theon-1/picoCTF
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fe0e1b2411ec13ef830ea6ea989ef19175f81b64
picoCTF/wireshark_twoo_twooo_two_twoo/out.json
Maxime Vorwerk d92d5326ac Wireshark, twoo twooo two twoo
2024-06-22 12:32:39 +02:00

101463 lines
2.3 MiB
Raw Blame History

[
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f9962040002406c4bc12d90139c0a826680050f895a37f71efbb0b06d5501901e7bd670000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a313920474d540d0a0d0a7069636f4354467b626665343865383530306334353464363437633535613434373139383565373736613037623236636261363435323637313366343337353835393961613938627d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f9962040002406c4bc12d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"9620",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"c4bc",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f895a37f71efbb0b06d5501901e7bd670000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f895",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f895",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"a37f71ef",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"a37f71ef",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"bb0b06d5",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"bb0b06d5",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"bd67",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a313920474d540d0a0d0a7069636f4354467b626665343865383530306334353464363437633535613434373139383565373736613037623236636261363435323637313366343337353835393961613938627d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a313920474d540d0a0d0a7069636f4354467b626665343865383530306334353464363437633535613434373139383565373736613037623236636261363435323637313366343337353835393961613938627d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a313920474d540d0a0d0a7069636f4354467b626665343865383530306334353464363437633535613434373139383565373736613037623236636261363435323637313366343337353835393961613938627d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a313920474d540d0a0d0a7069636f4354467b626665343865383530306334353464363437633535613434373139383565373736613037623236636261363435323637313366343337353835393961613938627d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a313920474d540d0a0d0a7069636f4354467b626665343865383530306334353464363437633535613434373139383565373736613037623236636261363435323637313366343337353835393961613938627d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a313920474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a313920474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a313920474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b626665343865383530306334353464363437633535613434373139383565373736613037623236636261363435323637313366343337353835393961613938627d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b626665343865383530306334353464363437633535613434373139383565373736613037623236636261363435323637313366343337353835393961613938627d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{bfe48e8500c454d647c55a4471985e776a07b26cba64526713f43758599aa98b}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f9456b40002406157212d90139c0a826680050f897e734dc6e38180450501901e7b6960000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323320474d540d0a0d0a7069636f4354467b626461363962646638663537306139616161623065343130386130666135663634636232366261376432323639626236336636386166356439386239383234357d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f9456b40002406157212d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"456b",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"1572",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f897e734dc6e38180450501901e7b6960000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f897",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f897",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"e734dc6e",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"e734dc6e",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"38180450",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"38180450",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"b696",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323320474d540d0a0d0a7069636f4354467b626461363962646638663537306139616161623065343130386130666135663634636232366261376432323639626236336636386166356439386239383234357d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323320474d540d0a0d0a7069636f4354467b626461363962646638663537306139616161623065343130386130666135663634636232366261376432323639626236336636386166356439386239383234357d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323320474d540d0a0d0a7069636f4354467b626461363962646638663537306139616161623065343130386130666135663634636232366261376432323639626236336636386166356439386239383234357d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323320474d540d0a0d0a7069636f4354467b626461363962646638663537306139616161623065343130386130666135663634636232366261376432323639626236336636386166356439386239383234357d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323320474d540d0a0d0a7069636f4354467b626461363962646638663537306139616161623065343130386130666135663634636232366261376432323639626236336636386166356439386239383234357d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323320474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a323320474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a323320474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b626461363962646638663537306139616161623065343130386130666135663634636232366261376432323639626236336636386166356439386239383234357d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b626461363962646638663537306139616161623065343130386130666135663634636232366261376432323639626236336636386166356439386239383234357d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{bda69bdf8f570a9aaab0e4108a0fa5f64cb26ba7d2269bb63f68af5d98b98245}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f9db97400024067f4512d90139c0a826680050f89a7783a8e6f9628b70501901e7d75d0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323420474d540d0a0d0a7069636f4354467b666538336263623663666434336433623739333932663661343233323638356636656434653761373839633263653535396366336331616236616462653334627d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f9db97400024067f4512d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"db97",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"7f45",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f89a7783a8e6f9628b70501901e7d75d0000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f89a",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f89a",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"7783a8e6",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"7783a8e6",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"f9628b70",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"f9628b70",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"d75d",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323420474d540d0a0d0a7069636f4354467b666538336263623663666434336433623739333932663661343233323638356636656434653761373839633263653535396366336331616236616462653334627d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323420474d540d0a0d0a7069636f4354467b666538336263623663666434336433623739333932663661343233323638356636656434653761373839633263653535396366336331616236616462653334627d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323420474d540d0a0d0a7069636f4354467b666538336263623663666434336433623739333932663661343233323638356636656434653761373839633263653535396366336331616236616462653334627d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323420474d540d0a0d0a7069636f4354467b666538336263623663666434336433623739333932663661343233323638356636656434653761373839633263653535396366336331616236616462653334627d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323420474d540d0a0d0a7069636f4354467b666538336263623663666434336433623739333932663661343233323638356636656434653761373839633263653535396366336331616236616462653334627d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323420474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a323420474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a323420474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b666538336263623663666434336433623739333932663661343233323638356636656434653761373839633263653535396366336331616236616462653334627d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b666538336263623663666434336433623739333932663661343233323638356636656434653761373839633263653535396366336331616236616462653334627d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{fe83bcb6cfd43d3b79392f6a4232685f6ed4e7a789c2ce559cf3c1ab6adbe34b}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f9757c40002406e56012d90139c0a826680050f89bf33f8e8da999bc6d501901e7f18b0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323420474d540d0a0d0a7069636f4354467b373131643338393364393066313030633135653130656634383432616265656433613833306638323337633132353763643437333839363436646139373831307d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f9757c40002406e56012d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"757c",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"e560",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f89bf33f8e8da999bc6d501901e7f18b0000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f89b",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f89b",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"f33f8e8d",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"f33f8e8d",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"a999bc6d",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"a999bc6d",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"f18b",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323420474d540d0a0d0a7069636f4354467b373131643338393364393066313030633135653130656634383432616265656433613833306638323337633132353763643437333839363436646139373831307d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323420474d540d0a0d0a7069636f4354467b373131643338393364393066313030633135653130656634383432616265656433613833306638323337633132353763643437333839363436646139373831307d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323420474d540d0a0d0a7069636f4354467b373131643338393364393066313030633135653130656634383432616265656433613833306638323337633132353763643437333839363436646139373831307d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323420474d540d0a0d0a7069636f4354467b373131643338393364393066313030633135653130656634383432616265656433613833306638323337633132353763643437333839363436646139373831307d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323420474d540d0a0d0a7069636f4354467b373131643338393364393066313030633135653130656634383432616265656433613833306638323337633132353763643437333839363436646139373831307d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323420474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a323420474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a323420474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b373131643338393364393066313030633135653130656634383432616265656433613833306638323337633132353763643437333839363436646139373831307d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b373131643338393364393066313030633135653130656634383432616265656433613833306638323337633132353763643437333839363436646139373831307d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{711d3893d90f100c15e10ef4842abeed3a830f8237c1257cd47389646da97810}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f9ff87400024065b5512d90139c0a826680050f89c080a9b7147b9a041501901e7daf30000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323520474d540d0a0d0a7069636f4354467b336366316532326434383966636662366262333132613334663436633836393939383965643034333430363133343333313435326431316365373363643539657d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f9ff87400024065b5512d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"ff87",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"5b55",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f89c080a9b7147b9a041501901e7daf30000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f89c",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f89c",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"080a9b71",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"080a9b71",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"47b9a041",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"47b9a041",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"daf3",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323520474d540d0a0d0a7069636f4354467b336366316532326434383966636662366262333132613334663436633836393939383965643034333430363133343333313435326431316365373363643539657d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323520474d540d0a0d0a7069636f4354467b336366316532326434383966636662366262333132613334663436633836393939383965643034333430363133343333313435326431316365373363643539657d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323520474d540d0a0d0a7069636f4354467b336366316532326434383966636662366262333132613334663436633836393939383965643034333430363133343333313435326431316365373363643539657d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323520474d540d0a0d0a7069636f4354467b336366316532326434383966636662366262333132613334663436633836393939383965643034333430363133343333313435326431316365373363643539657d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323520474d540d0a0d0a7069636f4354467b336366316532326434383966636662366262333132613334663436633836393939383965643034333430363133343333313435326431316365373363643539657d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323520474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a323520474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a323520474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b336366316532326434383966636662366262333132613334663436633836393939383965643034333430363133343333313435326431316365373363643539657d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b336366316532326434383966636662366262333132613334663436633836393939383965643034333430363133343333313435326431316365373363643539657d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{3cf1e22d489fcfb6bb312a34f46c8699989ed043406134331452d11ce73cd59e}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f9e8ba40002406722212d90139c0a826680050f89ef85f65e44ba247d7501901e738eb0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323520474d540d0a0d0a7069636f4354467b623463633133386262306637663964613765333530383565333439353535616136643030626463613362303231633166653836363363306134323263653064377d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f9e8ba40002406722212d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"e8ba",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"7222",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f89ef85f65e44ba247d7501901e738eb0000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f89e",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f89e",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"f85f65e4",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"f85f65e4",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"4ba247d7",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"4ba247d7",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"38eb",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323520474d540d0a0d0a7069636f4354467b623463633133386262306637663964613765333530383565333439353535616136643030626463613362303231633166653836363363306134323263653064377d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323520474d540d0a0d0a7069636f4354467b623463633133386262306637663964613765333530383565333439353535616136643030626463613362303231633166653836363363306134323263653064377d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323520474d540d0a0d0a7069636f4354467b623463633133386262306637663964613765333530383565333439353535616136643030626463613362303231633166653836363363306134323263653064377d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323520474d540d0a0d0a7069636f4354467b623463633133386262306637663964613765333530383565333439353535616136643030626463613362303231633166653836363363306134323263653064377d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323520474d540d0a0d0a7069636f4354467b623463633133386262306637663964613765333530383565333439353535616136643030626463613362303231633166653836363363306134323263653064377d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323520474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a323520474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a323520474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b623463633133386262306637663964613765333530383565333439353535616136643030626463613362303231633166653836363363306134323263653064377d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b623463633133386262306637663964613765333530383565333439353535616136643030626463613362303231633166653836363363306134323263653064377d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{b4cc138bb0f7f9da7e35085e349555aa6d00bdca3b021c1fe8663c0a422ce0d7}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f9f86040002406627c12d90139c0a826680050f89f8566b92c24fe8e45501901e75adb0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323620474d540d0a0d0a7069636f4354467b343162386131613739366264386432303230313666373562633562333838383965396561303630303765366232326663383536643338306662373537333133337d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f9f86040002406627c12d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"f860",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"627c",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f89f8566b92c24fe8e45501901e75adb0000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f89f",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f89f",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"8566b92c",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"8566b92c",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"24fe8e45",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"24fe8e45",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"5adb",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323620474d540d0a0d0a7069636f4354467b343162386131613739366264386432303230313666373562633562333838383965396561303630303765366232326663383536643338306662373537333133337d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323620474d540d0a0d0a7069636f4354467b343162386131613739366264386432303230313666373562633562333838383965396561303630303765366232326663383536643338306662373537333133337d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323620474d540d0a0d0a7069636f4354467b343162386131613739366264386432303230313666373562633562333838383965396561303630303765366232326663383536643338306662373537333133337d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323620474d540d0a0d0a7069636f4354467b343162386131613739366264386432303230313666373562633562333838383965396561303630303765366232326663383536643338306662373537333133337d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323620474d540d0a0d0a7069636f4354467b343162386131613739366264386432303230313666373562633562333838383965396561303630303765366232326663383536643338306662373537333133337d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323620474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a323620474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a323620474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b343162386131613739366264386432303230313666373562633562333838383965396561303630303765366232326663383536643338306662373537333133337d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b343162386131613739366264386432303230313666373562633562333838383965396561303630303765366232326663383536643338306662373537333133337d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{41b8a1a796bd8d202016f75bc5b38889e9ea06007e6b22fc856d380fb7573133}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f9242e4000240636af12d90139c0a826680050f8a06a1a7068426f8aaa501901e745180000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323620474d540d0a0d0a7069636f4354467b393831326263346265303465366639633830333135323331336462336461353362336466623739396264623035616163343666613064643030343564326663327d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f9242e4000240636af12d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"242e",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"36af",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8a06a1a7068426f8aaa501901e745180000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8a0",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8a0",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"6a1a7068",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"6a1a7068",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"426f8aaa",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"426f8aaa",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"4518",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323620474d540d0a0d0a7069636f4354467b393831326263346265303465366639633830333135323331336462336461353362336466623739396264623035616163343666613064643030343564326663327d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323620474d540d0a0d0a7069636f4354467b393831326263346265303465366639633830333135323331336462336461353362336466623739396264623035616163343666613064643030343564326663327d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323620474d540d0a0d0a7069636f4354467b393831326263346265303465366639633830333135323331336462336461353362336466623739396264623035616163343666613064643030343564326663327d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323620474d540d0a0d0a7069636f4354467b393831326263346265303465366639633830333135323331336462336461353362336466623739396264623035616163343666613064643030343564326663327d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323620474d540d0a0d0a7069636f4354467b393831326263346265303465366639633830333135323331336462336461353362336466623739396264623035616163343666613064643030343564326663327d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323620474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a323620474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a323620474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b393831326263346265303465366639633830333135323331336462336461353362336466623739396264623035616163343666613064643030343564326663327d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b393831326263346265303465366639633830333135323331336462336461353362336466623739396264623035616163343666613064643030343564326663327d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{9812bc4be04e6f9c803152313db3da53b3dfb799bdb05aac46fa0dd0045d2fc2}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f9468840002406145512d90139c0a826680050f8a11e22d9b0ae99a485501901e7a1cb0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a7069636f4354467b363463663365646533373336613334306664663239353462653531353163653533626563323931633565343863626363623434666161353239393436653234397d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f9468840002406145512d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"4688",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"1455",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8a11e22d9b0ae99a485501901e7a1cb0000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8a1",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8a1",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"1e22d9b0",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"1e22d9b0",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"ae99a485",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"ae99a485",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"a1cb",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a7069636f4354467b363463663365646533373336613334306664663239353462653531353163653533626563323931633565343863626363623434666161353239393436653234397d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a7069636f4354467b363463663365646533373336613334306664663239353462653531353163653533626563323931633565343863626363623434666161353239393436653234397d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a7069636f4354467b363463663365646533373336613334306664663239353462653531353163653533626563323931633565343863626363623434666161353239393436653234397d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a7069636f4354467b363463663365646533373336613334306664663239353462653531353163653533626563323931633565343863626363623434666161353239393436653234397d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a7069636f4354467b363463663365646533373336613334306664663239353462653531353163653533626563323931633565343863626363623434666161353239393436653234397d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b363463663365646533373336613334306664663239353462653531353163653533626563323931633565343863626363623434666161353239393436653234397d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b363463663365646533373336613334306664663239353462653531353163653533626563323931633565343863626363623434666161353239393436653234397d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{64cf3ede3736a340fdf2954be5151ce53bec291c5e48cbccb44faa529946e249}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f95a9f40002406003e12d90139c0a826680050f8a2d00ed2c2e005c4ba501901e7047b0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a7069636f4354467b633530643235396134653137326663623265646462616265656264323732343733653438383262373663396566636431326330336163303434323964383834617d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f95a9f40002406003e12d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"5a9f",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"003e",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8a2d00ed2c2e005c4ba501901e7047b0000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8a2",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8a2",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"d00ed2c2",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"d00ed2c2",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"e005c4ba",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"e005c4ba",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"047b",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a7069636f4354467b633530643235396134653137326663623265646462616265656264323732343733653438383262373663396566636431326330336163303434323964383834617d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a7069636f4354467b633530643235396134653137326663623265646462616265656264323732343733653438383262373663396566636431326330336163303434323964383834617d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a7069636f4354467b633530643235396134653137326663623265646462616265656264323732343733653438383262373663396566636431326330336163303434323964383834617d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a7069636f4354467b633530643235396134653137326663623265646462616265656264323732343733653438383262373663396566636431326330336163303434323964383834617d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a7069636f4354467b633530643235396134653137326663623265646462616265656264323732343733653438383262373663396566636431326330336163303434323964383834617d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b633530643235396134653137326663623265646462616265656264323732343733653438383262373663396566636431326330336163303434323964383834617d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b633530643235396134653137326663623265646462616265656264323732343733653438383262373663396566636431326330336163303434323964383834617d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{c50d259a4e172fcb2eddbabeebd272473e4882b76c9efcd12c03ac04429d884a}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f9c78d40002406934f12d90139c0a826680050f8a31b7ae1debdf1e7ea501901e7da3a0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a7069636f4354467b306130323462376433393630333735366665616661326262616131363033623134613939656165356463643539663164393537663531316438323263386330367d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f9c78d40002406934f12d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"c78d",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"934f",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8a31b7ae1debdf1e7ea501901e7da3a0000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8a3",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8a3",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"1b7ae1de",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"1b7ae1de",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"bdf1e7ea",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"bdf1e7ea",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"da3a",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a7069636f4354467b306130323462376433393630333735366665616661326262616131363033623134613939656165356463643539663164393537663531316438323263386330367d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a7069636f4354467b306130323462376433393630333735366665616661326262616131363033623134613939656165356463643539663164393537663531316438323263386330367d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a7069636f4354467b306130323462376433393630333735366665616661326262616131363033623134613939656165356463643539663164393537663531316438323263386330367d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a7069636f4354467b306130323462376433393630333735366665616661326262616131363033623134613939656165356463643539663164393537663531316438323263386330367d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a7069636f4354467b306130323462376433393630333735366665616661326262616131363033623134613939656165356463643539663164393537663531316438323263386330367d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a323720474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b306130323462376433393630333735366665616661326262616131363033623134613939656165356463643539663164393537663531316438323263386330367d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b306130323462376433393630333735366665616661326262616131363033623134613939656165356463643539663164393537663531316438323263386330367d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{0a024b7d39603756feafa2bbaa1603b14a99eae5dcd59f1d957f511d822c8c06}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f9d9304000240681ac12d90139c0a826680050f8a409a7286bde924d8e501901e72a380000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a7069636f4354467b393732313165656339323238626232343764373632353237626163653862336534656332313130633838333461663132616566643363353532636463323162327d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f9d9304000240681ac12d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"d930",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"81ac",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8a409a7286bde924d8e501901e72a380000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8a4",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8a4",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"09a7286b",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"09a7286b",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"de924d8e",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"de924d8e",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"2a38",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a7069636f4354467b393732313165656339323238626232343764373632353237626163653862336534656332313130633838333461663132616566643363353532636463323162327d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a7069636f4354467b393732313165656339323238626232343764373632353237626163653862336534656332313130633838333461663132616566643363353532636463323162327d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a7069636f4354467b393732313165656339323238626232343764373632353237626163653862336534656332313130633838333461663132616566643363353532636463323162327d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a7069636f4354467b393732313165656339323238626232343764373632353237626163653862336534656332313130633838333461663132616566643363353532636463323162327d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a7069636f4354467b393732313165656339323238626232343764373632353237626163653862336534656332313130633838333461663132616566643363353532636463323162327d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b393732313165656339323238626232343764373632353237626163653862336534656332313130633838333461663132616566643363353532636463323162327d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b393732313165656339323238626232343764373632353237626163653862336534656332313130633838333461663132616566643363353532636463323162327d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{97211eec9228bb247d762527bace8b3e4ec2110c8834af12aefd3c552cdc21b2}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f960c040002406fa1c12d90139c0a826680050f8a54d1606b9b78d302c501901e79b370000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a7069636f4354467b323936373939313063343764386166633733376131633231643762663735386364336438313030316264626565633863366638316136616438386664633237397d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f960c040002406fa1c12d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"60c0",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"fa1c",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8a54d1606b9b78d302c501901e79b370000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8a5",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8a5",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"4d1606b9",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"4d1606b9",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"b78d302c",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"b78d302c",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"9b37",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a7069636f4354467b323936373939313063343764386166633733376131633231643762663735386364336438313030316264626565633863366638316136616438386664633237397d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a7069636f4354467b323936373939313063343764386166633733376131633231643762663735386364336438313030316264626565633863366638316136616438386664633237397d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a7069636f4354467b323936373939313063343764386166633733376131633231643762663735386364336438313030316264626565633863366638316136616438386664633237397d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a7069636f4354467b323936373939313063343764386166633733376131633231643762663735386364336438313030316264626565633863366638316136616438386664633237397d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a7069636f4354467b323936373939313063343764386166633733376131633231643762663735386364336438313030316264626565633863366638316136616438386664633237397d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b323936373939313063343764386166633733376131633231643762663735386364336438313030316264626565633863366638316136616438386664633237397d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b323936373939313063343764386166633733376131633231643762663735386364336438313030316264626565633863366638316136616438386664633237397d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{29679910c47d8afc737a1c21d7bf758cd3d81001bdbeec8c6f81a6ad88fdc279}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f91f29400024063bb412d90139c0a826680050f8a61e0f5605499e2189501901e7e8d80000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a7069636f4354467b393936393739653935343062653066653933323065383065623633333630343766383134306138303833303730303930376239393734313331306163663038667d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f91f29400024063bb412d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"1f29",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"3bb4",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8a61e0f5605499e2189501901e7e8d80000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8a6",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8a6",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"1e0f5605",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"1e0f5605",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"499e2189",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"499e2189",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"e8d8",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a7069636f4354467b393936393739653935343062653066653933323065383065623633333630343766383134306138303833303730303930376239393734313331306163663038667d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a7069636f4354467b393936393739653935343062653066653933323065383065623633333630343766383134306138303833303730303930376239393734313331306163663038667d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a7069636f4354467b393936393739653935343062653066653933323065383065623633333630343766383134306138303833303730303930376239393734313331306163663038667d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a7069636f4354467b393936393739653935343062653066653933323065383065623633333630343766383134306138303833303730303930376239393734313331306163663038667d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a7069636f4354467b393936393739653935343062653066653933323065383065623633333630343766383134306138303833303730303930376239393734313331306163663038667d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a323820474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b393936393739653935343062653066653933323065383065623633333630343766383134306138303833303730303930376239393734313331306163663038667d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b393936393739653935343062653066653933323065383065623633333630343766383134306138303833303730303930376239393734313331306163663038667d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{996979e9540be0fe9320e80eb6336047f8140a80830700907b99741310acf08f}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f90e9a400024064c4312d90139c0a826680050f8a77d8a8d0820d36a62501901e792be0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a7069636f4354467b386232373261313863313030356339356134323064346130646634323663623834343164323965623936323130343933613936666132356163356536353761617d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f90e9a400024064c4312d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"0e9a",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"4c43",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8a77d8a8d0820d36a62501901e792be0000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8a7",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8a7",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"7d8a8d08",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"7d8a8d08",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"20d36a62",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"20d36a62",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"92be",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a7069636f4354467b386232373261313863313030356339356134323064346130646634323663623834343164323965623936323130343933613936666132356163356536353761617d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a7069636f4354467b386232373261313863313030356339356134323064346130646634323663623834343164323965623936323130343933613936666132356163356536353761617d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a7069636f4354467b386232373261313863313030356339356134323064346130646634323663623834343164323965623936323130343933613936666132356163356536353761617d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a7069636f4354467b386232373261313863313030356339356134323064346130646634323663623834343164323965623936323130343933613936666132356163356536353761617d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a7069636f4354467b386232373261313863313030356339356134323064346130646634323663623834343164323965623936323130343933613936666132356163356536353761617d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b386232373261313863313030356339356134323064346130646634323663623834343164323965623936323130343933613936666132356163356536353761617d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b386232373261313863313030356339356134323064346130646634323663623834343164323965623936323130343933613936666132356163356536353761617d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{8b272a18c1005c95a420d4a0df426cb8441d29eb96210493a96fa25ac5e657aa}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f9014e40002406598f12d90139c0a826680050f8a847aa414d362fb054501901e7234b0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a7069636f4354467b653164306137353264633731313231323030663462636231623863633265303365383434383864663232396238323139366166626530303435656630323563347d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f9014e40002406598f12d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"014e",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"598f",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8a847aa414d362fb054501901e7234b0000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8a8",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8a8",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"47aa414d",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"47aa414d",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"362fb054",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"362fb054",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"234b",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a7069636f4354467b653164306137353264633731313231323030663462636231623863633265303365383434383864663232396238323139366166626530303435656630323563347d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a7069636f4354467b653164306137353264633731313231323030663462636231623863633265303365383434383864663232396238323139366166626530303435656630323563347d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a7069636f4354467b653164306137353264633731313231323030663462636231623863633265303365383434383864663232396238323139366166626530303435656630323563347d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a7069636f4354467b653164306137353264633731313231323030663462636231623863633265303365383434383864663232396238323139366166626530303435656630323563347d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a7069636f4354467b653164306137353264633731313231323030663462636231623863633265303365383434383864663232396238323139366166626530303435656630323563347d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b653164306137353264633731313231323030663462636231623863633265303365383434383864663232396238323139366166626530303435656630323563347d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b653164306137353264633731313231323030663462636231623863633265303365383434383864663232396238323139366166626530303435656630323563347d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{e1d0a752dc71121200f4bcb1b8cc2e03e84488df229b82196afbe0045ef025c4}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f945154000240615c812d90139c0a826680050f8abf85380c4dbb33ea3501901e78e040000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a7069636f4354467b306261353131383434613261623338666530373039626364623262386264666562333761306234363664633930326539323036326462346332623366343535637d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f945154000240615c812d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"4515",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"15c8",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8abf85380c4dbb33ea3501901e78e040000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8ab",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8ab",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"f85380c4",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"f85380c4",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"dbb33ea3",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"dbb33ea3",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"8e04",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a7069636f4354467b306261353131383434613261623338666530373039626364623262386264666562333761306234363664633930326539323036326462346332623366343535637d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a7069636f4354467b306261353131383434613261623338666530373039626364623262386264666562333761306234363664633930326539323036326462346332623366343535637d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a7069636f4354467b306261353131383434613261623338666530373039626364623262386264666562333761306234363664633930326539323036326462346332623366343535637d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a7069636f4354467b306261353131383434613261623338666530373039626364623262386264666562333761306234363664633930326539323036326462346332623366343535637d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a7069636f4354467b306261353131383434613261623338666530373039626364623262386264666562333761306234363664633930326539323036326462346332623366343535637d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a323920474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b306261353131383434613261623338666530373039626364623262386264666562333761306234363664633930326539323036326462346332623366343535637d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b306261353131383434613261623338666530373039626364623262386264666562333761306234363664633930326539323036326462346332623366343535637d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{0ba511844a2ab38fe0709bcdb2b8bdfeb37a0b466dc902e92062db4c2b3f455c}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f906054000240654d812d90139c0a826680050f8acc49b650065d62775501901e7febc0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b646164646134386538353534323165313435393766666337323739343362353765666438633961313564313062666434393166303339303635393136326662317d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f906054000240654d812d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"0605",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"54d8",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8acc49b650065d62775501901e7febc0000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8ac",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8ac",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"c49b6500",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"c49b6500",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"65d62775",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"65d62775",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"febc",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b646164646134386538353534323165313435393766666337323739343362353765666438633961313564313062666434393166303339303635393136326662317d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b646164646134386538353534323165313435393766666337323739343362353765666438633961313564313062666434393166303339303635393136326662317d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b646164646134386538353534323165313435393766666337323739343362353765666438633961313564313062666434393166303339303635393136326662317d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b646164646134386538353534323165313435393766666337323739343362353765666438633961313564313062666434393166303339303635393136326662317d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b646164646134386538353534323165313435393766666337323739343362353765666438633961313564313062666434393166303339303635393136326662317d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b646164646134386538353534323165313435393766666337323739343362353765666438633961313564313062666434393166303339303635393136326662317d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b646164646134386538353534323165313435393766666337323739343362353765666438633961313564313062666434393166303339303635393136326662317d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{dadda48e855421e14597ffc727943b57efd8c9a15d10bfd491f0390659162fb1}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f949ba40002406112312d90139c0a826680050f8adefd104e8f251bead501901e78f3a0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b663464643837373935333935633734663330383366386361613465633232643135333132383135353461363030336431633437633566303337303938346162367d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f949ba40002406112312d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"49ba",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"1123",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8adefd104e8f251bead501901e78f3a0000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8ad",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8ad",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"efd104e8",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"efd104e8",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"f251bead",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"f251bead",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"8f3a",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b663464643837373935333935633734663330383366386361613465633232643135333132383135353461363030336431633437633566303337303938346162367d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b663464643837373935333935633734663330383366386361613465633232643135333132383135353461363030336431633437633566303337303938346162367d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b663464643837373935333935633734663330383366386361613465633232643135333132383135353461363030336431633437633566303337303938346162367d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b663464643837373935333935633734663330383366386361613465633232643135333132383135353461363030336431633437633566303337303938346162367d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b663464643837373935333935633734663330383366386361613465633232643135333132383135353461363030336431633437633566303337303938346162367d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b663464643837373935333935633734663330383366386361613465633232643135333132383135353461363030336431633437633566303337303938346162367d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b663464643837373935333935633734663330383366386361613465633232643135333132383135353461363030336431633437633566303337303938346162367d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{f4dd87795395c74f3083f8caa4ec22d1531281554a6003d1c47c5f0370984ab6}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f9386140002406227c12d90139c0a826680050f8ae01f32e0e1aae3767501901e719a10000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b306633306135383436383064623965373063376531633663613935346332663032336237376633666432623035626439616565653665303064633464613564377d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f9386140002406227c12d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"3861",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"227c",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8ae01f32e0e1aae3767501901e719a10000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8ae",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8ae",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"01f32e0e",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"01f32e0e",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"1aae3767",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"1aae3767",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"19a1",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b306633306135383436383064623965373063376531633663613935346332663032336237376633666432623035626439616565653665303064633464613564377d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b306633306135383436383064623965373063376531633663613935346332663032336237376633666432623035626439616565653665303064633464613564377d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b306633306135383436383064623965373063376531633663613935346332663032336237376633666432623035626439616565653665303064633464613564377d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b306633306135383436383064623965373063376531633663613935346332663032336237376633666432623035626439616565653665303064633464613564377d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b306633306135383436383064623965373063376531633663613935346332663032336237376633666432623035626439616565653665303064633464613564377d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b306633306135383436383064623965373063376531633663613935346332663032336237376633666432623035626439616565653665303064633464613564377d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b306633306135383436383064623965373063376531633663613935346332663032336237376633666432623035626439616565653665303064633464613564377d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{0f30a584680db9e70c7e1c6ca954c2f023b77f3fd2b05bd9aeee6e00dc4da5d7}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f93b0e400024061fcf12d90139c0a826680050f8af0175abaf07896c61501901e7d41a0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b373135653464306431363765383632616638383235663632643366346666386165663230343433343435613036623163363835373233393061323832356432397d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f93b0e400024061fcf12d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"3b0e",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"1fcf",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8af0175abaf07896c61501901e7d41a0000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8af",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8af",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"0175abaf",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"0175abaf",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"07896c61",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"07896c61",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"d41a",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b373135653464306431363765383632616638383235663632643366346666386165663230343433343435613036623163363835373233393061323832356432397d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b373135653464306431363765383632616638383235663632643366346666386165663230343433343435613036623163363835373233393061323832356432397d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b373135653464306431363765383632616638383235663632643366346666386165663230343433343435613036623163363835373233393061323832356432397d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b373135653464306431363765383632616638383235663632643366346666386165663230343433343435613036623163363835373233393061323832356432397d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b373135653464306431363765383632616638383235663632643366346666386165663230343433343435613036623163363835373233393061323832356432397d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b373135653464306431363765383632616638383235663632643366346666386165663230343433343435613036623163363835373233393061323832356432397d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b373135653464306431363765383632616638383235663632643366346666386165663230343433343435613036623163363835373233393061323832356432397d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{715e4d0d167e862af8825f62d3f4ff8aef20443445a06b1c68572390a2825d29}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f9ff9d400024065b3f12d90139c0a826680050f8b0b5bd71a399beca6e501901e7aabc0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b373635346565303366333135373665386564343437393966633466613565653035336433353035303030303530326538373864316662383032323631383932337d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f9ff9d400024065b3f12d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"ff9d",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"5b3f",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8b0b5bd71a399beca6e501901e7aabc0000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8b0",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8b0",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"b5bd71a3",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"b5bd71a3",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"99beca6e",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"99beca6e",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"aabc",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b373635346565303366333135373665386564343437393966633466613565653035336433353035303030303530326538373864316662383032323631383932337d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b373635346565303366333135373665386564343437393966633466613565653035336433353035303030303530326538373864316662383032323631383932337d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b373635346565303366333135373665386564343437393966633466613565653035336433353035303030303530326538373864316662383032323631383932337d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b373635346565303366333135373665386564343437393966633466613565653035336433353035303030303530326538373864316662383032323631383932337d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a7069636f4354467b373635346565303366333135373665386564343437393966633466613565653035336433353035303030303530326538373864316662383032323631383932337d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333020474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b373635346565303366333135373665386564343437393966633466613565653035336433353035303030303530326538373864316662383032323631383932337d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b373635346565303366333135373665386564343437393966633466613565653035336433353035303030303530326538373864316662383032323631383932337d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{7654ee03f31576e8ed44799fc4fa5ee053d35050000502e878d1fb8022618923}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f987f340002406d2e912d90139c0a826680050f8b196f700460abaa661501901e7b8710000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b303638363036623566616361303439316439376132623436666463613766366638316163626439303963653639313037376665373765303361336330393339617d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f987f340002406d2e912d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"87f3",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"d2e9",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8b196f700460abaa661501901e7b8710000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8b1",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8b1",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"96f70046",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"96f70046",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"0abaa661",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"0abaa661",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"b871",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b303638363036623566616361303439316439376132623436666463613766366638316163626439303963653639313037376665373765303361336330393339617d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b303638363036623566616361303439316439376132623436666463613766366638316163626439303963653639313037376665373765303361336330393339617d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b303638363036623566616361303439316439376132623436666463613766366638316163626439303963653639313037376665373765303361336330393339617d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b303638363036623566616361303439316439376132623436666463613766366638316163626439303963653639313037376665373765303361336330393339617d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b303638363036623566616361303439316439376132623436666463613766366638316163626439303963653639313037376665373765303361336330393339617d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b303638363036623566616361303439316439376132623436666463613766366638316163626439303963653639313037376665373765303361336330393339617d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b303638363036623566616361303439316439376132623436666463613766366638316163626439303963653639313037376665373765303361336330393339617d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{068606b5faca0491d97a2b46fdca7f6f81acbd909ce691077fe77e03a3c0939a}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f9479c40002406134112d90139c0a826680050f8b2a8db9e66694a14cd501901e7a4870000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b363461623638316666656433336334396235653861653035373665323238353765396131306165333063646265653431356662353134623834616135386165617d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f9479c40002406134112d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"479c",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"1341",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8b2a8db9e66694a14cd501901e7a4870000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8b2",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8b2",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"a8db9e66",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"a8db9e66",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"694a14cd",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"694a14cd",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"a487",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b363461623638316666656433336334396235653861653035373665323238353765396131306165333063646265653431356662353134623834616135386165617d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b363461623638316666656433336334396235653861653035373665323238353765396131306165333063646265653431356662353134623834616135386165617d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b363461623638316666656433336334396235653861653035373665323238353765396131306165333063646265653431356662353134623834616135386165617d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b363461623638316666656433336334396235653861653035373665323238353765396131306165333063646265653431356662353134623834616135386165617d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b363461623638316666656433336334396235653861653035373665323238353765396131306165333063646265653431356662353134623834616135386165617d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b363461623638316666656433336334396235653861653035373665323238353765396131306165333063646265653431356662353134623834616135386165617d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b363461623638316666656433336334396235653861653035373665323238353765396131306165333063646265653431356662353134623834616135386165617d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{64ab681ffed33c49b5e8ae0576e22857e9a10ae30cdbee415fb514b84aa58aea}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f98a6c40002406d07012d90139c0a826680050f8b330e86c086a839eb4501901e71aeb0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b386165333939356537323666386632633337323465326530353232663033386162613636343966616364333738643839363563363438323333643739613235327d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f98a6c40002406d07012d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"8a6c",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"d070",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8b330e86c086a839eb4501901e71aeb0000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8b3",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8b3",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"30e86c08",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"30e86c08",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"6a839eb4",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"6a839eb4",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"1aeb",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b386165333939356537323666386632633337323465326530353232663033386162613636343966616364333738643839363563363438323333643739613235327d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b386165333939356537323666386632633337323465326530353232663033386162613636343966616364333738643839363563363438323333643739613235327d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b386165333939356537323666386632633337323465326530353232663033386162613636343966616364333738643839363563363438323333643739613235327d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b386165333939356537323666386632633337323465326530353232663033386162613636343966616364333738643839363563363438323333643739613235327d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b386165333939356537323666386632633337323465326530353232663033386162613636343966616364333738643839363563363438323333643739613235327d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b386165333939356537323666386632633337323465326530353232663033386162613636343966616364333738643839363563363438323333643739613235327d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b386165333939356537323666386632633337323465326530353232663033386162613636343966616364333738643839363563363438323333643739613235327d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{8ae3995e726f8f2c3724e2e0522f038aba6649facd378d8965c648233d79a252}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f9bf2e400024069bae12d90139c0a826680050f8b4abf69686fe12f14d501901e736650000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b316331323564323637623538313163643235636361326435313765303232323730616136306633633834363166343039376336383562636361363337613661397d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f9bf2e400024069bae12d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"bf2e",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"9bae",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8b4abf69686fe12f14d501901e736650000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8b4",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8b4",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"abf69686",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"abf69686",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"fe12f14d",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"fe12f14d",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"3665",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b316331323564323637623538313163643235636361326435313765303232323730616136306633633834363166343039376336383562636361363337613661397d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b316331323564323637623538313163643235636361326435313765303232323730616136306633633834363166343039376336383562636361363337613661397d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b316331323564323637623538313163643235636361326435313765303232323730616136306633633834363166343039376336383562636361363337613661397d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b316331323564323637623538313163643235636361326435313765303232323730616136306633633834363166343039376336383562636361363337613661397d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b316331323564323637623538313163643235636361326435313765303232323730616136306633633834363166343039376336383562636361363337613661397d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b316331323564323637623538313163643235636361326435313765303232323730616136306633633834363166343039376336383562636361363337613661397d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b316331323564323637623538313163643235636361326435313765303232323730616136306633633834363166343039376336383562636361363337613661397d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{1c125d267b5811cd25cca2d517e022270aa60f3c8461f4097c685bcca637a6a9}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f94ec1400024060c1c12d90139c0a826680050f8b52792703c9e84518b501901e74a900000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b383234633239386431346531666533363964663939316166373261623037323564326537633764303562393635353438363837336363633436376634626436627d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f94ec1400024060c1c12d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"4ec1",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"0c1c",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8b52792703c9e84518b501901e74a900000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8b5",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8b5",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"2792703c",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"2792703c",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"9e84518b",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"9e84518b",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"4a90",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b383234633239386431346531666533363964663939316166373261623037323564326537633764303562393635353438363837336363633436376634626436627d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b383234633239386431346531666533363964663939316166373261623037323564326537633764303562393635353438363837336363633436376634626436627d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b383234633239386431346531666533363964663939316166373261623037323564326537633764303562393635353438363837336363633436376634626436627d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b383234633239386431346531666533363964663939316166373261623037323564326537633764303562393635353438363837336363633436376634626436627d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b383234633239386431346531666533363964663939316166373261623037323564326537633764303562393635353438363837336363633436376634626436627d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b383234633239386431346531666533363964663939316166373261623037323564326537633764303562393635353438363837336363633436376634626436627d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b383234633239386431346531666533363964663939316166373261623037323564326537633764303562393635353438363837336363633436376634626436627d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{824c298d14e1fe369df991af72ab0725d2e7c7d05b9655486873ccc467f4bd6b}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f9f8004000240662dc12d90139c0a826680050f8b6cd7e87a85d45b5e2501901e7dfb30000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b653164386464316237336435666437373034613136633932346464656536396463366266396265656631346363336131303134323730346238316630666130377d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f9f8004000240662dc12d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"f800",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"62dc",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8b6cd7e87a85d45b5e2501901e7dfb30000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8b6",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8b6",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"cd7e87a8",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"cd7e87a8",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"5d45b5e2",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"5d45b5e2",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"dfb3",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b653164386464316237336435666437373034613136633932346464656536396463366266396265656631346363336131303134323730346238316630666130377d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b653164386464316237336435666437373034613136633932346464656536396463366266396265656631346363336131303134323730346238316630666130377d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b653164386464316237336435666437373034613136633932346464656536396463366266396265656631346363336131303134323730346238316630666130377d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b653164386464316237336435666437373034613136633932346464656536396463366266396265656631346363336131303134323730346238316630666130377d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b653164386464316237336435666437373034613136633932346464656536396463366266396265656631346363336131303134323730346238316630666130377d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b653164386464316237336435666437373034613136633932346464656536396463366266396265656631346363336131303134323730346238316630666130377d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b653164386464316237336435666437373034613136633932346464656536396463366266396265656631346363336131303134323730346238316630666130377d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{e1d8dd1b73d5fd7704a16c924ddee69dc6bf9beef14cc3a10142704b81f0fa07}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f9ac9a40002406ae4212d90139c0a826680050f8b79a99b1fa0327f1a4501901e72f320000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b383264323630666530363730643535313334376231363463353431383364393936633532656265656262316363666363326332656262393132363864633934347d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f9ac9a40002406ae4212d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"ac9a",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"ae42",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8b79a99b1fa0327f1a4501901e72f320000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8b7",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8b7",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"9a99b1fa",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"9a99b1fa",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"0327f1a4",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"0327f1a4",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"2f32",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b383264323630666530363730643535313334376231363463353431383364393936633532656265656262316363666363326332656262393132363864633934347d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b383264323630666530363730643535313334376231363463353431383364393936633532656265656262316363666363326332656262393132363864633934347d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b383264323630666530363730643535313334376231363463353431383364393936633532656265656262316363666363326332656262393132363864633934347d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b383264323630666530363730643535313334376231363463353431383364393936633532656265656262316363666363326332656262393132363864633934347d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a7069636f4354467b383264323630666530363730643535313334376231363463353431383364393936633532656265656262316363666363326332656262393132363864633934347d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333120474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b383264323630666530363730643535313334376231363463353431383364393936633532656265656262316363666363326332656262393132363864633934347d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b383264323630666530363730643535313334376231363463353431383364393936633532656265656262316363666363326332656262393132363864633934347d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{82d260fe0670d551347b164c54183d996c52ebeebb1ccfcc2c2ebb91268dc944}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f957cf40002406030e12d90139c0a826680050f8b86f7af93efa7b23e3501901e707290000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b373438373666633631656263396339303266383938333937396364346332313230366336396132336630646363303831376531353064643735653434363833387d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f957cf40002406030e12d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"57cf",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"030e",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8b86f7af93efa7b23e3501901e707290000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8b8",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8b8",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"6f7af93e",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"6f7af93e",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"fa7b23e3",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"fa7b23e3",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"0729",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b373438373666633631656263396339303266383938333937396364346332313230366336396132336630646363303831376531353064643735653434363833387d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b373438373666633631656263396339303266383938333937396364346332313230366336396132336630646363303831376531353064643735653434363833387d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b373438373666633631656263396339303266383938333937396364346332313230366336396132336630646363303831376531353064643735653434363833387d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b373438373666633631656263396339303266383938333937396364346332313230366336396132336630646363303831376531353064643735653434363833387d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b373438373666633631656263396339303266383938333937396364346332313230366336396132336630646363303831376531353064643735653434363833387d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b373438373666633631656263396339303266383938333937396364346332313230366336396132336630646363303831376531353064643735653434363833387d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b373438373666633631656263396339303266383938333937396364346332313230366336396132336630646363303831376531353064643735653434363833387d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{74876fc61ebc9c902f8983979cd4c21206c69a23f0dcc0817e150dd75e446838}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f9512c4000240609b112d90139c0a826680050f8b9700b2adfd2733892501901e7fefc0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b343963353264316633303937336639303731366262636265333633336531316366373062396133316564373835383731636362383034373333303261353964627d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f9512c4000240609b112d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"512c",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"09b1",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8b9700b2adfd2733892501901e7fefc0000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8b9",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8b9",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"700b2adf",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"700b2adf",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"d2733892",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"d2733892",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"fefc",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b343963353264316633303937336639303731366262636265333633336531316366373062396133316564373835383731636362383034373333303261353964627d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b343963353264316633303937336639303731366262636265333633336531316366373062396133316564373835383731636362383034373333303261353964627d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b343963353264316633303937336639303731366262636265333633336531316366373062396133316564373835383731636362383034373333303261353964627d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b343963353264316633303937336639303731366262636265333633336531316366373062396133316564373835383731636362383034373333303261353964627d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b343963353264316633303937336639303731366262636265333633336531316366373062396133316564373835383731636362383034373333303261353964627d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b343963353264316633303937336639303731366262636265333633336531316366373062396133316564373835383731636362383034373333303261353964627d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b343963353264316633303937336639303731366262636265333633336531316366373062396133316564373835383731636362383034373333303261353964627d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{49c52d1f30973f90716bbcbe3633e11cf70b9a31ed785871ccb80473302a59db}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f937a540002406233812d90139c0a826680050f8bae5781a5000d464ef501901e7afcc0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b383964393364626239366133383537616338376261306365613363313061396534633762333464373962326564623436336365663033306433343239376264307d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f937a540002406233812d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"37a5",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"2338",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8bae5781a5000d464ef501901e7afcc0000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8ba",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8ba",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"e5781a50",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"e5781a50",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"00d464ef",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"00d464ef",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"afcc",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b383964393364626239366133383537616338376261306365613363313061396534633762333464373962326564623436336365663033306433343239376264307d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b383964393364626239366133383537616338376261306365613363313061396534633762333464373962326564623436336365663033306433343239376264307d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b383964393364626239366133383537616338376261306365613363313061396534633762333464373962326564623436336365663033306433343239376264307d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b383964393364626239366133383537616338376261306365613363313061396534633762333464373962326564623436336365663033306433343239376264307d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b383964393364626239366133383537616338376261306365613363313061396534633762333464373962326564623436336365663033306433343239376264307d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b383964393364626239366133383537616338376261306365613363313061396534633762333464373962326564623436336365663033306433343239376264307d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b383964393364626239366133383537616338376261306365613363313061396534633762333464373962326564623436336365663033306433343239376264307d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{89d93dbb96a3857ac87ba0cea3c10a9e4c7b34d79b2edb463cef030d34297bd0}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f955174000240605c612d90139c0a826680050f8bb04c368b6ee43c62c501901e72cc20000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b356365616364636535346331336133666464666366623232356130303234373330346662623135663239663963393034333433383366323737353637393932647d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f955174000240605c612d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"5517",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"05c6",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8bb04c368b6ee43c62c501901e72cc20000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8bb",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8bb",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"04c368b6",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"04c368b6",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"ee43c62c",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"ee43c62c",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"2cc2",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b356365616364636535346331336133666464666366623232356130303234373330346662623135663239663963393034333433383366323737353637393932647d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b356365616364636535346331336133666464666366623232356130303234373330346662623135663239663963393034333433383366323737353637393932647d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b356365616364636535346331336133666464666366623232356130303234373330346662623135663239663963393034333433383366323737353637393932647d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b356365616364636535346331336133666464666366623232356130303234373330346662623135663239663963393034333433383366323737353637393932647d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b356365616364636535346331336133666464666366623232356130303234373330346662623135663239663963393034333433383366323737353637393932647d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b356365616364636535346331336133666464666366623232356130303234373330346662623135663239663963393034333433383366323737353637393932647d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b356365616364636535346331336133666464666366623232356130303234373330346662623135663239663963393034333433383366323737353637393932647d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{5ceacdce54c13a3fddfcfb225a00247304fbb15f29f9c90434383f277567992d}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f92cc8400024062e1512d90139c0a826680050f8bc798e28b7aa17e0b1501901e71ca20000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b633232613430613433656437303334626439333538303566353936303361343664336131663264366238653331323831656230373231353937623663366436327d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f92cc8400024062e1512d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"2cc8",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"2e15",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8bc798e28b7aa17e0b1501901e71ca20000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8bc",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8bc",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"798e28b7",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"798e28b7",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"aa17e0b1",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"aa17e0b1",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"1ca2",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b633232613430613433656437303334626439333538303566353936303361343664336131663264366238653331323831656230373231353937623663366436327d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b633232613430613433656437303334626439333538303566353936303361343664336131663264366238653331323831656230373231353937623663366436327d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b633232613430613433656437303334626439333538303566353936303361343664336131663264366238653331323831656230373231353937623663366436327d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b633232613430613433656437303334626439333538303566353936303361343664336131663264366238653331323831656230373231353937623663366436327d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b633232613430613433656437303334626439333538303566353936303361343664336131663264366238653331323831656230373231353937623663366436327d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b633232613430613433656437303334626439333538303566353936303361343664336131663264366238653331323831656230373231353937623663366436327d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b633232613430613433656437303334626439333538303566353936303361343664336131663264366238653331323831656230373231353937623663366436327d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{c22a40a43ed7034bd935805f59603a46d3a1f2d6b8e31281eb0721597b6c6d62}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f9c9244000240691b812d90139c0a826680050f8bdb986ccb13052a39f501901e735530000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b363037316263613564613036643466393735613532333537636461306364366630363134373837633163373062316237653161663263376662323732643238317d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f9c9244000240691b812d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"c924",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"91b8",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8bdb986ccb13052a39f501901e735530000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8bd",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8bd",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"b986ccb1",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"b986ccb1",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"3052a39f",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"3052a39f",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"3553",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b363037316263613564613036643466393735613532333537636461306364366630363134373837633163373062316237653161663263376662323732643238317d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b363037316263613564613036643466393735613532333537636461306364366630363134373837633163373062316237653161663263376662323732643238317d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b363037316263613564613036643466393735613532333537636461306364366630363134373837633163373062316237653161663263376662323732643238317d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b363037316263613564613036643466393735613532333537636461306364366630363134373837633163373062316237653161663263376662323732643238317d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a7069636f4354467b363037316263613564613036643466393735613532333537636461306364366630363134373837633163373062316237653161663263376662323732643238317d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333220474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b363037316263613564613036643466393735613532333537636461306364366630363134373837633163373062316237653161663263376662323732643238317d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b363037316263613564613036643466393735613532333537636461306364366630363134373837633163373062316237653161663263376662323732643238317d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{6071bca5da06d4f975a52357cda0cd6f0614787c1c70b1b7e1af2c7fb272d281}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f929154000240631c812d90139c0a826680050f8be4308359bce0353d1501901e7e2710000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b363561386231343166303139353036666565613338613131393938386164363435626361623161356661383639336566646632366531666433636234346234637d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f929154000240631c812d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"2915",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"31c8",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8be4308359bce0353d1501901e7e2710000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8be",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8be",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"4308359b",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"4308359b",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"ce0353d1",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"ce0353d1",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"e271",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b363561386231343166303139353036666565613338613131393938386164363435626361623161356661383639336566646632366531666433636234346234637d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b363561386231343166303139353036666565613338613131393938386164363435626361623161356661383639336566646632366531666433636234346234637d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b363561386231343166303139353036666565613338613131393938386164363435626361623161356661383639336566646632366531666433636234346234637d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b363561386231343166303139353036666565613338613131393938386164363435626361623161356661383639336566646632366531666433636234346234637d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b363561386231343166303139353036666565613338613131393938386164363435626361623161356661383639336566646632366531666433636234346234637d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b363561386231343166303139353036666565613338613131393938386164363435626361623161356661383639336566646632366531666433636234346234637d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b363561386231343166303139353036666565613338613131393938386164363435626361623161356661383639336566646632366531666433636234346234637d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{65a8b141f019506feea38a119988ad645bcab1a5fa8693efdf26e1fd3cb44b4c}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f928c840002406321512d90139c0a826680050f8bf651357c8536981dd501901e7ea150000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b643766356362373861383935643338303536303135323262393564353939636236643236383963366138353665336662656536616163326663613063323066337d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f928c840002406321512d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"28c8",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"3215",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8bf651357c8536981dd501901e7ea150000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8bf",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8bf",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"651357c8",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"651357c8",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"536981dd",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"536981dd",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"ea15",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b643766356362373861383935643338303536303135323262393564353939636236643236383963366138353665336662656536616163326663613063323066337d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b643766356362373861383935643338303536303135323262393564353939636236643236383963366138353665336662656536616163326663613063323066337d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b643766356362373861383935643338303536303135323262393564353939636236643236383963366138353665336662656536616163326663613063323066337d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b643766356362373861383935643338303536303135323262393564353939636236643236383963366138353665336662656536616163326663613063323066337d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b643766356362373861383935643338303536303135323262393564353939636236643236383963366138353665336662656536616163326663613063323066337d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b643766356362373861383935643338303536303135323262393564353939636236643236383963366138353665336662656536616163326663613063323066337d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b643766356362373861383935643338303536303135323262393564353939636236643236383963366138353665336662656536616163326663613063323066337d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{d7f5cb78a895d3805601522b95d599cb6d2689c6a856e3fbee6aac2fca0c20f3}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f9158b40002406455212d90139c0a826680050f8c01b4a0fccdb119477501901e752220000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b373339626230663061613137333331383139613065393432643337626665653735376338643963643038396364666533323530393032376239323438353231337d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f9158b40002406455212d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"158b",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"4552",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8c01b4a0fccdb119477501901e752220000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8c0",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8c0",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"1b4a0fcc",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"1b4a0fcc",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"db119477",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"db119477",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"5222",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b373339626230663061613137333331383139613065393432643337626665653735376338643963643038396364666533323530393032376239323438353231337d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b373339626230663061613137333331383139613065393432643337626665653735376338643963643038396364666533323530393032376239323438353231337d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b373339626230663061613137333331383139613065393432643337626665653735376338643963643038396364666533323530393032376239323438353231337d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b373339626230663061613137333331383139613065393432643337626665653735376338643963643038396364666533323530393032376239323438353231337d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b373339626230663061613137333331383139613065393432643337626665653735376338643963643038396364666533323530393032376239323438353231337d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b373339626230663061613137333331383139613065393432643337626665653735376338643963643038396364666533323530393032376239323438353231337d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b373339626230663061613137333331383139613065393432643337626665653735376338643963643038396364666533323530393032376239323438353231337d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{739bb0f0aa17331819a0e942d37bfee757c8d9cd089cdfe32509027b92485213}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f98c9d40002406ce3f12d90139c0a826680050f8c13e524d70781a4ba5501901e781710000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b376138393165326334616430646133373462633135616437616430656530383130373764643337366630363135323738316637383063323031363931373133647d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f98c9d40002406ce3f12d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"8c9d",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"ce3f",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8c13e524d70781a4ba5501901e781710000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8c1",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8c1",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"3e524d70",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"3e524d70",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"781a4ba5",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"781a4ba5",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"8171",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b376138393165326334616430646133373462633135616437616430656530383130373764643337366630363135323738316637383063323031363931373133647d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b376138393165326334616430646133373462633135616437616430656530383130373764643337366630363135323738316637383063323031363931373133647d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b376138393165326334616430646133373462633135616437616430656530383130373764643337366630363135323738316637383063323031363931373133647d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b376138393165326334616430646133373462633135616437616430656530383130373764643337366630363135323738316637383063323031363931373133647d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b376138393165326334616430646133373462633135616437616430656530383130373764643337366630363135323738316637383063323031363931373133647d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b376138393165326334616430646133373462633135616437616430656530383130373764643337366630363135323738316637383063323031363931373133647d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b376138393165326334616430646133373462633135616437616430656530383130373764643337366630363135323738316637383063323031363931373133647d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{7a891e2c4ad0da374bc15ad7ad0ee081077dd376f06152781f780c201691713d}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f9857f40002406d55d12d90139c0a826680050f8c2123316bc3217c507501901e784e80000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b613937643365653934333232313838386264313135373432396534613030656435653939303561363130653634363634663765333663376635653061346566397d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f9857f40002406d55d12d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"857f",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"d55d",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8c2123316bc3217c507501901e784e80000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8c2",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8c2",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"123316bc",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"123316bc",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"3217c507",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"3217c507",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"84e8",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b613937643365653934333232313838386264313135373432396534613030656435653939303561363130653634363634663765333663376635653061346566397d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b613937643365653934333232313838386264313135373432396534613030656435653939303561363130653634363634663765333663376635653061346566397d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b613937643365653934333232313838386264313135373432396534613030656435653939303561363130653634363634663765333663376635653061346566397d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b613937643365653934333232313838386264313135373432396534613030656435653939303561363130653634363634663765333663376635653061346566397d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b613937643365653934333232313838386264313135373432396534613030656435653939303561363130653634363634663765333663376635653061346566397d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b613937643365653934333232313838386264313135373432396534613030656435653939303561363130653634363634663765333663376635653061346566397d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b613937643365653934333232313838386264313135373432396534613030656435653939303561363130653634363634663765333663376635653061346566397d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{a97d3ee943221888bd1157429e4a00ed5e9905a610e64664f7e36c7f5e0a4ef9}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f9462c4000240614b112d90139c0a826680050f8c498406c8c9ceac887501901e7c8e60000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b633338643264373464633231626262326533613935623532653233353465653532333337396366653466386233343863396335623564376264376362383731627d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f9462c4000240614b112d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"462c",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"14b1",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8c498406c8c9ceac887501901e7c8e60000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8c4",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8c4",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"98406c8c",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"98406c8c",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"9ceac887",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"9ceac887",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"c8e6",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b633338643264373464633231626262326533613935623532653233353465653532333337396366653466386233343863396335623564376264376362383731627d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b633338643264373464633231626262326533613935623532653233353465653532333337396366653466386233343863396335623564376264376362383731627d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b633338643264373464633231626262326533613935623532653233353465653532333337396366653466386233343863396335623564376264376362383731627d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b633338643264373464633231626262326533613935623532653233353465653532333337396366653466386233343863396335623564376264376362383731627d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b633338643264373464633231626262326533613935623532653233353465653532333337396366653466386233343863396335623564376264376362383731627d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b633338643264373464633231626262326533613935623532653233353465653532333337396366653466386233343863396335623564376264376362383731627d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b633338643264373464633231626262326533613935623532653233353465653532333337396366653466386233343863396335623564376264376362383731627d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{c38d2d74dc21bbb2e3a95b52e2354ee523379cfe4f8b348c9c5b5d7bd7cb871b}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f949d340002406110a12d90139c0a826680050f8c6c2e05ac7f7c237a7501901e75cbc0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b653464633838366333396135336666313138626632393034313036376364653438646365626238396233646165363161386162613631383764363731393939617d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f949d340002406110a12d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"49d3",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"110a",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8c6c2e05ac7f7c237a7501901e75cbc0000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8c6",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8c6",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"c2e05ac7",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"c2e05ac7",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"f7c237a7",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"f7c237a7",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"5cbc",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b653464633838366333396135336666313138626632393034313036376364653438646365626238396233646165363161386162613631383764363731393939617d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b653464633838366333396135336666313138626632393034313036376364653438646365626238396233646165363161386162613631383764363731393939617d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b653464633838366333396135336666313138626632393034313036376364653438646365626238396233646165363161386162613631383764363731393939617d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b653464633838366333396135336666313138626632393034313036376364653438646365626238396233646165363161386162613631383764363731393939617d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a7069636f4354467b653464633838366333396135336666313138626632393034313036376364653438646365626238396233646165363161386162613631383764363731393939617d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333320474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b653464633838366333396135336666313138626632393034313036376364653438646365626238396233646165363161386162613631383764363731393939617d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b653464633838366333396135336666313138626632393034313036376364653438646365626238396233646165363161386162613631383764363731393939617d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{e4dc886c39a53ff118bf29041067cde48dcebb89b3dae61a8aba6187d671999a}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f97e2240002406dcba12d90139c0a826680050f8c739495583aa1f28c2501901e71d980000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b396662643064313861613161626664323839626139373761653433353462383231636337343539313236303838396166626131623062366537373633616133317d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f97e2240002406dcba12d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"7e22",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"dcba",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8c739495583aa1f28c2501901e71d980000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8c7",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8c7",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"39495583",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"39495583",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"aa1f28c2",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"aa1f28c2",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"1d98",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b396662643064313861613161626664323839626139373761653433353462383231636337343539313236303838396166626131623062366537373633616133317d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b396662643064313861613161626664323839626139373761653433353462383231636337343539313236303838396166626131623062366537373633616133317d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b396662643064313861613161626664323839626139373761653433353462383231636337343539313236303838396166626131623062366537373633616133317d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b396662643064313861613161626664323839626139373761653433353462383231636337343539313236303838396166626131623062366537373633616133317d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b396662643064313861613161626664323839626139373761653433353462383231636337343539313236303838396166626131623062366537373633616133317d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b396662643064313861613161626664323839626139373761653433353462383231636337343539313236303838396166626131623062366537373633616133317d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b396662643064313861613161626664323839626139373761653433353462383231636337343539313236303838396166626131623062366537373633616133317d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{9fbd0d18aa1abfd289ba977ae4354b821cc74591260889afba1b0b6e7763aa31}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f9bfe1400024069afb12d90139c0a826680050f8c855cd3a102cd742ab501901e7e1470000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b336663303830316263643336333336613263303330633665356634353266353739356265316435363265303034313133363566623634633661326636383865667d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f9bfe1400024069afb12d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"bfe1",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"9afb",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8c855cd3a102cd742ab501901e7e1470000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8c8",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8c8",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"55cd3a10",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"55cd3a10",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"2cd742ab",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"2cd742ab",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"e147",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b336663303830316263643336333336613263303330633665356634353266353739356265316435363265303034313133363566623634633661326636383865667d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b336663303830316263643336333336613263303330633665356634353266353739356265316435363265303034313133363566623634633661326636383865667d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b336663303830316263643336333336613263303330633665356634353266353739356265316435363265303034313133363566623634633661326636383865667d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b336663303830316263643336333336613263303330633665356634353266353739356265316435363265303034313133363566623634633661326636383865667d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b336663303830316263643336333336613263303330633665356634353266353739356265316435363265303034313133363566623634633661326636383865667d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b336663303830316263643336333336613263303330633665356634353266353739356265316435363265303034313133363566623634633661326636383865667d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b336663303830316263643336333336613263303330633665356634353266353739356265316435363265303034313133363566623634633661326636383865667d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{3fc0801bcd36336a2c030c6e5f452f5795be1d562e00411365fb64c6a2f688ef}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f9513d4000240609a012d90139c0a826680050f8c95b366a057d9e7d8b501901e7013e0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b346161383636343365623264646235373039373235333434636430653633653663353265333563326536346133396633613461306565376262643564336164657d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f9513d4000240609a012d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"513d",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"09a0",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8c95b366a057d9e7d8b501901e7013e0000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8c9",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8c9",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"5b366a05",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"5b366a05",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"7d9e7d8b",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"7d9e7d8b",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"013e",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b346161383636343365623264646235373039373235333434636430653633653663353265333563326536346133396633613461306565376262643564336164657d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b346161383636343365623264646235373039373235333434636430653633653663353265333563326536346133396633613461306565376262643564336164657d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b346161383636343365623264646235373039373235333434636430653633653663353265333563326536346133396633613461306565376262643564336164657d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b346161383636343365623264646235373039373235333434636430653633653663353265333563326536346133396633613461306565376262643564336164657d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b346161383636343365623264646235373039373235333434636430653633653663353265333563326536346133396633613461306565376262643564336164657d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b346161383636343365623264646235373039373235333434636430653633653663353265333563326536346133396633613461306565376262643564336164657d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b346161383636343365623264646235373039373235333434636430653633653663353265333563326536346133396633613461306565376262643564336164657d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{4aa86643eb2ddb5709725344cd0e63e6c52e35c2e64a39f3a4a0ee7bbd5d3ade}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f9a24e40002406b88e12d90139c0a826680050f8caf0302c165ae25ddc501901e7de290000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b346166386466343135643137653664663939613565666464656263623333613638633063386266323664343831656564313662356637373637353033306437667d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f9a24e40002406b88e12d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"a24e",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"b88e",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8caf0302c165ae25ddc501901e7de290000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8ca",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8ca",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"f0302c16",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"f0302c16",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"5ae25ddc",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"5ae25ddc",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"de29",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b346166386466343135643137653664663939613565666464656263623333613638633063386266323664343831656564313662356637373637353033306437667d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b346166386466343135643137653664663939613565666464656263623333613638633063386266323664343831656564313662356637373637353033306437667d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b346166386466343135643137653664663939613565666464656263623333613638633063386266323664343831656564313662356637373637353033306437667d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b346166386466343135643137653664663939613565666464656263623333613638633063386266323664343831656564313662356637373637353033306437667d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b346166386466343135643137653664663939613565666464656263623333613638633063386266323664343831656564313662356637373637353033306437667d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b346166386466343135643137653664663939613565666464656263623333613638633063386266323664343831656564313662356637373637353033306437667d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b346166386466343135643137653664663939613565666464656263623333613638633063386266323664343831656564313662356637373637353033306437667d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{4af8df415d17e6df99a5efddebcb33a68c0c8bf26d481eed16b5f77675030d7f}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f90f37400024064ba612d90139c0a826680050f8cb0c7fc36f5cce81a5501901e76bab0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b653466353261306432613932343930366163313032613332633532616239313238626639636436653532393435313861643365643637343866383533623061627d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f90f37400024064ba612d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"0f37",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"4ba6",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8cb0c7fc36f5cce81a5501901e76bab0000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8cb",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8cb",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"0c7fc36f",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"0c7fc36f",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"5cce81a5",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"5cce81a5",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"6bab",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b653466353261306432613932343930366163313032613332633532616239313238626639636436653532393435313861643365643637343866383533623061627d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b653466353261306432613932343930366163313032613332633532616239313238626639636436653532393435313861643365643637343866383533623061627d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b653466353261306432613932343930366163313032613332633532616239313238626639636436653532393435313861643365643637343866383533623061627d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b653466353261306432613932343930366163313032613332633532616239313238626639636436653532393435313861643365643637343866383533623061627d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b653466353261306432613932343930366163313032613332633532616239313238626639636436653532393435313861643365643637343866383533623061627d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b653466353261306432613932343930366163313032613332633532616239313238626639636436653532393435313861643365643637343866383533623061627d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b653466353261306432613932343930366163313032613332633532616239313238626639636436653532393435313861643365643637343866383533623061627d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{e4f52a0d2a924906ac102a32c52ab9128bf9cd6e5294518ad3ed6748f853b0ab}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f9781340002406e2c912d90139c0a826680050f8cc4caf6692e2c14d63501901e79acd0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b636331303465373461396635303136346565353635326431363865663338613231623761326435653331393630363265363639653361323730356631613064337d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f9781340002406e2c912d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"7813",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"e2c9",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8cc4caf6692e2c14d63501901e79acd0000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8cc",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8cc",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"4caf6692",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"4caf6692",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"e2c14d63",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"e2c14d63",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"9acd",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b636331303465373461396635303136346565353635326431363865663338613231623761326435653331393630363265363639653361323730356631613064337d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b636331303465373461396635303136346565353635326431363865663338613231623761326435653331393630363265363639653361323730356631613064337d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b636331303465373461396635303136346565353635326431363865663338613231623761326435653331393630363265363639653361323730356631613064337d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b636331303465373461396635303136346565353635326431363865663338613231623761326435653331393630363265363639653361323730356631613064337d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a7069636f4354467b636331303465373461396635303136346565353635326431363865663338613231623761326435653331393630363265363639653361323730356631613064337d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333420474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b636331303465373461396635303136346565353635326431363865663338613231623761326435653331393630363265363639653361323730356631613064337d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b636331303465373461396635303136346565353635326431363865663338613231623761326435653331393630363265363639653361323730356631613064337d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{cc104e74a9f50164ee5652d168ef38a21b7a2d5e3196062e669e3a2705f1a0d3}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f9ef89400024066b5312d90139c0a826680050f8cd979b53903e5e7233501901e754580000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b326161633632306230626464326536393436643632633564323332636133326261316635613964386563383263303630373738623534666665623866626431667d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f9ef89400024066b5312d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"ef89",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"6b53",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8cd979b53903e5e7233501901e754580000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8cd",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8cd",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"979b5390",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"979b5390",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"3e5e7233",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"3e5e7233",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"5458",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b326161633632306230626464326536393436643632633564323332636133326261316635613964386563383263303630373738623534666665623866626431667d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b326161633632306230626464326536393436643632633564323332636133326261316635613964386563383263303630373738623534666665623866626431667d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b326161633632306230626464326536393436643632633564323332636133326261316635613964386563383263303630373738623534666665623866626431667d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b326161633632306230626464326536393436643632633564323332636133326261316635613964386563383263303630373738623534666665623866626431667d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b326161633632306230626464326536393436643632633564323332636133326261316635613964386563383263303630373738623534666665623866626431667d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b326161633632306230626464326536393436643632633564323332636133326261316635613964386563383263303630373738623534666665623866626431667d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b326161633632306230626464326536393436643632633564323332636133326261316635613964386563383263303630373738623534666665623866626431667d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{2aac620b0bdd2e6946d62c5d232ca32ba1f5a9d8ec82c060778b54ffeb8fbd1f}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f9a61740002406b4c512d90139c0a826680050f8cf2ff742ad388c5f6b501901e7c48b0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b346535356265303731353964656632303761666331343239353466353637336130363531643566333266356634303930666237373464393630363238653335327d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f9a61740002406b4c512d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"a617",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"b4c5",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8cf2ff742ad388c5f6b501901e7c48b0000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8cf",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8cf",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"2ff742ad",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"2ff742ad",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"388c5f6b",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"388c5f6b",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"c48b",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b346535356265303731353964656632303761666331343239353466353637336130363531643566333266356634303930666237373464393630363238653335327d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b346535356265303731353964656632303761666331343239353466353637336130363531643566333266356634303930666237373464393630363238653335327d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b346535356265303731353964656632303761666331343239353466353637336130363531643566333266356634303930666237373464393630363238653335327d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b346535356265303731353964656632303761666331343239353466353637336130363531643566333266356634303930666237373464393630363238653335327d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b346535356265303731353964656632303761666331343239353466353637336130363531643566333266356634303930666237373464393630363238653335327d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b346535356265303731353964656632303761666331343239353466353637336130363531643566333266356634303930666237373464393630363238653335327d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b346535356265303731353964656632303761666331343239353466353637336130363531643566333266356634303930666237373464393630363238653335327d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{4e55be07159def207afc142954f5673a0651d5f32f5f4090fb774d960628e352}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f963a040002406f73c12d90139c0a826680050f8d08b76a989c5a85cf7501901e75bdc0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b393833653565323730336131333261343934373965343338626662613135656535643032333435623033643431306238313633623638353937333933376461377d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f963a040002406f73c12d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"63a0",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"f73c",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8d08b76a989c5a85cf7501901e75bdc0000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8d0",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8d0",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"8b76a989",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"8b76a989",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"c5a85cf7",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"c5a85cf7",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"5bdc",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b393833653565323730336131333261343934373965343338626662613135656535643032333435623033643431306238313633623638353937333933376461377d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b393833653565323730336131333261343934373965343338626662613135656535643032333435623033643431306238313633623638353937333933376461377d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b393833653565323730336131333261343934373965343338626662613135656535643032333435623033643431306238313633623638353937333933376461377d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b393833653565323730336131333261343934373965343338626662613135656535643032333435623033643431306238313633623638353937333933376461377d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b393833653565323730336131333261343934373965343338626662613135656535643032333435623033643431306238313633623638353937333933376461377d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b393833653565323730336131333261343934373965343338626662613135656535643032333435623033643431306238313633623638353937333933376461377d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b393833653565323730336131333261343934373965343338626662613135656535643032333435623033643431306238313633623638353937333933376461377d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{983e5e2703a132a49479e438bfba15ee5d02345b03d410b8163b685973937da7}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f9dda6400024067d3612d90139c0a826680050f8d16af577461f44f08f501901e7e9f80000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b643334326134366538313739646539393431373230633565306565616330643066616539643330313464326464636635333161373836356139393762303065357d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f9dda6400024067d3612d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"dda6",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"7d36",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8d16af577461f44f08f501901e7e9f80000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8d1",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8d1",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"6af57746",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"6af57746",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"1f44f08f",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"1f44f08f",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"e9f8",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b643334326134366538313739646539393431373230633565306565616330643066616539643330313464326464636635333161373836356139393762303065357d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b643334326134366538313739646539393431373230633565306565616330643066616539643330313464326464636635333161373836356139393762303065357d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b643334326134366538313739646539393431373230633565306565616330643066616539643330313464326464636635333161373836356139393762303065357d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b643334326134366538313739646539393431373230633565306565616330643066616539643330313464326464636635333161373836356139393762303065357d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b643334326134366538313739646539393431373230633565306565616330643066616539643330313464326464636635333161373836356139393762303065357d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b643334326134366538313739646539393431373230633565306565616330643066616539643330313464326464636635333161373836356139393762303065357d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b643334326134366538313739646539393431373230633565306565616330643066616539643330313464326464636635333161373836356139393762303065357d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{d342a46e8179de9941720c5e0eeac0d0fae9d3014d2ddcf531a7865a997b00e5}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f95aca40002406001312d90139c0a826680050f8d2247d4c203a8f7dce501901e7029b0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b323133333930346366653735376263366336386333653566333734396233376436376437666136666662323736383431306265353933643366653863346264347d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f95aca40002406001312d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"5aca",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"0013",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8d2247d4c203a8f7dce501901e7029b0000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8d2",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8d2",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"247d4c20",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"247d4c20",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"3a8f7dce",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"3a8f7dce",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"029b",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b323133333930346366653735376263366336386333653566333734396233376436376437666136666662323736383431306265353933643366653863346264347d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b323133333930346366653735376263366336386333653566333734396233376436376437666136666662323736383431306265353933643366653863346264347d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b323133333930346366653735376263366336386333653566333734396233376436376437666136666662323736383431306265353933643366653863346264347d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b323133333930346366653735376263366336386333653566333734396233376436376437666136666662323736383431306265353933643366653863346264347d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b323133333930346366653735376263366336386333653566333734396233376436376437666136666662323736383431306265353933643366653863346264347d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b323133333930346366653735376263366336386333653566333734396233376436376437666136666662323736383431306265353933643366653863346264347d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b323133333930346366653735376263366336386333653566333734396233376436376437666136666662323736383431306265353933643366653863346264347d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{2133904cfe757bc6c68c3e5f3749b37d67d7fa6ffb2768410be593d3fe8c4bd4}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f993ec40002406c6f012d90139c0a826680050f8d37dae99b77a6824ab501901e762fb0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b323962373236623961353764313736653134383764313539343734656537653635303862363663303563353236613030633934326138636562623662623439367d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f993ec40002406c6f012d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"93ec",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"c6f0",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8d37dae99b77a6824ab501901e762fb0000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8d3",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8d3",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"7dae99b7",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"7dae99b7",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"7a6824ab",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"7a6824ab",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"62fb",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b323962373236623961353764313736653134383764313539343734656537653635303862363663303563353236613030633934326138636562623662623439367d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b323962373236623961353764313736653134383764313539343734656537653635303862363663303563353236613030633934326138636562623662623439367d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b323962373236623961353764313736653134383764313539343734656537653635303862363663303563353236613030633934326138636562623662623439367d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b323962373236623961353764313736653134383764313539343734656537653635303862363663303563353236613030633934326138636562623662623439367d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a7069636f4354467b323962373236623961353764313736653134383764313539343734656537653635303862363663303563353236613030633934326138636562623662623439367d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333520474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b323962373236623961353764313736653134383764313539343734656537653635303862363663303563353236613030633934326138636562623662623439367d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b323962373236623961353764313736653134383764313539343734656537653635303862363663303563353236613030633934326138636562623662623439367d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{29b726b9a57d176e1487d159474ee7e6508b66c05c526a00c942a8cebb6bb496}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f9fcf4400024065de812d90139c0a826680050f8d44dfb79e2a2fa7e19501901e72c890000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b373330326230646361303763643839306337356533386437386437653734643762626632623933326635353561616635623637353466353665373738653366637d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f9fcf4400024065de812d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"fcf4",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"5de8",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8d44dfb79e2a2fa7e19501901e72c890000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8d4",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8d4",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"4dfb79e2",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"4dfb79e2",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"a2fa7e19",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"a2fa7e19",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"2c89",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b373330326230646361303763643839306337356533386437386437653734643762626632623933326635353561616635623637353466353665373738653366637d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b373330326230646361303763643839306337356533386437386437653734643762626632623933326635353561616635623637353466353665373738653366637d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b373330326230646361303763643839306337356533386437386437653734643762626632623933326635353561616635623637353466353665373738653366637d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b373330326230646361303763643839306337356533386437386437653734643762626632623933326635353561616635623637353466353665373738653366637d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b373330326230646361303763643839306337356533386437386437653734643762626632623933326635353561616635623637353466353665373738653366637d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b373330326230646361303763643839306337356533386437386437653734643762626632623933326635353561616635623637353466353665373738653366637d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b373330326230646361303763643839306337356533386437386437653734643762626632623933326635353561616635623637353466353665373738653366637d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{7302b0dca07cd890c75e38d78d7e74d7bbf2b932f555aaf5b6754f56e778e3fc}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f968a340002406f23912d90139c0a826680050f8d5b8549e924f114f01501901e7202b0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b323265303138626238323832653964373835326564346536356637306132363532346461626566373863663431653164623435633037306339343632316335377d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f968a340002406f23912d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"68a3",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"f239",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8d5b8549e924f114f01501901e7202b0000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8d5",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8d5",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"b8549e92",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"b8549e92",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"4f114f01",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"4f114f01",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"202b",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b323265303138626238323832653964373835326564346536356637306132363532346461626566373863663431653164623435633037306339343632316335377d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b323265303138626238323832653964373835326564346536356637306132363532346461626566373863663431653164623435633037306339343632316335377d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b323265303138626238323832653964373835326564346536356637306132363532346461626566373863663431653164623435633037306339343632316335377d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b323265303138626238323832653964373835326564346536356637306132363532346461626566373863663431653164623435633037306339343632316335377d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b323265303138626238323832653964373835326564346536356637306132363532346461626566373863663431653164623435633037306339343632316335377d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b323265303138626238323832653964373835326564346536356637306132363532346461626566373863663431653164623435633037306339343632316335377d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b323265303138626238323832653964373835326564346536356637306132363532346461626566373863663431653164623435633037306339343632316335377d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{22e018bb8282e9d7852ed4e65f70a26524dabef78cf41e1db45c070c94621c57}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f906a140002406543c12d90139c0a826680050f8d6f8325d5a8994bfe7501901e7c6680000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b343066333636636366306636343632663562386231646334643733383461363261613935353635616663616164393661393337623863316631313334303939627d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f906a140002406543c12d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"06a1",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"543c",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8d6f8325d5a8994bfe7501901e7c6680000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8d6",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8d6",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"f8325d5a",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"f8325d5a",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"8994bfe7",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"8994bfe7",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"c668",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b343066333636636366306636343632663562386231646334643733383461363261613935353635616663616164393661393337623863316631313334303939627d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b343066333636636366306636343632663562386231646334643733383461363261613935353635616663616164393661393337623863316631313334303939627d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b343066333636636366306636343632663562386231646334643733383461363261613935353635616663616164393661393337623863316631313334303939627d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b343066333636636366306636343632663562386231646334643733383461363261613935353635616663616164393661393337623863316631313334303939627d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b343066333636636366306636343632663562386231646334643733383461363261613935353635616663616164393661393337623863316631313334303939627d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b343066333636636366306636343632663562386231646334643733383461363261613935353635616663616164393661393337623863316631313334303939627d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b343066333636636366306636343632663562386231646334643733383461363261613935353635616663616164393661393337623863316631313334303939627d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{40f366ccf0f6462f5b8b1dc4d7384a62aa95565afcaad96a937b8c1f1134099b}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f91b4e400024063f8f12d90139c0a826680050f8d762793aece90beba5501901e7b2550000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b646233386362633231356364653064396364353263626361323339306465666462353433303365393938303139613563346464616639383631623534656663627d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f91b4e400024063f8f12d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"1b4e",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"3f8f",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8d762793aece90beba5501901e7b2550000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8d7",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8d7",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"62793aec",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"62793aec",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"e90beba5",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"e90beba5",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"b255",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b646233386362633231356364653064396364353263626361323339306465666462353433303365393938303139613563346464616639383631623534656663627d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b646233386362633231356364653064396364353263626361323339306465666462353433303365393938303139613563346464616639383631623534656663627d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b646233386362633231356364653064396364353263626361323339306465666462353433303365393938303139613563346464616639383631623534656663627d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b646233386362633231356364653064396364353263626361323339306465666462353433303365393938303139613563346464616639383631623534656663627d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b646233386362633231356364653064396364353263626361323339306465666462353433303365393938303139613563346464616639383631623534656663627d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b646233386362633231356364653064396364353263626361323339306465666462353433303365393938303139613563346464616639383631623534656663627d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b646233386362633231356364653064396364353263626361323339306465666462353433303365393938303139613563346464616639383631623534656663627d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{db38cbc215cde0d9cd52cbca2390defdb54303e998019a5c4ddaf9861b54efcb}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f994f840002406c5e412d90139c0a826680050f8d8b9322f8cf17b3843501901e73e070000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b303930666138656339393561623966633966393763626539656133366362383163343530346133636130323436366464643230376366653766373835636235637d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f994f840002406c5e412d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"94f8",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"c5e4",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8d8b9322f8cf17b3843501901e73e070000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8d8",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8d8",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"b9322f8c",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"b9322f8c",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"f17b3843",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"f17b3843",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"3e07",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b303930666138656339393561623966633966393763626539656133366362383163343530346133636130323436366464643230376366653766373835636235637d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b303930666138656339393561623966633966393763626539656133366362383163343530346133636130323436366464643230376366653766373835636235637d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b303930666138656339393561623966633966393763626539656133366362383163343530346133636130323436366464643230376366653766373835636235637d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b303930666138656339393561623966633966393763626539656133366362383163343530346133636130323436366464643230376366653766373835636235637d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b303930666138656339393561623966633966393763626539656133366362383163343530346133636130323436366464643230376366653766373835636235637d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b303930666138656339393561623966633966393763626539656133366362383163343530346133636130323436366464643230376366653766373835636235637d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b303930666138656339393561623966633966393763626539656133366362383163343530346133636130323436366464643230376366653766373835636235637d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{090fa8ec995ab9fc9f97cbe9ea36cb81c4504a3ca02466ddd207cfe7f785cb5c}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f998c240002406c21a12d90139c0a826680050f8d96454aa68c65f79bf501901e71ad90000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b393437623931613938336339333231373330346638653562313132653933656166363139653661393338366162393362653933613962363765353362326664617d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f998c240002406c21a12d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"98c2",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"c21a",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8d96454aa68c65f79bf501901e71ad90000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8d9",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8d9",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"6454aa68",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"6454aa68",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"c65f79bf",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"c65f79bf",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"1ad9",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b393437623931613938336339333231373330346638653562313132653933656166363139653661393338366162393362653933613962363765353362326664617d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b393437623931613938336339333231373330346638653562313132653933656166363139653661393338366162393362653933613962363765353362326664617d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b393437623931613938336339333231373330346638653562313132653933656166363139653661393338366162393362653933613962363765353362326664617d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b393437623931613938336339333231373330346638653562313132653933656166363139653661393338366162393362653933613962363765353362326664617d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a7069636f4354467b393437623931613938336339333231373330346638653562313132653933656166363139653661393338366162393362653933613962363765353362326664617d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333620474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b393437623931613938336339333231373330346638653562313132653933656166363139653661393338366162393362653933613962363765353362326664617d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b393437623931613938336339333231373330346638653562313132653933656166363139653661393338366162393362653933613962363765353362326664617d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{947b91a983c93217304f8e5b112e93eaf619e6a9386ab93be93a9b67e53b2fda}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f9dbce400024067f0e12d90139c0a826680050f8da868c5839e316a844501901e7b6a20000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b613365643266363032333232663734396634636230313635313565323562363737343965666430386163326632633533303233353936636266306463626430667d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f9dbce400024067f0e12d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"dbce",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"7f0e",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8da868c5839e316a844501901e7b6a20000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8da",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8da",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"868c5839",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"868c5839",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"e316a844",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"e316a844",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"b6a2",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b613365643266363032333232663734396634636230313635313565323562363737343965666430386163326632633533303233353936636266306463626430667d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b613365643266363032333232663734396634636230313635313565323562363737343965666430386163326632633533303233353936636266306463626430667d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b613365643266363032333232663734396634636230313635313565323562363737343965666430386163326632633533303233353936636266306463626430667d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b613365643266363032333232663734396634636230313635313565323562363737343965666430386163326632633533303233353936636266306463626430667d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b613365643266363032333232663734396634636230313635313565323562363737343965666430386163326632633533303233353936636266306463626430667d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b613365643266363032333232663734396634636230313635313565323562363737343965666430386163326632633533303233353936636266306463626430667d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b613365643266363032333232663734396634636230313635313565323562363737343965666430386163326632633533303233353936636266306463626430667d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{a3ed2f602322f749f4cb016515e25b67749efd08ac2f2c53023596cbf0dcbd0f}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f912394000240648a412d90139c0a826680050f8db94dd0464aebea451501901e7ae040000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b386536323538353965623332356432613639393334653461343463393366636331333265383133656662336664616161353134333134373637386539636266397d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f912394000240648a412d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"1239",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"48a4",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8db94dd0464aebea451501901e7ae040000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8db",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8db",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"94dd0464",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"94dd0464",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"aebea451",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"aebea451",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"ae04",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b386536323538353965623332356432613639393334653461343463393366636331333265383133656662336664616161353134333134373637386539636266397d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b386536323538353965623332356432613639393334653461343463393366636331333265383133656662336664616161353134333134373637386539636266397d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b386536323538353965623332356432613639393334653461343463393366636331333265383133656662336664616161353134333134373637386539636266397d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b386536323538353965623332356432613639393334653461343463393366636331333265383133656662336664616161353134333134373637386539636266397d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b386536323538353965623332356432613639393334653461343463393366636331333265383133656662336664616161353134333134373637386539636266397d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b386536323538353965623332356432613639393334653461343463393366636331333265383133656662336664616161353134333134373637386539636266397d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b386536323538353965623332356432613639393334653461343463393366636331333265383133656662336664616161353134333134373637386539636266397d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{8e625859eb325d2a69934e4a44c93fcc132e813efb3fdaaa5143147678e9cbf9}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f9680a40002406f2d212d90139c0a826680050f8dca5c179b48f747ac8501901e74ecd0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b386434336334383839656535623530376431373835616466613235393266326662336437636632306562663337636534363539356564633436666261336636647d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f9680a40002406f2d212d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"680a",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"f2d2",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8dca5c179b48f747ac8501901e74ecd0000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8dc",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8dc",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"a5c179b4",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"a5c179b4",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"8f747ac8",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"8f747ac8",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"4ecd",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b386434336334383839656535623530376431373835616466613235393266326662336437636632306562663337636534363539356564633436666261336636647d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b386434336334383839656535623530376431373835616466613235393266326662336437636632306562663337636534363539356564633436666261336636647d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b386434336334383839656535623530376431373835616466613235393266326662336437636632306562663337636534363539356564633436666261336636647d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b386434336334383839656535623530376431373835616466613235393266326662336437636632306562663337636534363539356564633436666261336636647d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b386434336334383839656535623530376431373835616466613235393266326662336437636632306562663337636534363539356564633436666261336636647d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b386434336334383839656535623530376431373835616466613235393266326662336437636632306562663337636534363539356564633436666261336636647d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b386434336334383839656535623530376431373835616466613235393266326662336437636632306562663337636534363539356564633436666261336636647d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{8d43c4889ee5b507d1785adfa2592f2fb3d7cf20ebf37ce46595edc46fba3f6d}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f942334000240618aa12d90139c0a826680050f8df5a3cdce60fff5d18501901e779b50000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b303032306430323165396533386462623561356661343332313735303839643862373665346139303036313863393566386361653134666564616134356236337d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f942334000240618aa12d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"4233",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"18aa",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8df5a3cdce60fff5d18501901e779b50000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8df",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8df",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"5a3cdce6",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"5a3cdce6",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"0fff5d18",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"0fff5d18",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"79b5",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b303032306430323165396533386462623561356661343332313735303839643862373665346139303036313863393566386361653134666564616134356236337d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b303032306430323165396533386462623561356661343332313735303839643862373665346139303036313863393566386361653134666564616134356236337d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b303032306430323165396533386462623561356661343332313735303839643862373665346139303036313863393566386361653134666564616134356236337d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b303032306430323165396533386462623561356661343332313735303839643862373665346139303036313863393566386361653134666564616134356236337d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b303032306430323165396533386462623561356661343332313735303839643862373665346139303036313863393566386361653134666564616134356236337d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b303032306430323165396533386462623561356661343332313735303839643862373665346139303036313863393566386361653134666564616134356236337d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b303032306430323165396533386462623561356661343332313735303839643862373665346139303036313863393566386361653134666564616134356236337d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{0020d021e9e38dbb5a5fa432175089d8b76e4a900618c95f8cae14fedaa45b63}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f9bf2a400024069bb212d90139c0a826680050f8e09f8894a1404ab3f3501901e778bc0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b363965393662313066353630613661303635366136643935306537336534316263663432323663343234626235363232383339646461306336363735356231347d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f9bf2a400024069bb212d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"bf2a",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"9bb2",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8e09f8894a1404ab3f3501901e778bc0000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8e0",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8e0",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"9f8894a1",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"9f8894a1",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"404ab3f3",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"404ab3f3",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"78bc",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b363965393662313066353630613661303635366136643935306537336534316263663432323663343234626235363232383339646461306336363735356231347d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b363965393662313066353630613661303635366136643935306537336534316263663432323663343234626235363232383339646461306336363735356231347d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b363965393662313066353630613661303635366136643935306537336534316263663432323663343234626235363232383339646461306336363735356231347d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b363965393662313066353630613661303635366136643935306537336534316263663432323663343234626235363232383339646461306336363735356231347d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b363965393662313066353630613661303635366136643935306537336534316263663432323663343234626235363232383339646461306336363735356231347d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b363965393662313066353630613661303635366136643935306537336534316263663432323663343234626235363232383339646461306336363735356231347d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b363965393662313066353630613661303635366136643935306537336534316263663432323663343234626235363232383339646461306336363735356231347d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{69e96b10f560a6a0656a6d950e73e41bcf4226c424bb5622839dda0c66755b14}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f9e6f44000240673e812d90139c0a826680050f8e1e0bd5c3486e661c6501901e72f090000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b333463366361343764383538616231386161323030386634616333316333313537306334363138363933396536623436343538623139303832313232643462647d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f9e6f44000240673e812d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"e6f4",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"73e8",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8e1e0bd5c3486e661c6501901e72f090000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8e1",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8e1",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"e0bd5c34",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"e0bd5c34",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"86e661c6",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"86e661c6",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"2f09",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b333463366361343764383538616231386161323030386634616333316333313537306334363138363933396536623436343538623139303832313232643462647d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b333463366361343764383538616231386161323030386634616333316333313537306334363138363933396536623436343538623139303832313232643462647d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b333463366361343764383538616231386161323030386634616333316333313537306334363138363933396536623436343538623139303832313232643462647d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b333463366361343764383538616231386161323030386634616333316333313537306334363138363933396536623436343538623139303832313232643462647d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a7069636f4354467b333463366361343764383538616231386161323030386634616333316333313537306334363138363933396536623436343538623139303832313232643462647d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333720474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b333463366361343764383538616231386161323030386634616333316333313537306334363138363933396536623436343538623139303832313232643462647d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b333463366361343764383538616231386161323030386634616333316333313537306334363138363933396536623436343538623139303832313232643462647d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{34c6ca47d858ab18aa2008f4ac31c31570c46186939e6b46458b19082122d4bd}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f927fc4000240632e112d90139c0a826680050f8e23d8f896db6c7383a501901e789060000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b656266636562653639366231666462626132616262336230303331363531353234353662643833623664646662663138306361333636646530646563316230637d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f927fc4000240632e112d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"27fc",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"32e1",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8e23d8f896db6c7383a501901e789060000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8e2",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8e2",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"3d8f896d",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"3d8f896d",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"b6c7383a",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"b6c7383a",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"8906",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b656266636562653639366231666462626132616262336230303331363531353234353662643833623664646662663138306361333636646530646563316230637d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b656266636562653639366231666462626132616262336230303331363531353234353662643833623664646662663138306361333636646530646563316230637d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b656266636562653639366231666462626132616262336230303331363531353234353662643833623664646662663138306361333636646530646563316230637d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b656266636562653639366231666462626132616262336230303331363531353234353662643833623664646662663138306361333636646530646563316230637d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b656266636562653639366231666462626132616262336230303331363531353234353662643833623664646662663138306361333636646530646563316230637d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b656266636562653639366231666462626132616262336230303331363531353234353662643833623664646662663138306361333636646530646563316230637d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b656266636562653639366231666462626132616262336230303331363531353234353662643833623664646662663138306361333636646530646563316230637d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{ebfcebe696b1fdbba2abb3b003165152456bd83b6ddfbf180ca366de0dec1b0c}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f934194000240626c412d90139c0a826680050f8e3182aa4e69b432004501901e7b0f30000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b616131323561616562343732336636396463656161393031323561383039396136663366653032353965303638666438326463626562373631333134343862627d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f934194000240626c412d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"3419",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"26c4",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8e3182aa4e69b432004501901e7b0f30000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8e3",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8e3",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"182aa4e6",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"182aa4e6",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"9b432004",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"9b432004",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"b0f3",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b616131323561616562343732336636396463656161393031323561383039396136663366653032353965303638666438326463626562373631333134343862627d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b616131323561616562343732336636396463656161393031323561383039396136663366653032353965303638666438326463626562373631333134343862627d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b616131323561616562343732336636396463656161393031323561383039396136663366653032353965303638666438326463626562373631333134343862627d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b616131323561616562343732336636396463656161393031323561383039396136663366653032353965303638666438326463626562373631333134343862627d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b616131323561616562343732336636396463656161393031323561383039396136663366653032353965303638666438326463626562373631333134343862627d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b616131323561616562343732336636396463656161393031323561383039396136663366653032353965303638666438326463626562373631333134343862627d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b616131323561616562343732336636396463656161393031323561383039396136663366653032353965303638666438326463626562373631333134343862627d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{aa125aaeb4723f69dceaa90125a8099a6f3fe0259e068fd82dcbeb76131448bb}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f9b35340002406a78912d90139c0a826680050f8e40b4c8968a75ed628501901e78c070000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b383064363538353764386438316139323736396538636431333633373635323264313133633432393862333331333138636537616463626635653730313034647d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f9b35340002406a78912d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"b353",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"a789",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8e40b4c8968a75ed628501901e78c070000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8e4",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8e4",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"0b4c8968",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"0b4c8968",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"a75ed628",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"a75ed628",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"8c07",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b383064363538353764386438316139323736396538636431333633373635323264313133633432393862333331333138636537616463626635653730313034647d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b383064363538353764386438316139323736396538636431333633373635323264313133633432393862333331333138636537616463626635653730313034647d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b383064363538353764386438316139323736396538636431333633373635323264313133633432393862333331333138636537616463626635653730313034647d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b383064363538353764386438316139323736396538636431333633373635323264313133633432393862333331333138636537616463626635653730313034647d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b383064363538353764386438316139323736396538636431333633373635323264313133633432393862333331333138636537616463626635653730313034647d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b383064363538353764386438316139323736396538636431333633373635323264313133633432393862333331333138636537616463626635653730313034647d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b383064363538353764386438316139323736396538636431333633373635323264313133633432393862333331333138636537616463626635653730313034647d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{80d65857d8d81a92769e8cd136376522d113c4298b331318ce7adcbf5e70104d}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f9c85e40002406927e12d90139c0a826680050f8e5c96006a7cee38029501901e7f8df0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b303061653737336365346134623363663332383766303732633133656337313339613734323037646536333564653964313135303837626334663331326261657d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f9c85e40002406927e12d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"c85e",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"927e",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8e5c96006a7cee38029501901e7f8df0000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8e5",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8e5",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"c96006a7",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"c96006a7",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"cee38029",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"cee38029",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"f8df",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b303061653737336365346134623363663332383766303732633133656337313339613734323037646536333564653964313135303837626334663331326261657d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b303061653737336365346134623363663332383766303732633133656337313339613734323037646536333564653964313135303837626334663331326261657d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b303061653737336365346134623363663332383766303732633133656337313339613734323037646536333564653964313135303837626334663331326261657d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b303061653737336365346134623363663332383766303732633133656337313339613734323037646536333564653964313135303837626334663331326261657d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b303061653737336365346134623363663332383766303732633133656337313339613734323037646536333564653964313135303837626334663331326261657d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b303061653737336365346134623363663332383766303732633133656337313339613734323037646536333564653964313135303837626334663331326261657d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b303061653737336365346134623363663332383766303732633133656337313339613734323037646536333564653964313135303837626334663331326261657d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{00ae773ce4a4b3cf3287f072c13ec7139a74207de635de9d115087bc4f312bae}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f9b50e40002406a5ce12d90139c0a826680050f8e6b4d06add9cf79cd3501901e72d260000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b376538303837373862373235303839333932326131376435336631303336356230303961373632343933353835306163356338313430343631653439643537397d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f9b50e40002406a5ce12d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"b50e",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"a5ce",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8e6b4d06add9cf79cd3501901e72d260000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8e6",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8e6",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"b4d06add",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"b4d06add",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"9cf79cd3",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"9cf79cd3",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"2d26",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b376538303837373862373235303839333932326131376435336631303336356230303961373632343933353835306163356338313430343631653439643537397d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b376538303837373862373235303839333932326131376435336631303336356230303961373632343933353835306163356338313430343631653439643537397d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b376538303837373862373235303839333932326131376435336631303336356230303961373632343933353835306163356338313430343631653439643537397d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b376538303837373862373235303839333932326131376435336631303336356230303961373632343933353835306163356338313430343631653439643537397d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b376538303837373862373235303839333932326131376435336631303336356230303961373632343933353835306163356338313430343631653439643537397d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b376538303837373862373235303839333932326131376435336631303336356230303961373632343933353835306163356338313430343631653439643537397d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b376538303837373862373235303839333932326131376435336631303336356230303961373632343933353835306163356338313430343631653439643537397d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{7e808778b7250893922a17d53f10365b009a7624935850ac5c8140461e49d579}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f9b7fb40002406a2e112d90139c0a826680050f8e74fdbc78ec2e401b6501901e790b10000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b333365383064366539663536633166373730356337333536366433343763636233326234363632313731663232346236646663623663386663653466313630317d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f9b7fb40002406a2e112d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"b7fb",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"a2e1",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8e74fdbc78ec2e401b6501901e790b10000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8e7",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8e7",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"4fdbc78e",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"4fdbc78e",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"c2e401b6",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"c2e401b6",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"90b1",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b333365383064366539663536633166373730356337333536366433343763636233326234363632313731663232346236646663623663386663653466313630317d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b333365383064366539663536633166373730356337333536366433343763636233326234363632313731663232346236646663623663386663653466313630317d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b333365383064366539663536633166373730356337333536366433343763636233326234363632313731663232346236646663623663386663653466313630317d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b333365383064366539663536633166373730356337333536366433343763636233326234363632313731663232346236646663623663386663653466313630317d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a7069636f4354467b333365383064366539663536633166373730356337333536366433343763636233326234363632313731663232346236646663623663386663653466313630317d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333820474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b333365383064366539663536633166373730356337333536366433343763636233326234363632313731663232346236646663623663386663653466313630317d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b333365383064366539663536633166373730356337333536366433343763636233326234363632313731663232346236646663623663386663653466313630317d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{33e80d6e9f56c1f7705c73566d347ccb32b4662171f224b6dfcb6c8fce4f1601}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f9738d40002406e74f12d90139c0a826680050f8e8fb80be47e91ad255501901e7d9310000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b356439323166666265323730396261383264303936303361303935353330616564616534316162393666643035323134306362633634333139623761623061637d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f9738d40002406e74f12d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"738d",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"e74f",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8e8fb80be47e91ad255501901e7d9310000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8e8",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8e8",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"fb80be47",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"fb80be47",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"e91ad255",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"e91ad255",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"d931",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b356439323166666265323730396261383264303936303361303935353330616564616534316162393666643035323134306362633634333139623761623061637d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b356439323166666265323730396261383264303936303361303935353330616564616534316162393666643035323134306362633634333139623761623061637d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b356439323166666265323730396261383264303936303361303935353330616564616534316162393666643035323134306362633634333139623761623061637d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b356439323166666265323730396261383264303936303361303935353330616564616534316162393666643035323134306362633634333139623761623061637d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b356439323166666265323730396261383264303936303361303935353330616564616534316162393666643035323134306362633634333139623761623061637d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b356439323166666265323730396261383264303936303361303935353330616564616534316162393666643035323134306362633634333139623761623061637d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b356439323166666265323730396261383264303936303361303935353330616564616534316162393666643035323134306362633634333139623761623061637d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{5d921ffbe2709ba82d09603a095530aedae41ab96fd052140cbc64319b7ab0ac}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f9ebe4400024066ef812d90139c0a826680050f8e94285adf38a709d56501901e78adf0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b393737623338356435646436616264653963623839656539343062356366623731373964373364393839633639393333343664323738626666303033633135347d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f9ebe4400024066ef812d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"ebe4",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"6ef8",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8e94285adf38a709d56501901e78adf0000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8e9",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8e9",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"4285adf3",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"4285adf3",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"8a709d56",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"8a709d56",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"8adf",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b393737623338356435646436616264653963623839656539343062356366623731373964373364393839633639393333343664323738626666303033633135347d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b393737623338356435646436616264653963623839656539343062356366623731373964373364393839633639393333343664323738626666303033633135347d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b393737623338356435646436616264653963623839656539343062356366623731373964373364393839633639393333343664323738626666303033633135347d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b393737623338356435646436616264653963623839656539343062356366623731373964373364393839633639393333343664323738626666303033633135347d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b393737623338356435646436616264653963623839656539343062356366623731373964373364393839633639393333343664323738626666303033633135347d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b393737623338356435646436616264653963623839656539343062356366623731373964373364393839633639393333343664323738626666303033633135347d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b393737623338356435646436616264653963623839656539343062356366623731373964373364393839633639393333343664323738626666303033633135347d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{977b385d5dd6abde9cb89ee940b5cfb7179d73d989c6993346d278bff003c154}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f9655940002406f58312d90139c0a826680050f8ea6c7d059f234fbbed501901e7dbe50000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b636137643362303239383137646538663331386438666135323161643162353639663465386133373335383337333139333532326363376635363238656434397d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f9655940002406f58312d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"6559",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"f583",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8ea6c7d059f234fbbed501901e7dbe50000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8ea",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8ea",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"6c7d059f",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"6c7d059f",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"234fbbed",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"234fbbed",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"dbe5",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b636137643362303239383137646538663331386438666135323161643162353639663465386133373335383337333139333532326363376635363238656434397d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b636137643362303239383137646538663331386438666135323161643162353639663465386133373335383337333139333532326363376635363238656434397d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b636137643362303239383137646538663331386438666135323161643162353639663465386133373335383337333139333532326363376635363238656434397d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b636137643362303239383137646538663331386438666135323161643162353639663465386133373335383337333139333532326363376635363238656434397d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b636137643362303239383137646538663331386438666135323161643162353639663465386133373335383337333139333532326363376635363238656434397d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b636137643362303239383137646538663331386438666135323161643162353639663465386133373335383337333139333532326363376635363238656434397d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b636137643362303239383137646538663331386438666135323161643162353639663465386133373335383337333139333532326363376635363238656434397d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{ca7d3b029817de8f318d8fa521ad1b569f4e8a37358373193522cc7f5628ed49}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f9fa004000240660dc12d90139c0a826680050f8eb187004a40765f0c3501901e733a20000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b613832303638306162363434346231646166353238313139326633333761656662346161393561333133633966323730383034656637383236656363323938637d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f9fa004000240660dc12d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"fa00",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"60dc",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8eb187004a40765f0c3501901e733a20000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8eb",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8eb",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"187004a4",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"187004a4",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"0765f0c3",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"0765f0c3",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"33a2",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b613832303638306162363434346231646166353238313139326633333761656662346161393561333133633966323730383034656637383236656363323938637d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b613832303638306162363434346231646166353238313139326633333761656662346161393561333133633966323730383034656637383236656363323938637d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b613832303638306162363434346231646166353238313139326633333761656662346161393561333133633966323730383034656637383236656363323938637d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b613832303638306162363434346231646166353238313139326633333761656662346161393561333133633966323730383034656637383236656363323938637d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b613832303638306162363434346231646166353238313139326633333761656662346161393561333133633966323730383034656637383236656363323938637d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b613832303638306162363434346231646166353238313139326633333761656662346161393561333133633966323730383034656637383236656363323938637d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b613832303638306162363434346231646166353238313139326633333761656662346161393561333133633966323730383034656637383236656363323938637d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{a820680ab6444b1daf5281192f337aefb4aa95a313c9f270804ef7826ecc298c}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f9b0fc40002406a9e012d90139c0a826680050f8ece94887b5b23145e2501901e7ea670000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b393938643031646164663162343465623465633762376538666131316631316263643264376438366633663965343936366464653232643461383463613131337d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f9b0fc40002406a9e012d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"b0fc",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"a9e0",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8ece94887b5b23145e2501901e7ea670000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8ec",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8ec",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"e94887b5",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"e94887b5",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"b23145e2",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"b23145e2",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"ea67",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b393938643031646164663162343465623465633762376538666131316631316263643264376438366633663965343936366464653232643461383463613131337d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b393938643031646164663162343465623465633762376538666131316631316263643264376438366633663965343936366464653232643461383463613131337d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b393938643031646164663162343465623465633762376538666131316631316263643264376438366633663965343936366464653232643461383463613131337d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b393938643031646164663162343465623465633762376538666131316631316263643264376438366633663965343936366464653232643461383463613131337d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a7069636f4354467b393938643031646164663162343465623465633762376538666131316631316263643264376438366633663965343936366464653232643461383463613131337d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a333920474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b393938643031646164663162343465623465633762376538666131316631316263643264376438366633663965343936366464653232643461383463613131337d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b393938643031646164663162343465623465633762376538666131316631316263643264376438366633663965343936366464653232643461383463613131337d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{998d01dadf1b44eb4ec7b7e8fa11f11bcd2d7d86f3f9e4966dde22d4a84ca113}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f91dfd400024063ce012d90139c0a826680050f8ed53193259ff0854f7501901e749da0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b636238666533656336356638393065326630353730633938633465646433666534313135626330353961633261666233393330306337623636663233303263347d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f91dfd400024063ce012d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"1dfd",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"3ce0",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8ed53193259ff0854f7501901e749da0000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8ed",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8ed",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"53193259",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"53193259",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"ff0854f7",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"ff0854f7",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"49da",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b636238666533656336356638393065326630353730633938633465646433666534313135626330353961633261666233393330306337623636663233303263347d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b636238666533656336356638393065326630353730633938633465646433666534313135626330353961633261666233393330306337623636663233303263347d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b636238666533656336356638393065326630353730633938633465646433666534313135626330353961633261666233393330306337623636663233303263347d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b636238666533656336356638393065326630353730633938633465646433666534313135626330353961633261666233393330306337623636663233303263347d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b636238666533656336356638393065326630353730633938633465646433666534313135626330353961633261666233393330306337623636663233303263347d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b636238666533656336356638393065326630353730633938633465646433666534313135626330353961633261666233393330306337623636663233303263347d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b636238666533656336356638393065326630353730633938633465646433666534313135626330353961633261666233393330306337623636663233303263347d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{cb8fe3ec65f890e2f0570c98c4edd3fe4115bc059ac2afb39300c7b66f2302c4}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f94c31400024060eac12d90139c0a826680050f8ee78814ae0fd1df90f501901e7a1930000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b626332616638636265306165306265666464323862313434313232393532343333353463643363376363373465383864386661636232666435653665663334647d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f94c31400024060eac12d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"4c31",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"0eac",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8ee78814ae0fd1df90f501901e7a1930000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8ee",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8ee",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"78814ae0",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"78814ae0",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"fd1df90f",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"fd1df90f",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"a193",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b626332616638636265306165306265666464323862313434313232393532343333353463643363376363373465383864386661636232666435653665663334647d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b626332616638636265306165306265666464323862313434313232393532343333353463643363376363373465383864386661636232666435653665663334647d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b626332616638636265306165306265666464323862313434313232393532343333353463643363376363373465383864386661636232666435653665663334647d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b626332616638636265306165306265666464323862313434313232393532343333353463643363376363373465383864386661636232666435653665663334647d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b626332616638636265306165306265666464323862313434313232393532343333353463643363376363373465383864386661636232666435653665663334647d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b626332616638636265306165306265666464323862313434313232393532343333353463643363376363373465383864386661636232666435653665663334647d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b626332616638636265306165306265666464323862313434313232393532343333353463643363376363373465383864386661636232666435653665663334647d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{bc2af8cbe0ae0befdd28b14412295243354cd3c7cc74e88d8facb2fd5e6ef34d}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f9692740002406f1b512d90139c0a826680050f8ef3290f214d61c8a53501901e78a250000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b303930383261303331336531366663333666383037366666383665353465383330343861383536386635633232393466656135666233626364323132653766327d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f9692740002406f1b512d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"6927",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"f1b5",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8ef3290f214d61c8a53501901e78a250000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8ef",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8ef",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"3290f214",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"3290f214",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"d61c8a53",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"d61c8a53",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"8a25",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b303930383261303331336531366663333666383037366666383665353465383330343861383536386635633232393466656135666233626364323132653766327d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b303930383261303331336531366663333666383037366666383665353465383330343861383536386635633232393466656135666233626364323132653766327d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b303930383261303331336531366663333666383037366666383665353465383330343861383536386635633232393466656135666233626364323132653766327d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b303930383261303331336531366663333666383037366666383665353465383330343861383536386635633232393466656135666233626364323132653766327d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b303930383261303331336531366663333666383037366666383665353465383330343861383536386635633232393466656135666233626364323132653766327d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b303930383261303331336531366663333666383037366666383665353465383330343861383536386635633232393466656135666233626364323132653766327d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b303930383261303331336531366663333666383037366666383665353465383330343861383536386635633232393466656135666233626364323132653766327d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{09082a0313e16fc36f8076ff86e54e83048a8568f5c2294fea5fb3bcd212e7f2}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f9140c4000240646d112d90139c0a826680050f8f08b51e1f56b17aead501901e7df980000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b323338363734366165623235383931343334396463383161383563623564653732653437393330633766313137353962346164396638363465666137623561617d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f9140c4000240646d112d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"140c",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"46d1",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8f08b51e1f56b17aead501901e7df980000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8f0",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8f0",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"8b51e1f5",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"8b51e1f5",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"6b17aead",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"6b17aead",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"df98",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b323338363734366165623235383931343334396463383161383563623564653732653437393330633766313137353962346164396638363465666137623561617d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b323338363734366165623235383931343334396463383161383563623564653732653437393330633766313137353962346164396638363465666137623561617d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b323338363734366165623235383931343334396463383161383563623564653732653437393330633766313137353962346164396638363465666137623561617d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b323338363734366165623235383931343334396463383161383563623564653732653437393330633766313137353962346164396638363465666137623561617d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b323338363734366165623235383931343334396463383161383563623564653732653437393330633766313137353962346164396638363465666137623561617d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b323338363734366165623235383931343334396463383161383563623564653732653437393330633766313137353962346164396638363465666137623561617d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b323338363734366165623235383931343334396463383161383563623564653732653437393330633766313137353962346164396638363465666137623561617d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{2386746aeb258914349dc81a85cb5de72e47930c7f11759b4ad9f864efa7b5aa}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f9da5440002406808812d90139c0a826680050f8f10ca648cd0d84a21a501901e775b30000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b313733333036643762383836343233643966373964336430643035323039383037616537623833633434353933313331393833306534653061643264326630397d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f9da5440002406808812d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"da54",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"8088",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8f10ca648cd0d84a21a501901e775b30000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8f1",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8f1",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"0ca648cd",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"0ca648cd",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"0d84a21a",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"0d84a21a",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"75b3",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b313733333036643762383836343233643966373964336430643035323039383037616537623833633434353933313331393833306534653061643264326630397d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b313733333036643762383836343233643966373964336430643035323039383037616537623833633434353933313331393833306534653061643264326630397d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b313733333036643762383836343233643966373964336430643035323039383037616537623833633434353933313331393833306534653061643264326630397d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b313733333036643762383836343233643966373964336430643035323039383037616537623833633434353933313331393833306534653061643264326630397d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b313733333036643762383836343233643966373964336430643035323039383037616537623833633434353933313331393833306534653061643264326630397d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b313733333036643762383836343233643966373964336430643035323039383037616537623833633434353933313331393833306534653061643264326630397d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b313733333036643762383836343233643966373964336430643035323039383037616537623833633434353933313331393833306534653061643264326630397d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{173306d7b886423d9f79d3d0d05209807ae7b83c445931319830e4e0ad2d2f09}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f9928140002406c85b12d90139c0a826680050f8f22b44409a8964788e501901e7714a0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b366362393865323239356262653166313566643862386235393038646533363064333836623938613063653765303430376530303162343533623035626532327d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f9928140002406c85b12d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"9281",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"c85b",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8f22b44409a8964788e501901e7714a0000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8f2",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8f2",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"2b44409a",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"2b44409a",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"8964788e",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"8964788e",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"714a",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b366362393865323239356262653166313566643862386235393038646533363064333836623938613063653765303430376530303162343533623035626532327d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b366362393865323239356262653166313566643862386235393038646533363064333836623938613063653765303430376530303162343533623035626532327d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b366362393865323239356262653166313566643862386235393038646533363064333836623938613063653765303430376530303162343533623035626532327d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b366362393865323239356262653166313566643862386235393038646533363064333836623938613063653765303430376530303162343533623035626532327d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a7069636f4354467b366362393865323239356262653166313566643862386235393038646533363064333836623938613063653765303430376530303162343533623035626532327d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a343020474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b366362393865323239356262653166313566643862386235393038646533363064333836623938613063653765303430376530303162343533623035626532327d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b366362393865323239356262653166313566643862386235393038646533363064333836623938613063653765303430376530303162343533623035626532327d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{6cb98e2295bbe1f15fd8b8b5908de360d386b98a0ce7e0407e001b453b05be22}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f949e14000240610fc12d90139c0a826680050f8f3a5fce3fcdc017d71501901e7715a0000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b313332653634336338666461646235346333363630373263623333393430343131666366643335353230396663316365396232303232616431636431623036307d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f949e14000240610fc12d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"49e1",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"10fc",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8f3a5fce3fcdc017d71501901e7715a0000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8f3",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8f3",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"a5fce3fc",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"a5fce3fc",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"dc017d71",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"dc017d71",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"715a",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b313332653634336338666461646235346333363630373263623333393430343131666366643335353230396663316365396232303232616431636431623036307d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b313332653634336338666461646235346333363630373263623333393430343131666366643335353230396663316365396232303232616431636431623036307d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b313332653634336338666461646235346333363630373263623333393430343131666366643335353230396663316365396232303232616431636431623036307d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b313332653634336338666461646235346333363630373263623333393430343131666366643335353230396663316365396232303232616431636431623036307d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b313332653634336338666461646235346333363630373263623333393430343131666366643335353230396663316365396232303232616431636431623036307d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b313332653634336338666461646235346333363630373263623333393430343131666366643335353230396663316365396232303232616431636431623036307d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b313332653634336338666461646235346333363630373263623333393430343131666366643335353230396663316365396232303232616431636431623036307d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{132e643c8fdadb54c366072cb33940411fcfd355209fc1ce9b2022ad1cd1b060}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f970d740002406ea0512d90139c0a826680050f8f4225982f3fbcc8128501901e72da40000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b303434666663613732663066313931623037313566663161396266663138326338313063623237383633373063626638636463313934336332653761656466367d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f970d740002406ea0512d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"70d7",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"ea05",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8f4225982f3fbcc8128501901e72da40000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8f4",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8f4",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"225982f3",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"225982f3",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"fbcc8128",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"fbcc8128",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"2da4",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b303434666663613732663066313931623037313566663161396266663138326338313063623237383633373063626638636463313934336332653761656466367d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b303434666663613732663066313931623037313566663161396266663138326338313063623237383633373063626638636463313934336332653761656466367d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b303434666663613732663066313931623037313566663161396266663138326338313063623237383633373063626638636463313934336332653761656466367d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b303434666663613732663066313931623037313566663161396266663138326338313063623237383633373063626638636463313934336332653761656466367d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b303434666663613732663066313931623037313566663161396266663138326338313063623237383633373063626638636463313934336332653761656466367d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b303434666663613732663066313931623037313566663161396266663138326338313063623237383633373063626638636463313934336332653761656466367d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b303434666663613732663066313931623037313566663161396266663138326338313063623237383633373063626638636463313934336332653761656466367d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{044ffca72f0f191b0715ff1a9bff182c810cb2786370cbf8cdc1943c2e7aedf6}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f9719b40002406e94112d90139c0a826680050f8f5451b4529f982ee6d501901e79f820000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b623237383130346332363032343432653364623430313734396333303532376438306261353630663961303263393339636234666636656131383961313430647d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f9719b40002406e94112d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"719b",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"e941",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8f5451b4529f982ee6d501901e79f820000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8f5",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8f5",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"451b4529",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"451b4529",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"f982ee6d",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"f982ee6d",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"9f82",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b623237383130346332363032343432653364623430313734396333303532376438306261353630663961303263393339636234666636656131383961313430647d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b623237383130346332363032343432653364623430313734396333303532376438306261353630663961303263393339636234666636656131383961313430647d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b623237383130346332363032343432653364623430313734396333303532376438306261353630663961303263393339636234666636656131383961313430647d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b623237383130346332363032343432653364623430313734396333303532376438306261353630663961303263393339636234666636656131383961313430647d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b623237383130346332363032343432653364623430313734396333303532376438306261353630663961303263393339636234666636656131383961313430647d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b623237383130346332363032343432653364623430313734396333303532376438306261353630663961303263393339636234666636656131383961313430647d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b623237383130346332363032343432653364623430313734396333303532376438306261353630663961303263393339636234666636656131383961313430647d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{b278104c2602442e3db401749c30527d80ba560f9a02c939cb4ff6ea189a140d}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f9b78d40002406a34f12d90139c0a826680050f8f63b59edf0d3211041501901e708b30000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b373238326530343864366433323338336236356633613033623131303132313961633733663766353338343436623738643162326233333465303938353434377d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f9b78d40002406a34f12d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"b78d",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"a34f",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8f63b59edf0d3211041501901e708b30000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8f6",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8f6",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"3b59edf0",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"3b59edf0",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"d3211041",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"d3211041",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"08b3",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b373238326530343864366433323338336236356633613033623131303132313961633733663766353338343436623738643162326233333465303938353434377d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b373238326530343864366433323338336236356633613033623131303132313961633733663766353338343436623738643162326233333465303938353434377d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b373238326530343864366433323338336236356633613033623131303132313961633733663766353338343436623738643162326233333465303938353434377d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b373238326530343864366433323338336236356633613033623131303132313961633733663766353338343436623738643162326233333465303938353434377d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b373238326530343864366433323338336236356633613033623131303132313961633733663766353338343436623738643162326233333465303938353434377d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b373238326530343864366433323338336236356633613033623131303132313961633733663766353338343436623738643162326233333465303938353434377d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b373238326530343864366433323338336236356633613033623131303132313961633733663766353338343436623738643162326233333465303938353434377d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{7282e048d6d32383b65f3a03b1101219ac73f7f538446b78d1b2b334e0985447}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f9f3dc40002406670012d90139c0a826680050f8f716802a1f1dbbbf81501901e7cb210000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b393834303663346163626630663537623363636263393233616162356136303364373066383664353037663432326439626438363536333938663533343333657d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f9f3dc40002406670012d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"f3dc",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"6700",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8f716802a1f1dbbbf81501901e7cb210000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8f7",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8f7",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"16802a1f",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"16802a1f",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"1dbbbf81",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"1dbbbf81",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"cb21",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b393834303663346163626630663537623363636263393233616162356136303364373066383664353037663432326439626438363536333938663533343333657d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b393834303663346163626630663537623363636263393233616162356136303364373066383664353037663432326439626438363536333938663533343333657d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b393834303663346163626630663537623363636263393233616162356136303364373066383664353037663432326439626438363536333938663533343333657d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b393834303663346163626630663537623363636263393233616162356136303364373066383664353037663432326439626438363536333938663533343333657d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a7069636f4354467b393834303663346163626630663537623363636263393233616162356136303364373066383664353037663432326439626438363536333938663533343333657d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a343120474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b393834303663346163626630663537623363636263393233616162356136303364373066383664353037663432326439626438363536333938663533343333657d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b393834303663346163626630663537623363636263393233616162356136303364373066383664353037663432326439626438363536333938663533343333657d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{98406c4acbf0f57b3ccbc923aab5a603d70f86d507f422d9bd8656398f53433e}": ""
}
}
}
},
{
"_index": "packets-2020-08-10",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame_raw": [
"023bc61aaef502fb684ce9410800450000f9234740002406379612d90139c0a826680050f8f821ed3f3a5032a5ce501901e70a760000436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343220474d540d0a0d0a7069636f4354467b336665306232373838663330643963623966373764336232373532663133633535346665376630653761323838336535376338613434623334663335363735637d",
0,
263,
0,
1
],
"frame": {
"frame.section_number_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_raw": [
"",
0,
0,
0,
7
],
"frame.interface_id_tree": {
"frame.interface_name_raw": [
"",
0,
0,
0,
26
],
"frame.interface_description_raw": [
"",
0,
0,
0,
26
]
},
"frame.encap_type_raw": [
"",
0,
0,
0,
13
],
"frame.time_raw": [
"",
0,
0,
0,
24
],
"frame.time_utc_raw": [
"",
0,
0,
0,
24
],
"frame.time_epoch_raw": [
"",
0,
0,
0,
24
],
"frame.offset_shift_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_raw": [
"",
0,
0,
0,
25
],
"frame.time_delta_displayed_raw": [
"",
0,
0,
0,
25
],
"frame.time_relative_raw": [
"",
0,
0,
0,
25
],
"frame.number_raw": [
"",
0,
0,
0,
7
],
"frame.len_raw": [
"",
0,
0,
0,
7
],
"frame.cap_len_raw": [
"",
0,
0,
0,
7
],
"frame.marked_raw": [
"",
0,
0,
0,
2
],
"frame.ignored_raw": [
"",
0,
0,
0,
2
],
"frame.protocols_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.name_raw": [
"",
0,
0,
0,
26
],
"frame.coloring_rule.string_raw": [
"",
0,
0,
0,
26
]
},
"eth_raw": [
"023bc61aaef502fb684ce9410800",
0,
14,
0,
1
],
"eth": {
"eth.dst_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.dst_tree": {
"eth.dst_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.dst.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.addr_raw": [
"023bc61aaef5",
0,
6,
0,
29
],
"eth.addr_resolved_raw": [
"023bc61aaef5",
0,
6,
0,
26
],
"eth.addr.oui_raw": [
"023bc6",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.lg_raw": [
"1",
0,
3,
131072,
2
],
"eth.dst.ig_raw": [
"0",
0,
3,
65536,
2
],
"eth.ig_raw": [
"0",
0,
3,
65536,
2
]
},
"eth.src_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.src_tree": {
"eth.src_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.src.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.addr_raw": [
"02fb684ce941",
6,
6,
0,
29
],
"eth.addr_resolved_raw": [
"02fb684ce941",
6,
6,
0,
26
],
"eth.addr.oui_raw": [
"02fb68",
6,
3,
0,
6
],
"eth.src.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.lg_raw": [
"1",
6,
3,
131072,
2
],
"eth.src.ig_raw": [
"0",
6,
3,
65536,
2
],
"eth.ig_raw": [
"0",
6,
3,
65536,
2
]
},
"eth.type_raw": [
"0800",
12,
2,
0,
5
]
},
"ip_raw": [
"450000f9234740002406379612d90139c0a82668",
14,
20,
0,
1
],
"ip": {
"ip.version_raw": [
"45",
14,
1,
0,
4
],
"ip.hdr_len_raw": [
"45",
14,
1,
0,
4
],
"ip.dsfield_raw": [
"00",
15,
1,
0,
4
],
"ip.dsfield_tree": {
"ip.dsfield.dscp_raw": [
"0",
15,
1,
252,
4
],
"ip.dsfield.ecn_raw": [
"0",
15,
1,
3,
4
]
},
"ip.len_raw": [
"00f9",
16,
2,
0,
5
],
"ip.id_raw": [
"2347",
18,
2,
0,
5
],
"ip.flags_raw": [
"2",
20,
1,
224,
4
],
"ip.flags_tree": {
"ip.flags.rb_raw": [
"0",
20,
1,
128,
2
],
"ip.flags.df_raw": [
"1",
20,
1,
64,
2
],
"ip.flags.mf_raw": [
"0",
20,
1,
32,
2
]
},
"ip.frag_offset_raw": [
"0",
20,
2,
8191,
5
],
"ip.ttl_raw": [
"24",
22,
1,
0,
4
],
"ip.proto_raw": [
"06",
23,
1,
0,
4
],
"ip.checksum_raw": [
"3796",
24,
2,
0,
5
],
"ip.checksum.status_raw": [
"",
24,
0,
0,
4
],
"ip.src_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.addr_raw": [
"12d90139",
26,
4,
0,
32
],
"ip.src_host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.host_raw": [
"12d90139",
26,
4,
0,
26
],
"ip.dst_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.addr_raw": [
"c0a82668",
30,
4,
0,
32
],
"ip.dst_host_raw": [
"c0a82668",
30,
4,
0,
26
],
"ip.host_raw": [
"c0a82668",
30,
4,
0,
26
]
},
"tcp_raw": [
"0050f8f821ed3f3a5032a5ce501901e70a760000",
34,
20,
0,
1
],
"tcp": {
"tcp.srcport_raw": [
"0050",
34,
2,
0,
5
],
"tcp.dstport_raw": [
"f8f8",
36,
2,
0,
5
],
"tcp.port_raw": [
"0050",
34,
2,
0,
5
],
"tcp.port_raw": [
"f8f8",
36,
2,
0,
5
],
"tcp.stream_raw": [
"",
34,
0,
0,
7
],
"tcp.completeness_raw": [
0,
0,
0,
4
],
"tcp.completeness_tree": {
"tcp.completeness.rst_raw": [
"0",
0,
0,
32,
2
],
"tcp.completeness.fin_raw": [
"1",
0,
0,
16,
2
],
"tcp.completeness.data_raw": [
"1",
0,
0,
8,
2
],
"tcp.completeness.ack_raw": [
"1",
0,
0,
4,
2
],
"tcp.completeness.syn-ack_raw": [
"1",
0,
0,
2,
2
],
"tcp.completeness.syn_raw": [
"1",
0,
0,
1,
2
],
"tcp.completeness.str_raw": [
"",
34,
0,
0,
26
]
},
"tcp.len_raw": [
"",
34,
0,
0,
7
],
"tcp.seq_raw": [
"21ed3f3a",
38,
4,
0,
7
],
"tcp.seq_raw_raw": [
"21ed3f3a",
38,
4,
0,
7
],
"tcp.nxtseq_raw": [
"",
34,
0,
0,
7
],
"tcp.ack_raw": [
"5032a5ce",
42,
4,
0,
7
],
"tcp.ack_raw_raw": [
"5032a5ce",
42,
4,
0,
7
],
"tcp.hdr_len_raw": [
"50",
46,
1,
0,
4
],
"tcp.flags_raw": [
"19",
46,
2,
4095,
5
],
"tcp.flags_tree": {
"tcp.flags.res_raw": [
"0",
46,
1,
3584,
2
],
"tcp.flags.ae_raw": [
"0",
46,
1,
256,
2
],
"tcp.flags.cwr_raw": [
"0",
47,
1,
128,
2
],
"tcp.flags.ece_raw": [
"0",
47,
1,
64,
2
],
"tcp.flags.urg_raw": [
"0",
47,
1,
32,
2
],
"tcp.flags.ack_raw": [
"1",
47,
1,
16,
2
],
"tcp.flags.push_raw": [
"1",
47,
1,
8,
2
],
"tcp.flags.reset_raw": [
"0",
47,
1,
4,
2
],
"tcp.flags.syn_raw": [
"0",
47,
1,
2,
2
],
"tcp.flags.fin_raw": [
"1",
47,
1,
1,
2
],
"tcp.flags.fin_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
},
"tcp.flags.str_raw": [
"5019",
46,
2,
0,
26
],
"tcp.flags.str_tree": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"tcp.connection.fin_active_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
}
}
},
"tcp.window_size_value_raw": [
"01e7",
48,
2,
0,
5
],
"tcp.window_size_raw": [
"01e7",
48,
2,
0,
7
],
"tcp.window_size_scalefactor_raw": [
"01e7",
48,
2,
0,
15
],
"tcp.checksum_raw": [
"0a76",
50,
2,
0,
5
],
"tcp.checksum.status_raw": [
"",
50,
0,
0,
4
],
"tcp.urgent_pointer_raw": [
"0000",
52,
2,
0,
5
],
"Timestamps": {
"tcp.time_relative_raw": [
"",
34,
0,
0,
25
],
"tcp.time_delta_raw": [
"",
34,
0,
0,
25
]
},
"tcp.analysis_raw": [
"",
34,
0,
0,
0
],
"tcp.analysis": {
"tcp.analysis.initial_rtt_raw": [
"",
34,
0,
0,
25
],
"tcp.analysis.bytes_in_flight_raw": [
"",
34,
0,
0,
7
],
"tcp.analysis.push_bytes_sent_raw": [
"",
34,
0,
0,
7
]
},
"tcp.payload_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343220474d540d0a0d0a7069636f4354467b336665306232373838663330643963623966373764336232373532663133633535346665376630653761323838336535376338613434623334663335363735637d",
54,
209,
0,
30
],
"tcp.segment_data_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343220474d540d0a0d0a7069636f4354467b336665306232373838663330643963623966373764336232373532663133633535346665376630653761323838336535376338613434623334663335363735637d",
54,
209,
0,
30
]
},
"tcp.segments_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343220474d540d0a0d0a7069636f4354467b336665306232373838663330643963623966373764336232373532663133633535346665376630653761323838336535376338613434623334663335363735637d",
0,
226,
0,
0
],
"tcp.segments": {
"tcp.segment_raw": [
"485454502f312e3020323030204f4b0d0a",
0,
17,
0,
35
],
"tcp.segment_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343220474d540d0a0d0a7069636f4354467b336665306232373838663330643963623966373764336232373532663133633535346665376630653761323838336535376338613434623334663335363735637d",
17,
209,
0,
35
],
"tcp.segment.count_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.length_raw": [
"",
0,
0,
0,
7
],
"tcp.reassembled.data_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343220474d540d0a0d0a7069636f4354467b336665306232373838663330643963623966373764336232373532663133633535346665376630653761323838336535376338613434623334663335363735637d",
0,
226,
0,
30
]
},
"http_raw": [
"485454502f312e3020323030204f4b0d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a436f6e74656e742d4c656e6774683a2037330d0a5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a446174653a204d6f6e2c2031302041756720323032302030313a33393a343220474d540d0a0d0a",
0,
153,
0,
1
],
"http": {
"HTTP/1.0 200 OK\\r\\n": {
"_ws.expert_raw": [
0,
0,
0,
1
],
"_ws.expert": {
"http.chat_raw": [
0,
0,
0,
0
],
"_ws.expert.message_raw": [
0,
0,
0,
26
],
"_ws.expert.severity_raw": [
0,
0,
0,
7
],
"_ws.expert.group_raw": [
0,
0,
0,
7
]
},
"http.response.version_raw": [
"485454502f312e30",
0,
8,
0,
26
],
"http.response.code_raw": [
"323030",
9,
3,
0,
6
],
"http.response.code.desc_raw": [
"323030",
9,
3,
0,
26
],
"http.response.phrase_raw": [
"4f4b",
13,
2,
0,
26
]
},
"http.content_type_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.response.line_raw": [
"436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d7574662d380d0a",
17,
40,
0,
26
],
"http.content_length_header_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.content_length_header_tree": {
"http.content_length_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
11
]
},
"http.response.line_raw": [
"436f6e74656e742d4c656e6774683a2037330d0a",
57,
20,
0,
26
],
"http.server_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.response.line_raw": [
"5365727665723a205765726b7a6575672f312e302e3120507974686f6e2f332e362e390d0a",
77,
37,
0,
26
],
"http.date_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a343220474d540d0a",
114,
37,
0,
26
],
"http.response.line_raw": [
"446174653a204d6f6e2c2031302041756720323032302030313a33393a343220474d540d0a",
114,
37,
0,
26
],
"\\r\\n": "",
"http.response_raw": [
"",
0,
0,
0,
2
],
"http.response_number_raw": [
"",
0,
0,
0,
7
],
"http.time_raw": [
"",
0,
0,
0,
25
],
"http.request_in_raw": [
"",
0,
0,
0,
35
],
"http.response_for.uri_raw": [
"",
0,
0,
0,
26
],
"http.file_data_raw": [
"7069636f4354467b336665306232373838663330643963623966373764336232373532663133633535346665376630653761323838336535376338613434623334663335363735637d",
153,
73,
0,
30
]
},
"data-text-lines_raw": [
"7069636f4354467b336665306232373838663330643963623966373764336232373532663133633535346665376630653761323838336535376338613434623334663335363735637d",
153,
73,
0,
1
],
"data-text-lines": {
"picoCTF{3fe0b2788f30d9cb9f77d3b2752f13c554fe7f0e7a2883e57c8a44b34f35675c}": ""
}
}
}
}
]
Reference in New Issue View Git Blame Copy Permalink