323338363734366165623235383931343334396463383161383563623564653732653437393330633766313137353962346164396638363465666137623561617d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b323338363734366165623235383931343334396463383161383563623564653732653437393330633766313137353962346164396638363465666137623561617d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{2386746aeb258914349dc81a85cb5de72e47930c7f11759b4ad9f864efa7b5aa}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f9da5440002406808812d90139c0a826680050f8f10ca648cd0d84a21a501901e775b30000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b313733333036643762383836343233643966373964336430643035323039383037616537623833633434353933313331393833306534653061643264326630397d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f9da5440002406808812d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "da54", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "8088", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8f10ca648cd0d84a21a501901e775b30000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8f1", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8f1", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "0ca648cd", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "0ca648cd", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "0d84a21a", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "0d84a21a", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "75b3", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b313733333036643762383836343233643966373964336430643035323039383037616537623833633434353933313331393833306534653061643264326630397d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b313733333036643762383836343233643966373964336430643035323039383037616537623833633434353933313331393833306534653061643264326630397d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b313733333036643762383836343233643966373964336430643035323039383037616537623833633434353933313331393833306534653061643264326630397d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b313733333036643762383836343233643966373964336430643035323039383037616537623833633434353933313331393833306534653061643264326630397d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b313733333036643762383836343233643966373964336430643035323039383037616537623833633434353933313331393833306534653061643264326630397d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b313733333036643762383836343233643966373964336430643035323039383037616537623833633434353933313331393833306534653061643264326630397d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b313733333036643762383836343233643966373964336430643035323039383037616537623833633434353933313331393833306534653061643264326630397d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{173306d7b886423d9f79d3d0d05209807ae7b83c445931319830e4e0ad2d2f09}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f9928140002406c85b12d90139c0a826680050f8f22b44409a8964788e501901e7714a0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b366362393865323239356262653166313566643862386235393038646533363064333836623938613063653765303430376530303162343533623035626532327d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f9928140002406c85b12d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "9281", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "c85b", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8f22b44409a8964788e501901e7714a0000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8f2", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8f2", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "2b44409a", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "2b44409a", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "8964788e", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "8964788e", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "714a", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b366362393865323239356262653166313566643862386235393038646533363064333836623938613063653765303430376530303162343533623035626532327d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b366362393865323239356262653166313566643862386235393038646533363064333836623938613063653765303430376530303162343533623035626532327d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b366362393865323239356262653166313566643862386235393038646533363064333836623938613063653765303430376530303162343533623035626532327d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b366362393865323239356262653166313566643862386235393038646533363064333836623938613063653765303430376530303162343533623035626532327d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b366362393865323239356262653166313566643862386235393038646533363064333836623938613063653765303430376530303162343533623035626532327d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b366362393865323239356262653166313566643862386235393038646533363064333836623938613063653765303430376530303162343533623035626532327d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b366362393865323239356262653166313566643862386235393038646533363064333836623938613063653765303430376530303162343533623035626532327d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{6cb98e2295bbe1f15fd8b8b5908de360d386b98a0ce7e0407e001b453b05be22}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f949e14000240610fc12d90139c0a826680050f8f3a5fce3fcdc017d71501901e7715a0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b313332653634336338666461646235346333363630373263623333393430343131666366643335353230396663316365396232303232616431636431623036307d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f949e14000240610fc12d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "49e1", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "10fc", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8f3a5fce3fcdc017d71501901e7715a0000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8f3", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8f3", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "a5fce3fc", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "a5fce3fc", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "dc017d71", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "dc017d71", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "715a", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b313332653634336338666461646235346333363630373263623333393430343131666366643335353230396663316365396232303232616431636431623036307d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b313332653634336338666461646235346333363630373263623333393430343131666366643335353230396663316365396232303232616431636431623036307d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b313332653634336338666461646235346333363630373263623333393430343131666366643335353230396663316365396232303232616431636431623036307d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b313332653634336338666461646235346333363630373263623333393430343131666366643335353230396663316365396232303232616431636431623036307d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b313332653634336338666461646235346333363630373263623333393430343131666366643335353230396663316365396232303232616431636431623036307d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b313332653634336338666461646235346333363630373263623333393430343131666366643335353230396663316365396232303232616431636431623036307d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b313332653634336338666461646235346333363630373263623333393430343131666366643335353230396663316365396232303232616431636431623036307d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{132e643c8fdadb54c366072cb33940411fcfd355209fc1ce9b2022ad1cd1b060}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f970d740002406ea0512d90139c0a826680050f8f4225982f3fbcc8128501901e72da40000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b303434666663613732663066313931623037313566663161396266663138326338313063623237383633373063626638636463313934336332653761656466367d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f970d740002406ea0512d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "70d7", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "ea05", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8f4225982f3fbcc8128501901e72da40000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8f4", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8f4", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "225982f3", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "225982f3", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "fbcc8128", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "fbcc8128", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "2da4", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b303434666663613732663066313931623037313566663161396266663138326338313063623237383633373063626638636463313934336332653761656466367d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b303434666663613732663066313931623037313566663161396266663138326338313063623237383633373063626638636463313934336332653761656466367d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b303434666663613732663066313931623037313566663161396266663138326338313063623237383633373063626638636463313934336332653761656466367d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b303434666663613732663066313931623037313566663161396266663138326338313063623237383633373063626638636463313934336332653761656466367d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b303434666663613732663066313931623037313566663161396266663138326338313063623237383633373063626638636463313934336332653761656466367d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b303434666663613732663066313931623037313566663161396266663138326338313063623237383633373063626638636463313934336332653761656466367d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b303434666663613732663066313931623037313566663161396266663138326338313063623237383633373063626638636463313934336332653761656466367d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{044ffca72f0f191b0715ff1a9bff182c810cb2786370cbf8cdc1943c2e7aedf6}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f9719b40002406e94112d90139c0a826680050f8f5451b4529f982ee6d501901e79f820000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b623237383130346332363032343432653364623430313734396333303532376438306261353630663961303263393339636234666636656131383961313430647d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f9719b40002406e94112d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "719b", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "e941", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8f5451b4529f982ee6d501901e79f820000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8f5", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8f5", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "451b4529", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "451b4529", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "f982ee6d", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "f982ee6d", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "9f82", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b623237383130346332363032343432653364623430313734396333303532376438306261353630663961303263393339636234666636656131383961313430647d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b623237383130346332363032343432653364623430313734396333303532376438306261353630663961303263393339636234666636656131383961313430647d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b623237383130346332363032343432653364623430313734396333303532376438306261353630663961303263393339636234666636656131383961313430647d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b623237383130346332363032343432653364623430313734396333303532376438306261353630663961303263393339636234666636656131383961313430647d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b623237383130346332363032343432653364623430313734396333303532376438306261353630663961303263393339636234666636656131383961313430647d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b623237383130346332363032343432653364623430313734396333303532376438306261353630663961303263393339636234666636656131383961313430647d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b623237383130346332363032343432653364623430313734396333303532376438306261353630663961303263393339636234666636656131383961313430647d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{b278104c2602442e3db401749c30527d80ba560f9a02c939cb4ff6ea189a140d}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f9b78d40002406a34f12d90139c0a826680050f8f63b59edf0d3211041501901e708b30000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b373238326530343864366433323338336236356633613033623131303132313961633733663766353338343436623738643162326233333465303938353434377d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f9b78d40002406a34f12d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "b78d", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "a34f", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8f63b59edf0d3211041501901e708b30000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8f6", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8f6", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "3b59edf0", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "3b59edf0", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "d3211041", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "d3211041", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "08b3", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b373238326530343864366433323338336236356633613033623131303132313961633733663766353338343436623738643162326233333465303938353434377d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b373238326530343864366433323338336236356633613033623131303132313961633733663766353338343436623738643162326233333465303938353434377d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b373238326530343864366433323338336236356633613033623131303132313961633733663766353338343436623738643162326233333465303938353434377d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b373238326530343864366433323338336236356633613033623131303132313961633733663766353338343436623738643162326233333465303938353434377d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b373238326530343864366433323338336236356633613033623131303132313961633733663766353338343436623738643162326233333465303938353434377d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b373238326530343864366433323338336236356633613033623131303132313961633733663766353338343436623738643162326233333465303938353434377d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b373238326530343864366433323338336236356633613033623131303132313961633733663766353338343436623738643162326233333465303938353434377d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{7282e048d6d32383b65f3a03b1101219ac73f7f538446b78d1b2b334e0985447}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f9f3dc40002406670012d90139c0a826680050f8f716802a1f1dbbbf81501901e7cb210000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b393834303663346163626630663537623363636263393233616162356136303364373066383664353037663432326439626438363536333938663533343333657d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f9f3dc40002406670012d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "f3dc", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "6700", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8f716802a1f1dbbbf81501901e7cb210000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8f7", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8f7", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "16802a1f", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "16802a1f", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "1dbbbf81", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "1dbbbf81", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "cb21", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b393834303663346163626630663537623363636263393233616162356136303364373066383664353037663432326439626438363536333938663533343333657d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b393834303663346163626630663537623363636263393233616162356136303364373066383664353037663432326439626438363536333938663533343333657d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b393834303663346163626630663537623363636263393233616162356136303364373066383664353037663432326439626438363536333938663533343333657d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b393834303663346163626630663537623363636263393233616162356136303364373066383664353037663432326439626438363536333938663533343333657d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b393834303663346163626630663537623363636263393233616162356136303364373066383664353037663432326439626438363536333938663533343333657d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b393834303663346163626630663537623363636263393233616162356136303364373066383664353037663432326439626438363536333938663533343333657d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b393834303663346163626630663537623363636263393233616162356136303364373066383664353037663432326439626438363536333938663533343333657d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{98406c4acbf0f57b3ccbc923aab5a603d70f86d507f422d9bd8656398f53433e}": "" } } } }, { "_index": "packets-2020-08-10", "_type": "doc", "_score": null, "_source": { "layers": { "frame_raw": [ "023bc61aaef502fb684ce9410800450000f9234740002406379612d90139c0a826680050f8f821ed3f3a5032a5ce501901e70a760000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343220474d540d0a0d0a7069636f4354467b336665306232373838663330643963623966373764336232373532663133633535346665376630653761323838336535376338613434623334663335363735637d", 0, 263, 0, 1 ], "frame": { "frame.section_number_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_raw": [ "", 0, 0, 0, 7 ], "frame.interface_id_tree": { "frame.interface_name_raw": [ "", 0, 0, 0, 26 ], "frame.interface_description_raw": [ "", 0, 0, 0, 26 ] }, "frame.encap_type_raw": [ "", 0, 0, 0, 13 ], "frame.time_raw": [ "", 0, 0, 0, 24 ], "frame.time_utc_raw": [ "", 0, 0, 0, 24 ], "frame.time_epoch_raw": [ "", 0, 0, 0, 24 ], "frame.offset_shift_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_raw": [ "", 0, 0, 0, 25 ], "frame.time_delta_displayed_raw": [ "", 0, 0, 0, 25 ], "frame.time_relative_raw": [ "", 0, 0, 0, 25 ], "frame.number_raw": [ "", 0, 0, 0, 7 ], "frame.len_raw": [ "", 0, 0, 0, 7 ], "frame.cap_len_raw": [ "", 0, 0, 0, 7 ], "frame.marked_raw": [ "", 0, 0, 0, 2 ], "frame.ignored_raw": [ "", 0, 0, 0, 2 ], "frame.protocols_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.name_raw": [ "", 0, 0, 0, 26 ], "frame.coloring_rule.string_raw": [ "", 0, 0, 0, 26 ] }, "eth_raw": [ "023bc61aaef502fb684ce9410800", 0, 14, 0, 1 ], "eth": { "eth.dst_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.dst_tree": { "eth.dst_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.dst.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.addr_raw": [ "023bc61aaef5", 0, 6, 0, 29 ], "eth.addr_resolved_raw": [ "023bc61aaef5", 0, 6, 0, 26 ], "eth.addr.oui_raw": [ "023bc6", 0, 3, 0, 6 ], "eth.dst.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.lg_raw": [ "1", 0, 3, 131072, 2 ], "eth.dst.ig_raw": [ "0", 0, 3, 65536, 2 ], "eth.ig_raw": [ "0", 0, 3, 65536, 2 ] }, "eth.src_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.src_tree": { "eth.src_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.src.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.addr_raw": [ "02fb684ce941", 6, 6, 0, 29 ], "eth.addr_resolved_raw": [ "02fb684ce941", 6, 6, 0, 26 ], "eth.addr.oui_raw": [ "02fb68", 6, 3, 0, 6 ], "eth.src.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.lg_raw": [ "1", 6, 3, 131072, 2 ], "eth.src.ig_raw": [ "0", 6, 3, 65536, 2 ], "eth.ig_raw": [ "0", 6, 3, 65536, 2 ] }, "eth.type_raw": [ "0800", 12, 2, 0, 5 ] }, "ip_raw": [ "450000f9234740002406379612d90139c0a82668", 14, 20, 0, 1 ], "ip": { "ip.version_raw": [ "45", 14, 1, 0, 4 ], "ip.hdr_len_raw": [ "45", 14, 1, 0, 4 ], "ip.dsfield_raw": [ "00", 15, 1, 0, 4 ], "ip.dsfield_tree": { "ip.dsfield.dscp_raw": [ "0", 15, 1, 252, 4 ], "ip.dsfield.ecn_raw": [ "0", 15, 1, 3, 4 ] }, "ip.len_raw": [ "00f9", 16, 2, 0, 5 ], "ip.id_raw": [ "2347", 18, 2, 0, 5 ], "ip.flags_raw": [ "2", 20, 1, 224, 4 ], "ip.flags_tree": { "ip.flags.rb_raw": [ "0", 20, 1, 128, 2 ], "ip.flags.df_raw": [ "1", 20, 1, 64, 2 ], "ip.flags.mf_raw": [ "0", 20, 1, 32, 2 ] }, "ip.frag_offset_raw": [ "0", 20, 2, 8191, 5 ], "ip.ttl_raw": [ "24", 22, 1, 0, 4 ], "ip.proto_raw": [ "06", 23, 1, 0, 4 ], "ip.checksum_raw": [ "3796", 24, 2, 0, 5 ], "ip.checksum.status_raw": [ "", 24, 0, 0, 4 ], "ip.src_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.addr_raw": [ "12d90139", 26, 4, 0, 32 ], "ip.src_host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.host_raw": [ "12d90139", 26, 4, 0, 26 ], "ip.dst_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.addr_raw": [ "c0a82668", 30, 4, 0, 32 ], "ip.dst_host_raw": [ "c0a82668", 30, 4, 0, 26 ], "ip.host_raw": [ "c0a82668", 30, 4, 0, 26 ] }, "tcp_raw": [ "0050f8f821ed3f3a5032a5ce501901e70a760000", 34, 20, 0, 1 ], "tcp": { "tcp.srcport_raw": [ "0050", 34, 2, 0, 5 ], "tcp.dstport_raw": [ "f8f8", 36, 2, 0, 5 ], "tcp.port_raw": [ "0050", 34, 2, 0, 5 ], "tcp.port_raw": [ "f8f8", 36, 2, 0, 5 ], "tcp.stream_raw": [ "", 34, 0, 0, 7 ], "tcp.completeness_raw": [ 0, 0, 0, 4 ], "tcp.completeness_tree": { "tcp.completeness.rst_raw": [ "0", 0, 0, 32, 2 ], "tcp.completeness.fin_raw": [ "1", 0, 0, 16, 2 ], "tcp.completeness.data_raw": [ "1", 0, 0, 8, 2 ], "tcp.completeness.ack_raw": [ "1", 0, 0, 4, 2 ], "tcp.completeness.syn-ack_raw": [ "1", 0, 0, 2, 2 ], "tcp.completeness.syn_raw": [ "1", 0, 0, 1, 2 ], "tcp.completeness.str_raw": [ "", 34, 0, 0, 26 ] }, "tcp.len_raw": [ "", 34, 0, 0, 7 ], "tcp.seq_raw": [ "21ed3f3a", 38, 4, 0, 7 ], "tcp.seq_raw_raw": [ "21ed3f3a", 38, 4, 0, 7 ], "tcp.nxtseq_raw": [ "", 34, 0, 0, 7 ], "tcp.ack_raw": [ "5032a5ce", 42, 4, 0, 7 ], "tcp.ack_raw_raw": [ "5032a5ce", 42, 4, 0, 7 ], "tcp.hdr_len_raw": [ "50", 46, 1, 0, 4 ], "tcp.flags_raw": [ "19", 46, 2, 4095, 5 ], "tcp.flags_tree": { "tcp.flags.res_raw": [ "0", 46, 1, 3584, 2 ], "tcp.flags.ae_raw": [ "0", 46, 1, 256, 2 ], "tcp.flags.cwr_raw": [ "0", 47, 1, 128, 2 ], "tcp.flags.ece_raw": [ "0", 47, 1, 64, 2 ], "tcp.flags.urg_raw": [ "0", 47, 1, 32, 2 ], "tcp.flags.ack_raw": [ "1", 47, 1, 16, 2 ], "tcp.flags.push_raw": [ "1", 47, 1, 8, 2 ], "tcp.flags.reset_raw": [ "0", 47, 1, 4, 2 ], "tcp.flags.syn_raw": [ "0", 47, 1, 2, 2 ], "tcp.flags.fin_raw": [ "1", 47, 1, 1, 2 ], "tcp.flags.fin_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } }, "tcp.flags.str_raw": [ "5019", 46, 2, 0, 26 ], "tcp.flags.str_tree": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "tcp.connection.fin_active_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] } } }, "tcp.window_size_value_raw": [ "01e7", 48, 2, 0, 5 ], "tcp.window_size_raw": [ "01e7", 48, 2, 0, 7 ], "tcp.window_size_scalefactor_raw": [ "01e7", 48, 2, 0, 15 ], "tcp.checksum_raw": [ "0a76", 50, 2, 0, 5 ], "tcp.checksum.status_raw": [ "", 50, 0, 0, 4 ], "tcp.urgent_pointer_raw": [ "0000", 52, 2, 0, 5 ], "Timestamps": { "tcp.time_relative_raw": [ "", 34, 0, 0, 25 ], "tcp.time_delta_raw": [ "", 34, 0, 0, 25 ] }, "tcp.analysis_raw": [ "", 34, 0, 0, 0 ], "tcp.analysis": { "tcp.analysis.initial_rtt_raw": [ "", 34, 0, 0, 25 ], "tcp.analysis.bytes_in_flight_raw": [ "", 34, 0, 0, 7 ], "tcp.analysis.push_bytes_sent_raw": [ "", 34, 0, 0, 7 ] }, "tcp.payload_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343220474d540d0a0d0a7069636f4354467b336665306232373838663330643963623966373764336232373532663133633535346665376630653761323838336535376338613434623334663335363735637d", 54, 209, 0, 30 ], "tcp.segment_data_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343220474d540d0a0d0a7069636f4354467b336665306232373838663330643963623966373764336232373532663133633535346665376630653761323838336535376338613434623334663335363735637d", 54, 209, 0, 30 ] }, "tcp.segments_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343220474d540d0a0d0a7069636f4354467b336665306232373838663330643963623966373764336232373532663133633535346665376630653761323838336535376338613434623334663335363735637d", 0, 226, 0, 0 ], "tcp.segments": { "tcp.segment_raw": [ "485454502f312e3020323030204f4b0d0a", 0, 17, 0, 35 ], "tcp.segment_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343220474d540d0a0d0a7069636f4354467b336665306232373838663330643963623966373764336232373532663133633535346665376630653761323838336535376338613434623334663335363735637d", 17, 209, 0, 35 ], "tcp.segment.count_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.length_raw": [ "", 0, 0, 0, 7 ], "tcp.reassembled.data_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343220474d540d0a0d0a7069636f4354467b336665306232373838663330643963623966373764336232373532663133633535346665376630653761323838336535376338613434623334663335363735637d", 0, 226, 0, 30 ] }, "http_raw": [ "485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343220474d540d0a0d0a", 0, 153, 0, 1 ], "http": { "HTTP/1.0 200 OK\\r\\n": { "_ws.expert_raw": [ 0, 0, 0, 1 ], "_ws.expert": { "http.chat_raw": [ 0, 0, 0, 0 ], "_ws.expert.message_raw": [ 0, 0, 0, 26 ], "_ws.expert.severity_raw": [ 0, 0, 0, 7 ], "_ws.expert.group_raw": [ 0, 0, 0, 7 ] }, "http.response.version_raw": [ "485454502f312e30", 0, 8, 0, 26 ], "http.response.code_raw": [ "323030", 9, 3, 0, 6 ], "http.response.code.desc_raw": [ "323030", 9, 3, 0, 26 ], "http.response.phrase_raw": [ "4f4b", 13, 2, 0, 26 ] }, "http.content_type_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.response.line_raw": [ "436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a", 17, 40, 0, 26 ], "http.content_length_header_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.content_length_header_tree": { "http.content_length_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 11 ] }, "http.response.line_raw": [ "436f6e74656e742d4c656e6774683a2037330d0a", 57, 20, 0, 26 ], "http.server_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.response.line_raw": [ "5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a", 77, 37, 0, 26 ], "http.date_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a343220474d540d0a", 114, 37, 0, 26 ], "http.response.line_raw": [ "446174653a204d6f6e2c2031302041756720323032302030313a33393a343220474d540d0a", 114, 37, 0, 26 ], "\\r\\n": "", "http.response_raw": [ "", 0, 0, 0, 2 ], "http.response_number_raw": [ "", 0, 0, 0, 7 ], "http.time_raw": [ "", 0, 0, 0, 25 ], "http.request_in_raw": [ "", 0, 0, 0, 35 ], "http.response_for.uri_raw": [ "", 0, 0, 0, 26 ], "http.file_data_raw": [ "7069636f4354467b336665306232373838663330643963623966373764336232373532663133633535346665376630653761323838336535376338613434623334663335363735637d", 153, 73, 0, 30 ] }, "data-text-lines_raw": [ "7069636f4354467b336665306232373838663330643963623966373764336232373532663133633535346665376630653761323838336535376338613434623334663335363735637d", 153, 73, 0, 1 ], "data-text-lines": { "picoCTF{3fe0b2788f30d9cb9f77d3b2752f13c554fe7f0e7a2883e57c8a44b34f35675c}": "" } } } } ]