Skip to content

Instantly share code, notes, and snippets.

@turnipsoup

turnipsoup/clicks.json

Created July 28, 2020 15:04
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save turnipsoup/63928dd3c94aa45d50e3017bf915a28e to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save turnipsoup/63928dd3c94aa45d50e3017bf915a28e to your computer and use it in GitHub Desktop.
Download ZIP
Example from a CTF
Raw
clicks.json
[
{
"_index": "packets-2020-07-13",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.interface_id_tree": {
"frame.interface_name": "wlp3s0"
},
"frame.encap_type": "1",
"frame.time": "Jul 13, 2020 07:45:47.240336001 PDT",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1594651547.240336001",
"frame.time_delta": "0.000524283",
"frame.time_delta_displayed": "0.000000000",
"frame.time_relative": "7.036081000",
"frame.number": "63",
"frame.len": "675",
"frame.cap_len": "675",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "eth:ethertype:ip:tcp:tls:http:json",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"eth": {
"eth.dst": "50:ff:20:10:b1:f0",
"eth.dst_tree": {
"eth.dst_resolved": "Keenetic_10:b1:f0",
"eth.addr": "50:ff:20:10:b1:f0",
"eth.addr_resolved": "Keenetic_10:b1:f0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.src": "8c:70:5a:f5:9b:d0",
"eth.src_tree": {
"eth.src_resolved": "IntelCor_f5:9b:d0",
"eth.addr": "8c:70:5a:f5:9b:d0",
"eth.addr_resolved": "IntelCor_f5:9b:d0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.type": "0x00000800"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000000",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "0"
},
"ip.len": "661",
"ip.id": "0x000093b2",
"ip.flags": "0x00004000",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0",
"ip.frag_offset": "0"
},
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x00006cda",
"ip.checksum.status": "2",
"ip.src": "192.168.1.9",
"ip.addr": "192.168.1.9",
"ip.src_host": "192.168.1.9",
"ip.host": "192.168.1.9",
"ip.dst": "95.217.22.76",
"ip.addr": "95.217.22.76",
"ip.dst_host": "95.217.22.76",
"ip.host": "95.217.22.76"
},
"tcp": {
"tcp.srcport": "50396",
"tcp.dstport": "443",
"tcp.port": "50396",
"tcp.port": "443",
"tcp.stream": "4",
"tcp.len": "609",
"tcp.seq": "569",
"tcp.nxtseq": "1178",
"tcp.ack": "142",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "·······AP···"
},
"tcp.window_size_value": "501",
"tcp.window_size": "64128",
"tcp.window_size_scalefactor": "128",
"tcp.checksum": "0x0000c42b",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:93:68:2c:9e:33:01:76:4b",
"tcp.options_tree": {
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.timestamp": "08:0a:93:68:2c:9e:33:01:76:4b",
"tcp.options.timestamp_tree": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "2473077918",
"tcp.options.timestamp.tsecr": "855733835"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.037562790",
"tcp.analysis.bytes_in_flight": "660",
"tcp.analysis.push_bytes_sent": "609"
},
"Timestamps": {
"tcp.time_relative": "0.099515546",
"tcp.time_delta": "0.000524283"
},
"tcp.payload": "17:03:03:02:5c:00:00:00:00:00:00:00:01:73:d1:87:ef:c1:8c:57:7d:01:60:8d:32:75:66:4a:5f:94:6b:4c:99:2d:ac:61:7a:ee:8d:89:29:8b:6b:f1:54:f2:8c:ae:ff:1d:b1:24:a6:32:91:a1:7d:aa:92:d5:f5:95:b4:a0:12:8d:40:f1:e4:e7:ef:e4:2e:a4:d6:32:72:b2:6e:d5:68:c2:12:d6:ac:f8:f0:42:c6:16:63:77:2b:57:b0:4d:ad:24:c7:1d:ed:87:de:de:c5:76:2d:63:b2:d7:ed:e8:b9:b1:af:03:be:1f:d2:40:52:cd:32:eb:88:1e:69:3b:ce:60:b0:3c:29:ec:44:9f:a7:6c:28:14:d8:4e:ca:31:58:6c:0f:e8:38:44:2b:8a:6d:0f:f0:cb:4a:16:04:a2:73:0c:c1:7b:26:4a:51:76:c3:40:e3:19:98:87:7a:1a:ef:df:db:d1:84:bf:5e:3f:a1:41:f0:55:2a:2c:52:57:d0:11:81:f6:18:ad:39:3c:f7:9e:36:39:83:6f:43:52:7e:2d:43:d0:6e:55:be:61:4c:8b:75:a8:ea:c0:50:80:6f:b0:2c:2f:a6:5f:15:e3:55:80:71:d5:fe:30:8c:33:b1:b5:41:94:1d:7d:03:d1:32:88:e8:3d:e7:33:5c:f0:0c:43:d1:fc:6d:8b:4b:cc:08:36:f5:96:21:cb:25:11:24:ab:37:8b:71:51:09:78:5b:21:e1:2a:19:8f:64:00:a6:18:46:ce:0a:f2:1c:12:b7:fe:56:cf:bc:98:f1:1a:d1:30:44:f1:b1:da:a2:53:60:af:cc:ba:ed:63:14:35:60:fa:e7:c0:84:69:e0:43:f7:ac:ec:a7:b1:a9:7e:8e:6a:84:3e:db:29:5d:b5:fe:fa:69:4d:b1:c8:97:ab:42:4f:e8:1a:a4:3c:54:f6:ca:2c:6c:0b:49:99:d6:44:6a:95:84:05:57:b1:12:88:91:bc:60:ec:39:94:7a:bb:37:35:38:48:b3:36:ad:87:fa:a0:03:8d:1e:fc:9a:e3:94:bf:62:47:69:c6:85:7f:3d:e0:36:4d:8f:0a:a4:51:c1:6b:d5:d4:78:04:af:41:0e:b7:0a:b6:6f:de:8b:1e:c6:3d:05:13:a6:fd:eb:ec:ce:7c:c2:67:cc:16:8a:8b:40:3f:7f:7f:b3:84:c3:08:27:c2:a5:70:13:2a:51:3c:b8:0e:a7:f4:7f:e3:ac:e3:91:54:79:82:e6:1c:51:e5:41:eb:fb:db:d1:84:88:18:96:4a:26:70:c5:6c:91:39:34:13:07:96:73:6b:03:dd:d9:4f:7e:c6:8b:4c:d2:d3:d1:37:3d:41:48:a5:b9:ad:8d:7a:8b:d8:88:ea:b1:a8:16:73:1e:de:7d:90:80:fd:e9:e3:f4:45:e8:39:69:d6:da:5e:93:3e:bd:8f:83:03:39:db:89:38:30:9e:4b:89:d6:ba:37:60:32:63:d5:fe:d9:43:3a:fb:8c:02:51:10:6e:a0:5a:bc:ab:ad:e6:69:3d:c4:8a:a4:77:1c:b2:b0:f7:c1:5c:63:1e:42:4a:af:31:ff:4d:cc:13:e0:82:6a:11:71"
},
"tls": {
"tls.record": {
"tls.record.content_type": "23",
"tls.record.version": "0x00000303",
"tls.record.length": "604",
"tls.app_data": "00:00:00:00:00:00:00:01:73:d1:87:ef:c1:8c:57:7d:01:60:8d:32:75:66:4a:5f:94:6b:4c:99:2d:ac:61:7a:ee:8d:89:29:8b:6b:f1:54:f2:8c:ae:ff:1d:b1:24:a6:32:91:a1:7d:aa:92:d5:f5:95:b4:a0:12:8d:40:f1:e4:e7:ef:e4:2e:a4:d6:32:72:b2:6e:d5:68:c2:12:d6:ac:f8:f0:42:c6:16:63:77:2b:57:b0:4d:ad:24:c7:1d:ed:87:de:de:c5:76:2d:63:b2:d7:ed:e8:b9:b1:af:03:be:1f:d2:40:52:cd:32:eb:88:1e:69:3b:ce:60:b0:3c:29:ec:44:9f:a7:6c:28:14:d8:4e:ca:31:58:6c:0f:e8:38:44:2b:8a:6d:0f:f0:cb:4a:16:04:a2:73:0c:c1:7b:26:4a:51:76:c3:40:e3:19:98:87:7a:1a:ef:df:db:d1:84:bf:5e:3f:a1:41:f0:55:2a:2c:52:57:d0:11:81:f6:18:ad:39:3c:f7:9e:36:39:83:6f:43:52:7e:2d:43:d0:6e:55:be:61:4c:8b:75:a8:ea:c0:50:80:6f:b0:2c:2f:a6:5f:15:e3:55:80:71:d5:fe:30:8c:33:b1:b5:41:94:1d:7d:03:d1:32:88:e8:3d:e7:33:5c:f0:0c:43:d1:fc:6d:8b:4b:cc:08:36:f5:96:21:cb:25:11:24:ab:37:8b:71:51:09:78:5b:21:e1:2a:19:8f:64:00:a6:18:46:ce:0a:f2:1c:12:b7:fe:56:cf:bc:98:f1:1a:d1:30:44:f1:b1:da:a2:53:60:af:cc:ba:ed:63:14:35:60:fa:e7:c0:84:69:e0:43:f7:ac:ec:a7:b1:a9:7e:8e:6a:84:3e:db:29:5d:b5:fe:fa:69:4d:b1:c8:97:ab:42:4f:e8:1a:a4:3c:54:f6:ca:2c:6c:0b:49:99:d6:44:6a:95:84:05:57:b1:12:88:91:bc:60:ec:39:94:7a:bb:37:35:38:48:b3:36:ad:87:fa:a0:03:8d:1e:fc:9a:e3:94:bf:62:47:69:c6:85:7f:3d:e0:36:4d:8f:0a:a4:51:c1:6b:d5:d4:78:04:af:41:0e:b7:0a:b6:6f:de:8b:1e:c6:3d:05:13:a6:fd:eb:ec:ce:7c:c2:67:cc:16:8a:8b:40:3f:7f:7f:b3:84:c3:08:27:c2:a5:70:13:2a:51:3c:b8:0e:a7:f4:7f:e3:ac:e3:91:54:79:82:e6:1c:51:e5:41:eb:fb:db:d1:84:88:18:96:4a:26:70:c5:6c:91:39:34:13:07:96:73:6b:03:dd:d9:4f:7e:c6:8b:4c:d2:d3:d1:37:3d:41:48:a5:b9:ad:8d:7a:8b:d8:88:ea:b1:a8:16:73:1e:de:7d:90:80:fd:e9:e3:f4:45:e8:39:69:d6:da:5e:93:3e:bd:8f:83:03:39:db:89:38:30:9e:4b:89:d6:ba:37:60:32:63:d5:fe:d9:43:3a:fb:8c:02:51:10:6e:a0:5a:bc:ab:ad:e6:69:3d:c4:8a:a4:77:1c:b2:b0:f7:c1:5c:63:1e:42:4a:af:31:ff:4d:cc:13:e0:82:6a:11:71"
}
},
"http": {
"POST /key HTTP/1.1\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "POST /key HTTP/1.1\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.method": "POST",
"http.request.uri": "/key",
"http.request.version": "HTTP/1.1"
},
"http.host": "95.217.22.76",
"http.request.line": "Host: 95.217.22.76\r\n",
"http.connection": "keep-alive",
"http.request.line": "Connection: keep-alive\r\n",
"http.content_length_header": "16",
"http.content_length_header_tree": {
"http.content_length": "16"
},
"http.request.line": "Content-Length: 16\r\n",
"http.accept": "*/*",
"http.request.line": "Accept: */*\r\n",
"http.request.line": "X-Requested-With: XMLHttpRequest\r\n",
"http.user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36",
"http.request.line": "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36\r\n",
"http.content_type": "application/json",
"http.request.line": "Content-Type: application/json\r\n",
"http.request.line": "Origin: https://95.217.22.76\r\n",
"http.request.line": "Sec-Fetch-Site: same-origin\r\n",
"http.request.line": "Sec-Fetch-Mode: cors\r\n",
"http.request.line": "Sec-Fetch-Dest: empty\r\n",
"http.referer": "https://95.217.22.76/",
"http.request.line": "Referer: https://95.217.22.76/\r\n",
"http.accept_encoding": "gzip, deflate, br",
"http.request.line": "Accept-Encoding: gzip, deflate, br\r\n",
"http.accept_language": "ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7",
"http.request.line": "Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7\r\n",
"http.cookie": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c",
"http.cookie_tree": {
"http.cookie_pair": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c"
},
"http.request.line": "Cookie: session=fe307005-3191-4dfb-b04a-d8ee9b720d1c\r\n",
"\\r\\n": "",
"http.request.full_uri": "https://95.217.22.76/key",
"http.request": "1",
"http.request_number": "1",
"http.response_in": "68",
"http.file_data": "{\"x\":383,\"y\":28}"
},
"json": {
"json.object": {
"json.member": {
"json.value.number": "383",
"json.key": "x"
},
"json.member": {
"json.value.number": "28",
"json.key": "y"
}
}
}
}
}
},
{
"_index": "packets-2020-07-13",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.interface_id_tree": {
"frame.interface_name": "wlp3s0"
},
"frame.encap_type": "1",
"frame.time": "Jul 13, 2020 07:45:48.982856149 PDT",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1594651548.982856149",
"frame.time_delta": "0.000242451",
"frame.time_delta_displayed": "1.742520148",
"frame.time_relative": "8.778601148",
"frame.number": "91",
"frame.len": "676",
"frame.cap_len": "676",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "eth:ethertype:ip:tcp:tls:http:json",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"eth": {
"eth.dst": "50:ff:20:10:b1:f0",
"eth.dst_tree": {
"eth.dst_resolved": "Keenetic_10:b1:f0",
"eth.addr": "50:ff:20:10:b1:f0",
"eth.addr_resolved": "Keenetic_10:b1:f0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.src": "8c:70:5a:f5:9b:d0",
"eth.src_tree": {
"eth.src_resolved": "IntelCor_f5:9b:d0",
"eth.addr": "8c:70:5a:f5:9b:d0",
"eth.addr_resolved": "IntelCor_f5:9b:d0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.type": "0x00000800"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000000",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "0"
},
"ip.len": "662",
"ip.id": "0x000049eb",
"ip.flags": "0x00004000",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0",
"ip.frag_offset": "0"
},
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x0000b6a0",
"ip.checksum.status": "2",
"ip.src": "192.168.1.9",
"ip.addr": "192.168.1.9",
"ip.src_host": "192.168.1.9",
"ip.host": "192.168.1.9",
"ip.dst": "95.217.22.76",
"ip.addr": "95.217.22.76",
"ip.dst_host": "95.217.22.76",
"ip.host": "95.217.22.76"
},
"tcp": {
"tcp.srcport": "50400",
"tcp.dstport": "443",
"tcp.port": "50400",
"tcp.port": "443",
"tcp.stream": "6",
"tcp.len": "610",
"tcp.seq": "569",
"tcp.nxtseq": "1179",
"tcp.ack": "142",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "·······AP···"
},
"tcp.window_size_value": "501",
"tcp.window_size": "64128",
"tcp.window_size_scalefactor": "128",
"tcp.checksum": "0x000069ad",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:93:68:33:6d:33:01:7d:2e",
"tcp.options_tree": {
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.timestamp": "08:0a:93:68:33:6d:33:01:7d:2e",
"tcp.options.timestamp_tree": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "2473079661",
"tcp.options.timestamp.tsecr": "855735598"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.040483681",
"tcp.analysis.bytes_in_flight": "661",
"tcp.analysis.push_bytes_sent": "610"
},
"Timestamps": {
"tcp.time_relative": "0.082123704",
"tcp.time_delta": "0.000242451"
},
"tcp.payload": "17:03:03:02:5d:00:00:00:00:00:00:00:01:c4:21:13:be:41:53:e3:6c:75:32:3e:71:a8:a9:81:6a:b6:a6:c8:b6:34:2f:1e:10:de:e4:11:11:50:cf:42:b8:55:5f:3f:7e:9e:ea:ba:d0:db:41:76:81:b9:24:86:95:28:ec:7e:ac:79:50:d3:74:57:a1:7d:90:1d:f5:57:03:04:90:7c:ca:1f:ee:20:2f:54:e5:48:52:f3:a0:49:96:56:a9:7e:08:d8:0b:28:7c:22:7d:9c:b6:80:d8:c4:13:34:67:13:8c:fe:35:99:53:e7:78:aa:8c:6f:0c:93:ab:63:16:6e:61:40:2b:0e:c7:56:d7:4f:82:e1:ab:b1:bc:5a:23:0f:79:2e:b5:1b:76:3f:f7:ee:75:f3:12:fd:af:29:93:37:06:89:a1:f0:f8:71:09:64:12:85:64:02:17:57:bb:36:ea:7f:44:4b:26:3e:af:c3:8a:6b:27:14:b9:bd:7f:02:2d:6f:b5:e2:0e:d1:61:91:b6:20:8a:73:84:08:cf:1c:ed:74:19:28:23:17:95:f8:e5:de:16:14:0d:60:1e:23:69:ce:b6:51:7d:16:7f:5f:b4:f9:de:f0:b4:e9:fd:a9:74:13:55:97:82:3c:bb:a1:3b:57:db:26:4f:e9:45:98:18:ff:d8:cf:05:f9:b0:75:a8:48:e0:2e:88:c5:72:3d:ce:75:77:39:38:e5:5d:ba:39:3e:2d:a1:d3:fe:c2:cd:2c:5f:72:b3:5a:58:f9:a2:55:f0:90:34:ca:fb:85:a9:1c:1c:4f:36:51:b9:03:7b:ed:74:fa:cd:95:db:13:01:ea:eb:96:4f:84:81:f5:d3:ad:56:58:7a:2c:d9:ef:b9:15:cd:cb:32:25:b0:9d:24:09:42:bd:14:6f:2f:4b:88:4a:a9:57:c9:c4:09:ef:24:e2:4d:1d:81:ca:a7:7a:74:ed:a5:7d:1d:39:5e:df:d2:2b:d6:b0:87:ce:c8:86:43:e1:8a:4d:13:9b:5e:d5:8a:0d:98:4f:55:e5:58:8c:91:9b:f6:49:2e:87:e8:c8:22:48:92:17:18:59:1b:c1:a0:77:73:2a:53:4a:eb:24:32:f3:83:e8:2e:ba:66:8a:1a:b3:db:54:b6:ac:02:f9:13:62:4d:15:bf:75:c9:1b:e7:07:29:ec:e0:42:00:aa:60:28:9f:9b:fb:39:a2:cd:ca:d2:da:cf:89:78:6b:2b:af:e9:cb:d1:6b:f8:e1:27:de:d6:6f:2b:15:ab:51:1a:e8:e4:0c:09:2a:fc:0a:6a:35:98:29:f7:2b:59:49:58:82:32:4d:c6:13:75:62:ff:2c:21:ff:e1:d5:15:bb:8d:dd:50:62:3a:17:6c:9a:53:61:73:79:22:00:05:d1:f8:94:f9:7d:3f:e8:35:21:c6:fc:d3:b6:da:d6:64:40:91:41:9f:c0:df:f4:3c:96:38:a9:22:fb:fb:4f:39:13:1e:62:b2:c9:f0:bd:a1:de:48:6d:99:3b:d6:7c:69:59:48:80:77:80:04:12:13:84:70:7c:9a:54:07:ec:f1:43:19:89:2f:e7:d2:99:81:c6:5a:e1:2d:c2"
},
"tls": {
"tls.record": {
"tls.record.content_type": "23",
"tls.record.version": "0x00000303",
"tls.record.length": "605",
"tls.app_data": "00:00:00:00:00:00:00:01:c4:21:13:be:41:53:e3:6c:75:32:3e:71:a8:a9:81:6a:b6:a6:c8:b6:34:2f:1e:10:de:e4:11:11:50:cf:42:b8:55:5f:3f:7e:9e:ea:ba:d0:db:41:76:81:b9:24:86:95:28:ec:7e:ac:79:50:d3:74:57:a1:7d:90:1d:f5:57:03:04:90:7c:ca:1f:ee:20:2f:54:e5:48:52:f3:a0:49:96:56:a9:7e:08:d8:0b:28:7c:22:7d:9c:b6:80:d8:c4:13:34:67:13:8c:fe:35:99:53:e7:78:aa:8c:6f:0c:93:ab:63:16:6e:61:40:2b:0e:c7:56:d7:4f:82:e1:ab:b1:bc:5a:23:0f:79:2e:b5:1b:76:3f:f7:ee:75:f3:12:fd:af:29:93:37:06:89:a1:f0:f8:71:09:64:12:85:64:02:17:57:bb:36:ea:7f:44:4b:26:3e:af:c3:8a:6b:27:14:b9:bd:7f:02:2d:6f:b5:e2:0e:d1:61:91:b6:20:8a:73:84:08:cf:1c:ed:74:19:28:23:17:95:f8:e5:de:16:14:0d:60:1e:23:69:ce:b6:51:7d:16:7f:5f:b4:f9:de:f0:b4:e9:fd:a9:74:13:55:97:82:3c:bb:a1:3b:57:db:26:4f:e9:45:98:18:ff:d8:cf:05:f9:b0:75:a8:48:e0:2e:88:c5:72:3d:ce:75:77:39:38:e5:5d:ba:39:3e:2d:a1:d3:fe:c2:cd:2c:5f:72:b3:5a:58:f9:a2:55:f0:90:34:ca:fb:85:a9:1c:1c:4f:36:51:b9:03:7b:ed:74:fa:cd:95:db:13:01:ea:eb:96:4f:84:81:f5:d3:ad:56:58:7a:2c:d9:ef:b9:15:cd:cb:32:25:b0:9d:24:09:42:bd:14:6f:2f:4b:88:4a:a9:57:c9:c4:09:ef:24:e2:4d:1d:81:ca:a7:7a:74:ed:a5:7d:1d:39:5e:df:d2:2b:d6:b0:87:ce:c8:86:43:e1:8a:4d:13:9b:5e:d5:8a:0d:98:4f:55:e5:58:8c:91:9b:f6:49:2e:87:e8:c8:22:48:92:17:18:59:1b:c1:a0:77:73:2a:53:4a:eb:24:32:f3:83:e8:2e:ba:66:8a:1a:b3:db:54:b6:ac:02:f9:13:62:4d:15:bf:75:c9:1b:e7:07:29:ec:e0:42:00:aa:60:28:9f:9b:fb:39:a2:cd:ca:d2:da:cf:89:78:6b:2b:af:e9:cb:d1:6b:f8:e1:27:de:d6:6f:2b:15:ab:51:1a:e8:e4:0c:09:2a:fc:0a:6a:35:98:29:f7:2b:59:49:58:82:32:4d:c6:13:75:62:ff:2c:21:ff:e1:d5:15:bb:8d:dd:50:62:3a:17:6c:9a:53:61:73:79:22:00:05:d1:f8:94:f9:7d:3f:e8:35:21:c6:fc:d3:b6:da:d6:64:40:91:41:9f:c0:df:f4:3c:96:38:a9:22:fb:fb:4f:39:13:1e:62:b2:c9:f0:bd:a1:de:48:6d:99:3b:d6:7c:69:59:48:80:77:80:04:12:13:84:70:7c:9a:54:07:ec:f1:43:19:89:2f:e7:d2:99:81:c6:5a:e1:2d:c2"
}
},
"http": {
"POST /key HTTP/1.1\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "POST /key HTTP/1.1\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.method": "POST",
"http.request.uri": "/key",
"http.request.version": "HTTP/1.1"
},
"http.host": "95.217.22.76",
"http.request.line": "Host: 95.217.22.76\r\n",
"http.connection": "keep-alive",
"http.request.line": "Connection: keep-alive\r\n",
"http.content_length_header": "17",
"http.content_length_header_tree": {
"http.content_length": "17"
},
"http.request.line": "Content-Length: 17\r\n",
"http.accept": "*/*",
"http.request.line": "Accept: */*\r\n",
"http.request.line": "X-Requested-With: XMLHttpRequest\r\n",
"http.user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36",
"http.request.line": "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36\r\n",
"http.content_type": "application/json",
"http.request.line": "Content-Type: application/json\r\n",
"http.request.line": "Origin: https://95.217.22.76\r\n",
"http.request.line": "Sec-Fetch-Site: same-origin\r\n",
"http.request.line": "Sec-Fetch-Mode: cors\r\n",
"http.request.line": "Sec-Fetch-Dest: empty\r\n",
"http.referer": "https://95.217.22.76/",
"http.request.line": "Referer: https://95.217.22.76/\r\n",
"http.accept_encoding": "gzip, deflate, br",
"http.request.line": "Accept-Encoding: gzip, deflate, br\r\n",
"http.accept_language": "ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7",
"http.request.line": "Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7\r\n",
"http.cookie": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c",
"http.cookie_tree": {
"http.cookie_pair": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c"
},
"http.request.line": "Cookie: session=fe307005-3191-4dfb-b04a-d8ee9b720d1c\r\n",
"\\r\\n": "",
"http.request.full_uri": "https://95.217.22.76/key",
"http.request": "1",
"http.request_number": "1",
"http.response_in": "96",
"http.file_data": "{\"x\":333,\"y\":101}"
},
"json": {
"json.object": {
"json.member": {
"json.value.number": "333",
"json.key": "x"
},
"json.member": {
"json.value.number": "101",
"json.key": "y"
}
}
}
}
}
},
{
"_index": "packets-2020-07-13",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.interface_id_tree": {
"frame.interface_name": "wlp3s0"
},
"frame.encap_type": "1",
"frame.time": "Jul 13, 2020 07:45:50.395844320 PDT",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1594651550.395844320",
"frame.time_delta": "0.000303901",
"frame.time_delta_displayed": "1.412988171",
"frame.time_relative": "10.191589319",
"frame.number": "119",
"frame.len": "675",
"frame.cap_len": "675",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "eth:ethertype:ip:tcp:tls:http:json",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"eth": {
"eth.dst": "50:ff:20:10:b1:f0",
"eth.dst_tree": {
"eth.dst_resolved": "Keenetic_10:b1:f0",
"eth.addr": "50:ff:20:10:b1:f0",
"eth.addr_resolved": "Keenetic_10:b1:f0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.src": "8c:70:5a:f5:9b:d0",
"eth.src_tree": {
"eth.src_resolved": "IntelCor_f5:9b:d0",
"eth.addr": "8c:70:5a:f5:9b:d0",
"eth.addr_resolved": "IntelCor_f5:9b:d0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.type": "0x00000800"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000000",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "0"
},
"ip.len": "661",
"ip.id": "0x00008ef8",
"ip.flags": "0x00004000",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0",
"ip.frag_offset": "0"
},
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x00007194",
"ip.checksum.status": "2",
"ip.src": "192.168.1.9",
"ip.addr": "192.168.1.9",
"ip.src_host": "192.168.1.9",
"ip.host": "192.168.1.9",
"ip.dst": "95.217.22.76",
"ip.addr": "95.217.22.76",
"ip.dst_host": "95.217.22.76",
"ip.host": "95.217.22.76"
},
"tcp": {
"tcp.srcport": "50404",
"tcp.dstport": "443",
"tcp.port": "50404",
"tcp.port": "443",
"tcp.stream": "8",
"tcp.len": "609",
"tcp.seq": "569",
"tcp.nxtseq": "1178",
"tcp.ack": "142",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "·······AP···"
},
"tcp.window_size_value": "501",
"tcp.window_size": "64128",
"tcp.window_size_scalefactor": "128",
"tcp.checksum": "0x00001bb4",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:93:68:38:f2:33:01:82:b6",
"tcp.options_tree": {
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.timestamp": "08:0a:93:68:38:f2:33:01:82:b6",
"tcp.options.timestamp_tree": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "2473081074",
"tcp.options.timestamp.tsecr": "855737014"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.037886432",
"tcp.analysis.bytes_in_flight": "660",
"tcp.analysis.push_bytes_sent": "609"
},
"Timestamps": {
"tcp.time_relative": "0.076591348",
"tcp.time_delta": "0.000303901"
},
"tcp.payload": "17:03:03:02:5c:00:00:00:00:00:00:00:01:b0:51:ed:20:3c:6b:7f:8f:32:5e:bf:56:60:09:5e:e5:c1:36:e0:22:0f:5f:38:9c:6c:00:61:76:59:ee:88:91:bd:ae:0f:dd:d5:97:7b:a7:5a:7b:08:ee:56:43:dc:1f:e0:3f:9d:37:11:1f:3a:92:60:40:97:be:a5:4d:55:7b:11:ac:48:eb:78:a4:5d:33:67:e0:25:58:0c:9a:79:14:c3:8a:b2:49:42:d7:bd:36:9a:d3:51:4d:d9:23:dc:8d:02:bf:7d:50:f2:51:8d:9e:2f:f4:71:93:93:5f:56:4b:b5:6d:b5:fa:99:ce:3b:d4:56:3c:1e:af:d5:f5:db:b0:d1:9d:7b:e7:e7:82:00:ee:12:e6:ea:aa:1c:0a:49:fe:77:74:eb:6b:fc:51:12:79:92:aa:39:b7:df:45:63:77:4f:bd:d1:a4:aa:71:fe:fe:f0:d2:a4:eb:4b:95:68:1d:c9:36:d2:87:1e:30:6b:fe:de:24:d0:53:72:de:57:0b:a6:99:a2:62:5c:ad:f6:3b:bc:47:f3:1a:38:83:1a:ca:50:27:b9:82:22:e0:92:4d:da:b6:43:81:5b:27:e3:54:f6:dc:44:50:ba:e4:09:27:5c:d0:dc:89:78:e2:e4:1e:c7:9a:77:b8:3d:ff:28:15:5f:06:fc:60:4e:81:99:ab:09:05:1f:b0:51:77:ff:86:f8:76:c4:af:a5:5b:c8:19:02:38:ad:2b:a8:45:3b:4e:db:0f:42:23:4b:5e:b3:2a:63:86:76:01:05:07:d6:a0:a2:90:40:90:c6:e2:5e:88:b3:0a:c4:47:d2:07:28:ba:f1:e4:e0:11:3d:36:9d:0e:d5:7f:1a:f3:88:9b:7a:fc:65:2b:46:5a:bb:00:19:21:d7:3b:41:f0:31:db:7e:a0:78:3a:de:0c:f8:bb:d5:75:e2:f5:d6:ce:08:3c:57:48:bc:a3:9f:c2:29:70:f1:c5:05:e6:a8:29:d9:fa:a5:77:90:1d:91:41:eb:1c:00:38:6c:90:41:78:d0:87:42:04:4c:9e:40:63:50:d8:70:10:43:82:64:f6:d9:98:41:43:ad:79:84:cb:50:79:5d:93:a6:c2:07:0b:89:ea:38:7f:1d:78:2e:8d:0a:0e:75:85:e8:cc:de:3b:23:41:5e:fa:9a:ae:47:ea:ee:83:8e:24:28:7f:18:60:e8:65:d4:a1:96:fc:f9:f5:a0:52:ba:d6:9a:d0:44:fb:de:39:0d:d9:38:87:d8:56:3d:56:e8:70:b4:08:da:04:05:52:99:8b:0b:bf:6b:27:d5:31:c2:34:9f:45:2a:05:81:34:1d:40:4e:7f:6c:2d:fa:fe:45:02:87:8f:70:d9:f7:cc:9d:02:db:70:08:6b:b9:c1:6d:f9:76:d5:b5:25:7f:62:99:1d:7a:6d:ab:8d:f5:1b:53:dd:3f:d2:96:a1:34:6e:68:d3:d9:38:7e:db:5a:f3:ce:4a:c3:3a:97:a1:18:29:d2:bc:2f:9c:97:f2:04:f5:97:29:d2:6d:63:1a:9f:8c:d3:79:9a:1d:8d:81:4e:c6:8d:14:e3:80:b8:ae"
},
"tls": {
"tls.record": {
"tls.record.content_type": "23",
"tls.record.version": "0x00000303",
"tls.record.length": "604",
"tls.app_data": "00:00:00:00:00:00:00:01:b0:51:ed:20:3c:6b:7f:8f:32:5e:bf:56:60:09:5e:e5:c1:36:e0:22:0f:5f:38:9c:6c:00:61:76:59:ee:88:91:bd:ae:0f:dd:d5:97:7b:a7:5a:7b:08:ee:56:43:dc:1f:e0:3f:9d:37:11:1f:3a:92:60:40:97:be:a5:4d:55:7b:11:ac:48:eb:78:a4:5d:33:67:e0:25:58:0c:9a:79:14:c3:8a:b2:49:42:d7:bd:36:9a:d3:51:4d:d9:23:dc:8d:02:bf:7d:50:f2:51:8d:9e:2f:f4:71:93:93:5f:56:4b:b5:6d:b5:fa:99:ce:3b:d4:56:3c:1e:af:d5:f5:db:b0:d1:9d:7b:e7:e7:82:00:ee:12:e6:ea:aa:1c:0a:49:fe:77:74:eb:6b:fc:51:12:79:92:aa:39:b7:df:45:63:77:4f:bd:d1:a4:aa:71:fe:fe:f0:d2:a4:eb:4b:95:68:1d:c9:36:d2:87:1e:30:6b:fe:de:24:d0:53:72:de:57:0b:a6:99:a2:62:5c:ad:f6:3b:bc:47:f3:1a:38:83:1a:ca:50:27:b9:82:22:e0:92:4d:da:b6:43:81:5b:27:e3:54:f6:dc:44:50:ba:e4:09:27:5c:d0:dc:89:78:e2:e4:1e:c7:9a:77:b8:3d:ff:28:15:5f:06:fc:60:4e:81:99:ab:09:05:1f:b0:51:77:ff:86:f8:76:c4:af:a5:5b:c8:19:02:38:ad:2b:a8:45:3b:4e:db:0f:42:23:4b:5e:b3:2a:63:86:76:01:05:07:d6:a0:a2:90:40:90:c6:e2:5e:88:b3:0a:c4:47:d2:07:28:ba:f1:e4:e0:11:3d:36:9d:0e:d5:7f:1a:f3:88:9b:7a:fc:65:2b:46:5a:bb:00:19:21:d7:3b:41:f0:31:db:7e:a0:78:3a:de:0c:f8:bb:d5:75:e2:f5:d6:ce:08:3c:57:48:bc:a3:9f:c2:29:70:f1:c5:05:e6:a8:29:d9:fa:a5:77:90:1d:91:41:eb:1c:00:38:6c:90:41:78:d0:87:42:04:4c:9e:40:63:50:d8:70:10:43:82:64:f6:d9:98:41:43:ad:79:84:cb:50:79:5d:93:a6:c2:07:0b:89:ea:38:7f:1d:78:2e:8d:0a:0e:75:85:e8:cc:de:3b:23:41:5e:fa:9a:ae:47:ea:ee:83:8e:24:28:7f:18:60:e8:65:d4:a1:96:fc:f9:f5:a0:52:ba:d6:9a:d0:44:fb:de:39:0d:d9:38:87:d8:56:3d:56:e8:70:b4:08:da:04:05:52:99:8b:0b:bf:6b:27:d5:31:c2:34:9f:45:2a:05:81:34:1d:40:4e:7f:6c:2d:fa:fe:45:02:87:8f:70:d9:f7:cc:9d:02:db:70:08:6b:b9:c1:6d:f9:76:d5:b5:25:7f:62:99:1d:7a:6d:ab:8d:f5:1b:53:dd:3f:d2:96:a1:34:6e:68:d3:d9:38:7e:db:5a:f3:ce:4a:c3:3a:97:a1:18:29:d2:bc:2f:9c:97:f2:04:f5:97:29:d2:6d:63:1a:9f:8c:d3:79:9a:1d:8d:81:4e:c6:8d:14:e3:80:b8:ae"
}
},
"http": {
"POST /key HTTP/1.1\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "POST /key HTTP/1.1\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.method": "POST",
"http.request.uri": "/key",
"http.request.version": "HTTP/1.1"
},
"http.host": "95.217.22.76",
"http.request.line": "Host: 95.217.22.76\r\n",
"http.connection": "keep-alive",
"http.request.line": "Connection: keep-alive\r\n",
"http.content_length_header": "16",
"http.content_length_header_tree": {
"http.content_length": "16"
},
"http.request.line": "Content-Length: 16\r\n",
"http.accept": "*/*",
"http.request.line": "Accept: */*\r\n",
"http.request.line": "X-Requested-With: XMLHttpRequest\r\n",
"http.user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36",
"http.request.line": "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36\r\n",
"http.content_type": "application/json",
"http.request.line": "Content-Type: application/json\r\n",
"http.request.line": "Origin: https://95.217.22.76\r\n",
"http.request.line": "Sec-Fetch-Site: same-origin\r\n",
"http.request.line": "Sec-Fetch-Mode: cors\r\n",
"http.request.line": "Sec-Fetch-Dest: empty\r\n",
"http.referer": "https://95.217.22.76/",
"http.request.line": "Referer: https://95.217.22.76/\r\n",
"http.accept_encoding": "gzip, deflate, br",
"http.request.line": "Accept-Encoding: gzip, deflate, br\r\n",
"http.accept_language": "ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7",
"http.request.line": "Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7\r\n",
"http.cookie": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c",
"http.cookie_tree": {
"http.cookie_pair": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c"
},
"http.request.line": "Cookie: session=fe307005-3191-4dfb-b04a-d8ee9b720d1c\r\n",
"\\r\\n": "",
"http.request.full_uri": "https://95.217.22.76/key",
"http.request": "1",
"http.request_number": "1",
"http.response_in": "124",
"http.file_data": "{\"x\":113,\"y\":58}"
},
"json": {
"json.object": {
"json.member": {
"json.value.number": "113",
"json.key": "x"
},
"json.member": {
"json.value.number": "58",
"json.key": "y"
}
}
}
}
}
},
{
"_index": "packets-2020-07-13",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.interface_id_tree": {
"frame.interface_name": "wlp3s0"
},
"frame.encap_type": "1",
"frame.time": "Jul 13, 2020 07:45:51.863049601 PDT",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1594651551.863049601",
"frame.time_delta": "0.000593128",
"frame.time_delta_displayed": "1.467205281",
"frame.time_relative": "11.658794600",
"frame.number": "147",
"frame.len": "675",
"frame.cap_len": "675",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "eth:ethertype:ip:tcp:tls:http:json",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"eth": {
"eth.dst": "50:ff:20:10:b1:f0",
"eth.dst_tree": {
"eth.dst_resolved": "Keenetic_10:b1:f0",
"eth.addr": "50:ff:20:10:b1:f0",
"eth.addr_resolved": "Keenetic_10:b1:f0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.src": "8c:70:5a:f5:9b:d0",
"eth.src_tree": {
"eth.src_resolved": "IntelCor_f5:9b:d0",
"eth.addr": "8c:70:5a:f5:9b:d0",
"eth.addr_resolved": "IntelCor_f5:9b:d0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.type": "0x00000800"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000000",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "0"
},
"ip.len": "661",
"ip.id": "0x0000cce9",
"ip.flags": "0x00004000",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0",
"ip.frag_offset": "0"
},
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x000033a3",
"ip.checksum.status": "2",
"ip.src": "192.168.1.9",
"ip.addr": "192.168.1.9",
"ip.src_host": "192.168.1.9",
"ip.host": "192.168.1.9",
"ip.dst": "95.217.22.76",
"ip.addr": "95.217.22.76",
"ip.dst_host": "95.217.22.76",
"ip.host": "95.217.22.76"
},
"tcp": {
"tcp.srcport": "50408",
"tcp.dstport": "443",
"tcp.port": "50408",
"tcp.port": "443",
"tcp.stream": "10",
"tcp.len": "609",
"tcp.seq": "569",
"tcp.nxtseq": "1178",
"tcp.ack": "142",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "·······AP···"
},
"tcp.window_size_value": "501",
"tcp.window_size": "64128",
"tcp.window_size_scalefactor": "128",
"tcp.checksum": "0x0000bbd9",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:93:68:3e:ad:33:01:88:70",
"tcp.options_tree": {
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.timestamp": "08:0a:93:68:3e:ad:33:01:88:70",
"tcp.options.timestamp_tree": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "2473082541",
"tcp.options.timestamp.tsecr": "855738480"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.037939254",
"tcp.analysis.bytes_in_flight": "660",
"tcp.analysis.push_bytes_sent": "609"
},
"Timestamps": {
"tcp.time_relative": "0.077669732",
"tcp.time_delta": "0.000593128"
},
"tcp.payload": "17:03:03:02:5c:00:00:00:00:00:00:00:01:bf:38:07:66:ab:90:e4:4a:2e:be:b2:01:fe:43:ea:7b:63:12:6d:44:ad:a6:92:7c:4f:66:b2:58:09:d3:03:7e:20:bf:e7:89:ff:d0:b5:1f:43:d8:48:f3:fd:65:45:97:27:97:59:58:57:7e:17:cc:59:96:51:7d:fa:2f:ee:aa:1c:e8:73:4b:4f:64:4e:72:9c:fc:77:93:9a:cf:3a:29:f6:72:fa:a8:f1:21:68:51:55:7c:b4:f8:42:85:e6:df:ae:c4:f8:45:75:63:b4:af:43:7c:67:ec:02:28:94:46:9e:56:81:9b:bc:d3:93:60:3b:13:13:04:86:d3:32:9b:cb:ca:6e:4a:e6:e4:76:01:79:d8:d1:0b:5f:6a:95:3c:f9:6c:67:fe:25:cc:67:c8:72:56:b3:06:50:1b:b5:2d:e1:e1:af:e9:a6:9e:44:42:d1:8c:45:3a:bb:0b:2b:90:1a:a8:5d:51:7d:eb:d3:02:24:e6:dd:a2:33:d0:13:4a:6c:02:22:3c:6b:16:53:05:84:bd:aa:90:f7:9c:54:ec:10:2f:ba:81:b7:06:b0:4a:81:b9:55:3f:74:7e:c1:d7:9e:be:d6:4b:1d:ca:b6:2f:60:df:86:c9:1f:60:f8:7f:6d:79:03:06:0e:97:70:8a:3e:37:a5:e8:1e:b8:0e:9f:41:41:7d:c9:4b:e7:d3:5f:de:a0:95:35:cf:c3:db:c1:36:53:95:87:63:aa:ee:27:41:c2:1c:cc:3c:af:f6:3c:42:5e:96:6f:58:05:26:db:0f:9a:2b:14:88:05:10:a6:c1:4a:79:ee:b6:81:b1:78:24:5e:2e:b6:db:60:63:af:cf:7d:8c:b8:4f:42:b5:e5:cc:23:ee:25:fe:0f:53:2a:88:0d:0d:d6:b5:3f:65:52:8d:95:3c:86:a9:39:a4:9a:21:20:f4:58:63:85:56:13:a9:e1:0f:0c:f5:61:94:bd:3c:e3:2a:6c:16:eb:34:f7:36:c5:3d:c4:04:37:42:a9:59:64:6b:2c:60:8b:02:a2:60:2e:bd:3b:f6:f0:24:7e:6f:25:87:97:df:a1:aa:ec:d5:91:b1:b4:50:f8:d4:fd:25:e1:88:68:ba:0d:ef:de:7f:3f:60:1f:b0:a2:52:ac:2b:fd:66:df:f1:8b:44:8b:61:b6:00:31:f7:c2:dd:10:4e:47:55:4d:f2:12:80:31:80:8d:ce:cf:34:9e:30:a0:12:ae:70:99:85:71:be:64:eb:d0:8d:c9:ab:7d:71:e8:cb:1b:ef:de:6f:7f:3b:84:7e:b7:ab:e3:5d:dc:28:61:2b:f1:73:36:d6:a8:3b:e4:1d:ae:ff:f4:c8:78:4f:5f:8a:0d:5e:df:1d:3a:c3:3c:cc:18:4c:f5:db:7e:09:55:32:3f:7e:5a:db:78:4f:63:04:2a:5f:d9:c7:8e:74:8a:e0:5c:81:69:8a:2d:d2:70:6b:d8:de:17:dc:15:9d:3c:32:09:ff:30:e7:a1:ee:e2:a8:f1:ac:95:e0:f5:a8:f0:c7:1e:6b:88:26:d0:7e:a7:69:79:e9:46:56:a1:2a:d4:4c:10:58:e3"
},
"tls": {
"tls.record": {
"tls.record.content_type": "23",
"tls.record.version": "0x00000303",
"tls.record.length": "604",
"tls.app_data": "00:00:00:00:00:00:00:01:bf:38:07:66:ab:90:e4:4a:2e:be:b2:01:fe:43:ea:7b:63:12:6d:44:ad:a6:92:7c:4f:66:b2:58:09:d3:03:7e:20:bf:e7:89:ff:d0:b5:1f:43:d8:48:f3:fd:65:45:97:27:97:59:58:57:7e:17:cc:59:96:51:7d:fa:2f:ee:aa:1c:e8:73:4b:4f:64:4e:72:9c:fc:77:93:9a:cf:3a:29:f6:72:fa:a8:f1:21:68:51:55:7c:b4:f8:42:85:e6:df:ae:c4:f8:45:75:63:b4:af:43:7c:67:ec:02:28:94:46:9e:56:81:9b:bc:d3:93:60:3b:13:13:04:86:d3:32:9b:cb:ca:6e:4a:e6:e4:76:01:79:d8:d1:0b:5f:6a:95:3c:f9:6c:67:fe:25:cc:67:c8:72:56:b3:06:50:1b:b5:2d:e1:e1:af:e9:a6:9e:44:42:d1:8c:45:3a:bb:0b:2b:90:1a:a8:5d:51:7d:eb:d3:02:24:e6:dd:a2:33:d0:13:4a:6c:02:22:3c:6b:16:53:05:84:bd:aa:90:f7:9c:54:ec:10:2f:ba:81:b7:06:b0:4a:81:b9:55:3f:74:7e:c1:d7:9e:be:d6:4b:1d:ca:b6:2f:60:df:86:c9:1f:60:f8:7f:6d:79:03:06:0e:97:70:8a:3e:37:a5:e8:1e:b8:0e:9f:41:41:7d:c9:4b:e7:d3:5f:de:a0:95:35:cf:c3:db:c1:36:53:95:87:63:aa:ee:27:41:c2:1c:cc:3c:af:f6:3c:42:5e:96:6f:58:05:26:db:0f:9a:2b:14:88:05:10:a6:c1:4a:79:ee:b6:81:b1:78:24:5e:2e:b6:db:60:63:af:cf:7d:8c:b8:4f:42:b5:e5:cc:23:ee:25:fe:0f:53:2a:88:0d:0d:d6:b5:3f:65:52:8d:95:3c:86:a9:39:a4:9a:21:20:f4:58:63:85:56:13:a9:e1:0f:0c:f5:61:94:bd:3c:e3:2a:6c:16:eb:34:f7:36:c5:3d:c4:04:37:42:a9:59:64:6b:2c:60:8b:02:a2:60:2e:bd:3b:f6:f0:24:7e:6f:25:87:97:df:a1:aa:ec:d5:91:b1:b4:50:f8:d4:fd:25:e1:88:68:ba:0d:ef:de:7f:3f:60:1f:b0:a2:52:ac:2b:fd:66:df:f1:8b:44:8b:61:b6:00:31:f7:c2:dd:10:4e:47:55:4d:f2:12:80:31:80:8d:ce:cf:34:9e:30:a0:12:ae:70:99:85:71:be:64:eb:d0:8d:c9:ab:7d:71:e8:cb:1b:ef:de:6f:7f:3b:84:7e:b7:ab:e3:5d:dc:28:61:2b:f1:73:36:d6:a8:3b:e4:1d:ae:ff:f4:c8:78:4f:5f:8a:0d:5e:df:1d:3a:c3:3c:cc:18:4c:f5:db:7e:09:55:32:3f:7e:5a:db:78:4f:63:04:2a:5f:d9:c7:8e:74:8a:e0:5c:81:69:8a:2d:d2:70:6b:d8:de:17:dc:15:9d:3c:32:09:ff:30:e7:a1:ee:e2:a8:f1:ac:95:e0:f5:a8:f0:c7:1e:6b:88:26:d0:7e:a7:69:79:e9:46:56:a1:2a:d4:4c:10:58:e3"
}
},
"http": {
"POST /key HTTP/1.1\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "POST /key HTTP/1.1\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.method": "POST",
"http.request.uri": "/key",
"http.request.version": "HTTP/1.1"
},
"http.host": "95.217.22.76",
"http.request.line": "Host: 95.217.22.76\r\n",
"http.connection": "keep-alive",
"http.request.line": "Connection: keep-alive\r\n",
"http.content_length_header": "16",
"http.content_length_header_tree": {
"http.content_length": "16"
},
"http.request.line": "Content-Length: 16\r\n",
"http.accept": "*/*",
"http.request.line": "Accept: */*\r\n",
"http.request.line": "X-Requested-With: XMLHttpRequest\r\n",
"http.user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36",
"http.request.line": "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36\r\n",
"http.content_type": "application/json",
"http.request.line": "Content-Type: application/json\r\n",
"http.request.line": "Origin: https://95.217.22.76\r\n",
"http.request.line": "Sec-Fetch-Site: same-origin\r\n",
"http.request.line": "Sec-Fetch-Mode: cors\r\n",
"http.request.line": "Sec-Fetch-Dest: empty\r\n",
"http.referer": "https://95.217.22.76/",
"http.request.line": "Referer: https://95.217.22.76/\r\n",
"http.accept_encoding": "gzip, deflate, br",
"http.request.line": "Accept-Encoding: gzip, deflate, br\r\n",
"http.accept_language": "ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7",
"http.request.line": "Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7\r\n",
"http.cookie": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c",
"http.cookie_tree": {
"http.cookie_pair": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c"
},
"http.request.line": "Cookie: session=fe307005-3191-4dfb-b04a-d8ee9b720d1c\r\n",
"\\r\\n": "",
"http.request.full_uri": "https://95.217.22.76/key",
"http.request": "1",
"http.request_number": "1",
"http.response_in": "152",
"http.file_data": "{\"x\":653,\"y\":50}"
},
"json": {
"json.object": {
"json.member": {
"json.value.number": "653",
"json.key": "x"
},
"json.member": {
"json.value.number": "50",
"json.key": "y"
}
}
}
}
}
},
{
"_index": "packets-2020-07-13",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.interface_id_tree": {
"frame.interface_name": "wlp3s0"
},
"frame.encap_type": "1",
"frame.time": "Jul 13, 2020 07:45:53.506047724 PDT",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1594651553.506047724",
"frame.time_delta": "0.000479928",
"frame.time_delta_displayed": "1.642998123",
"frame.time_relative": "13.301792723",
"frame.number": "175",
"frame.len": "675",
"frame.cap_len": "675",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "eth:ethertype:ip:tcp:tls:http:json",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"eth": {
"eth.dst": "50:ff:20:10:b1:f0",
"eth.dst_tree": {
"eth.dst_resolved": "Keenetic_10:b1:f0",
"eth.addr": "50:ff:20:10:b1:f0",
"eth.addr_resolved": "Keenetic_10:b1:f0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.src": "8c:70:5a:f5:9b:d0",
"eth.src_tree": {
"eth.src_resolved": "IntelCor_f5:9b:d0",
"eth.addr": "8c:70:5a:f5:9b:d0",
"eth.addr_resolved": "IntelCor_f5:9b:d0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.type": "0x00000800"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000000",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "0"
},
"ip.len": "661",
"ip.id": "0x0000bb54",
"ip.flags": "0x00004000",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0",
"ip.frag_offset": "0"
},
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x00004538",
"ip.checksum.status": "2",
"ip.src": "192.168.1.9",
"ip.addr": "192.168.1.9",
"ip.src_host": "192.168.1.9",
"ip.host": "192.168.1.9",
"ip.dst": "95.217.22.76",
"ip.addr": "95.217.22.76",
"ip.dst_host": "95.217.22.76",
"ip.host": "95.217.22.76"
},
"tcp": {
"tcp.srcport": "50412",
"tcp.dstport": "443",
"tcp.port": "50412",
"tcp.port": "443",
"tcp.stream": "12",
"tcp.len": "609",
"tcp.seq": "569",
"tcp.nxtseq": "1178",
"tcp.ack": "142",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "·······AP···"
},
"tcp.window_size_value": "501",
"tcp.window_size": "64128",
"tcp.window_size_scalefactor": "128",
"tcp.checksum": "0x000080e0",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:93:68:45:18:33:01:8e:dc",
"tcp.options_tree": {
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.timestamp": "08:0a:93:68:45:18:33:01:8e:dc",
"tcp.options.timestamp_tree": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "2473084184",
"tcp.options.timestamp.tsecr": "855740124"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.037408131",
"tcp.analysis.bytes_in_flight": "660",
"tcp.analysis.push_bytes_sent": "609"
},
"Timestamps": {
"tcp.time_relative": "0.076906715",
"tcp.time_delta": "0.000479928"
},
"tcp.payload": "17:03:03:02:5c:00:00:00:00:00:00:00:01:50:ea:19:29:3c:16:b2:25:cb:5f:92:fd:ad:43:eb:1e:fd:30:8c:f1:fd:8a:b4:4c:b3:8c:b5:db:c5:b7:6b:1f:01:c3:ed:e8:79:38:13:3e:0d:ae:b8:03:70:7a:43:99:ab:9f:c9:cd:88:56:03:ae:39:b3:3a:70:ed:9b:8d:2b:98:39:fb:04:57:0a:6d:11:b2:6d:ca:46:36:a2:35:17:06:50:59:fb:79:be:50:b1:e1:ae:93:ff:ba:4f:fb:5e:f7:fc:75:a7:bb:9f:ea:c2:fa:63:fd:92:07:79:7d:dc:ec:e3:c0:6d:90:4a:31:6f:db:e1:79:69:18:3f:d9:e4:2f:6e:13:9d:2a:01:9c:c2:ba:24:3c:8c:21:b6:fb:d9:12:60:2b:a4:d5:d9:07:df:e8:ec:47:81:82:55:a4:ee:78:4f:07:9e:fb:2b:0d:4d:12:07:fa:8b:f0:ec:8a:ed:2a:9d:aa:71:99:09:a3:c8:03:b7:9c:f5:10:0e:9d:f0:d2:37:16:ad:49:19:94:ee:d0:71:ff:2b:9c:08:60:78:48:56:fe:13:72:c3:dc:44:6b:c0:5f:c7:d7:5b:5a:53:91:57:e4:08:15:ce:fc:6c:2f:14:15:03:36:80:a3:10:8d:17:35:1b:5c:f8:de:fb:5a:49:dd:30:dd:0e:92:d1:12:b5:7d:5a:d6:ab:d0:0c:38:90:55:50:df:9e:e3:be:7e:27:b5:41:0a:9b:83:24:bd:1f:ac:55:38:6b:c6:00:6c:bb:f8:c2:c1:b8:f3:f8:85:e6:8c:de:0a:1b:d3:09:20:a0:cc:c9:1e:e6:ac:b8:28:9d:3b:10:31:85:f8:70:60:8b:67:d2:30:85:01:7d:6a:c6:b7:8a:7f:a2:de:2b:f6:88:a8:68:93:79:63:ae:30:3a:da:19:52:61:7b:4e:48:ba:e0:37:fe:84:b6:cb:6c:ae:20:16:ea:14:18:f1:5c:af:ce:3f:d9:ef:45:73:4a:94:a5:fb:c0:b7:2f:92:a7:8a:65:7f:07:dc:07:19:72:58:2d:94:dd:b7:c7:91:8f:23:fe:08:d0:23:f4:8d:14:a7:14:4d:0c:74:b3:41:d2:4a:64:52:a6:9a:9c:97:e4:3c:48:cd:0b:ad:69:7a:da:aa:f0:c5:6d:7c:02:1d:0b:7f:99:16:c4:62:ca:a0:ee:7d:1e:76:6e:c6:5d:2c:25:89:09:d3:2a:8b:9d:9c:8b:eb:8a:01:40:dd:85:5d:24:e9:31:36:32:b8:3c:ca:a7:73:22:12:7c:a3:25:db:8b:0e:8c:3c:25:60:67:fc:52:fe:e2:6b:b1:47:51:d8:b2:77:60:80:56:ee:a6:c3:cd:ad:76:0a:d9:bf:16:98:ca:eb:76:19:ad:ea:d5:35:32:9c:bf:4e:64:91:4a:f0:b1:83:fa:f3:37:bb:14:df:66:8c:2c:bd:4e:4c:68:02:2f:9a:12:35:00:9e:4d:98:40:a4:8d:3b:68:49:7a:87:6f:f8:6d:dc:71:06:a1:a5:19:c0:75:36:dd:1d:ff:7d:36:b5:0e:b5:e4:0f:5c:4a:11:99:ab:1d"
},
"tls": {
"tls.record": {
"tls.record.content_type": "23",
"tls.record.version": "0x00000303",
"tls.record.length": "604",
"tls.app_data": "00:00:00:00:00:00:00:01:50:ea:19:29:3c:16:b2:25:cb:5f:92:fd:ad:43:eb:1e:fd:30:8c:f1:fd:8a:b4:4c:b3:8c:b5:db:c5:b7:6b:1f:01:c3:ed:e8:79:38:13:3e:0d:ae:b8:03:70:7a:43:99:ab:9f:c9:cd:88:56:03:ae:39:b3:3a:70:ed:9b:8d:2b:98:39:fb:04:57:0a:6d:11:b2:6d:ca:46:36:a2:35:17:06:50:59:fb:79:be:50:b1:e1:ae:93:ff:ba:4f:fb:5e:f7:fc:75:a7:bb:9f:ea:c2:fa:63:fd:92:07:79:7d:dc:ec:e3:c0:6d:90:4a:31:6f:db:e1:79:69:18:3f:d9:e4:2f:6e:13:9d:2a:01:9c:c2:ba:24:3c:8c:21:b6:fb:d9:12:60:2b:a4:d5:d9:07:df:e8:ec:47:81:82:55:a4:ee:78:4f:07:9e:fb:2b:0d:4d:12:07:fa:8b:f0:ec:8a:ed:2a:9d:aa:71:99:09:a3:c8:03:b7:9c:f5:10:0e:9d:f0:d2:37:16:ad:49:19:94:ee:d0:71:ff:2b:9c:08:60:78:48:56:fe:13:72:c3:dc:44:6b:c0:5f:c7:d7:5b:5a:53:91:57:e4:08:15:ce:fc:6c:2f:14:15:03:36:80:a3:10:8d:17:35:1b:5c:f8:de:fb:5a:49:dd:30:dd:0e:92:d1:12:b5:7d:5a:d6:ab:d0:0c:38:90:55:50:df:9e:e3:be:7e:27:b5:41:0a:9b:83:24:bd:1f:ac:55:38:6b:c6:00:6c:bb:f8:c2:c1:b8:f3:f8:85:e6:8c:de:0a:1b:d3:09:20:a0:cc:c9:1e:e6:ac:b8:28:9d:3b:10:31:85:f8:70:60:8b:67:d2:30:85:01:7d:6a:c6:b7:8a:7f:a2:de:2b:f6:88:a8:68:93:79:63:ae:30:3a:da:19:52:61:7b:4e:48:ba:e0:37:fe:84:b6:cb:6c:ae:20:16:ea:14:18:f1:5c:af:ce:3f:d9:ef:45:73:4a:94:a5:fb:c0:b7:2f:92:a7:8a:65:7f:07:dc:07:19:72:58:2d:94:dd:b7:c7:91:8f:23:fe:08:d0:23:f4:8d:14:a7:14:4d:0c:74:b3:41:d2:4a:64:52:a6:9a:9c:97:e4:3c:48:cd:0b:ad:69:7a:da:aa:f0:c5:6d:7c:02:1d:0b:7f:99:16:c4:62:ca:a0:ee:7d:1e:76:6e:c6:5d:2c:25:89:09:d3:2a:8b:9d:9c:8b:eb:8a:01:40:dd:85:5d:24:e9:31:36:32:b8:3c:ca:a7:73:22:12:7c:a3:25:db:8b:0e:8c:3c:25:60:67:fc:52:fe:e2:6b:b1:47:51:d8:b2:77:60:80:56:ee:a6:c3:cd:ad:76:0a:d9:bf:16:98:ca:eb:76:19:ad:ea:d5:35:32:9c:bf:4e:64:91:4a:f0:b1:83:fa:f3:37:bb:14:df:66:8c:2c:bd:4e:4c:68:02:2f:9a:12:35:00:9e:4d:98:40:a4:8d:3b:68:49:7a:87:6f:f8:6d:dc:71:06:a1:a5:19:c0:75:36:dd:1d:ff:7d:36:b5:0e:b5:e4:0f:5c:4a:11:99:ab:1d"
}
},
"http": {
"POST /key HTTP/1.1\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "POST /key HTTP/1.1\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.method": "POST",
"http.request.uri": "/key",
"http.request.version": "HTTP/1.1"
},
"http.host": "95.217.22.76",
"http.request.line": "Host: 95.217.22.76\r\n",
"http.connection": "keep-alive",
"http.request.line": "Connection: keep-alive\r\n",
"http.content_length_header": "16",
"http.content_length_header_tree": {
"http.content_length": "16"
},
"http.request.line": "Content-Length: 16\r\n",
"http.accept": "*/*",
"http.request.line": "Accept: */*\r\n",
"http.request.line": "X-Requested-With: XMLHttpRequest\r\n",
"http.user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36",
"http.request.line": "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36\r\n",
"http.content_type": "application/json",
"http.request.line": "Content-Type: application/json\r\n",
"http.request.line": "Origin: https://95.217.22.76\r\n",
"http.request.line": "Sec-Fetch-Site: same-origin\r\n",
"http.request.line": "Sec-Fetch-Mode: cors\r\n",
"http.request.line": "Sec-Fetch-Dest: empty\r\n",
"http.referer": "https://95.217.22.76/",
"http.request.line": "Referer: https://95.217.22.76/\r\n",
"http.accept_encoding": "gzip, deflate, br",
"http.request.line": "Accept-Encoding: gzip, deflate, br\r\n",
"http.accept_language": "ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7",
"http.request.line": "Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7\r\n",
"http.cookie": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c",
"http.cookie_tree": {
"http.cookie_pair": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c"
},
"http.request.line": "Cookie: session=fe307005-3191-4dfb-b04a-d8ee9b720d1c\r\n",
"\\r\\n": "",
"http.request.full_uri": "https://95.217.22.76/key",
"http.request": "1",
"http.request_number": "1",
"http.response_in": "180",
"http.file_data": "{\"x\":588,\"y\":27}"
},
"json": {
"json.object": {
"json.member": {
"json.value.number": "588",
"json.key": "x"
},
"json.member": {
"json.value.number": "27",
"json.key": "y"
}
}
}
}
}
},
{
"_index": "packets-2020-07-13",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.interface_id_tree": {
"frame.interface_name": "wlp3s0"
},
"frame.encap_type": "1",
"frame.time": "Jul 13, 2020 07:45:55.843183334 PDT",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1594651555.843183334",
"frame.time_delta": "0.000456879",
"frame.time_delta_displayed": "2.337135610",
"frame.time_relative": "15.638928333",
"frame.number": "204",
"frame.len": "676",
"frame.cap_len": "676",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "eth:ethertype:ip:tcp:tls:http:json",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"eth": {
"eth.dst": "50:ff:20:10:b1:f0",
"eth.dst_tree": {
"eth.dst_resolved": "Keenetic_10:b1:f0",
"eth.addr": "50:ff:20:10:b1:f0",
"eth.addr_resolved": "Keenetic_10:b1:f0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.src": "8c:70:5a:f5:9b:d0",
"eth.src_tree": {
"eth.src_resolved": "IntelCor_f5:9b:d0",
"eth.addr": "8c:70:5a:f5:9b:d0",
"eth.addr_resolved": "IntelCor_f5:9b:d0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.type": "0x00000800"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000000",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "0"
},
"ip.len": "662",
"ip.id": "0x00008fe1",
"ip.flags": "0x00004000",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0",
"ip.frag_offset": "0"
},
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x000070aa",
"ip.checksum.status": "2",
"ip.src": "192.168.1.9",
"ip.addr": "192.168.1.9",
"ip.src_host": "192.168.1.9",
"ip.host": "192.168.1.9",
"ip.dst": "95.217.22.76",
"ip.addr": "95.217.22.76",
"ip.dst_host": "95.217.22.76",
"ip.host": "95.217.22.76"
},
"tcp": {
"tcp.srcport": "50416",
"tcp.dstport": "443",
"tcp.port": "50416",
"tcp.port": "443",
"tcp.stream": "14",
"tcp.len": "610",
"tcp.seq": "569",
"tcp.nxtseq": "1179",
"tcp.ack": "142",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "·······AP···"
},
"tcp.window_size_value": "501",
"tcp.window_size": "64128",
"tcp.window_size_scalefactor": "128",
"tcp.checksum": "0x00007e34",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:93:68:4e:39:33:01:97:e9",
"tcp.options_tree": {
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.timestamp": "08:0a:93:68:4e:39:33:01:97:e9",
"tcp.options.timestamp_tree": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "2473086521",
"tcp.options.timestamp.tsecr": "855742441"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.038973617",
"tcp.analysis.bytes_in_flight": "661",
"tcp.analysis.push_bytes_sent": "610"
},
"Timestamps": {
"tcp.time_relative": "0.100106758",
"tcp.time_delta": "0.000456879"
},
"tcp.payload": "17:03:03:02:5d:00:00:00:00:00:00:00:01:1f:4e:47:99:53:22:dd:5e:4d:f6:0d:de:88:86:a0:56:d5:ed:b7:a7:f9:95:4b:f8:2f:0f:00:b4:76:ec:69:f8:19:d4:2e:17:53:01:97:01:dc:cf:53:8d:c9:b5:71:2b:90:1b:68:dd:43:9e:30:db:6a:2b:15:9c:c5:12:c5:19:4b:da:02:9c:60:e0:58:0c:9d:54:57:b7:6a:54:06:5c:f2:3a:2c:2e:1b:4c:91:ff:f9:3e:89:8d:8f:9f:98:da:0f:5f:ae:14:8c:c7:19:be:68:e5:3d:f7:4b:36:b9:96:9b:13:c5:6a:0a:6d:77:8d:83:24:13:28:a5:e1:2a:8b:a4:ff:21:79:a5:26:69:2f:2e:b2:8b:42:a5:68:03:35:cb:f7:b3:e4:e9:c1:c0:78:00:b9:bc:20:6b:d1:67:94:87:04:b0:d9:60:8f:e4:ce:1f:0d:23:79:f6:8e:66:d6:5b:e5:71:46:3f:58:95:10:73:db:42:4c:17:d0:a5:c0:b7:c8:c6:f8:c4:70:c7:1d:4a:4b:c9:b3:f2:2a:da:c7:f1:47:7a:d8:b9:e1:93:f7:a7:0d:88:94:64:ac:fa:b4:18:45:08:fb:2b:61:e3:4e:7c:97:9e:55:3a:be:28:f3:64:7b:e7:e7:23:5f:a3:05:bd:1c:bd:36:1d:9f:d5:af:00:50:5f:11:ab:2e:25:8d:f2:63:f7:eb:37:dd:92:60:c8:8f:ac:07:b1:70:08:bc:00:8b:50:97:72:a3:89:33:3f:23:11:12:83:df:3d:e8:7d:f1:bb:e6:43:ba:f7:d9:43:ec:cb:43:d0:8a:4e:e5:93:42:ec:56:0b:0b:da:f9:e0:26:cb:39:80:7b:0e:7a:dc:9d:c4:4e:0a:1b:fb:88:b0:1e:6a:a8:ac:47:c7:c7:70:6e:67:3c:97:64:7a:02:22:40:fb:eb:08:53:e4:84:c8:d4:f5:08:c1:16:81:66:e0:5b:30:35:dc:c9:ed:de:8a:8a:65:c5:55:3d:4e:80:a9:f2:82:44:78:e0:52:d0:84:f1:04:14:cc:88:4e:38:7f:06:33:2c:e7:9b:76:aa:79:3e:b4:b0:db:4b:6f:34:be:9b:03:de:d1:08:b2:63:dd:42:28:6f:7c:f9:fb:2e:47:f7:eb:96:b2:36:a0:ab:b6:6b:72:4a:37:2f:b1:11:bc:ec:f0:d1:85:f3:ca:b4:57:45:7b:f1:f7:26:bc:d8:ac:3d:c2:1c:5c:7d:39:4a:3a:34:b5:d0:b9:21:6d:27:00:86:95:2c:08:2b:e2:77:d5:2d:47:8b:f3:ad:c4:2d:98:07:38:33:f0:6c:d0:80:6f:2a:cb:12:6a:74:5a:36:f3:af:40:5b:36:45:6e:4c:0c:08:8b:6a:c4:3f:60:44:34:5e:3f:15:07:0c:0f:60:61:56:fb:e3:a6:db:22:ad:a1:d6:53:9e:21:66:de:44:c9:5a:ad:b8:85:4e:ab:93:59:24:e4:20:6a:e8:54:ef:b9:47:f0:9d:3b:9a:ff:7b:40:f0:4a:68:90:59:52:e7:c2:ba:ad:ac:e8:c5:b8:fb:3a:ba:90:ac:65"
},
"tls": {
"tls.record": {
"tls.record.content_type": "23",
"tls.record.version": "0x00000303",
"tls.record.length": "605",
"tls.app_data": "00:00:00:00:00:00:00:01:1f:4e:47:99:53:22:dd:5e:4d:f6:0d:de:88:86:a0:56:d5:ed:b7:a7:f9:95:4b:f8:2f:0f:00:b4:76:ec:69:f8:19:d4:2e:17:53:01:97:01:dc:cf:53:8d:c9:b5:71:2b:90:1b:68:dd:43:9e:30:db:6a:2b:15:9c:c5:12:c5:19:4b:da:02:9c:60:e0:58:0c:9d:54:57:b7:6a:54:06:5c:f2:3a:2c:2e:1b:4c:91:ff:f9:3e:89:8d:8f:9f:98:da:0f:5f:ae:14:8c:c7:19:be:68:e5:3d:f7:4b:36:b9:96:9b:13:c5:6a:0a:6d:77:8d:83:24:13:28:a5:e1:2a:8b:a4:ff:21:79:a5:26:69:2f:2e:b2:8b:42:a5:68:03:35:cb:f7:b3:e4:e9:c1:c0:78:00:b9:bc:20:6b:d1:67:94:87:04:b0:d9:60:8f:e4:ce:1f:0d:23:79:f6:8e:66:d6:5b:e5:71:46:3f:58:95:10:73:db:42:4c:17:d0:a5:c0:b7:c8:c6:f8:c4:70:c7:1d:4a:4b:c9:b3:f2:2a:da:c7:f1:47:7a:d8:b9:e1:93:f7:a7:0d:88:94:64:ac:fa:b4:18:45:08:fb:2b:61:e3:4e:7c:97:9e:55:3a:be:28:f3:64:7b:e7:e7:23:5f:a3:05:bd:1c:bd:36:1d:9f:d5:af:00:50:5f:11:ab:2e:25:8d:f2:63:f7:eb:37:dd:92:60:c8:8f:ac:07:b1:70:08:bc:00:8b:50:97:72:a3:89:33:3f:23:11:12:83:df:3d:e8:7d:f1:bb:e6:43:ba:f7:d9:43:ec:cb:43:d0:8a:4e:e5:93:42:ec:56:0b:0b:da:f9:e0:26:cb:39:80:7b:0e:7a:dc:9d:c4:4e:0a:1b:fb:88:b0:1e:6a:a8:ac:47:c7:c7:70:6e:67:3c:97:64:7a:02:22:40:fb:eb:08:53:e4:84:c8:d4:f5:08:c1:16:81:66:e0:5b:30:35:dc:c9:ed:de:8a:8a:65:c5:55:3d:4e:80:a9:f2:82:44:78:e0:52:d0:84:f1:04:14:cc:88:4e:38:7f:06:33:2c:e7:9b:76:aa:79:3e:b4:b0:db:4b:6f:34:be:9b:03:de:d1:08:b2:63:dd:42:28:6f:7c:f9:fb:2e:47:f7:eb:96:b2:36:a0:ab:b6:6b:72:4a:37:2f:b1:11:bc:ec:f0:d1:85:f3:ca:b4:57:45:7b:f1:f7:26:bc:d8:ac:3d:c2:1c:5c:7d:39:4a:3a:34:b5:d0:b9:21:6d:27:00:86:95:2c:08:2b:e2:77:d5:2d:47:8b:f3:ad:c4:2d:98:07:38:33:f0:6c:d0:80:6f:2a:cb:12:6a:74:5a:36:f3:af:40:5b:36:45:6e:4c:0c:08:8b:6a:c4:3f:60:44:34:5e:3f:15:07:0c:0f:60:61:56:fb:e3:a6:db:22:ad:a1:d6:53:9e:21:66:de:44:c9:5a:ad:b8:85:4e:ab:93:59:24:e4:20:6a:e8:54:ef:b9:47:f0:9d:3b:9a:ff:7b:40:f0:4a:68:90:59:52:e7:c2:ba:ad:ac:e8:c5:b8:fb:3a:ba:90:ac:65"
}
},
"http": {
"POST /key HTTP/1.1\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "POST /key HTTP/1.1\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.method": "POST",
"http.request.uri": "/key",
"http.request.version": "HTTP/1.1"
},
"http.host": "95.217.22.76",
"http.request.line": "Host: 95.217.22.76\r\n",
"http.connection": "keep-alive",
"http.request.line": "Connection: keep-alive\r\n",
"http.content_length_header": "17",
"http.content_length_header_tree": {
"http.content_length": "17"
},
"http.request.line": "Content-Length: 17\r\n",
"http.accept": "*/*",
"http.request.line": "Accept: */*\r\n",
"http.request.line": "X-Requested-With: XMLHttpRequest\r\n",
"http.user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36",
"http.request.line": "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36\r\n",
"http.content_type": "application/json",
"http.request.line": "Content-Type: application/json\r\n",
"http.request.line": "Origin: https://95.217.22.76\r\n",
"http.request.line": "Sec-Fetch-Site: same-origin\r\n",
"http.request.line": "Sec-Fetch-Mode: cors\r\n",
"http.request.line": "Sec-Fetch-Dest: empty\r\n",
"http.referer": "https://95.217.22.76/",
"http.request.line": "Referer: https://95.217.22.76/\r\n",
"http.accept_encoding": "gzip, deflate, br",
"http.request.line": "Accept-Encoding: gzip, deflate, br\r\n",
"http.accept_language": "ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7",
"http.request.line": "Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7\r\n",
"http.cookie": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c",
"http.cookie_tree": {
"http.cookie_pair": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c"
},
"http.request.line": "Cookie: session=fe307005-3191-4dfb-b04a-d8ee9b720d1c\r\n",
"\\r\\n": "",
"http.request.full_uri": "https://95.217.22.76/key",
"http.request": "1",
"http.request_number": "1",
"http.response_in": "209",
"http.file_data": "{\"x\":355,\"y\":141}"
},
"json": {
"json.object": {
"json.member": {
"json.value.number": "355",
"json.key": "x"
},
"json.member": {
"json.value.number": "141",
"json.key": "y"
}
}
}
}
}
},
{
"_index": "packets-2020-07-13",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.interface_id_tree": {
"frame.interface_name": "wlp3s0"
},
"frame.encap_type": "1",
"frame.time": "Jul 13, 2020 07:45:57.526687433 PDT",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1594651557.526687433",
"frame.time_delta": "0.000477309",
"frame.time_delta_displayed": "1.683504099",
"frame.time_relative": "17.322432432",
"frame.number": "232",
"frame.len": "675",
"frame.cap_len": "675",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "eth:ethertype:ip:tcp:tls:http:json",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"eth": {
"eth.dst": "50:ff:20:10:b1:f0",
"eth.dst_tree": {
"eth.dst_resolved": "Keenetic_10:b1:f0",
"eth.addr": "50:ff:20:10:b1:f0",
"eth.addr_resolved": "Keenetic_10:b1:f0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.src": "8c:70:5a:f5:9b:d0",
"eth.src_tree": {
"eth.src_resolved": "IntelCor_f5:9b:d0",
"eth.addr": "8c:70:5a:f5:9b:d0",
"eth.addr_resolved": "IntelCor_f5:9b:d0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.type": "0x00000800"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000000",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "0"
},
"ip.len": "661",
"ip.id": "0x000095a2",
"ip.flags": "0x00004000",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0",
"ip.frag_offset": "0"
},
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x00006aea",
"ip.checksum.status": "2",
"ip.src": "192.168.1.9",
"ip.addr": "192.168.1.9",
"ip.src_host": "192.168.1.9",
"ip.host": "192.168.1.9",
"ip.dst": "95.217.22.76",
"ip.addr": "95.217.22.76",
"ip.dst_host": "95.217.22.76",
"ip.host": "95.217.22.76"
},
"tcp": {
"tcp.srcport": "50420",
"tcp.dstport": "443",
"tcp.port": "50420",
"tcp.port": "443",
"tcp.stream": "16",
"tcp.len": "609",
"tcp.seq": "569",
"tcp.nxtseq": "1178",
"tcp.ack": "142",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "·······AP···"
},
"tcp.window_size_value": "501",
"tcp.window_size": "64128",
"tcp.window_size_scalefactor": "128",
"tcp.checksum": "0x0000ffa6",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:93:68:54:cd:33:01:9e:8c",
"tcp.options_tree": {
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.timestamp": "08:0a:93:68:54:cd:33:01:9e:8c",
"tcp.options.timestamp_tree": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "2473088205",
"tcp.options.timestamp.tsecr": "855744140"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.037860941",
"tcp.analysis.bytes_in_flight": "660",
"tcp.analysis.push_bytes_sent": "609"
},
"Timestamps": {
"tcp.time_relative": "0.081397272",
"tcp.time_delta": "0.000477309"
},
"tcp.payload": "17:03:03:02:5c:00:00:00:00:00:00:00:01:05:fe:20:3a:39:e5:90:22:a0:98:de:42:55:ce:99:5e:03:1c:cd:86:e7:8c:bd:37:0f:e1:86:82:e3:87:9d:63:b3:a7:53:47:d3:39:b2:9d:ab:d9:31:f4:1a:58:e6:91:38:b5:b2:c4:0f:f2:d6:9e:8f:22:4d:9b:1c:c7:29:47:ce:3c:76:70:cf:6d:3d:47:b7:4f:a4:f9:e3:01:72:36:53:56:05:03:af:07:15:17:98:81:30:38:73:06:01:a3:da:4c:2a:9f:b5:07:5d:17:44:a0:51:81:7c:cb:e5:60:a8:61:a7:75:7f:60:91:90:76:f3:f6:bd:79:bc:74:bd:cf:6d:1d:68:0f:70:2f:fa:dd:28:fa:a2:af:ff:31:37:c8:02:0b:d5:1b:be:a7:8d:06:fb:ca:25:e1:76:54:a0:56:a8:02:e6:8b:e3:a0:27:6a:77:d0:93:84:f5:43:e9:5c:ac:a5:47:d1:77:60:53:04:2b:4b:e2:94:5f:64:61:11:7c:31:0a:b8:2b:25:e1:93:7e:23:b1:39:3f:cd:56:5a:a0:90:4a:fd:5b:2e:a8:d0:a2:09:aa:dd:a3:10:9e:e2:fc:0e:5d:cd:d2:c0:ee:ab:3b:2e:15:00:3c:98:95:83:93:73:f8:32:c5:ad:a8:24:2b:56:83:08:aa:c2:b2:f7:87:a6:6e:f1:0e:1d:57:05:6c:9f:60:de:ed:50:1b:c7:99:9e:a0:3f:d5:a8:a3:2e:39:d7:bb:15:d3:5e:71:2b:61:d7:8c:cb:b3:f8:00:8a:af:03:42:15:ed:77:65:51:b5:46:af:c1:68:a4:f6:23:1a:8a:2c:0b:cd:3b:c0:4f:0d:41:ce:9b:a7:7d:39:a4:da:4e:a2:d0:f4:94:8b:e0:62:be:01:07:37:e2:53:4f:b0:71:67:2f:44:32:94:a1:c8:26:99:a7:d1:2b:4d:32:42:02:a2:ca:fd:a7:56:0d:e7:50:61:99:8e:48:d6:c7:08:25:72:a6:b7:0a:e7:67:e1:cc:9e:3b:db:0e:f8:30:d3:1f:e3:30:6d:f5:d4:f7:b3:15:ff:8c:e9:df:31:72:d6:e8:c8:5f:5c:d1:53:47:9e:e8:eb:20:b6:86:97:89:52:90:94:f0:2b:e3:43:e6:3c:5e:50:e3:68:28:eb:26:48:3c:73:98:15:5a:fa:4c:76:27:16:03:94:29:d2:6e:72:55:be:b3:4b:fd:83:b1:80:78:70:0f:5c:6b:c6:8f:db:e8:cf:8e:47:d3:78:26:a5:f0:a1:f7:8d:33:68:60:5f:21:18:ab:34:8e:10:77:68:6d:fa:b7:3a:6f:57:72:b4:7c:30:01:ac:cb:c3:cf:77:5a:16:69:e5:bc:4b:d5:cc:a3:93:51:32:b8:92:2e:8a:41:cb:d7:ca:44:c1:18:0a:b6:9f:9d:68:84:96:f0:f9:86:19:7d:6f:1f:cb:52:45:73:9d:6e:c0:01:30:2f:9c:f9:99:09:d3:69:50:d0:70:d8:1b:34:bc:0a:6d:b8:cd:71:ed:ff:96:38:4b:63:fb:ba:42:d7:55:42:98:4d:21:d1:50"
},
"tls": {
"tls.record": {
"tls.record.content_type": "23",
"tls.record.version": "0x00000303",
"tls.record.length": "604",
"tls.app_data": "00:00:00:00:00:00:00:01:05:fe:20:3a:39:e5:90:22:a0:98:de:42:55:ce:99:5e:03:1c:cd:86:e7:8c:bd:37:0f:e1:86:82:e3:87:9d:63:b3:a7:53:47:d3:39:b2:9d:ab:d9:31:f4:1a:58:e6:91:38:b5:b2:c4:0f:f2:d6:9e:8f:22:4d:9b:1c:c7:29:47:ce:3c:76:70:cf:6d:3d:47:b7:4f:a4:f9:e3:01:72:36:53:56:05:03:af:07:15:17:98:81:30:38:73:06:01:a3:da:4c:2a:9f:b5:07:5d:17:44:a0:51:81:7c:cb:e5:60:a8:61:a7:75:7f:60:91:90:76:f3:f6:bd:79:bc:74:bd:cf:6d:1d:68:0f:70:2f:fa:dd:28:fa:a2:af:ff:31:37:c8:02:0b:d5:1b:be:a7:8d:06:fb:ca:25:e1:76:54:a0:56:a8:02:e6:8b:e3:a0:27:6a:77:d0:93:84:f5:43:e9:5c:ac:a5:47:d1:77:60:53:04:2b:4b:e2:94:5f:64:61:11:7c:31:0a:b8:2b:25:e1:93:7e:23:b1:39:3f:cd:56:5a:a0:90:4a:fd:5b:2e:a8:d0:a2:09:aa:dd:a3:10:9e:e2:fc:0e:5d:cd:d2:c0:ee:ab:3b:2e:15:00:3c:98:95:83:93:73:f8:32:c5:ad:a8:24:2b:56:83:08:aa:c2:b2:f7:87:a6:6e:f1:0e:1d:57:05:6c:9f:60:de:ed:50:1b:c7:99:9e:a0:3f:d5:a8:a3:2e:39:d7:bb:15:d3:5e:71:2b:61:d7:8c:cb:b3:f8:00:8a:af:03:42:15:ed:77:65:51:b5:46:af:c1:68:a4:f6:23:1a:8a:2c:0b:cd:3b:c0:4f:0d:41:ce:9b:a7:7d:39:a4:da:4e:a2:d0:f4:94:8b:e0:62:be:01:07:37:e2:53:4f:b0:71:67:2f:44:32:94:a1:c8:26:99:a7:d1:2b:4d:32:42:02:a2:ca:fd:a7:56:0d:e7:50:61:99:8e:48:d6:c7:08:25:72:a6:b7:0a:e7:67:e1:cc:9e:3b:db:0e:f8:30:d3:1f:e3:30:6d:f5:d4:f7:b3:15:ff:8c:e9:df:31:72:d6:e8:c8:5f:5c:d1:53:47:9e:e8:eb:20:b6:86:97:89:52:90:94:f0:2b:e3:43:e6:3c:5e:50:e3:68:28:eb:26:48:3c:73:98:15:5a:fa:4c:76:27:16:03:94:29:d2:6e:72:55:be:b3:4b:fd:83:b1:80:78:70:0f:5c:6b:c6:8f:db:e8:cf:8e:47:d3:78:26:a5:f0:a1:f7:8d:33:68:60:5f:21:18:ab:34:8e:10:77:68:6d:fa:b7:3a:6f:57:72:b4:7c:30:01:ac:cb:c3:cf:77:5a:16:69:e5:bc:4b:d5:cc:a3:93:51:32:b8:92:2e:8a:41:cb:d7:ca:44:c1:18:0a:b6:9f:9d:68:84:96:f0:f9:86:19:7d:6f:1f:cb:52:45:73:9d:6e:c0:01:30:2f:9c:f9:99:09:d3:69:50:d0:70:d8:1b:34:bc:0a:6d:b8:cd:71:ed:ff:96:38:4b:63:fb:ba:42:d7:55:42:98:4d:21:d1:50"
}
},
"http": {
"POST /key HTTP/1.1\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "POST /key HTTP/1.1\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.method": "POST",
"http.request.uri": "/key",
"http.request.version": "HTTP/1.1"
},
"http.host": "95.217.22.76",
"http.request.line": "Host: 95.217.22.76\r\n",
"http.connection": "keep-alive",
"http.request.line": "Connection: keep-alive\r\n",
"http.content_length_header": "16",
"http.content_length_header_tree": {
"http.content_length": "16"
},
"http.request.line": "Content-Length: 16\r\n",
"http.accept": "*/*",
"http.request.line": "Accept: */*\r\n",
"http.request.line": "X-Requested-With: XMLHttpRequest\r\n",
"http.user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36",
"http.request.line": "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36\r\n",
"http.content_type": "application/json",
"http.request.line": "Content-Type: application/json\r\n",
"http.request.line": "Origin: https://95.217.22.76\r\n",
"http.request.line": "Sec-Fetch-Site: same-origin\r\n",
"http.request.line": "Sec-Fetch-Mode: cors\r\n",
"http.request.line": "Sec-Fetch-Dest: empty\r\n",
"http.referer": "https://95.217.22.76/",
"http.request.line": "Referer: https://95.217.22.76/\r\n",
"http.accept_encoding": "gzip, deflate, br",
"http.request.line": "Accept-Encoding: gzip, deflate, br\r\n",
"http.accept_language": "ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7",
"http.request.line": "Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7\r\n",
"http.cookie": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c",
"http.cookie_tree": {
"http.cookie_pair": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c"
},
"http.request.line": "Cookie: session=fe307005-3191-4dfb-b04a-d8ee9b720d1c\r\n",
"\\r\\n": "",
"http.request.full_uri": "https://95.217.22.76/key",
"http.request": "1",
"http.request_number": "1",
"http.response_in": "237",
"http.file_data": "{\"x\":385,\"y\":59}"
},
"json": {
"json.object": {
"json.member": {
"json.value.number": "385",
"json.key": "x"
},
"json.member": {
"json.value.number": "59",
"json.key": "y"
}
}
}
}
}
},
{
"_index": "packets-2020-07-13",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.interface_id_tree": {
"frame.interface_name": "wlp3s0"
},
"frame.encap_type": "1",
"frame.time": "Jul 13, 2020 07:45:59.371010574 PDT",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1594651559.371010574",
"frame.time_delta": "0.000527533",
"frame.time_delta_displayed": "1.844323141",
"frame.time_relative": "19.166755573",
"frame.number": "260",
"frame.len": "676",
"frame.cap_len": "676",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "eth:ethertype:ip:tcp:tls:http:json",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"eth": {
"eth.dst": "50:ff:20:10:b1:f0",
"eth.dst_tree": {
"eth.dst_resolved": "Keenetic_10:b1:f0",
"eth.addr": "50:ff:20:10:b1:f0",
"eth.addr_resolved": "Keenetic_10:b1:f0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.src": "8c:70:5a:f5:9b:d0",
"eth.src_tree": {
"eth.src_resolved": "IntelCor_f5:9b:d0",
"eth.addr": "8c:70:5a:f5:9b:d0",
"eth.addr_resolved": "IntelCor_f5:9b:d0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.type": "0x00000800"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000000",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "0"
},
"ip.len": "662",
"ip.id": "0x00001a25",
"ip.flags": "0x00004000",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0",
"ip.frag_offset": "0"
},
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x0000e666",
"ip.checksum.status": "2",
"ip.src": "192.168.1.9",
"ip.addr": "192.168.1.9",
"ip.src_host": "192.168.1.9",
"ip.host": "192.168.1.9",
"ip.dst": "95.217.22.76",
"ip.addr": "95.217.22.76",
"ip.dst_host": "95.217.22.76",
"ip.host": "95.217.22.76"
},
"tcp": {
"tcp.srcport": "50424",
"tcp.dstport": "443",
"tcp.port": "50424",
"tcp.port": "443",
"tcp.stream": "18",
"tcp.len": "610",
"tcp.seq": "569",
"tcp.nxtseq": "1179",
"tcp.ack": "142",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "·······AP···"
},
"tcp.window_size_value": "501",
"tcp.window_size": "64128",
"tcp.window_size_scalefactor": "128",
"tcp.checksum": "0x000080e2",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:93:68:5c:01:33:01:a5:c2",
"tcp.options_tree": {
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.timestamp": "08:0a:93:68:5c:01:33:01:a5:c2",
"tcp.options.timestamp_tree": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "2473090049",
"tcp.options.timestamp.tsecr": "855745986"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.037729199",
"tcp.analysis.bytes_in_flight": "661",
"tcp.analysis.push_bytes_sent": "610"
},
"Timestamps": {
"tcp.time_relative": "0.079737900",
"tcp.time_delta": "0.000527533"
},
"tcp.payload": "17:03:03:02:5d:00:00:00:00:00:00:00:01:2c:f5:c2:2e:ef:c6:72:80:f8:79:41:d3:02:3a:16:ff:2a:5d:28:e2:11:a8:a3:64:88:88:10:0f:86:21:65:5e:78:1d:c4:6a:4d:64:d1:74:a8:9a:2b:51:c7:13:9a:12:bb:18:a5:d2:81:71:16:a7:76:ee:9c:80:d3:e5:1f:31:c7:7a:7b:c8:4d:b0:3f:1b:27:5e:fc:ea:79:a2:a6:4e:d8:0e:87:08:57:b8:1b:60:7b:33:53:1f:3d:8b:07:61:9a:80:92:07:24:a6:c9:83:cc:25:08:ac:af:19:3e:38:82:68:c9:80:41:8e:52:26:2b:1e:28:70:17:bf:a2:e9:9b:25:82:b7:03:92:ce:f8:a0:ec:7b:37:bb:bd:d6:28:76:73:af:37:bd:f1:68:c9:8d:1a:ee:67:37:ca:42:e3:84:93:b4:c3:ab:d8:81:e2:73:66:ca:63:c7:34:55:63:f7:15:cc:f8:b6:92:8a:d9:18:53:23:ba:b1:7a:11:1e:97:e9:84:91:73:51:9c:0e:89:60:fa:62:c7:ff:91:96:b1:6c:2f:49:7f:25:1f:69:8e:a1:df:0f:6d:1f:b2:59:61:8d:8f:ee:94:ac:b9:a3:f1:be:d6:c4:f7:55:b9:db:6b:d8:e9:84:9d:3a:cd:46:31:af:88:8c:8c:59:a4:65:c9:8f:36:60:9c:87:ea:b4:99:a8:d5:2b:d9:21:ce:f0:94:8e:65:02:a7:41:97:70:a3:8f:43:60:64:3f:95:31:4d:51:bb:72:45:8d:2b:bd:76:c3:8a:b6:c7:01:87:b3:f2:dd:99:ab:68:db:d2:4c:52:03:be:93:1d:85:5e:a3:c5:9f:5a:18:91:03:f5:b8:b3:ff:c8:86:f6:e4:76:f8:f9:db:18:5f:34:66:a6:95:d4:18:5d:6a:5b:01:6a:f0:4a:82:9a:89:49:37:7d:68:42:a6:d5:a5:11:e9:b1:51:53:a7:c6:d2:34:9f:fd:c0:cc:4c:12:82:78:b1:b5:cc:1c:d2:5a:8b:1a:16:1d:9b:85:be:a5:d8:bd:60:7d:0e:34:86:a5:ea:db:f6:2c:57:4c:9a:b8:ad:de:e7:9b:5b:56:1a:07:f8:f6:84:c8:81:f4:bd:ff:cd:b1:3a:81:65:42:c6:c8:3c:c5:02:ac:30:10:93:9f:36:cf:96:31:77:9b:99:e9:ad:67:52:96:88:14:54:01:d2:25:71:a3:98:0a:3a:4d:81:cb:1b:0f:9d:4b:b4:de:f3:13:4b:fb:92:64:91:c9:ab:73:b1:6e:66:6b:a4:1c:b4:16:22:d6:18:55:7b:79:1b:84:e6:79:ae:ca:10:6b:eb:91:d3:cc:14:39:58:68:f9:3c:ff:08:2b:59:e3:8c:e6:41:f9:19:c4:25:e5:33:89:bc:d4:46:9a:82:b6:b4:27:e4:59:ff:22:33:25:58:21:4d:78:a1:1e:e8:d4:79:c3:68:5f:20:23:c6:21:3e:c5:72:34:a4:41:ed:50:47:ac:00:16:c9:ee:20:03:a2:88:5c:82:4b:af:5e:4e:ff:7d:0a:f4:b7:d1:d1:fc:f9:5a:68"
},
"tls": {
"tls.record": {
"tls.record.content_type": "23",
"tls.record.version": "0x00000303",
"tls.record.length": "605",
"tls.app_data": "00:00:00:00:00:00:00:01:2c:f5:c2:2e:ef:c6:72:80:f8:79:41:d3:02:3a:16:ff:2a:5d:28:e2:11:a8:a3:64:88:88:10:0f:86:21:65:5e:78:1d:c4:6a:4d:64:d1:74:a8:9a:2b:51:c7:13:9a:12:bb:18:a5:d2:81:71:16:a7:76:ee:9c:80:d3:e5:1f:31:c7:7a:7b:c8:4d:b0:3f:1b:27:5e:fc:ea:79:a2:a6:4e:d8:0e:87:08:57:b8:1b:60:7b:33:53:1f:3d:8b:07:61:9a:80:92:07:24:a6:c9:83:cc:25:08:ac:af:19:3e:38:82:68:c9:80:41:8e:52:26:2b:1e:28:70:17:bf:a2:e9:9b:25:82:b7:03:92:ce:f8:a0:ec:7b:37:bb:bd:d6:28:76:73:af:37:bd:f1:68:c9:8d:1a:ee:67:37:ca:42:e3:84:93:b4:c3:ab:d8:81:e2:73:66:ca:63:c7:34:55:63:f7:15:cc:f8:b6:92:8a:d9:18:53:23:ba:b1:7a:11:1e:97:e9:84:91:73:51:9c:0e:89:60:fa:62:c7:ff:91:96:b1:6c:2f:49:7f:25:1f:69:8e:a1:df:0f:6d:1f:b2:59:61:8d:8f:ee:94:ac:b9:a3:f1:be:d6:c4:f7:55:b9:db:6b:d8:e9:84:9d:3a:cd:46:31:af:88:8c:8c:59:a4:65:c9:8f:36:60:9c:87:ea:b4:99:a8:d5:2b:d9:21:ce:f0:94:8e:65:02:a7:41:97:70:a3:8f:43:60:64:3f:95:31:4d:51:bb:72:45:8d:2b:bd:76:c3:8a:b6:c7:01:87:b3:f2:dd:99:ab:68:db:d2:4c:52:03:be:93:1d:85:5e:a3:c5:9f:5a:18:91:03:f5:b8:b3:ff:c8:86:f6:e4:76:f8:f9:db:18:5f:34:66:a6:95:d4:18:5d:6a:5b:01:6a:f0:4a:82:9a:89:49:37:7d:68:42:a6:d5:a5:11:e9:b1:51:53:a7:c6:d2:34:9f:fd:c0:cc:4c:12:82:78:b1:b5:cc:1c:d2:5a:8b:1a:16:1d:9b:85:be:a5:d8:bd:60:7d:0e:34:86:a5:ea:db:f6:2c:57:4c:9a:b8:ad:de:e7:9b:5b:56:1a:07:f8:f6:84:c8:81:f4:bd:ff:cd:b1:3a:81:65:42:c6:c8:3c:c5:02:ac:30:10:93:9f:36:cf:96:31:77:9b:99:e9:ad:67:52:96:88:14:54:01:d2:25:71:a3:98:0a:3a:4d:81:cb:1b:0f:9d:4b:b4:de:f3:13:4b:fb:92:64:91:c9:ab:73:b1:6e:66:6b:a4:1c:b4:16:22:d6:18:55:7b:79:1b:84:e6:79:ae:ca:10:6b:eb:91:d3:cc:14:39:58:68:f9:3c:ff:08:2b:59:e3:8c:e6:41:f9:19:c4:25:e5:33:89:bc:d4:46:9a:82:b6:b4:27:e4:59:ff:22:33:25:58:21:4d:78:a1:1e:e8:d4:79:c3:68:5f:20:23:c6:21:3e:c5:72:34:a4:41:ed:50:47:ac:00:16:c9:ee:20:03:a2:88:5c:82:4b:af:5e:4e:ff:7d:0a:f4:b7:d1:d1:fc:f9:5a:68"
}
},
"http": {
"POST /key HTTP/1.1\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "POST /key HTTP/1.1\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.method": "POST",
"http.request.uri": "/key",
"http.request.version": "HTTP/1.1"
},
"http.host": "95.217.22.76",
"http.request.line": "Host: 95.217.22.76\r\n",
"http.connection": "keep-alive",
"http.request.line": "Connection: keep-alive\r\n",
"http.content_length_header": "17",
"http.content_length_header_tree": {
"http.content_length": "17"
},
"http.request.line": "Content-Length: 17\r\n",
"http.accept": "*/*",
"http.request.line": "Accept: */*\r\n",
"http.request.line": "X-Requested-With: XMLHttpRequest\r\n",
"http.user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36",
"http.request.line": "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36\r\n",
"http.content_type": "application/json",
"http.request.line": "Content-Type: application/json\r\n",
"http.request.line": "Origin: https://95.217.22.76\r\n",
"http.request.line": "Sec-Fetch-Site: same-origin\r\n",
"http.request.line": "Sec-Fetch-Mode: cors\r\n",
"http.request.line": "Sec-Fetch-Dest: empty\r\n",
"http.referer": "https://95.217.22.76/",
"http.request.line": "Referer: https://95.217.22.76/\r\n",
"http.accept_encoding": "gzip, deflate, br",
"http.request.line": "Accept-Encoding: gzip, deflate, br\r\n",
"http.accept_language": "ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7",
"http.request.line": "Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7\r\n",
"http.cookie": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c",
"http.cookie_tree": {
"http.cookie_pair": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c"
},
"http.request.line": "Cookie: session=fe307005-3191-4dfb-b04a-d8ee9b720d1c\r\n",
"\\r\\n": "",
"http.request.full_uri": "https://95.217.22.76/key",
"http.request": "1",
"http.request_number": "1",
"http.response_in": "265",
"http.file_data": "{\"x\":290,\"y\":185}"
},
"json": {
"json.object": {
"json.member": {
"json.value.number": "290",
"json.key": "x"
},
"json.member": {
"json.value.number": "185",
"json.key": "y"
}
}
}
}
}
},
{
"_index": "packets-2020-07-13",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.interface_id_tree": {
"frame.interface_name": "wlp3s0"
},
"frame.encap_type": "1",
"frame.time": "Jul 13, 2020 07:46:01.109380725 PDT",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1594651561.109380725",
"frame.time_delta": "0.000443946",
"frame.time_delta_displayed": "1.738370151",
"frame.time_relative": "20.905125724",
"frame.number": "289",
"frame.len": "675",
"frame.cap_len": "675",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "eth:ethertype:ip:tcp:tls:http:json",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"eth": {
"eth.dst": "50:ff:20:10:b1:f0",
"eth.dst_tree": {
"eth.dst_resolved": "Keenetic_10:b1:f0",
"eth.addr": "50:ff:20:10:b1:f0",
"eth.addr_resolved": "Keenetic_10:b1:f0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.src": "8c:70:5a:f5:9b:d0",
"eth.src_tree": {
"eth.src_resolved": "IntelCor_f5:9b:d0",
"eth.addr": "8c:70:5a:f5:9b:d0",
"eth.addr_resolved": "IntelCor_f5:9b:d0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.type": "0x00000800"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000000",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "0"
},
"ip.len": "661",
"ip.id": "0x0000c4e1",
"ip.flags": "0x00004000",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0",
"ip.frag_offset": "0"
},
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x00003bab",
"ip.checksum.status": "2",
"ip.src": "192.168.1.9",
"ip.addr": "192.168.1.9",
"ip.src_host": "192.168.1.9",
"ip.host": "192.168.1.9",
"ip.dst": "95.217.22.76",
"ip.addr": "95.217.22.76",
"ip.dst_host": "95.217.22.76",
"ip.host": "95.217.22.76"
},
"tcp": {
"tcp.srcport": "50428",
"tcp.dstport": "443",
"tcp.port": "50428",
"tcp.port": "443",
"tcp.stream": "20",
"tcp.len": "609",
"tcp.seq": "569",
"tcp.nxtseq": "1178",
"tcp.ack": "142",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "·······AP···"
},
"tcp.window_size_value": "501",
"tcp.window_size": "64128",
"tcp.window_size_scalefactor": "128",
"tcp.checksum": "0x0000645d",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:93:68:62:cb:33:01:ac:8f",
"tcp.options_tree": {
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.timestamp": "08:0a:93:68:62:cb:33:01:ac:8f",
"tcp.options.timestamp_tree": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "2473091787",
"tcp.options.timestamp.tsecr": "855747727"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.037489122",
"tcp.analysis.bytes_in_flight": "660",
"tcp.analysis.push_bytes_sent": "609"
},
"Timestamps": {
"tcp.time_relative": "0.076648178",
"tcp.time_delta": "0.000443946"
},
"tcp.payload": "17:03:03:02:5c:00:00:00:00:00:00:00:01:38:51:b8:e8:cb:4e:06:22:9c:00:7d:2d:9b:89:fb:4f:35:9a:b7:45:f9:f4:ba:ba:9a:78:48:7c:c4:fc:34:fa:a7:78:14:90:58:c1:ef:38:22:c8:59:43:56:b3:58:fd:af:e2:fe:e7:ca:d3:d7:52:96:1a:59:93:32:ee:df:6a:0d:fd:30:21:d5:b5:6d:c7:2d:24:8b:10:a1:aa:bf:b1:03:5f:8e:69:ac:3a:c5:43:cd:af:5e:5e:34:1c:da:41:4d:bd:19:16:53:66:ea:82:d1:a4:6f:46:92:73:72:1a:50:ee:0c:2c:37:46:c4:76:04:ff:b2:f7:cd:81:fd:67:e4:9a:32:70:5c:5d:6c:80:31:28:40:8a:2b:4e:69:1c:f3:c3:e0:7b:14:ab:2d:6e:9b:e5:5d:bc:aa:d8:ee:7b:fc:db:d4:ce:58:67:f6:6b:fb:83:8a:76:09:3f:8b:7d:10:5e:c6:ac:81:ee:83:7f:43:2e:7c:03:6e:75:74:a4:5c:7e:b5:f7:22:24:18:df:f0:8d:d1:28:66:79:7f:16:2c:65:2a:29:c7:7e:c5:6c:00:2b:cf:1a:90:ee:fb:81:df:ec:df:d9:34:ab:c0:da:c0:f4:67:17:76:d6:ee:96:35:c1:da:23:db:fb:cd:54:d1:2c:65:db:58:c6:eb:95:f9:8b:5d:87:6c:7f:e2:61:02:6e:47:81:ab:5e:b1:4d:05:bb:3d:2b:7d:27:3b:cb:5f:56:ed:41:28:29:b9:d8:0f:c4:de:a2:b7:94:9b:ac:38:a2:b4:0e:95:64:01:90:25:2c:e1:bf:f4:a1:e2:6b:dd:ff:3d:4c:92:12:43:11:51:b3:47:fc:2a:51:1b:1a:a3:5b:9e:40:4a:e8:2d:c4:48:7a:c2:3c:7b:a2:6c:4e:3d:f9:72:8f:56:17:5b:e3:14:64:d0:9b:9f:53:a6:aa:df:03:10:b8:86:ef:e2:a1:34:62:dc:c7:22:98:e3:2d:49:52:df:ac:80:5f:3f:e0:0c:bc:74:6a:48:d5:93:6b:aa:31:a8:69:0f:54:e1:a1:0f:90:9e:1e:09:4e:fe:46:1f:73:28:fe:1b:19:b9:55:c6:4f:43:0f:94:2c:2e:84:64:5a:66:3b:1a:68:5e:4a:f9:35:8e:ab:6f:53:61:f3:46:b8:f1:a7:20:bc:b7:fb:fe:1c:13:6e:48:ae:da:4f:7b:f3:0b:75:51:3e:2e:53:56:ad:c5:bd:1e:23:d1:f8:c5:2b:01:15:71:14:55:25:71:3b:af:ff:73:f4:cc:a5:c0:f7:7c:48:8c:27:59:b3:e1:40:b4:6d:70:17:f4:5e:d7:9b:bc:ce:68:c1:ae:d2:fb:13:b5:33:cd:b5:05:b7:8b:e9:d9:61:9c:7f:f1:d0:b0:e5:9e:5d:1d:f9:ad:97:09:ed:96:a1:1f:b1:bf:e5:da:0a:e4:26:02:cf:3a:12:02:b6:c3:66:f2:65:97:49:52:fe:51:88:f7:60:3c:b1:c2:ef:67:19:00:bc:fc:7c:b7:b9:85:b7:36:48:0b:0a:36:52:9e:17:e2:4c:9e:61:8e:ee:d4:c5"
},
"tls": {
"tls.record": {
"tls.record.content_type": "23",
"tls.record.version": "0x00000303",
"tls.record.length": "604",
"tls.app_data": "00:00:00:00:00:00:00:01:38:51:b8:e8:cb:4e:06:22:9c:00:7d:2d:9b:89:fb:4f:35:9a:b7:45:f9:f4:ba:ba:9a:78:48:7c:c4:fc:34:fa:a7:78:14:90:58:c1:ef:38:22:c8:59:43:56:b3:58:fd:af:e2:fe:e7:ca:d3:d7:52:96:1a:59:93:32:ee:df:6a:0d:fd:30:21:d5:b5:6d:c7:2d:24:8b:10:a1:aa:bf:b1:03:5f:8e:69:ac:3a:c5:43:cd:af:5e:5e:34:1c:da:41:4d:bd:19:16:53:66:ea:82:d1:a4:6f:46:92:73:72:1a:50:ee:0c:2c:37:46:c4:76:04:ff:b2:f7:cd:81:fd:67:e4:9a:32:70:5c:5d:6c:80:31:28:40:8a:2b:4e:69:1c:f3:c3:e0:7b:14:ab:2d:6e:9b:e5:5d:bc:aa:d8:ee:7b:fc:db:d4:ce:58:67:f6:6b:fb:83:8a:76:09:3f:8b:7d:10:5e:c6:ac:81:ee:83:7f:43:2e:7c:03:6e:75:74:a4:5c:7e:b5:f7:22:24:18:df:f0:8d:d1:28:66:79:7f:16:2c:65:2a:29:c7:7e:c5:6c:00:2b:cf:1a:90:ee:fb:81:df:ec:df:d9:34:ab:c0:da:c0:f4:67:17:76:d6:ee:96:35:c1:da:23:db:fb:cd:54:d1:2c:65:db:58:c6:eb:95:f9:8b:5d:87:6c:7f:e2:61:02:6e:47:81:ab:5e:b1:4d:05:bb:3d:2b:7d:27:3b:cb:5f:56:ed:41:28:29:b9:d8:0f:c4:de:a2:b7:94:9b:ac:38:a2:b4:0e:95:64:01:90:25:2c:e1:bf:f4:a1:e2:6b:dd:ff:3d:4c:92:12:43:11:51:b3:47:fc:2a:51:1b:1a:a3:5b:9e:40:4a:e8:2d:c4:48:7a:c2:3c:7b:a2:6c:4e:3d:f9:72:8f:56:17:5b:e3:14:64:d0:9b:9f:53:a6:aa:df:03:10:b8:86:ef:e2:a1:34:62:dc:c7:22:98:e3:2d:49:52:df:ac:80:5f:3f:e0:0c:bc:74:6a:48:d5:93:6b:aa:31:a8:69:0f:54:e1:a1:0f:90:9e:1e:09:4e:fe:46:1f:73:28:fe:1b:19:b9:55:c6:4f:43:0f:94:2c:2e:84:64:5a:66:3b:1a:68:5e:4a:f9:35:8e:ab:6f:53:61:f3:46:b8:f1:a7:20:bc:b7:fb:fe:1c:13:6e:48:ae:da:4f:7b:f3:0b:75:51:3e:2e:53:56:ad:c5:bd:1e:23:d1:f8:c5:2b:01:15:71:14:55:25:71:3b:af:ff:73:f4:cc:a5:c0:f7:7c:48:8c:27:59:b3:e1:40:b4:6d:70:17:f4:5e:d7:9b:bc:ce:68:c1:ae:d2:fb:13:b5:33:cd:b5:05:b7:8b:e9:d9:61:9c:7f:f1:d0:b0:e5:9e:5d:1d:f9:ad:97:09:ed:96:a1:1f:b1:bf:e5:da:0a:e4:26:02:cf:3a:12:02:b6:c3:66:f2:65:97:49:52:fe:51:88:f7:60:3c:b1:c2:ef:67:19:00:bc:fc:7c:b7:b9:85:b7:36:48:0b:0a:36:52:9e:17:e2:4c:9e:61:8e:ee:d4:c5"
}
},
"http": {
"POST /key HTTP/1.1\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "POST /key HTTP/1.1\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.method": "POST",
"http.request.uri": "/key",
"http.request.version": "HTTP/1.1"
},
"http.host": "95.217.22.76",
"http.request.line": "Host: 95.217.22.76\r\n",
"http.connection": "keep-alive",
"http.request.line": "Connection: keep-alive\r\n",
"http.content_length_header": "16",
"http.content_length_header_tree": {
"http.content_length": "16"
},
"http.request.line": "Content-Length: 16\r\n",
"http.accept": "*/*",
"http.request.line": "Accept: */*\r\n",
"http.request.line": "X-Requested-With: XMLHttpRequest\r\n",
"http.user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36",
"http.request.line": "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36\r\n",
"http.content_type": "application/json",
"http.request.line": "Content-Type: application/json\r\n",
"http.request.line": "Origin: https://95.217.22.76\r\n",
"http.request.line": "Sec-Fetch-Site: same-origin\r\n",
"http.request.line": "Sec-Fetch-Mode: cors\r\n",
"http.request.line": "Sec-Fetch-Dest: empty\r\n",
"http.referer": "https://95.217.22.76/",
"http.request.line": "Referer: https://95.217.22.76/\r\n",
"http.accept_encoding": "gzip, deflate, br",
"http.request.line": "Accept-Encoding: gzip, deflate, br\r\n",
"http.accept_language": "ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7",
"http.request.line": "Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7\r\n",
"http.cookie": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c",
"http.cookie_tree": {
"http.cookie_pair": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c"
},
"http.request.line": "Cookie: session=fe307005-3191-4dfb-b04a-d8ee9b720d1c\r\n",
"\\r\\n": "",
"http.request.full_uri": "https://95.217.22.76/key",
"http.request": "1",
"http.request_number": "1",
"http.response_in": "294",
"http.file_data": "{\"x\":111,\"y\":63}"
},
"json": {
"json.object": {
"json.member": {
"json.value.number": "111",
"json.key": "x"
},
"json.member": {
"json.value.number": "63",
"json.key": "y"
}
}
}
}
}
},
{
"_index": "packets-2020-07-13",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.interface_id_tree": {
"frame.interface_name": "wlp3s0"
},
"frame.encap_type": "1",
"frame.time": "Jul 13, 2020 07:46:04.363280187 PDT",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1594651564.363280187",
"frame.time_delta": "0.000476887",
"frame.time_delta_displayed": "3.253899462",
"frame.time_relative": "24.159025186",
"frame.number": "317",
"frame.len": "675",
"frame.cap_len": "675",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "eth:ethertype:ip:tcp:tls:http:json",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"eth": {
"eth.dst": "50:ff:20:10:b1:f0",
"eth.dst_tree": {
"eth.dst_resolved": "Keenetic_10:b1:f0",
"eth.addr": "50:ff:20:10:b1:f0",
"eth.addr_resolved": "Keenetic_10:b1:f0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.src": "8c:70:5a:f5:9b:d0",
"eth.src_tree": {
"eth.src_resolved": "IntelCor_f5:9b:d0",
"eth.addr": "8c:70:5a:f5:9b:d0",
"eth.addr_resolved": "IntelCor_f5:9b:d0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.type": "0x00000800"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000000",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "0"
},
"ip.len": "661",
"ip.id": "0x0000edea",
"ip.flags": "0x00004000",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0",
"ip.frag_offset": "0"
},
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x000012a2",
"ip.checksum.status": "2",
"ip.src": "192.168.1.9",
"ip.addr": "192.168.1.9",
"ip.src_host": "192.168.1.9",
"ip.host": "192.168.1.9",
"ip.dst": "95.217.22.76",
"ip.addr": "95.217.22.76",
"ip.dst_host": "95.217.22.76",
"ip.host": "95.217.22.76"
},
"tcp": {
"tcp.srcport": "50434",
"tcp.dstport": "443",
"tcp.port": "50434",
"tcp.port": "443",
"tcp.stream": "22",
"tcp.len": "609",
"tcp.seq": "569",
"tcp.nxtseq": "1178",
"tcp.ack": "142",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "·······AP···"
},
"tcp.window_size_value": "501",
"tcp.window_size": "64128",
"tcp.window_size_scalefactor": "128",
"tcp.checksum": "0x00007487",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:93:68:6f:81:33:01:b9:44",
"tcp.options_tree": {
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.timestamp": "08:0a:93:68:6f:81:33:01:b9:44",
"tcp.options.timestamp_tree": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "2473095041",
"tcp.options.timestamp.tsecr": "855750980"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.037847358",
"tcp.analysis.bytes_in_flight": "660",
"tcp.analysis.push_bytes_sent": "609"
},
"Timestamps": {
"tcp.time_relative": "0.077502627",
"tcp.time_delta": "0.000476887"
},
"tcp.payload": "17:03:03:02:5c:00:00:00:00:00:00:00:01:06:4b:a3:64:85:e1:1f:02:01:2f:39:b1:8c:e0:cd:c4:7e:8d:0f:2c:fe:62:dc:2f:21:0a:08:ea:ae:53:97:24:a1:d9:d3:b9:fd:be:21:fe:06:26:c0:2f:3a:cc:a5:14:1f:bc:40:10:44:0e:78:de:f0:61:03:ee:10:50:2f:5e:d2:e9:4b:cf:25:b0:68:82:bd:1a:e3:cd:55:51:49:d3:02:fc:4d:b4:58:5f:77:b2:a0:f7:0e:c9:18:34:97:69:e1:94:2e:3c:a5:7c:eb:61:9f:1a:c3:c1:99:22:7e:54:08:6e:8b:b3:a9:73:ef:77:ed:f1:d1:02:80:35:e8:33:6d:2b:41:22:c3:a1:6d:db:30:3c:87:60:37:dc:b0:4f:cc:71:2f:38:7b:ac:13:65:b1:68:90:05:f3:aa:21:64:e3:dd:78:69:bb:2e:2f:81:14:9e:97:a8:fa:dd:91:14:22:28:e4:71:07:07:d7:94:03:5e:06:d3:83:3a:b6:9d:f4:95:17:ff:01:83:3c:df:65:07:ec:53:6a:33:47:7e:31:46:29:c8:8c:e5:e4:bb:9d:44:d7:3e:1a:04:a1:7d:3b:6f:4d:db:20:58:d3:78:9a:5f:33:47:10:e2:24:42:c8:16:cc:31:ea:13:57:c6:f6:44:99:ce:e6:fa:0c:3f:35:de:2e:1b:c0:c9:97:bc:b1:7f:78:d3:21:4a:34:bc:24:d1:4d:6a:d2:0e:4b:70:f9:d1:1f:a3:2c:ad:37:a4:34:aa:66:53:d2:1c:47:52:44:11:fa:1d:ad:ee:b9:37:db:9d:46:da:87:13:86:b0:5b:46:a6:1c:bc:72:5a:3c:b6:03:59:cb:b7:ff:b2:c6:92:d9:cb:84:47:e1:4f:18:fa:a9:5c:04:e5:de:06:fe:89:16:35:64:77:2e:7c:02:8a:63:24:ef:ed:4a:e9:93:93:5d:0f:19:d8:8d:2a:39:9c:00:bf:eb:24:e7:05:0f:43:ab:e2:2a:72:50:d7:ff:d5:1c:3b:f0:8a:1c:16:d2:5b:4f:5c:e1:9b:2a:2a:02:74:a4:c7:8c:b5:64:85:61:56:c5:e8:5f:c9:ca:90:32:19:72:5c:b0:04:95:ac:eb:c1:af:c0:ae:07:0b:46:2d:7e:14:8b:6b:87:61:3e:1b:c8:43:4d:c7:f1:8d:20:4a:f5:a6:c0:d3:ab:1a:22:ee:34:96:28:32:b0:3a:24:44:0e:bc:aa:de:5c:48:8d:ea:9e:4f:52:fb:bd:28:df:ae:ef:7d:0f:b5:78:a3:22:8c:64:4a:8b:80:c1:54:fa:4f:38:18:c0:31:d6:86:97:8a:43:af:4b:cb:3c:75:0a:1c:5c:7e:71:3f:4a:84:bb:6e:c4:ed:5c:e9:13:18:e5:82:2f:ee:7e:51:69:86:ca:0c:64:78:f8:0a:db:38:b9:25:37:ad:45:fe:a4:75:94:6c:94:31:3a:da:8c:f7:8b:3c:89:dc:93:da:ac:d7:cb:91:5b:e8:09:32:bf:a1:c7:49:c7:99:75:68:90:e9:ca:e2:0c:e0:92:ae:3e:1b:73:87:46:25:82:d0"
},
"tls": {
"tls.record": {
"tls.record.content_type": "23",
"tls.record.version": "0x00000303",
"tls.record.length": "604",
"tls.app_data": "00:00:00:00:00:00:00:01:06:4b:a3:64:85:e1:1f:02:01:2f:39:b1:8c:e0:cd:c4:7e:8d:0f:2c:fe:62:dc:2f:21:0a:08:ea:ae:53:97:24:a1:d9:d3:b9:fd:be:21:fe:06:26:c0:2f:3a:cc:a5:14:1f:bc:40:10:44:0e:78:de:f0:61:03:ee:10:50:2f:5e:d2:e9:4b:cf:25:b0:68:82:bd:1a:e3:cd:55:51:49:d3:02:fc:4d:b4:58:5f:77:b2:a0:f7:0e:c9:18:34:97:69:e1:94:2e:3c:a5:7c:eb:61:9f:1a:c3:c1:99:22:7e:54:08:6e:8b:b3:a9:73:ef:77:ed:f1:d1:02:80:35:e8:33:6d:2b:41:22:c3:a1:6d:db:30:3c:87:60:37:dc:b0:4f:cc:71:2f:38:7b:ac:13:65:b1:68:90:05:f3:aa:21:64:e3:dd:78:69:bb:2e:2f:81:14:9e:97:a8:fa:dd:91:14:22:28:e4:71:07:07:d7:94:03:5e:06:d3:83:3a:b6:9d:f4:95:17:ff:01:83:3c:df:65:07:ec:53:6a:33:47:7e:31:46:29:c8:8c:e5:e4:bb:9d:44:d7:3e:1a:04:a1:7d:3b:6f:4d:db:20:58:d3:78:9a:5f:33:47:10:e2:24:42:c8:16:cc:31:ea:13:57:c6:f6:44:99:ce:e6:fa:0c:3f:35:de:2e:1b:c0:c9:97:bc:b1:7f:78:d3:21:4a:34:bc:24:d1:4d:6a:d2:0e:4b:70:f9:d1:1f:a3:2c:ad:37:a4:34:aa:66:53:d2:1c:47:52:44:11:fa:1d:ad:ee:b9:37:db:9d:46:da:87:13:86:b0:5b:46:a6:1c:bc:72:5a:3c:b6:03:59:cb:b7:ff:b2:c6:92:d9:cb:84:47:e1:4f:18:fa:a9:5c:04:e5:de:06:fe:89:16:35:64:77:2e:7c:02:8a:63:24:ef:ed:4a:e9:93:93:5d:0f:19:d8:8d:2a:39:9c:00:bf:eb:24:e7:05:0f:43:ab:e2:2a:72:50:d7:ff:d5:1c:3b:f0:8a:1c:16:d2:5b:4f:5c:e1:9b:2a:2a:02:74:a4:c7:8c:b5:64:85:61:56:c5:e8:5f:c9:ca:90:32:19:72:5c:b0:04:95:ac:eb:c1:af:c0:ae:07:0b:46:2d:7e:14:8b:6b:87:61:3e:1b:c8:43:4d:c7:f1:8d:20:4a:f5:a6:c0:d3:ab:1a:22:ee:34:96:28:32:b0:3a:24:44:0e:bc:aa:de:5c:48:8d:ea:9e:4f:52:fb:bd:28:df:ae:ef:7d:0f:b5:78:a3:22:8c:64:4a:8b:80:c1:54:fa:4f:38:18:c0:31:d6:86:97:8a:43:af:4b:cb:3c:75:0a:1c:5c:7e:71:3f:4a:84:bb:6e:c4:ed:5c:e9:13:18:e5:82:2f:ee:7e:51:69:86:ca:0c:64:78:f8:0a:db:38:b9:25:37:ad:45:fe:a4:75:94:6c:94:31:3a:da:8c:f7:8b:3c:89:dc:93:da:ac:d7:cb:91:5b:e8:09:32:bf:a1:c7:49:c7:99:75:68:90:e9:ca:e2:0c:e0:92:ae:3e:1b:73:87:46:25:82:d0"
}
},
"http": {
"POST /key HTTP/1.1\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "POST /key HTTP/1.1\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.method": "POST",
"http.request.uri": "/key",
"http.request.version": "HTTP/1.1"
},
"http.host": "95.217.22.76",
"http.request.line": "Host: 95.217.22.76\r\n",
"http.connection": "keep-alive",
"http.request.line": "Connection: keep-alive\r\n",
"http.content_length_header": "16",
"http.content_length_header_tree": {
"http.content_length": "16"
},
"http.request.line": "Content-Length: 16\r\n",
"http.accept": "*/*",
"http.request.line": "Accept: */*\r\n",
"http.request.line": "X-Requested-With: XMLHttpRequest\r\n",
"http.user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36",
"http.request.line": "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36\r\n",
"http.content_type": "application/json",
"http.request.line": "Content-Type: application/json\r\n",
"http.request.line": "Origin: https://95.217.22.76\r\n",
"http.request.line": "Sec-Fetch-Site: same-origin\r\n",
"http.request.line": "Sec-Fetch-Mode: cors\r\n",
"http.request.line": "Sec-Fetch-Dest: empty\r\n",
"http.referer": "https://95.217.22.76/",
"http.request.line": "Referer: https://95.217.22.76/\r\n",
"http.accept_encoding": "gzip, deflate, br",
"http.request.line": "Accept-Encoding: gzip, deflate, br\r\n",
"http.accept_language": "ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7",
"http.request.line": "Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7\r\n",
"http.cookie": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c",
"http.cookie_tree": {
"http.cookie_pair": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c"
},
"http.request.line": "Cookie: session=fe307005-3191-4dfb-b04a-d8ee9b720d1c\r\n",
"\\r\\n": "",
"http.request.full_uri": "https://95.217.22.76/key",
"http.request": "1",
"http.request_number": "1",
"http.response_in": "322",
"http.file_data": "{\"x\":448,\"y\":20}"
},
"json": {
"json.object": {
"json.member": {
"json.value.number": "448",
"json.key": "x"
},
"json.member": {
"json.value.number": "20",
"json.key": "y"
}
}
}
}
}
},
{
"_index": "packets-2020-07-13",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.interface_id_tree": {
"frame.interface_name": "wlp3s0"
},
"frame.encap_type": "1",
"frame.time": "Jul 13, 2020 07:46:07.217582795 PDT",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1594651567.217582795",
"frame.time_delta": "0.000436727",
"frame.time_delta_displayed": "2.854302608",
"frame.time_relative": "27.013327794",
"frame.number": "345",
"frame.len": "676",
"frame.cap_len": "676",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "eth:ethertype:ip:tcp:tls:http:json",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"eth": {
"eth.dst": "50:ff:20:10:b1:f0",
"eth.dst_tree": {
"eth.dst_resolved": "Keenetic_10:b1:f0",
"eth.addr": "50:ff:20:10:b1:f0",
"eth.addr_resolved": "Keenetic_10:b1:f0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.src": "8c:70:5a:f5:9b:d0",
"eth.src_tree": {
"eth.src_resolved": "IntelCor_f5:9b:d0",
"eth.addr": "8c:70:5a:f5:9b:d0",
"eth.addr_resolved": "IntelCor_f5:9b:d0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.type": "0x00000800"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000000",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "0"
},
"ip.len": "662",
"ip.id": "0x0000b148",
"ip.flags": "0x00004000",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0",
"ip.frag_offset": "0"
},
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x00004f43",
"ip.checksum.status": "2",
"ip.src": "192.168.1.9",
"ip.addr": "192.168.1.9",
"ip.src_host": "192.168.1.9",
"ip.host": "192.168.1.9",
"ip.dst": "95.217.22.76",
"ip.addr": "95.217.22.76",
"ip.dst_host": "95.217.22.76",
"ip.host": "95.217.22.76"
},
"tcp": {
"tcp.srcport": "50438",
"tcp.dstport": "443",
"tcp.port": "50438",
"tcp.port": "443",
"tcp.stream": "24",
"tcp.len": "610",
"tcp.seq": "569",
"tcp.nxtseq": "1179",
"tcp.ack": "142",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "·······AP···"
},
"tcp.window_size_value": "501",
"tcp.window_size": "64128",
"tcp.window_size_scalefactor": "128",
"tcp.checksum": "0x0000b3f3",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:93:68:7a:a8:33:01:c4:6a",
"tcp.options_tree": {
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.timestamp": "08:0a:93:68:7a:a8:33:01:c4:6a",
"tcp.options.timestamp_tree": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "2473097896",
"tcp.options.timestamp.tsecr": "855753834"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.040504131",
"tcp.analysis.bytes_in_flight": "661",
"tcp.analysis.push_bytes_sent": "610"
},
"Timestamps": {
"tcp.time_relative": "0.080791348",
"tcp.time_delta": "0.000436727"
},
"tcp.payload": "17:03:03:02:5d:00:00:00:00:00:00:00:01:93:e0:ea:26:46:7f:77:45:b8:23:1b:cc:6f:e8:6d:98:42:1b:c9:51:74:a3:32:e2:57:e8:26:9e:8b:27:56:b1:92:f6:76:79:28:98:d5:1f:e8:45:c0:80:33:51:21:34:13:a4:23:a2:7c:af:67:8d:d5:f6:45:91:51:12:62:21:1d:6c:d0:c3:e5:5e:95:52:a4:80:a9:0f:f4:81:f8:c9:c1:cc:cb:68:2a:13:fb:2a:94:80:d9:96:30:96:2f:7d:b4:5a:cc:15:1b:de:86:b3:67:01:dd:9b:5a:7d:ac:fa:77:27:bd:21:ce:4a:74:68:89:8a:48:8d:b5:2a:ec:ba:dc:65:1b:54:ba:26:48:ad:30:07:81:7f:c7:55:dc:97:3d:6e:28:6d:81:34:68:24:71:d4:b3:97:97:93:9b:5f:f2:cf:58:5e:2e:f6:69:a3:da:d1:78:81:5e:ae:88:94:bf:9b:e8:85:5c:aa:ab:12:1f:3e:17:e9:16:35:e9:15:d1:e7:45:67:37:cd:81:8a:b9:f2:5f:22:23:5d:99:15:26:0b:06:2a:4e:e5:23:f8:6a:6f:29:6c:3f:10:97:0b:68:b6:ad:7a:19:08:ac:93:9d:39:d7:99:20:db:9f:2e:93:97:4c:30:00:67:5d:4a:fe:ff:ef:aa:98:04:05:32:7b:8a:a3:71:9d:eb:67:14:eb:86:b2:76:a0:28:b1:44:c4:62:e8:90:e6:ef:8b:b7:5a:0a:57:59:a4:88:ae:e3:62:f0:85:04:25:f9:dc:65:dc:da:9c:bb:c1:b8:41:99:2c:f0:86:bc:a1:28:7d:1a:0b:b7:2b:a7:88:61:f3:18:98:48:93:a6:52:d0:cf:90:05:97:0b:95:34:09:8d:b3:78:8b:87:cf:03:57:04:9f:2c:41:8c:10:32:df:c2:a8:88:93:1b:ad:3f:0c:4a:61:74:95:72:2a:b0:94:98:5c:47:33:57:03:86:82:69:6d:71:78:af:c5:ec:33:23:09:8c:43:2b:bf:0f:17:a3:5f:6b:8a:db:b3:94:d1:5e:c5:a3:75:f8:e7:44:58:f7:7d:14:00:e0:50:4c:03:ca:2f:12:22:27:22:64:34:60:8f:e3:34:fa:65:6f:74:f3:fe:b4:82:57:d1:c2:fd:1f:da:b2:65:a6:3b:6c:bd:19:29:87:87:9f:ea:67:c8:52:9a:8e:48:e4:d9:27:94:e9:55:5b:23:7e:3d:ce:11:90:1c:fc:f8:f3:17:e6:10:aa:8d:df:e8:88:e4:ae:ea:09:7c:1d:3e:d1:0f:d4:d9:4c:31:31:b0:71:e2:2f:df:06:ef:4d:11:dd:e2:47:81:1d:ba:02:cb:db:63:4a:82:fd:69:4d:21:52:f0:33:dd:63:fc:19:99:9d:a7:b5:38:39:32:5c:ed:f1:e1:4d:ce:0e:bf:12:12:c1:41:bf:d8:97:01:bc:26:5b:9b:5b:f6:bc:d7:f9:89:91:11:b9:70:21:f9:3a:cd:af:cb:9a:9c:6e:71:80:d7:a6:25:92:bf:32:64:1d:00:f9:ed:fd:81:bd:16:45:54:08:e9:15"
},
"tls": {
"tls.record": {
"tls.record.content_type": "23",
"tls.record.version": "0x00000303",
"tls.record.length": "605",
"tls.app_data": "00:00:00:00:00:00:00:01:93:e0:ea:26:46:7f:77:45:b8:23:1b:cc:6f:e8:6d:98:42:1b:c9:51:74:a3:32:e2:57:e8:26:9e:8b:27:56:b1:92:f6:76:79:28:98:d5:1f:e8:45:c0:80:33:51:21:34:13:a4:23:a2:7c:af:67:8d:d5:f6:45:91:51:12:62:21:1d:6c:d0:c3:e5:5e:95:52:a4:80:a9:0f:f4:81:f8:c9:c1:cc:cb:68:2a:13:fb:2a:94:80:d9:96:30:96:2f:7d:b4:5a:cc:15:1b:de:86:b3:67:01:dd:9b:5a:7d:ac:fa:77:27:bd:21:ce:4a:74:68:89:8a:48:8d:b5:2a:ec:ba:dc:65:1b:54:ba:26:48:ad:30:07:81:7f:c7:55:dc:97:3d:6e:28:6d:81:34:68:24:71:d4:b3:97:97:93:9b:5f:f2:cf:58:5e:2e:f6:69:a3:da:d1:78:81:5e:ae:88:94:bf:9b:e8:85:5c:aa:ab:12:1f:3e:17:e9:16:35:e9:15:d1:e7:45:67:37:cd:81:8a:b9:f2:5f:22:23:5d:99:15:26:0b:06:2a:4e:e5:23:f8:6a:6f:29:6c:3f:10:97:0b:68:b6:ad:7a:19:08:ac:93:9d:39:d7:99:20:db:9f:2e:93:97:4c:30:00:67:5d:4a:fe:ff:ef:aa:98:04:05:32:7b:8a:a3:71:9d:eb:67:14:eb:86:b2:76:a0:28:b1:44:c4:62:e8:90:e6:ef:8b:b7:5a:0a:57:59:a4:88:ae:e3:62:f0:85:04:25:f9:dc:65:dc:da:9c:bb:c1:b8:41:99:2c:f0:86:bc:a1:28:7d:1a:0b:b7:2b:a7:88:61:f3:18:98:48:93:a6:52:d0:cf:90:05:97:0b:95:34:09:8d:b3:78:8b:87:cf:03:57:04:9f:2c:41:8c:10:32:df:c2:a8:88:93:1b:ad:3f:0c:4a:61:74:95:72:2a:b0:94:98:5c:47:33:57:03:86:82:69:6d:71:78:af:c5:ec:33:23:09:8c:43:2b:bf:0f:17:a3:5f:6b:8a:db:b3:94:d1:5e:c5:a3:75:f8:e7:44:58:f7:7d:14:00:e0:50:4c:03:ca:2f:12:22:27:22:64:34:60:8f:e3:34:fa:65:6f:74:f3:fe:b4:82:57:d1:c2:fd:1f:da:b2:65:a6:3b:6c:bd:19:29:87:87:9f:ea:67:c8:52:9a:8e:48:e4:d9:27:94:e9:55:5b:23:7e:3d:ce:11:90:1c:fc:f8:f3:17:e6:10:aa:8d:df:e8:88:e4:ae:ea:09:7c:1d:3e:d1:0f:d4:d9:4c:31:31:b0:71:e2:2f:df:06:ef:4d:11:dd:e2:47:81:1d:ba:02:cb:db:63:4a:82:fd:69:4d:21:52:f0:33:dd:63:fc:19:99:9d:a7:b5:38:39:32:5c:ed:f1:e1:4d:ce:0e:bf:12:12:c1:41:bf:d8:97:01:bc:26:5b:9b:5b:f6:bc:d7:f9:89:91:11:b9:70:21:f9:3a:cd:af:cb:9a:9c:6e:71:80:d7:a6:25:92:bf:32:64:1d:00:f9:ed:fd:81:bd:16:45:54:08:e9:15"
}
},
"http": {
"POST /key HTTP/1.1\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "POST /key HTTP/1.1\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.method": "POST",
"http.request.uri": "/key",
"http.request.version": "HTTP/1.1"
},
"http.host": "95.217.22.76",
"http.request.line": "Host: 95.217.22.76\r\n",
"http.connection": "keep-alive",
"http.request.line": "Connection: keep-alive\r\n",
"http.content_length_header": "17",
"http.content_length_header_tree": {
"http.content_length": "17"
},
"http.request.line": "Content-Length: 17\r\n",
"http.accept": "*/*",
"http.request.line": "Accept: */*\r\n",
"http.request.line": "X-Requested-With: XMLHttpRequest\r\n",
"http.user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36",
"http.request.line": "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36\r\n",
"http.content_type": "application/json",
"http.request.line": "Content-Type: application/json\r\n",
"http.request.line": "Origin: https://95.217.22.76\r\n",
"http.request.line": "Sec-Fetch-Site: same-origin\r\n",
"http.request.line": "Sec-Fetch-Mode: cors\r\n",
"http.request.line": "Sec-Fetch-Dest: empty\r\n",
"http.referer": "https://95.217.22.76/",
"http.request.line": "Referer: https://95.217.22.76/\r\n",
"http.accept_encoding": "gzip, deflate, br",
"http.request.line": "Accept-Encoding: gzip, deflate, br\r\n",
"http.accept_language": "ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7",
"http.request.line": "Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7\r\n",
"http.cookie": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c",
"http.cookie_tree": {
"http.cookie_pair": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c"
},
"http.request.line": "Cookie: session=fe307005-3191-4dfb-b04a-d8ee9b720d1c\r\n",
"\\r\\n": "",
"http.request.full_uri": "https://95.217.22.76/key",
"http.request": "1",
"http.request_number": "1",
"http.response_in": "350",
"http.file_data": "{\"x\":141,\"y\":103}"
},
"json": {
"json.object": {
"json.member": {
"json.value.number": "141",
"json.key": "x"
},
"json.member": {
"json.value.number": "103",
"json.key": "y"
}
}
}
}
}
},
{
"_index": "packets-2020-07-13",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.interface_id_tree": {
"frame.interface_name": "wlp3s0"
},
"frame.encap_type": "1",
"frame.time": "Jul 13, 2020 07:46:09.032729064 PDT",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1594651569.032729064",
"frame.time_delta": "0.000502196",
"frame.time_delta_displayed": "1.815146269",
"frame.time_relative": "28.828474063",
"frame.number": "373",
"frame.len": "676",
"frame.cap_len": "676",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "eth:ethertype:ip:tcp:tls:http:json",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"eth": {
"eth.dst": "50:ff:20:10:b1:f0",
"eth.dst_tree": {
"eth.dst_resolved": "Keenetic_10:b1:f0",
"eth.addr": "50:ff:20:10:b1:f0",
"eth.addr_resolved": "Keenetic_10:b1:f0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.src": "8c:70:5a:f5:9b:d0",
"eth.src_tree": {
"eth.src_resolved": "IntelCor_f5:9b:d0",
"eth.addr": "8c:70:5a:f5:9b:d0",
"eth.addr_resolved": "IntelCor_f5:9b:d0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.type": "0x00000800"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000000",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "0"
},
"ip.len": "662",
"ip.id": "0x0000e4fe",
"ip.flags": "0x00004000",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0",
"ip.frag_offset": "0"
},
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x00001b8d",
"ip.checksum.status": "2",
"ip.src": "192.168.1.9",
"ip.addr": "192.168.1.9",
"ip.src_host": "192.168.1.9",
"ip.host": "192.168.1.9",
"ip.dst": "95.217.22.76",
"ip.addr": "95.217.22.76",
"ip.dst_host": "95.217.22.76",
"ip.host": "95.217.22.76"
},
"tcp": {
"tcp.srcport": "50442",
"tcp.dstport": "443",
"tcp.port": "50442",
"tcp.port": "443",
"tcp.stream": "26",
"tcp.len": "610",
"tcp.seq": "569",
"tcp.nxtseq": "1179",
"tcp.ack": "142",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "·······AP···"
},
"tcp.window_size_value": "501",
"tcp.window_size": "64128",
"tcp.window_size_scalefactor": "128",
"tcp.checksum": "0x000034b5",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:93:68:81:bf:33:01:cb:80",
"tcp.options_tree": {
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.timestamp": "08:0a:93:68:81:bf:33:01:cb:80",
"tcp.options.timestamp_tree": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "2473099711",
"tcp.options.timestamp.tsecr": "855755648"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.037703679",
"tcp.analysis.bytes_in_flight": "661",
"tcp.analysis.push_bytes_sent": "610"
},
"Timestamps": {
"tcp.time_relative": "0.079190699",
"tcp.time_delta": "0.000502196"
},
"tcp.payload": "17:03:03:02:5d:00:00:00:00:00:00:00:01:59:fa:05:a1:3a:b6:a0:86:2a:95:8b:40:6f:5b:0d:af:7e:d9:aa:7d:24:0c:59:3a:a5:f1:dc:49:6b:a5:d4:ee:c1:e4:4a:3c:4b:15:8f:81:fc:15:5b:2e:37:a5:fd:08:3f:2c:1f:20:bc:61:b1:f3:ad:ba:f8:29:29:12:11:8e:05:49:72:d6:9c:c9:02:0c:bb:72:2c:fa:f2:7c:23:cc:19:61:dc:ab:64:2a:51:c5:8b:25:0f:ad:a3:0c:63:95:3e:69:e6:74:94:f3:e8:33:31:41:a1:a3:45:49:a3:bb:0b:8e:2f:f2:4e:bc:36:e1:04:9a:52:5c:57:a2:03:ff:01:7c:5b:50:21:cf:ed:bd:04:65:83:bc:4f:4d:63:30:89:51:cb:f6:38:cb:51:12:17:f6:b3:e4:cf:91:d5:f7:8a:bd:45:da:07:c6:48:ba:02:81:b3:a4:06:f2:41:df:20:94:77:2b:de:c2:7d:23:a0:17:2e:c4:a2:82:68:45:a9:f4:61:ad:92:71:9e:85:85:f6:fa:d4:bf:47:cc:b7:f2:01:2f:43:24:84:66:b9:55:c5:df:1b:6f:8c:2f:a3:99:eb:ef:da:31:72:65:06:df:cf:61:8d:a4:c3:bb:35:3f:7d:34:2a:3d:1b:31:28:19:12:02:fc:47:fb:85:0e:1e:b2:91:1c:46:b8:6b:cf:84:45:f9:6e:79:d7:c6:df:16:8f:d9:05:19:5f:52:d0:05:25:57:cc:58:b9:19:0b:7f:84:e8:82:b6:34:08:22:08:c8:7c:41:49:eb:2d:df:fe:a1:64:d7:61:99:16:92:38:e8:7f:6c:12:e8:5c:96:35:30:20:70:ef:04:51:92:f4:e6:ec:91:89:0f:f4:d0:e5:0e:41:77:6e:8d:4f:38:b8:a4:61:1b:1d:31:bf:7b:19:35:61:c8:be:0b:19:0f:38:33:7d:2f:6d:b3:01:36:25:f9:9c:ec:f9:70:7d:93:96:e0:92:da:31:2a:fd:5d:1a:be:60:b2:b5:36:5f:61:76:d6:48:17:f8:d0:15:6f:98:dd:39:fa:ca:3f:df:28:0f:83:b2:3d:0e:5a:c9:99:a2:e6:4b:b4:08:80:c3:20:7d:b9:72:6c:44:f5:84:a7:56:03:06:86:e2:60:17:bc:a8:80:38:9f:da:b3:9e:0f:1b:38:43:34:b9:23:49:4a:b2:e1:8a:a5:79:ef:26:a6:76:a1:00:cd:25:cb:40:ae:72:d4:e4:7b:11:82:4e:25:b9:80:20:56:80:58:24:0c:27:2f:3f:f7:9e:11:a2:2a:27:57:2d:25:22:cf:9f:35:6c:83:d3:fb:69:09:5a:ac:bb:18:b9:0d:7c:37:4e:d7:28:31:e7:39:ae:a3:5b:ec:69:dc:6d:c9:10:c9:91:71:23:50:8d:8c:7d:e5:bb:c5:73:cc:11:28:c9:fb:41:96:ee:47:9b:45:bd:21:69:1d:16:1e:9f:c7:a5:5b:34:3a:ef:cf:6f:e1:69:0a:ec:89:c4:ec:64:6a:39:af:68:62:fa:5a:2e:53:0c:d6:a0:22:aa:59:fb:ff:ca"
},
"tls": {
"tls.record": {
"tls.record.content_type": "23",
"tls.record.version": "0x00000303",
"tls.record.length": "605",
"tls.app_data": "00:00:00:00:00:00:00:01:59:fa:05:a1:3a:b6:a0:86:2a:95:8b:40:6f:5b:0d:af:7e:d9:aa:7d:24:0c:59:3a:a5:f1:dc:49:6b:a5:d4:ee:c1:e4:4a:3c:4b:15:8f:81:fc:15:5b:2e:37:a5:fd:08:3f:2c:1f:20:bc:61:b1:f3:ad:ba:f8:29:29:12:11:8e:05:49:72:d6:9c:c9:02:0c:bb:72:2c:fa:f2:7c:23:cc:19:61:dc:ab:64:2a:51:c5:8b:25:0f:ad:a3:0c:63:95:3e:69:e6:74:94:f3:e8:33:31:41:a1:a3:45:49:a3:bb:0b:8e:2f:f2:4e:bc:36:e1:04:9a:52:5c:57:a2:03:ff:01:7c:5b:50:21:cf:ed:bd:04:65:83:bc:4f:4d:63:30:89:51:cb:f6:38:cb:51:12:17:f6:b3:e4:cf:91:d5:f7:8a:bd:45:da:07:c6:48:ba:02:81:b3:a4:06:f2:41:df:20:94:77:2b:de:c2:7d:23:a0:17:2e:c4:a2:82:68:45:a9:f4:61:ad:92:71:9e:85:85:f6:fa:d4:bf:47:cc:b7:f2:01:2f:43:24:84:66:b9:55:c5:df:1b:6f:8c:2f:a3:99:eb:ef:da:31:72:65:06:df:cf:61:8d:a4:c3:bb:35:3f:7d:34:2a:3d:1b:31:28:19:12:02:fc:47:fb:85:0e:1e:b2:91:1c:46:b8:6b:cf:84:45:f9:6e:79:d7:c6:df:16:8f:d9:05:19:5f:52:d0:05:25:57:cc:58:b9:19:0b:7f:84:e8:82:b6:34:08:22:08:c8:7c:41:49:eb:2d:df:fe:a1:64:d7:61:99:16:92:38:e8:7f:6c:12:e8:5c:96:35:30:20:70:ef:04:51:92:f4:e6:ec:91:89:0f:f4:d0:e5:0e:41:77:6e:8d:4f:38:b8:a4:61:1b:1d:31:bf:7b:19:35:61:c8:be:0b:19:0f:38:33:7d:2f:6d:b3:01:36:25:f9:9c:ec:f9:70:7d:93:96:e0:92:da:31:2a:fd:5d:1a:be:60:b2:b5:36:5f:61:76:d6:48:17:f8:d0:15:6f:98:dd:39:fa:ca:3f:df:28:0f:83:b2:3d:0e:5a:c9:99:a2:e6:4b:b4:08:80:c3:20:7d:b9:72:6c:44:f5:84:a7:56:03:06:86:e2:60:17:bc:a8:80:38:9f:da:b3:9e:0f:1b:38:43:34:b9:23:49:4a:b2:e1:8a:a5:79:ef:26:a6:76:a1:00:cd:25:cb:40:ae:72:d4:e4:7b:11:82:4e:25:b9:80:20:56:80:58:24:0c:27:2f:3f:f7:9e:11:a2:2a:27:57:2d:25:22:cf:9f:35:6c:83:d3:fb:69:09:5a:ac:bb:18:b9:0d:7c:37:4e:d7:28:31:e7:39:ae:a3:5b:ec:69:dc:6d:c9:10:c9:91:71:23:50:8d:8c:7d:e5:bb:c5:73:cc:11:28:c9:fb:41:96:ee:47:9b:45:bd:21:69:1d:16:1e:9f:c7:a5:5b:34:3a:ef:cf:6f:e1:69:0a:ec:89:c4:ec:64:6a:39:af:68:62:fa:5a:2e:53:0c:d6:a0:22:aa:59:fb:ff:ca"
}
},
"http": {
"POST /key HTTP/1.1\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "POST /key HTTP/1.1\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.method": "POST",
"http.request.uri": "/key",
"http.request.version": "HTTP/1.1"
},
"http.host": "95.217.22.76",
"http.request.line": "Host: 95.217.22.76\r\n",
"http.connection": "keep-alive",
"http.request.line": "Connection: keep-alive\r\n",
"http.content_length_header": "17",
"http.content_length_header_tree": {
"http.content_length": "17"
},
"http.request.line": "Content-Length: 17\r\n",
"http.accept": "*/*",
"http.request.line": "Accept: */*\r\n",
"http.request.line": "X-Requested-With: XMLHttpRequest\r\n",
"http.user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36",
"http.request.line": "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36\r\n",
"http.content_type": "application/json",
"http.request.line": "Content-Type: application/json\r\n",
"http.request.line": "Origin: https://95.217.22.76\r\n",
"http.request.line": "Sec-Fetch-Site: same-origin\r\n",
"http.request.line": "Sec-Fetch-Mode: cors\r\n",
"http.request.line": "Sec-Fetch-Dest: empty\r\n",
"http.referer": "https://95.217.22.76/",
"http.request.line": "Referer: https://95.217.22.76/\r\n",
"http.accept_encoding": "gzip, deflate, br",
"http.request.line": "Accept-Encoding: gzip, deflate, br\r\n",
"http.accept_language": "ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7",
"http.request.line": "Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7\r\n",
"http.cookie": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c",
"http.cookie_tree": {
"http.cookie_pair": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c"
},
"http.request.line": "Cookie: session=fe307005-3191-4dfb-b04a-d8ee9b720d1c\r\n",
"\\r\\n": "",
"http.request.full_uri": "https://95.217.22.76/key",
"http.request": "1",
"http.request_number": "1",
"http.response_in": "378",
"http.file_data": "{\"x\":342,\"y\":105}"
},
"json": {
"json.object": {
"json.member": {
"json.value.number": "342",
"json.key": "x"
},
"json.member": {
"json.value.number": "105",
"json.key": "y"
}
}
}
}
}
},
{
"_index": "packets-2020-07-13",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.interface_id_tree": {
"frame.interface_name": "wlp3s0"
},
"frame.encap_type": "1",
"frame.time": "Jul 13, 2020 07:46:10.510237592 PDT",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1594651570.510237592",
"frame.time_delta": "0.000250897",
"frame.time_delta_displayed": "1.477508528",
"frame.time_relative": "30.305982591",
"frame.number": "401",
"frame.len": "674",
"frame.cap_len": "674",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "eth:ethertype:ip:tcp:tls:http:json",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"eth": {
"eth.dst": "50:ff:20:10:b1:f0",
"eth.dst_tree": {
"eth.dst_resolved": "Keenetic_10:b1:f0",
"eth.addr": "50:ff:20:10:b1:f0",
"eth.addr_resolved": "Keenetic_10:b1:f0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.src": "8c:70:5a:f5:9b:d0",
"eth.src_tree": {
"eth.src_resolved": "IntelCor_f5:9b:d0",
"eth.addr": "8c:70:5a:f5:9b:d0",
"eth.addr_resolved": "IntelCor_f5:9b:d0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.type": "0x00000800"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000000",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "0"
},
"ip.len": "660",
"ip.id": "0x0000eb6a",
"ip.flags": "0x00004000",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0",
"ip.frag_offset": "0"
},
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x00001523",
"ip.checksum.status": "2",
"ip.src": "192.168.1.9",
"ip.addr": "192.168.1.9",
"ip.src_host": "192.168.1.9",
"ip.host": "192.168.1.9",
"ip.dst": "95.217.22.76",
"ip.addr": "95.217.22.76",
"ip.dst_host": "95.217.22.76",
"ip.host": "95.217.22.76"
},
"tcp": {
"tcp.srcport": "50446",
"tcp.dstport": "443",
"tcp.port": "50446",
"tcp.port": "443",
"tcp.stream": "28",
"tcp.len": "608",
"tcp.seq": "569",
"tcp.nxtseq": "1177",
"tcp.ack": "142",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "·······AP···"
},
"tcp.window_size_value": "501",
"tcp.window_size": "64128",
"tcp.window_size_scalefactor": "128",
"tcp.checksum": "0x00001708",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:93:68:87:84:33:01:d1:48",
"tcp.options_tree": {
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.timestamp": "08:0a:93:68:87:84:33:01:d1:48",
"tcp.options.timestamp_tree": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "2473101188",
"tcp.options.timestamp.tsecr": "855757128"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.037410395",
"tcp.analysis.bytes_in_flight": "659",
"tcp.analysis.push_bytes_sent": "608"
},
"Timestamps": {
"tcp.time_relative": "0.076271973",
"tcp.time_delta": "0.000250897"
},
"tcp.payload": "17:03:03:02:5b:00:00:00:00:00:00:00:01:e4:f0:32:7b:9f:9e:13:f6:24:f7:9f:b7:4e:0d:9c:99:10:fd:31:e3:23:8b:bf:a4:d4:40:c1:f1:95:87:32:29:21:1f:60:9f:12:f8:d1:14:d5:7c:04:77:a5:64:5c:32:74:7c:22:de:c3:2d:93:ff:47:0d:22:1b:e1:61:be:14:f6:37:8e:9c:04:98:20:01:27:39:80:ea:ae:41:dd:3c:e5:c6:8c:ea:3a:a9:c3:68:04:9c:19:29:86:ae:d5:1e:8d:ca:3e:5f:3b:97:0a:51:35:42:7c:fc:27:ab:f4:1a:e2:7c:a0:51:60:c4:14:85:a7:f7:04:17:20:8c:45:51:12:9f:32:0e:42:b7:33:40:d7:ec:89:d5:39:fd:5e:07:b8:a0:a2:4f:35:fa:1c:a1:f3:21:cb:7f:af:b8:89:03:31:94:76:68:3c:05:6f:7b:4b:a5:3b:51:f5:2a:4a:bc:42:63:70:91:b1:43:a1:21:8c:5c:41:f7:31:65:db:ae:fb:28:6f:86:1a:b4:03:ad:e3:96:c1:dd:e0:34:8d:f2:ca:e5:8d:96:c6:ae:79:07:4d:cb:22:76:b5:e3:bd:c6:8b:69:b0:d3:46:a9:8c:aa:4d:1b:e1:10:69:64:31:f6:a6:08:aa:6e:03:37:4c:d6:3d:56:8f:4f:5c:c7:c1:50:5e:22:6b:90:72:ab:7b:18:43:4e:ad:63:e5:5b:0f:50:4f:61:db:f0:ef:8d:f4:74:fc:87:98:9b:c7:47:cc:de:b9:40:47:c2:a5:0c:6a:30:b4:fb:ca:30:dd:44:1f:db:2b:10:bb:bd:0e:bc:28:ae:cd:87:e6:f0:fd:88:f4:59:fc:a9:ea:40:36:b9:7e:5a:15:4a:f9:18:05:09:78:e2:5b:26:39:a3:70:e0:66:04:e9:19:c2:40:1d:1d:7c:4b:70:41:b4:ef:37:5d:d5:84:1b:3c:f9:1a:41:3a:33:7f:fd:8c:f0:6c:54:db:62:39:0b:a9:76:cb:98:92:f3:c0:52:88:ed:d6:fe:80:ee:48:76:f7:bc:17:58:c1:25:95:4e:9c:f5:a7:3f:ea:3b:bf:09:73:f3:4e:7e:e7:ab:44:84:8e:a0:33:cc:97:be:7f:89:02:1a:b3:e0:44:1a:90:1d:9e:93:95:c5:0c:56:9f:59:18:d6:a5:a1:d4:bd:13:a2:30:9f:90:4b:41:27:af:81:54:7b:ab:45:55:59:a6:46:ba:3b:40:82:37:1c:6f:52:83:01:fc:b5:93:c6:8c:e2:90:71:f2:65:3e:fb:e7:d9:7a:3c:72:c9:3f:8a:4e:9d:7c:9f:f1:8c:e6:f7:28:d0:be:96:b2:2d:17:ae:4a:a3:f8:1e:6e:9a:94:9c:19:26:fc:b6:e8:95:63:90:5e:37:d1:d8:9a:ff:5e:7a:66:bd:ef:a8:3f:af:ab:df:11:ab:73:4a:64:5e:e7:e4:90:af:91:ad:3f:79:0a:e2:14:54:3b:81:bf:ba:db:27:ae:be:8f:8a:67:aa:f9:46:0f:df:bc:cc:53:ad:7d:b3:fd:f6:02:c3:71:d0:1a:70:52:3e:dc:ee"
},
"tls": {
"tls.record": {
"tls.record.content_type": "23",
"tls.record.version": "0x00000303",
"tls.record.length": "603",
"tls.app_data": "00:00:00:00:00:00:00:01:e4:f0:32:7b:9f:9e:13:f6:24:f7:9f:b7:4e:0d:9c:99:10:fd:31:e3:23:8b:bf:a4:d4:40:c1:f1:95:87:32:29:21:1f:60:9f:12:f8:d1:14:d5:7c:04:77:a5:64:5c:32:74:7c:22:de:c3:2d:93:ff:47:0d:22:1b:e1:61:be:14:f6:37:8e:9c:04:98:20:01:27:39:80:ea:ae:41:dd:3c:e5:c6:8c:ea:3a:a9:c3:68:04:9c:19:29:86:ae:d5:1e:8d:ca:3e:5f:3b:97:0a:51:35:42:7c:fc:27:ab:f4:1a:e2:7c:a0:51:60:c4:14:85:a7:f7:04:17:20:8c:45:51:12:9f:32:0e:42:b7:33:40:d7:ec:89:d5:39:fd:5e:07:b8:a0:a2:4f:35:fa:1c:a1:f3:21:cb:7f:af:b8:89:03:31:94:76:68:3c:05:6f:7b:4b:a5:3b:51:f5:2a:4a:bc:42:63:70:91:b1:43:a1:21:8c:5c:41:f7:31:65:db:ae:fb:28:6f:86:1a:b4:03:ad:e3:96:c1:dd:e0:34:8d:f2:ca:e5:8d:96:c6:ae:79:07:4d:cb:22:76:b5:e3:bd:c6:8b:69:b0:d3:46:a9:8c:aa:4d:1b:e1:10:69:64:31:f6:a6:08:aa:6e:03:37:4c:d6:3d:56:8f:4f:5c:c7:c1:50:5e:22:6b:90:72:ab:7b:18:43:4e:ad:63:e5:5b:0f:50:4f:61:db:f0:ef:8d:f4:74:fc:87:98:9b:c7:47:cc:de:b9:40:47:c2:a5:0c:6a:30:b4:fb:ca:30:dd:44:1f:db:2b:10:bb:bd:0e:bc:28:ae:cd:87:e6:f0:fd:88:f4:59:fc:a9:ea:40:36:b9:7e:5a:15:4a:f9:18:05:09:78:e2:5b:26:39:a3:70:e0:66:04:e9:19:c2:40:1d:1d:7c:4b:70:41:b4:ef:37:5d:d5:84:1b:3c:f9:1a:41:3a:33:7f:fd:8c:f0:6c:54:db:62:39:0b:a9:76:cb:98:92:f3:c0:52:88:ed:d6:fe:80:ee:48:76:f7:bc:17:58:c1:25:95:4e:9c:f5:a7:3f:ea:3b:bf:09:73:f3:4e:7e:e7:ab:44:84:8e:a0:33:cc:97:be:7f:89:02:1a:b3:e0:44:1a:90:1d:9e:93:95:c5:0c:56:9f:59:18:d6:a5:a1:d4:bd:13:a2:30:9f:90:4b:41:27:af:81:54:7b:ab:45:55:59:a6:46:ba:3b:40:82:37:1c:6f:52:83:01:fc:b5:93:c6:8c:e2:90:71:f2:65:3e:fb:e7:d9:7a:3c:72:c9:3f:8a:4e:9d:7c:9f:f1:8c:e6:f7:28:d0:be:96:b2:2d:17:ae:4a:a3:f8:1e:6e:9a:94:9c:19:26:fc:b6:e8:95:63:90:5e:37:d1:d8:9a:ff:5e:7a:66:bd:ef:a8:3f:af:ab:df:11:ab:73:4a:64:5e:e7:e4:90:af:91:ad:3f:79:0a:e2:14:54:3b:81:bf:ba:db:27:ae:be:8f:8a:67:aa:f9:46:0f:df:bc:cc:53:ad:7d:b3:fd:f6:02:c3:71:d0:1a:70:52:3e:dc:ee"
}
},
"http": {
"POST /key HTTP/1.1\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "POST /key HTTP/1.1\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.method": "POST",
"http.request.uri": "/key",
"http.request.version": "HTTP/1.1"
},
"http.host": "95.217.22.76",
"http.request.line": "Host: 95.217.22.76\r\n",
"http.connection": "keep-alive",
"http.request.line": "Connection: keep-alive\r\n",
"http.content_length_header": "15",
"http.content_length_header_tree": {
"http.content_length": "15"
},
"http.request.line": "Content-Length: 15\r\n",
"http.accept": "*/*",
"http.request.line": "Accept: */*\r\n",
"http.request.line": "X-Requested-With: XMLHttpRequest\r\n",
"http.user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36",
"http.request.line": "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36\r\n",
"http.content_type": "application/json",
"http.request.line": "Content-Type: application/json\r\n",
"http.request.line": "Origin: https://95.217.22.76\r\n",
"http.request.line": "Sec-Fetch-Site: same-origin\r\n",
"http.request.line": "Sec-Fetch-Mode: cors\r\n",
"http.request.line": "Sec-Fetch-Dest: empty\r\n",
"http.referer": "https://95.217.22.76/",
"http.request.line": "Referer: https://95.217.22.76/\r\n",
"http.accept_encoding": "gzip, deflate, br",
"http.request.line": "Accept-Encoding: gzip, deflate, br\r\n",
"http.accept_language": "ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7",
"http.request.line": "Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7\r\n",
"http.cookie": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c",
"http.cookie_tree": {
"http.cookie_pair": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c"
},
"http.request.line": "Cookie: session=fe307005-3191-4dfb-b04a-d8ee9b720d1c\r\n",
"\\r\\n": "",
"http.request.full_uri": "https://95.217.22.76/key",
"http.request": "1",
"http.request_number": "1",
"http.response_in": "406",
"http.file_data": "{\"x\":92,\"y\":59}"
},
"json": {
"json.object": {
"json.member": {
"json.value.number": "92",
"json.key": "x"
},
"json.member": {
"json.value.number": "59",
"json.key": "y"
}
}
}
}
}
},
{
"_index": "packets-2020-07-13",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.interface_id_tree": {
"frame.interface_name": "wlp3s0"
},
"frame.encap_type": "1",
"frame.time": "Jul 13, 2020 07:46:11.967705997 PDT",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1594651571.967705997",
"frame.time_delta": "0.000472324",
"frame.time_delta_displayed": "1.457468405",
"frame.time_relative": "31.763450996",
"frame.number": "430",
"frame.len": "674",
"frame.cap_len": "674",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "eth:ethertype:ip:tcp:tls:http:json",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"eth": {
"eth.dst": "50:ff:20:10:b1:f0",
"eth.dst_tree": {
"eth.dst_resolved": "Keenetic_10:b1:f0",
"eth.addr": "50:ff:20:10:b1:f0",
"eth.addr_resolved": "Keenetic_10:b1:f0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.src": "8c:70:5a:f5:9b:d0",
"eth.src_tree": {
"eth.src_resolved": "IntelCor_f5:9b:d0",
"eth.addr": "8c:70:5a:f5:9b:d0",
"eth.addr_resolved": "IntelCor_f5:9b:d0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.type": "0x00000800"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000000",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "0"
},
"ip.len": "660",
"ip.id": "0x0000032b",
"ip.flags": "0x00004000",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0",
"ip.frag_offset": "0"
},
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x0000fd62",
"ip.checksum.status": "2",
"ip.src": "192.168.1.9",
"ip.addr": "192.168.1.9",
"ip.src_host": "192.168.1.9",
"ip.host": "192.168.1.9",
"ip.dst": "95.217.22.76",
"ip.addr": "95.217.22.76",
"ip.dst_host": "95.217.22.76",
"ip.host": "95.217.22.76"
},
"tcp": {
"tcp.srcport": "50450",
"tcp.dstport": "443",
"tcp.port": "50450",
"tcp.port": "443",
"tcp.stream": "30",
"tcp.len": "608",
"tcp.seq": "569",
"tcp.nxtseq": "1177",
"tcp.ack": "142",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "·······AP···"
},
"tcp.window_size_value": "501",
"tcp.window_size": "64128",
"tcp.window_size_scalefactor": "128",
"tcp.checksum": "0x0000a557",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:93:68:8d:36:33:01:d6:f9",
"tcp.options_tree": {
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.timestamp": "08:0a:93:68:8d:36:33:01:d6:f9",
"tcp.options.timestamp_tree": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "2473102646",
"tcp.options.timestamp.tsecr": "855758585"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.041048977",
"tcp.analysis.bytes_in_flight": "659",
"tcp.analysis.push_bytes_sent": "608"
},
"Timestamps": {
"tcp.time_relative": "0.080202645",
"tcp.time_delta": "0.000472324"
},
"tcp.payload": "17:03:03:02:5b:00:00:00:00:00:00:00:01:a7:34:70:72:0e:92:d2:34:47:10:8f:25:f3:66:cf:32:85:63:09:34:66:f6:69:a1:a6:e2:8b:b6:d6:a1:67:a5:ac:b5:f0:45:fc:67:32:a5:a6:b8:26:40:f3:27:47:0b:f8:3c:3e:07:2f:49:f5:02:bb:c2:74:0d:df:3d:24:8f:ae:33:dd:71:56:78:65:23:bb:c7:30:68:fd:0f:a0:4e:a6:21:da:d8:ba:b4:c5:c5:4c:73:c2:aa:25:66:89:a9:3b:e4:47:0a:54:7b:00:bf:a8:09:bf:50:e9:12:8f:ba:b9:55:bd:bf:ca:83:11:ee:c6:fc:ab:70:d6:b2:08:69:3b:a0:01:31:bf:00:8b:33:1c:ce:a4:04:ff:8b:21:77:49:ed:36:f0:23:f6:e8:11:8d:8f:13:b8:46:7a:d7:c5:22:ae:4c:11:63:1b:1b:55:cb:07:9d:ba:5c:31:74:1b:7a:89:7d:39:f3:ad:5a:70:7f:b5:3d:25:f2:81:7a:02:0e:ea:5c:8b:12:69:16:a8:0b:ed:c7:46:4f:75:1b:0c:3f:be:c9:44:4d:c7:3d:bf:8a:c9:5c:70:67:fb:70:97:0e:d5:0f:85:2d:b3:72:5f:33:df:1f:3c:f6:5a:b5:9d:4b:99:82:ce:ac:e4:3f:8a:c3:58:43:0f:5e:89:66:15:71:bd:c2:f9:12:76:2d:5e:fd:eb:ed:e7:9a:56:08:dd:04:56:51:e8:92:72:8b:03:91:42:b6:f6:fe:62:e9:83:c0:2a:34:d3:54:77:1f:48:92:6d:ea:00:a8:33:43:bc:e9:62:2d:4a:82:e2:49:a3:aa:cc:e1:a5:bf:14:8e:95:f5:bd:b8:f7:76:4e:02:38:b1:1a:da:15:8b:6d:5b:81:38:be:c5:3d:04:62:47:3f:b3:81:db:c5:0a:4c:7e:f3:f1:f6:eb:f3:0e:52:81:22:e7:32:e5:5f:bc:bb:fb:f3:ac:3d:61:70:cb:98:3b:5a:a0:5d:f9:69:3c:c9:32:1d:9e:63:31:94:d3:5f:dc:5c:0e:e2:3e:8e:48:20:32:c1:14:1d:63:e8:09:fb:73:8c:33:9d:34:ab:9f:25:4d:56:5a:72:e0:4c:ff:76:36:be:bf:8a:03:03:6c:1d:8b:7a:3a:82:ed:11:df:39:ea:12:26:e7:54:1e:a9:47:1a:6d:44:d6:cf:dd:c2:43:6c:ca:3f:36:09:ed:1e:7c:07:45:04:71:94:8a:0f:90:0c:42:b0:33:c8:3e:11:b5:3f:61:3c:3b:b0:d0:ee:43:79:4e:93:1f:3a:4e:02:b2:c6:c1:d5:f4:c9:1e:30:c5:84:0a:e6:bc:01:cc:ef:d9:5a:f6:11:ed:e9:44:55:55:a0:2d:34:a9:af:a3:f1:6d:6d:83:91:2a:73:c8:64:05:c4:a4:f8:34:74:f9:ee:53:f6:b3:79:87:53:4e:9c:c3:83:36:10:4d:48:bb:df:12:61:6c:49:4a:5b:c4:6c:c5:d2:a5:80:31:39:26:dd:4a:ee:d9:58:fc:14:6c:f2:7a:48:52:e7:ae:89:b9:03:dc:5f:b5:e6:df:d2"
},
"tls": {
"tls.record": {
"tls.record.content_type": "23",
"tls.record.version": "0x00000303",
"tls.record.length": "603",
"tls.app_data": "00:00:00:00:00:00:00:01:a7:34:70:72:0e:92:d2:34:47:10:8f:25:f3:66:cf:32:85:63:09:34:66:f6:69:a1:a6:e2:8b:b6:d6:a1:67:a5:ac:b5:f0:45:fc:67:32:a5:a6:b8:26:40:f3:27:47:0b:f8:3c:3e:07:2f:49:f5:02:bb:c2:74:0d:df:3d:24:8f:ae:33:dd:71:56:78:65:23:bb:c7:30:68:fd:0f:a0:4e:a6:21:da:d8:ba:b4:c5:c5:4c:73:c2:aa:25:66:89:a9:3b:e4:47:0a:54:7b:00:bf:a8:09:bf:50:e9:12:8f:ba:b9:55:bd:bf:ca:83:11:ee:c6:fc:ab:70:d6:b2:08:69:3b:a0:01:31:bf:00:8b:33:1c:ce:a4:04:ff:8b:21:77:49:ed:36:f0:23:f6:e8:11:8d:8f:13:b8:46:7a:d7:c5:22:ae:4c:11:63:1b:1b:55:cb:07:9d:ba:5c:31:74:1b:7a:89:7d:39:f3:ad:5a:70:7f:b5:3d:25:f2:81:7a:02:0e:ea:5c:8b:12:69:16:a8:0b:ed:c7:46:4f:75:1b:0c:3f:be:c9:44:4d:c7:3d:bf:8a:c9:5c:70:67:fb:70:97:0e:d5:0f:85:2d:b3:72:5f:33:df:1f:3c:f6:5a:b5:9d:4b:99:82:ce:ac:e4:3f:8a:c3:58:43:0f:5e:89:66:15:71:bd:c2:f9:12:76:2d:5e:fd:eb:ed:e7:9a:56:08:dd:04:56:51:e8:92:72:8b:03:91:42:b6:f6:fe:62:e9:83:c0:2a:34:d3:54:77:1f:48:92:6d:ea:00:a8:33:43:bc:e9:62:2d:4a:82:e2:49:a3:aa:cc:e1:a5:bf:14:8e:95:f5:bd:b8:f7:76:4e:02:38:b1:1a:da:15:8b:6d:5b:81:38:be:c5:3d:04:62:47:3f:b3:81:db:c5:0a:4c:7e:f3:f1:f6:eb:f3:0e:52:81:22:e7:32:e5:5f:bc:bb:fb:f3:ac:3d:61:70:cb:98:3b:5a:a0:5d:f9:69:3c:c9:32:1d:9e:63:31:94:d3:5f:dc:5c:0e:e2:3e:8e:48:20:32:c1:14:1d:63:e8:09:fb:73:8c:33:9d:34:ab:9f:25:4d:56:5a:72:e0:4c:ff:76:36:be:bf:8a:03:03:6c:1d:8b:7a:3a:82:ed:11:df:39:ea:12:26:e7:54:1e:a9:47:1a:6d:44:d6:cf:dd:c2:43:6c:ca:3f:36:09:ed:1e:7c:07:45:04:71:94:8a:0f:90:0c:42:b0:33:c8:3e:11:b5:3f:61:3c:3b:b0:d0:ee:43:79:4e:93:1f:3a:4e:02:b2:c6:c1:d5:f4:c9:1e:30:c5:84:0a:e6:bc:01:cc:ef:d9:5a:f6:11:ed:e9:44:55:55:a0:2d:34:a9:af:a3:f1:6d:6d:83:91:2a:73:c8:64:05:c4:a4:f8:34:74:f9:ee:53:f6:b3:79:87:53:4e:9c:c3:83:36:10:4d:48:bb:df:12:61:6c:49:4a:5b:c4:6c:c5:d2:a5:80:31:39:26:dd:4a:ee:d9:58:fc:14:6c:f2:7a:48:52:e7:ae:89:b9:03:dc:5f:b5:e6:df:d2"
}
},
"http": {
"POST /key HTTP/1.1\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "POST /key HTTP/1.1\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.method": "POST",
"http.request.uri": "/key",
"http.request.version": "HTTP/1.1"
},
"http.host": "95.217.22.76",
"http.request.line": "Host: 95.217.22.76\r\n",
"http.connection": "keep-alive",
"http.request.line": "Connection: keep-alive\r\n",
"http.content_length_header": "15",
"http.content_length_header_tree": {
"http.content_length": "15"
},
"http.request.line": "Content-Length: 15\r\n",
"http.accept": "*/*",
"http.request.line": "Accept: */*\r\n",
"http.request.line": "X-Requested-With: XMLHttpRequest\r\n",
"http.user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36",
"http.request.line": "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36\r\n",
"http.content_type": "application/json",
"http.request.line": "Content-Type: application/json\r\n",
"http.request.line": "Origin: https://95.217.22.76\r\n",
"http.request.line": "Sec-Fetch-Site: same-origin\r\n",
"http.request.line": "Sec-Fetch-Mode: cors\r\n",
"http.request.line": "Sec-Fetch-Dest: empty\r\n",
"http.referer": "https://95.217.22.76/",
"http.request.line": "Referer: https://95.217.22.76/\r\n",
"http.accept_encoding": "gzip, deflate, br",
"http.request.line": "Accept-Encoding: gzip, deflate, br\r\n",
"http.accept_language": "ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7",
"http.request.line": "Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7\r\n",
"http.cookie": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c",
"http.cookie_tree": {
"http.cookie_pair": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c"
},
"http.request.line": "Cookie: session=fe307005-3191-4dfb-b04a-d8ee9b720d1c\r\n",
"\\r\\n": "",
"http.request.full_uri": "https://95.217.22.76/key",
"http.request": "1",
"http.request_number": "1",
"http.response_in": "435",
"http.file_data": "{\"x\":92,\"y\":59}"
},
"json": {
"json.object": {
"json.member": {
"json.value.number": "92",
"json.key": "x"
},
"json.member": {
"json.value.number": "59",
"json.key": "y"
}
}
}
}
}
},
{
"_index": "packets-2020-07-13",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.interface_id_tree": {
"frame.interface_name": "wlp3s0"
},
"frame.encap_type": "1",
"frame.time": "Jul 13, 2020 07:46:13.297119263 PDT",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1594651573.297119263",
"frame.time_delta": "0.000291063",
"frame.time_delta_displayed": "1.329413266",
"frame.time_relative": "33.092864262",
"frame.number": "458",
"frame.len": "675",
"frame.cap_len": "675",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "eth:ethertype:ip:tcp:tls:http:json",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"eth": {
"eth.dst": "50:ff:20:10:b1:f0",
"eth.dst_tree": {
"eth.dst_resolved": "Keenetic_10:b1:f0",
"eth.addr": "50:ff:20:10:b1:f0",
"eth.addr_resolved": "Keenetic_10:b1:f0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.src": "8c:70:5a:f5:9b:d0",
"eth.src_tree": {
"eth.src_resolved": "IntelCor_f5:9b:d0",
"eth.addr": "8c:70:5a:f5:9b:d0",
"eth.addr_resolved": "IntelCor_f5:9b:d0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.type": "0x00000800"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000000",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "0"
},
"ip.len": "661",
"ip.id": "0x00002c82",
"ip.flags": "0x00004000",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0",
"ip.frag_offset": "0"
},
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x0000d40a",
"ip.checksum.status": "2",
"ip.src": "192.168.1.9",
"ip.addr": "192.168.1.9",
"ip.src_host": "192.168.1.9",
"ip.host": "192.168.1.9",
"ip.dst": "95.217.22.76",
"ip.addr": "95.217.22.76",
"ip.dst_host": "95.217.22.76",
"ip.host": "95.217.22.76"
},
"tcp": {
"tcp.srcport": "50454",
"tcp.dstport": "443",
"tcp.port": "50454",
"tcp.port": "443",
"tcp.stream": "32",
"tcp.len": "609",
"tcp.seq": "569",
"tcp.nxtseq": "1178",
"tcp.ack": "142",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "·······AP···"
},
"tcp.window_size_value": "501",
"tcp.window_size": "64128",
"tcp.window_size_scalefactor": "128",
"tcp.checksum": "0x0000467a",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:93:68:92:67:33:01:dc:28",
"tcp.options_tree": {
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.timestamp": "08:0a:93:68:92:67:33:01:dc:28",
"tcp.options.timestamp_tree": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "2473103975",
"tcp.options.timestamp.tsecr": "855759912"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.038681978",
"tcp.analysis.bytes_in_flight": "660",
"tcp.analysis.push_bytes_sent": "609"
},
"Timestamps": {
"tcp.time_relative": "0.081362242",
"tcp.time_delta": "0.000291063"
},
"tcp.payload": "17:03:03:02:5c:00:00:00:00:00:00:00:01:87:c7:a1:0c:73:84:e9:38:11:f6:c2:f0:8a:5d:50:49:fe:04:6d:e8:70:ce:50:48:ae:54:89:54:f4:4a:31:e6:d6:ff:5b:e6:20:aa:c2:56:46:20:b7:6b:39:75:f8:16:e7:1b:08:c7:a3:bd:d4:e0:d5:27:0c:d2:5d:19:37:c8:fc:1b:7f:96:61:91:5e:47:ef:bc:53:82:ec:90:1b:6f:d0:09:08:ce:64:3b:22:07:20:66:17:4c:98:b8:2a:37:e7:5c:e4:89:54:d3:2b:9c:e6:6d:f6:63:1d:3f:fc:07:f4:65:f9:40:13:72:1a:d3:58:a3:7e:c3:d9:05:3d:35:a1:d9:94:18:8a:40:b8:67:12:45:0d:00:22:9b:67:34:19:f6:ce:88:75:2d:24:44:ec:54:02:b4:c8:ff:ff:12:80:b9:ec:33:27:ab:0b:96:66:9e:2b:90:e6:3f:de:25:1c:31:89:c4:6d:31:ed:84:db:ce:0d:3c:7d:63:58:44:a2:78:fb:04:2e:cc:1a:89:66:35:44:25:09:b3:45:99:d9:e5:33:cc:b4:0c:ee:90:b8:5d:e0:11:ac:ad:0b:47:66:41:4d:a2:45:f6:6c:b6:9d:a5:63:2d:9a:d7:85:8f:28:c6:0f:8e:1b:0b:c0:2f:c7:9f:d5:33:4f:59:4a:cf:32:9c:f0:16:9c:79:ce:46:b5:3a:8b:bd:03:e0:56:25:17:87:3e:79:cf:46:3a:4c:90:33:29:25:2d:00:89:64:f9:19:0d:4e:df:b1:2e:0c:91:04:17:74:1c:f9:e9:d6:41:4f:7b:ba:62:02:d2:01:63:43:33:27:18:3b:9d:71:7c:39:20:9c:f8:e3:7e:a8:03:3a:e0:30:93:76:a7:50:90:b2:04:67:8a:64:26:ca:ea:35:9b:7c:d4:a3:cd:6d:c1:01:33:a8:77:3c:32:a1:6f:df:14:ef:94:89:23:55:56:17:16:20:d5:d8:ab:d0:b1:45:40:85:45:7d:d1:2a:15:b7:8f:c9:69:c4:c6:8b:cb:b6:64:ab:2a:ad:92:14:ac:8f:6e:5c:00:a7:03:ee:26:fa:b3:75:b0:a8:12:7d:6e:8a:98:32:d1:cf:88:be:8b:1a:75:d2:ca:66:e4:49:d7:67:2d:62:d6:6f:ea:59:a6:45:25:ea:40:44:0c:16:6a:af:10:dd:93:bf:e6:73:ee:e9:5e:53:3c:d8:ba:06:b6:a6:1e:1c:ea:80:b6:c4:1b:c2:ed:13:25:27:be:ea:69:f4:6d:b7:71:31:a8:08:8d:f5:d7:d8:c9:9f:c5:df:62:3f:59:2c:6a:72:8e:71:1d:1d:db:03:52:50:5f:f2:61:76:c6:c3:57:34:4c:90:53:db:30:49:58:9b:a3:4d:6b:b7:0d:25:af:08:83:4f:8d:26:0c:f9:1f:8e:aa:1e:e2:29:a9:37:45:b3:0e:98:55:1c:97:79:6e:89:e7:eb:9d:0f:91:38:b8:3a:53:d2:ef:49:8b:5f:fa:d7:ad:f4:4a:90:c2:27:e2:db:e1:67:6d:f5:1e:a4:90:cc:07:0e:ae:64:ce:b3"
},
"tls": {
"tls.record": {
"tls.record.content_type": "23",
"tls.record.version": "0x00000303",
"tls.record.length": "604",
"tls.app_data": "00:00:00:00:00:00:00:01:87:c7:a1:0c:73:84:e9:38:11:f6:c2:f0:8a:5d:50:49:fe:04:6d:e8:70:ce:50:48:ae:54:89:54:f4:4a:31:e6:d6:ff:5b:e6:20:aa:c2:56:46:20:b7:6b:39:75:f8:16:e7:1b:08:c7:a3:bd:d4:e0:d5:27:0c:d2:5d:19:37:c8:fc:1b:7f:96:61:91:5e:47:ef:bc:53:82:ec:90:1b:6f:d0:09:08:ce:64:3b:22:07:20:66:17:4c:98:b8:2a:37:e7:5c:e4:89:54:d3:2b:9c:e6:6d:f6:63:1d:3f:fc:07:f4:65:f9:40:13:72:1a:d3:58:a3:7e:c3:d9:05:3d:35:a1:d9:94:18:8a:40:b8:67:12:45:0d:00:22:9b:67:34:19:f6:ce:88:75:2d:24:44:ec:54:02:b4:c8:ff:ff:12:80:b9:ec:33:27:ab:0b:96:66:9e:2b:90:e6:3f:de:25:1c:31:89:c4:6d:31:ed:84:db:ce:0d:3c:7d:63:58:44:a2:78:fb:04:2e:cc:1a:89:66:35:44:25:09:b3:45:99:d9:e5:33:cc:b4:0c:ee:90:b8:5d:e0:11:ac:ad:0b:47:66:41:4d:a2:45:f6:6c:b6:9d:a5:63:2d:9a:d7:85:8f:28:c6:0f:8e:1b:0b:c0:2f:c7:9f:d5:33:4f:59:4a:cf:32:9c:f0:16:9c:79:ce:46:b5:3a:8b:bd:03:e0:56:25:17:87:3e:79:cf:46:3a:4c:90:33:29:25:2d:00:89:64:f9:19:0d:4e:df:b1:2e:0c:91:04:17:74:1c:f9:e9:d6:41:4f:7b:ba:62:02:d2:01:63:43:33:27:18:3b:9d:71:7c:39:20:9c:f8:e3:7e:a8:03:3a:e0:30:93:76:a7:50:90:b2:04:67:8a:64:26:ca:ea:35:9b:7c:d4:a3:cd:6d:c1:01:33:a8:77:3c:32:a1:6f:df:14:ef:94:89:23:55:56:17:16:20:d5:d8:ab:d0:b1:45:40:85:45:7d:d1:2a:15:b7:8f:c9:69:c4:c6:8b:cb:b6:64:ab:2a:ad:92:14:ac:8f:6e:5c:00:a7:03:ee:26:fa:b3:75:b0:a8:12:7d:6e:8a:98:32:d1:cf:88:be:8b:1a:75:d2:ca:66:e4:49:d7:67:2d:62:d6:6f:ea:59:a6:45:25:ea:40:44:0c:16:6a:af:10:dd:93:bf:e6:73:ee:e9:5e:53:3c:d8:ba:06:b6:a6:1e:1c:ea:80:b6:c4:1b:c2:ed:13:25:27:be:ea:69:f4:6d:b7:71:31:a8:08:8d:f5:d7:d8:c9:9f:c5:df:62:3f:59:2c:6a:72:8e:71:1d:1d:db:03:52:50:5f:f2:61:76:c6:c3:57:34:4c:90:53:db:30:49:58:9b:a3:4d:6b:b7:0d:25:af:08:83:4f:8d:26:0c:f9:1f:8e:aa:1e:e2:29:a9:37:45:b3:0e:98:55:1c:97:79:6e:89:e7:eb:9d:0f:91:38:b8:3a:53:d2:ef:49:8b:5f:fa:d7:ad:f4:4a:90:c2:27:e2:db:e1:67:6d:f5:1e:a4:90:cc:07:0e:ae:64:ce:b3"
}
},
"http": {
"POST /key HTTP/1.1\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "POST /key HTTP/1.1\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.method": "POST",
"http.request.uri": "/key",
"http.request.version": "HTTP/1.1"
},
"http.host": "95.217.22.76",
"http.request.line": "Host: 95.217.22.76\r\n",
"http.connection": "keep-alive",
"http.request.line": "Connection: keep-alive\r\n",
"http.content_length_header": "16",
"http.content_length_header_tree": {
"http.content_length": "16"
},
"http.request.line": "Content-Length: 16\r\n",
"http.accept": "*/*",
"http.request.line": "Accept: */*\r\n",
"http.request.line": "X-Requested-With: XMLHttpRequest\r\n",
"http.user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36",
"http.request.line": "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36\r\n",
"http.content_type": "application/json",
"http.request.line": "Content-Type: application/json\r\n",
"http.request.line": "Origin: https://95.217.22.76\r\n",
"http.request.line": "Sec-Fetch-Site: same-origin\r\n",
"http.request.line": "Sec-Fetch-Mode: cors\r\n",
"http.request.line": "Sec-Fetch-Dest: empty\r\n",
"http.referer": "https://95.217.22.76/",
"http.request.line": "Referer: https://95.217.22.76/\r\n",
"http.accept_encoding": "gzip, deflate, br",
"http.request.line": "Accept-Encoding: gzip, deflate, br\r\n",
"http.accept_language": "ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7",
"http.request.line": "Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7\r\n",
"http.cookie": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c",
"http.cookie_tree": {
"http.cookie_pair": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c"
},
"http.request.line": "Cookie: session=fe307005-3191-4dfb-b04a-d8ee9b720d1c\r\n",
"\\r\\n": "",
"http.request.full_uri": "https://95.217.22.76/key",
"http.request": "1",
"http.request_number": "1",
"http.response_in": "463",
"http.file_data": "{\"x\":168,\"y\":17}"
},
"json": {
"json.object": {
"json.member": {
"json.value.number": "168",
"json.key": "x"
},
"json.member": {
"json.value.number": "17",
"json.key": "y"
}
}
}
}
}
},
{
"_index": "packets-2020-07-13",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.interface_id_tree": {
"frame.interface_name": "wlp3s0"
},
"frame.encap_type": "1",
"frame.time": "Jul 13, 2020 07:46:14.488077991 PDT",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1594651574.488077991",
"frame.time_delta": "0.000469592",
"frame.time_delta_displayed": "1.190958728",
"frame.time_relative": "34.283822990",
"frame.number": "486",
"frame.len": "676",
"frame.cap_len": "676",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "eth:ethertype:ip:tcp:tls:http:json",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"eth": {
"eth.dst": "50:ff:20:10:b1:f0",
"eth.dst_tree": {
"eth.dst_resolved": "Keenetic_10:b1:f0",
"eth.addr": "50:ff:20:10:b1:f0",
"eth.addr_resolved": "Keenetic_10:b1:f0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.src": "8c:70:5a:f5:9b:d0",
"eth.src_tree": {
"eth.src_resolved": "IntelCor_f5:9b:d0",
"eth.addr": "8c:70:5a:f5:9b:d0",
"eth.addr_resolved": "IntelCor_f5:9b:d0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.type": "0x00000800"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000000",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "0"
},
"ip.len": "662",
"ip.id": "0x0000c965",
"ip.flags": "0x00004000",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0",
"ip.frag_offset": "0"
},
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x00003726",
"ip.checksum.status": "2",
"ip.src": "192.168.1.9",
"ip.addr": "192.168.1.9",
"ip.src_host": "192.168.1.9",
"ip.host": "192.168.1.9",
"ip.dst": "95.217.22.76",
"ip.addr": "95.217.22.76",
"ip.dst_host": "95.217.22.76",
"ip.host": "95.217.22.76"
},
"tcp": {
"tcp.srcport": "50458",
"tcp.dstport": "443",
"tcp.port": "50458",
"tcp.port": "443",
"tcp.stream": "34",
"tcp.len": "610",
"tcp.seq": "569",
"tcp.nxtseq": "1179",
"tcp.ack": "142",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "·······AP···"
},
"tcp.window_size_value": "501",
"tcp.window_size": "64128",
"tcp.window_size_scalefactor": "128",
"tcp.checksum": "0x0000ce17",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:93:68:97:0e:33:01:e0:cf",
"tcp.options_tree": {
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.timestamp": "08:0a:93:68:97:0e:33:01:e0:cf",
"tcp.options.timestamp_tree": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "2473105166",
"tcp.options.timestamp.tsecr": "855761103"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.037672007",
"tcp.analysis.bytes_in_flight": "661",
"tcp.analysis.push_bytes_sent": "610"
},
"Timestamps": {
"tcp.time_relative": "0.079269816",
"tcp.time_delta": "0.000469592"
},
"tcp.payload": "17:03:03:02:5d:00:00:00:00:00:00:00:01:82:b3:ab:ff:54:2c:ff:1c:48:f6:ca:0b:31:21:e9:23:6c:70:49:99:9a:59:40:b8:3e:49:3e:72:fb:e5:35:e4:a6:86:f5:41:44:48:57:6b:c9:8b:1e:b6:e9:00:d8:cd:75:3a:f9:4e:a5:27:d2:4b:1b:75:e7:4e:e4:f2:b3:ab:77:1d:8f:04:c8:65:7a:dc:56:da:ec:6e:8b:20:f0:a0:19:38:8e:a6:52:c3:22:9c:03:96:30:62:06:d7:ee:ec:0a:bf:02:2f:b9:69:7c:f2:62:5c:2c:e7:c0:74:87:27:eb:96:94:1c:b3:d0:1d:a9:15:93:e1:ff:ee:c3:63:2f:3b:10:15:1a:8c:ef:7d:5a:19:07:6e:ec:19:25:06:f4:d4:c3:37:70:a0:da:62:4d:49:69:fe:df:bf:a3:9a:6b:ef:85:49:5e:45:1b:d1:61:ad:d4:f9:27:46:38:3d:a8:8f:c7:b7:d8:7f:60:77:97:8e:35:3e:67:bb:c5:6b:86:08:d4:1f:23:a4:b0:0d:5d:61:10:1a:59:ec:d8:a4:18:6f:f1:60:73:93:20:9d:50:dc:85:49:ea:5e:2a:8d:91:98:1c:1f:ae:ba:a7:a5:46:09:5c:d7:36:da:7e:6e:aa:5d:12:da:d0:2e:cd:3a:fa:58:f1:eb:ed:c6:b6:45:56:c2:18:2c:03:c9:27:55:93:4f:50:83:70:4a:d2:fa:3e:7e:4a:d0:48:d0:ad:d8:00:7f:08:95:45:21:60:0e:b1:2b:d2:a5:1a:21:98:57:f9:2a:5a:e7:59:61:a4:87:4d:7f:a7:52:fb:ee:34:ce:1d:fc:a1:08:c5:99:ba:42:a3:70:4a:89:93:9c:4c:f6:c9:08:74:0f:29:e5:14:ac:d4:e5:82:fe:c0:54:dc:ad:20:f2:d3:d5:e3:3a:4e:81:77:bb:ef:87:34:cc:ef:48:4f:0c:70:0a:87:87:c1:16:58:1e:ec:66:bc:e7:0b:ef:cf:f4:be:61:b3:65:7d:0e:f6:1b:b3:59:5d:fc:02:b6:bf:ba:f4:4f:27:0f:e2:5e:9b:40:81:c4:12:ea:b3:ee:0a:43:d2:f6:4d:ae:f7:13:da:0a:0b:55:02:1f:b3:b9:9d:15:9b:d9:a0:8e:55:58:a5:fd:a5:93:ad:59:4b:43:41:15:54:37:81:3d:1c:1b:bd:19:87:f1:3c:49:c9:ef:f3:80:82:d8:8f:43:24:d6:15:00:4c:7b:21:8e:6a:a6:6c:ce:2f:90:67:17:c7:62:ea:82:b2:ee:83:f5:aa:09:92:8c:76:a1:9e:ec:ee:51:a5:c1:15:92:f7:1a:b9:0e:22:a8:08:8d:79:52:a9:53:a9:ad:df:91:a3:9c:9a:ac:bc:4d:af:f0:1b:3d:58:75:74:c9:99:8a:6b:d2:01:c6:fb:e6:e4:dd:3d:2e:e5:26:0e:38:71:4f:21:09:ff:29:4d:17:38:11:0f:96:da:5a:9d:39:3d:58:ec:bb:f6:af:c3:e3:58:f0:6b:26:cf:89:69:93:da:c9:b2:c8:e6:d8:23:61:b7:f4:fd:99:34:23:5c:fb:2f:07:7f:d7"
},
"tls": {
"tls.record": {
"tls.record.content_type": "23",
"tls.record.version": "0x00000303",
"tls.record.length": "605",
"tls.app_data": "00:00:00:00:00:00:00:01:82:b3:ab:ff:54:2c:ff:1c:48:f6:ca:0b:31:21:e9:23:6c:70:49:99:9a:59:40:b8:3e:49:3e:72:fb:e5:35:e4:a6:86:f5:41:44:48:57:6b:c9:8b:1e:b6:e9:00:d8:cd:75:3a:f9:4e:a5:27:d2:4b:1b:75:e7:4e:e4:f2:b3:ab:77:1d:8f:04:c8:65:7a:dc:56:da:ec:6e:8b:20:f0:a0:19:38:8e:a6:52:c3:22:9c:03:96:30:62:06:d7:ee:ec:0a:bf:02:2f:b9:69:7c:f2:62:5c:2c:e7:c0:74:87:27:eb:96:94:1c:b3:d0:1d:a9:15:93:e1:ff:ee:c3:63:2f:3b:10:15:1a:8c:ef:7d:5a:19:07:6e:ec:19:25:06:f4:d4:c3:37:70:a0:da:62:4d:49:69:fe:df:bf:a3:9a:6b:ef:85:49:5e:45:1b:d1:61:ad:d4:f9:27:46:38:3d:a8:8f:c7:b7:d8:7f:60:77:97:8e:35:3e:67:bb:c5:6b:86:08:d4:1f:23:a4:b0:0d:5d:61:10:1a:59:ec:d8:a4:18:6f:f1:60:73:93:20:9d:50:dc:85:49:ea:5e:2a:8d:91:98:1c:1f:ae:ba:a7:a5:46:09:5c:d7:36:da:7e:6e:aa:5d:12:da:d0:2e:cd:3a:fa:58:f1:eb:ed:c6:b6:45:56:c2:18:2c:03:c9:27:55:93:4f:50:83:70:4a:d2:fa:3e:7e:4a:d0:48:d0:ad:d8:00:7f:08:95:45:21:60:0e:b1:2b:d2:a5:1a:21:98:57:f9:2a:5a:e7:59:61:a4:87:4d:7f:a7:52:fb:ee:34:ce:1d:fc:a1:08:c5:99:ba:42:a3:70:4a:89:93:9c:4c:f6:c9:08:74:0f:29:e5:14:ac:d4:e5:82:fe:c0:54:dc:ad:20:f2:d3:d5:e3:3a:4e:81:77:bb:ef:87:34:cc:ef:48:4f:0c:70:0a:87:87:c1:16:58:1e:ec:66:bc:e7:0b:ef:cf:f4:be:61:b3:65:7d:0e:f6:1b:b3:59:5d:fc:02:b6:bf:ba:f4:4f:27:0f:e2:5e:9b:40:81:c4:12:ea:b3:ee:0a:43:d2:f6:4d:ae:f7:13:da:0a:0b:55:02:1f:b3:b9:9d:15:9b:d9:a0:8e:55:58:a5:fd:a5:93:ad:59:4b:43:41:15:54:37:81:3d:1c:1b:bd:19:87:f1:3c:49:c9:ef:f3:80:82:d8:8f:43:24:d6:15:00:4c:7b:21:8e:6a:a6:6c:ce:2f:90:67:17:c7:62:ea:82:b2:ee:83:f5:aa:09:92:8c:76:a1:9e:ec:ee:51:a5:c1:15:92:f7:1a:b9:0e:22:a8:08:8d:79:52:a9:53:a9:ad:df:91:a3:9c:9a:ac:bc:4d:af:f0:1b:3d:58:75:74:c9:99:8a:6b:d2:01:c6:fb:e6:e4:dd:3d:2e:e5:26:0e:38:71:4f:21:09:ff:29:4d:17:38:11:0f:96:da:5a:9d:39:3d:58:ec:bb:f6:af:c3:e3:58:f0:6b:26:cf:89:69:93:da:c9:b2:c8:e6:d8:23:61:b7:f4:fd:99:34:23:5c:fb:2f:07:7f:d7"
}
},
"http": {
"POST /key HTTP/1.1\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "POST /key HTTP/1.1\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.method": "POST",
"http.request.uri": "/key",
"http.request.version": "HTTP/1.1"
},
"http.host": "95.217.22.76",
"http.request.line": "Host: 95.217.22.76\r\n",
"http.connection": "keep-alive",
"http.request.line": "Connection: keep-alive\r\n",
"http.content_length_header": "17",
"http.content_length_header_tree": {
"http.content_length": "17"
},
"http.request.line": "Content-Length: 17\r\n",
"http.accept": "*/*",
"http.request.line": "Accept: */*\r\n",
"http.request.line": "X-Requested-With: XMLHttpRequest\r\n",
"http.user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36",
"http.request.line": "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36\r\n",
"http.content_type": "application/json",
"http.request.line": "Content-Type: application/json\r\n",
"http.request.line": "Origin: https://95.217.22.76\r\n",
"http.request.line": "Sec-Fetch-Site: same-origin\r\n",
"http.request.line": "Sec-Fetch-Mode: cors\r\n",
"http.request.line": "Sec-Fetch-Dest: empty\r\n",
"http.referer": "https://95.217.22.76/",
"http.request.line": "Referer: https://95.217.22.76/\r\n",
"http.accept_encoding": "gzip, deflate, br",
"http.request.line": "Accept-Encoding: gzip, deflate, br\r\n",
"http.accept_language": "ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7",
"http.request.line": "Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7\r\n",
"http.cookie": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c",
"http.cookie_tree": {
"http.cookie_pair": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c"
},
"http.request.line": "Cookie: session=fe307005-3191-4dfb-b04a-d8ee9b720d1c\r\n",
"\\r\\n": "",
"http.request.full_uri": "https://95.217.22.76/key",
"http.request": "1",
"http.request_number": "1",
"http.response_in": "491",
"http.file_data": "{\"x\":248,\"y\":179}"
},
"json": {
"json.object": {
"json.member": {
"json.value.number": "248",
"json.key": "x"
},
"json.member": {
"json.value.number": "179",
"json.key": "y"
}
}
}
}
}
},
{
"_index": "packets-2020-07-13",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.interface_id_tree": {
"frame.interface_name": "wlp3s0"
},
"frame.encap_type": "1",
"frame.time": "Jul 13, 2020 07:46:18.474520913 PDT",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1594651578.474520913",
"frame.time_delta": "0.000217535",
"frame.time_delta_displayed": "3.986442922",
"frame.time_relative": "38.270265912",
"frame.number": "514",
"frame.len": "676",
"frame.cap_len": "676",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "eth:ethertype:ip:tcp:tls:http:json",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"eth": {
"eth.dst": "50:ff:20:10:b1:f0",
"eth.dst_tree": {
"eth.dst_resolved": "Keenetic_10:b1:f0",
"eth.addr": "50:ff:20:10:b1:f0",
"eth.addr_resolved": "Keenetic_10:b1:f0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.src": "8c:70:5a:f5:9b:d0",
"eth.src_tree": {
"eth.src_resolved": "IntelCor_f5:9b:d0",
"eth.addr": "8c:70:5a:f5:9b:d0",
"eth.addr_resolved": "IntelCor_f5:9b:d0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.type": "0x00000800"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000000",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "0"
},
"ip.len": "662",
"ip.id": "0x0000fc68",
"ip.flags": "0x00004000",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0",
"ip.frag_offset": "0"
},
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x00000423",
"ip.checksum.status": "2",
"ip.src": "192.168.1.9",
"ip.addr": "192.168.1.9",
"ip.src_host": "192.168.1.9",
"ip.host": "192.168.1.9",
"ip.dst": "95.217.22.76",
"ip.addr": "95.217.22.76",
"ip.dst_host": "95.217.22.76",
"ip.host": "95.217.22.76"
},
"tcp": {
"tcp.srcport": "50462",
"tcp.dstport": "443",
"tcp.port": "50462",
"tcp.port": "443",
"tcp.stream": "36",
"tcp.len": "610",
"tcp.seq": "569",
"tcp.nxtseq": "1179",
"tcp.ack": "142",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "·······AP···"
},
"tcp.window_size_value": "501",
"tcp.window_size": "64128",
"tcp.window_size_scalefactor": "128",
"tcp.checksum": "0x00001a17",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:93:68:a6:a1:33:01:f0:5e",
"tcp.options_tree": {
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.timestamp": "08:0a:93:68:a6:a1:33:01:f0:5e",
"tcp.options.timestamp_tree": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "2473109153",
"tcp.options.timestamp.tsecr": "855765086"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.037333455",
"tcp.analysis.bytes_in_flight": "661",
"tcp.analysis.push_bytes_sent": "610"
},
"Timestamps": {
"tcp.time_relative": "0.082380699",
"tcp.time_delta": "0.000217535"
},
"tcp.payload": "17:03:03:02:5d:00:00:00:00:00:00:00:01:6a:b2:29:ca:23:b7:84:1a:e2:72:f5:08:f1:d6:44:c3:e6:45:fa:44:f1:fa:fc:a0:76:45:bd:43:b8:74:ea:a8:ea:a4:27:09:76:3d:77:40:4e:ad:56:fb:e3:61:7c:c4:35:96:d3:d9:66:46:97:78:51:6b:50:6a:2c:91:ea:a6:48:c0:12:5b:e1:0c:40:1d:9d:6c:dc:b8:08:17:96:74:31:04:67:e4:72:5c:6e:fd:ff:f6:e1:07:3a:49:4c:a2:6a:bf:87:3e:64:02:c4:3e:c0:41:9f:74:06:94:a8:32:dd:2e:6f:6d:2d:9c:e8:52:d5:e8:b0:2a:ce:f1:39:9f:dd:e4:bc:40:1a:12:dd:06:03:cb:17:66:b7:be:6a:a9:5f:c5:02:3c:76:de:5e:08:37:2b:b4:47:e0:34:bc:bf:c5:7d:5a:f8:a5:0d:1e:78:52:c2:e1:dc:fc:f4:90:11:99:93:36:cc:05:a8:7f:b8:bb:4f:bb:c7:03:4b:cd:ef:37:27:7d:07:25:3f:e3:47:fc:98:95:ff:69:7a:93:6b:5b:32:b9:31:6a:27:b2:81:0c:1f:e8:0a:69:97:83:72:8a:94:8a:1b:d4:5e:04:46:e5:7b:da:1f:01:f7:c9:89:f8:a1:d0:f4:f5:dc:52:a9:c6:a7:ef:d3:d7:a5:f3:28:7f:bb:83:73:6f:7e:77:e9:98:16:e3:c7:26:29:54:15:28:67:58:2e:fe:ba:6d:ff:e6:d8:20:b1:03:85:e2:51:fa:8a:1e:d5:b8:7f:8c:d2:17:66:e5:1e:19:0a:b2:be:4b:90:6a:39:ed:c7:2c:f6:1d:7f:24:30:18:62:d3:a0:7a:0a:b7:39:77:4e:e4:87:7e:d2:e8:74:93:db:da:94:f7:9d:62:76:3c:c9:7c:fa:0c:c7:25:7f:35:5b:08:80:39:08:99:3f:c6:d8:61:7d:b5:a7:8a:49:f6:06:61:ca:67:4a:4c:14:ae:cd:82:61:7a:96:9f:69:3b:d6:73:79:58:c1:e1:4d:28:25:a3:80:3f:78:91:d3:05:fc:26:a7:d1:83:40:9a:cc:b8:d4:29:98:57:4c:10:bc:8c:df:f9:13:29:dd:35:74:91:62:3f:2f:7e:13:4b:42:51:b3:ff:42:cd:ce:cb:5e:4e:1f:96:b8:b6:3f:82:ef:f5:8c:0b:51:3a:94:f4:ad:ba:30:3a:7a:e0:4b:d4:be:d5:8c:91:c9:a3:13:61:03:6c:5a:fb:d1:cd:65:a7:76:af:ca:9a:1d:b9:c0:93:01:b9:ea:3b:33:57:af:71:0a:ea:01:40:b7:b3:06:f2:e6:1e:e0:cc:8e:48:b4:e1:1d:42:bd:4e:2c:a6:d7:a9:0d:36:02:85:4b:cf:76:9a:ac:c0:87:f4:10:64:0e:5c:4d:a8:dd:63:aa:bc:2c:56:3d:d1:e4:b9:77:ff:25:71:3f:65:4a:d3:30:73:a8:04:58:39:73:88:69:dc:81:74:eb:09:12:a2:32:00:3a:dc:6f:5a:67:e3:1c:02:bc:85:33:bc:dc:9c:c7:21:4a:ea:58:ba:ca:37:fc:5c:6d:d9:e8"
},
"tls": {
"tls.record": {
"tls.record.content_type": "23",
"tls.record.version": "0x00000303",
"tls.record.length": "605",
"tls.app_data": "00:00:00:00:00:00:00:01:6a:b2:29:ca:23:b7:84:1a:e2:72:f5:08:f1:d6:44:c3:e6:45:fa:44:f1:fa:fc:a0:76:45:bd:43:b8:74:ea:a8:ea:a4:27:09:76:3d:77:40:4e:ad:56:fb:e3:61:7c:c4:35:96:d3:d9:66:46:97:78:51:6b:50:6a:2c:91:ea:a6:48:c0:12:5b:e1:0c:40:1d:9d:6c:dc:b8:08:17:96:74:31:04:67:e4:72:5c:6e:fd:ff:f6:e1:07:3a:49:4c:a2:6a:bf:87:3e:64:02:c4:3e:c0:41:9f:74:06:94:a8:32:dd:2e:6f:6d:2d:9c:e8:52:d5:e8:b0:2a:ce:f1:39:9f:dd:e4:bc:40:1a:12:dd:06:03:cb:17:66:b7:be:6a:a9:5f:c5:02:3c:76:de:5e:08:37:2b:b4:47:e0:34:bc:bf:c5:7d:5a:f8:a5:0d:1e:78:52:c2:e1:dc:fc:f4:90:11:99:93:36:cc:05:a8:7f:b8:bb:4f:bb:c7:03:4b:cd:ef:37:27:7d:07:25:3f:e3:47:fc:98:95:ff:69:7a:93:6b:5b:32:b9:31:6a:27:b2:81:0c:1f:e8:0a:69:97:83:72:8a:94:8a:1b:d4:5e:04:46:e5:7b:da:1f:01:f7:c9:89:f8:a1:d0:f4:f5:dc:52:a9:c6:a7:ef:d3:d7:a5:f3:28:7f:bb:83:73:6f:7e:77:e9:98:16:e3:c7:26:29:54:15:28:67:58:2e:fe:ba:6d:ff:e6:d8:20:b1:03:85:e2:51:fa:8a:1e:d5:b8:7f:8c:d2:17:66:e5:1e:19:0a:b2:be:4b:90:6a:39:ed:c7:2c:f6:1d:7f:24:30:18:62:d3:a0:7a:0a:b7:39:77:4e:e4:87:7e:d2:e8:74:93:db:da:94:f7:9d:62:76:3c:c9:7c:fa:0c:c7:25:7f:35:5b:08:80:39:08:99:3f:c6:d8:61:7d:b5:a7:8a:49:f6:06:61:ca:67:4a:4c:14:ae:cd:82:61:7a:96:9f:69:3b:d6:73:79:58:c1:e1:4d:28:25:a3:80:3f:78:91:d3:05:fc:26:a7:d1:83:40:9a:cc:b8:d4:29:98:57:4c:10:bc:8c:df:f9:13:29:dd:35:74:91:62:3f:2f:7e:13:4b:42:51:b3:ff:42:cd:ce:cb:5e:4e:1f:96:b8:b6:3f:82:ef:f5:8c:0b:51:3a:94:f4:ad:ba:30:3a:7a:e0:4b:d4:be:d5:8c:91:c9:a3:13:61:03:6c:5a:fb:d1:cd:65:a7:76:af:ca:9a:1d:b9:c0:93:01:b9:ea:3b:33:57:af:71:0a:ea:01:40:b7:b3:06:f2:e6:1e:e0:cc:8e:48:b4:e1:1d:42:bd:4e:2c:a6:d7:a9:0d:36:02:85:4b:cf:76:9a:ac:c0:87:f4:10:64:0e:5c:4d:a8:dd:63:aa:bc:2c:56:3d:d1:e4:b9:77:ff:25:71:3f:65:4a:d3:30:73:a8:04:58:39:73:88:69:dc:81:74:eb:09:12:a2:32:00:3a:dc:6f:5a:67:e3:1c:02:bc:85:33:bc:dc:9c:c7:21:4a:ea:58:ba:ca:37:fc:5c:6d:d9:e8"
}
},
"http": {
"POST /key HTTP/1.1\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "POST /key HTTP/1.1\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.method": "POST",
"http.request.uri": "/key",
"http.request.version": "HTTP/1.1"
},
"http.host": "95.217.22.76",
"http.request.line": "Host: 95.217.22.76\r\n",
"http.connection": "keep-alive",
"http.request.line": "Connection: keep-alive\r\n",
"http.content_length_header": "17",
"http.content_length_header_tree": {
"http.content_length": "17"
},
"http.request.line": "Content-Length: 17\r\n",
"http.accept": "*/*",
"http.request.line": "Accept: */*\r\n",
"http.request.line": "X-Requested-With: XMLHttpRequest\r\n",
"http.user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36",
"http.request.line": "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36\r\n",
"http.content_type": "application/json",
"http.request.line": "Content-Type: application/json\r\n",
"http.request.line": "Origin: https://95.217.22.76\r\n",
"http.request.line": "Sec-Fetch-Site: same-origin\r\n",
"http.request.line": "Sec-Fetch-Mode: cors\r\n",
"http.request.line": "Sec-Fetch-Dest: empty\r\n",
"http.referer": "https://95.217.22.76/",
"http.request.line": "Referer: https://95.217.22.76/\r\n",
"http.accept_encoding": "gzip, deflate, br",
"http.request.line": "Accept-Encoding: gzip, deflate, br\r\n",
"http.accept_language": "ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7",
"http.request.line": "Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7\r\n",
"http.cookie": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c",
"http.cookie_tree": {
"http.cookie_pair": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c"
},
"http.request.line": "Cookie: session=fe307005-3191-4dfb-b04a-d8ee9b720d1c\r\n",
"\\r\\n": "",
"http.request.full_uri": "https://95.217.22.76/key",
"http.request": "1",
"http.request_number": "1",
"http.response_in": "519",
"http.file_data": "{\"x\":206,\"y\":149}"
},
"json": {
"json.object": {
"json.member": {
"json.value.number": "206",
"json.key": "x"
},
"json.member": {
"json.value.number": "149",
"json.key": "y"
}
}
}
}
}
},
{
"_index": "packets-2020-07-13",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.interface_id_tree": {
"frame.interface_name": "wlp3s0"
},
"frame.encap_type": "1",
"frame.time": "Jul 13, 2020 07:46:20.683148621 PDT",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1594651580.683148621",
"frame.time_delta": "0.000522971",
"frame.time_delta_displayed": "2.208627708",
"frame.time_relative": "40.478893620",
"frame.number": "542",
"frame.len": "675",
"frame.cap_len": "675",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "eth:ethertype:ip:tcp:tls:http:json",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"eth": {
"eth.dst": "50:ff:20:10:b1:f0",
"eth.dst_tree": {
"eth.dst_resolved": "Keenetic_10:b1:f0",
"eth.addr": "50:ff:20:10:b1:f0",
"eth.addr_resolved": "Keenetic_10:b1:f0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.src": "8c:70:5a:f5:9b:d0",
"eth.src_tree": {
"eth.src_resolved": "IntelCor_f5:9b:d0",
"eth.addr": "8c:70:5a:f5:9b:d0",
"eth.addr_resolved": "IntelCor_f5:9b:d0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.type": "0x00000800"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000000",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "0"
},
"ip.len": "661",
"ip.id": "0x0000a49b",
"ip.flags": "0x00004000",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0",
"ip.frag_offset": "0"
},
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x00005bf1",
"ip.checksum.status": "2",
"ip.src": "192.168.1.9",
"ip.addr": "192.168.1.9",
"ip.src_host": "192.168.1.9",
"ip.host": "192.168.1.9",
"ip.dst": "95.217.22.76",
"ip.addr": "95.217.22.76",
"ip.dst_host": "95.217.22.76",
"ip.host": "95.217.22.76"
},
"tcp": {
"tcp.srcport": "50466",
"tcp.dstport": "443",
"tcp.port": "50466",
"tcp.port": "443",
"tcp.stream": "38",
"tcp.len": "609",
"tcp.seq": "569",
"tcp.nxtseq": "1178",
"tcp.ack": "142",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "·······AP···"
},
"tcp.window_size_value": "501",
"tcp.window_size": "64128",
"tcp.window_size_scalefactor": "128",
"tcp.checksum": "0x0000e064",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:93:68:af:41:33:01:f9:02",
"tcp.options_tree": {
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.timestamp": "08:0a:93:68:af:41:33:01:f9:02",
"tcp.options.timestamp_tree": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "2473111361",
"tcp.options.timestamp.tsecr": "855767298"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.037465140",
"tcp.analysis.bytes_in_flight": "660",
"tcp.analysis.push_bytes_sent": "609"
},
"Timestamps": {
"tcp.time_relative": "0.078768301",
"tcp.time_delta": "0.000522971"
},
"tcp.payload": "17:03:03:02:5c:00:00:00:00:00:00:00:01:53:08:48:32:36:b5:9a:70:32:1b:e7:3f:4e:33:25:e2:f9:19:8f:88:5d:80:1b:d5:84:f0:28:29:dc:43:08:13:36:29:1d:05:97:bd:58:29:52:30:02:a1:66:f0:08:1b:d0:55:98:0b:8d:40:40:31:7a:d0:81:9a:c9:d8:37:76:36:51:d8:9e:13:fa:b5:68:20:97:3a:a3:cf:75:d0:45:c7:c7:b5:07:16:43:04:c6:b6:b3:e1:20:92:ec:93:11:23:15:bf:5f:f2:93:87:ce:f8:5b:c0:56:cb:d6:71:6e:8c:23:22:1e:25:34:46:0e:7d:27:e5:ee:5a:91:b8:a7:c2:1d:67:ee:67:e5:6a:a0:8a:74:d1:fd:16:9c:47:d4:04:60:6f:59:9c:16:60:67:bc:04:24:70:ab:02:1d:54:3b:8b:2b:0b:7b:6c:1b:07:be:29:82:a9:fd:17:ef:b1:87:78:8b:22:df:81:80:45:c0:fa:47:41:89:80:44:76:47:76:58:74:a9:c6:6c:5c:30:93:9d:3d:71:9f:39:46:07:3f:44:2f:58:8f:58:1f:90:06:39:3f:0a:c8:c9:64:5c:1e:94:ad:da:6d:35:d7:f3:1b:49:22:87:a9:a4:0d:d2:60:3c:06:e5:58:1a:6c:db:bc:bb:0d:11:84:b6:cc:e1:e7:29:04:65:a1:ae:47:8d:e4:fa:b2:36:2d:1d:f6:9f:c5:a7:4b:72:b4:20:9b:33:ea:d4:7e:af:ab:da:ba:a5:a9:c6:f0:a4:2f:57:56:44:f1:22:f2:1d:5c:9f:c7:17:64:5c:dd:19:2d:d3:47:15:08:72:43:00:62:bf:b2:eb:52:b7:7c:89:89:0d:2c:90:3f:c6:72:c8:93:ab:e3:ff:a5:87:37:9e:a3:03:0c:c7:09:18:ef:cc:16:cd:e7:b1:3f:11:ef:e4:77:af:84:6f:6d:1c:fc:c3:2e:00:82:78:28:9b:1b:b1:14:f5:a0:01:57:f0:f7:b1:85:6c:ff:9a:ba:73:08:79:35:e7:f3:60:99:41:40:7a:fd:be:29:3b:44:14:ff:58:3d:34:0c:a7:08:cc:4d:78:ba:dd:70:3b:c5:14:08:f4:d0:58:88:20:73:64:6d:d0:ae:ea:9d:df:f9:6d:48:bc:d5:b4:b3:a6:29:7e:e3:ef:e7:1d:d0:6d:99:c5:9b:b8:de:9f:50:ca:e5:f1:5d:58:36:43:a1:94:aa:97:7e:a9:0c:cc:b7:e5:20:6f:93:00:c7:72:60:dc:ac:19:f2:ae:bd:9c:86:e4:f7:8c:ba:c8:f3:40:63:5a:77:52:9c:7c:86:2c:c4:94:39:a3:4c:c3:60:88:0d:ff:f8:71:1a:a7:e7:1d:5f:c4:ff:51:4e:75:68:be:a8:68:30:08:f0:4a:3b:e1:72:33:ad:fb:ee:f5:d8:30:e7:9a:f8:49:7d:b2:ca:ab:f2:9f:7d:18:96:92:2c:7f:44:40:c7:3b:db:07:11:2d:70:78:51:00:fa:57:86:31:64:3f:37:ff:11:40:3b:5d:39:e3:83:a6:32:96:8c:94:23:fe:6e:46:9f"
},
"tls": {
"tls.record": {
"tls.record.content_type": "23",
"tls.record.version": "0x00000303",
"tls.record.length": "604",
"tls.app_data": "00:00:00:00:00:00:00:01:53:08:48:32:36:b5:9a:70:32:1b:e7:3f:4e:33:25:e2:f9:19:8f:88:5d:80:1b:d5:84:f0:28:29:dc:43:08:13:36:29:1d:05:97:bd:58:29:52:30:02:a1:66:f0:08:1b:d0:55:98:0b:8d:40:40:31:7a:d0:81:9a:c9:d8:37:76:36:51:d8:9e:13:fa:b5:68:20:97:3a:a3:cf:75:d0:45:c7:c7:b5:07:16:43:04:c6:b6:b3:e1:20:92:ec:93:11:23:15:bf:5f:f2:93:87:ce:f8:5b:c0:56:cb:d6:71:6e:8c:23:22:1e:25:34:46:0e:7d:27:e5:ee:5a:91:b8:a7:c2:1d:67:ee:67:e5:6a:a0:8a:74:d1:fd:16:9c:47:d4:04:60:6f:59:9c:16:60:67:bc:04:24:70:ab:02:1d:54:3b:8b:2b:0b:7b:6c:1b:07:be:29:82:a9:fd:17:ef:b1:87:78:8b:22:df:81:80:45:c0:fa:47:41:89:80:44:76:47:76:58:74:a9:c6:6c:5c:30:93:9d:3d:71:9f:39:46:07:3f:44:2f:58:8f:58:1f:90:06:39:3f:0a:c8:c9:64:5c:1e:94:ad:da:6d:35:d7:f3:1b:49:22:87:a9:a4:0d:d2:60:3c:06:e5:58:1a:6c:db:bc:bb:0d:11:84:b6:cc:e1:e7:29:04:65:a1:ae:47:8d:e4:fa:b2:36:2d:1d:f6:9f:c5:a7:4b:72:b4:20:9b:33:ea:d4:7e:af:ab:da:ba:a5:a9:c6:f0:a4:2f:57:56:44:f1:22:f2:1d:5c:9f:c7:17:64:5c:dd:19:2d:d3:47:15:08:72:43:00:62:bf:b2:eb:52:b7:7c:89:89:0d:2c:90:3f:c6:72:c8:93:ab:e3:ff:a5:87:37:9e:a3:03:0c:c7:09:18:ef:cc:16:cd:e7:b1:3f:11:ef:e4:77:af:84:6f:6d:1c:fc:c3:2e:00:82:78:28:9b:1b:b1:14:f5:a0:01:57:f0:f7:b1:85:6c:ff:9a:ba:73:08:79:35:e7:f3:60:99:41:40:7a:fd:be:29:3b:44:14:ff:58:3d:34:0c:a7:08:cc:4d:78:ba:dd:70:3b:c5:14:08:f4:d0:58:88:20:73:64:6d:d0:ae:ea:9d:df:f9:6d:48:bc:d5:b4:b3:a6:29:7e:e3:ef:e7:1d:d0:6d:99:c5:9b:b8:de:9f:50:ca:e5:f1:5d:58:36:43:a1:94:aa:97:7e:a9:0c:cc:b7:e5:20:6f:93:00:c7:72:60:dc:ac:19:f2:ae:bd:9c:86:e4:f7:8c:ba:c8:f3:40:63:5a:77:52:9c:7c:86:2c:c4:94:39:a3:4c:c3:60:88:0d:ff:f8:71:1a:a7:e7:1d:5f:c4:ff:51:4e:75:68:be:a8:68:30:08:f0:4a:3b:e1:72:33:ad:fb:ee:f5:d8:30:e7:9a:f8:49:7d:b2:ca:ab:f2:9f:7d:18:96:92:2c:7f:44:40:c7:3b:db:07:11:2d:70:78:51:00:fa:57:86:31:64:3f:37:ff:11:40:3b:5d:39:e3:83:a6:32:96:8c:94:23:fe:6e:46:9f"
}
},
"http": {
"POST /key HTTP/1.1\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "POST /key HTTP/1.1\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.method": "POST",
"http.request.uri": "/key",
"http.request.version": "HTTP/1.1"
},
"http.host": "95.217.22.76",
"http.request.line": "Host: 95.217.22.76\r\n",
"http.connection": "keep-alive",
"http.request.line": "Connection: keep-alive\r\n",
"http.content_length_header": "16",
"http.content_length_header_tree": {
"http.content_length": "16"
},
"http.request.line": "Content-Length: 16\r\n",
"http.accept": "*/*",
"http.request.line": "Accept: */*\r\n",
"http.request.line": "X-Requested-With: XMLHttpRequest\r\n",
"http.user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36",
"http.request.line": "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36\r\n",
"http.content_type": "application/json",
"http.request.line": "Content-Type: application/json\r\n",
"http.request.line": "Origin: https://95.217.22.76\r\n",
"http.request.line": "Sec-Fetch-Site: same-origin\r\n",
"http.request.line": "Sec-Fetch-Mode: cors\r\n",
"http.request.line": "Sec-Fetch-Dest: empty\r\n",
"http.referer": "https://95.217.22.76/",
"http.request.line": "Referer: https://95.217.22.76/\r\n",
"http.accept_encoding": "gzip, deflate, br",
"http.request.line": "Accept-Encoding: gzip, deflate, br\r\n",
"http.accept_language": "ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7",
"http.request.line": "Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7\r\n",
"http.cookie": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c",
"http.cookie_tree": {
"http.cookie_pair": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c"
},
"http.request.line": "Cookie: session=fe307005-3191-4dfb-b04a-d8ee9b720d1c\r\n",
"\\r\\n": "",
"http.request.full_uri": "https://95.217.22.76/key",
"http.request": "1",
"http.request_number": "1",
"http.response_in": "547",
"http.file_data": "{\"x\":324,\"y\":13}"
},
"json": {
"json.object": {
"json.member": {
"json.value.number": "324",
"json.key": "x"
},
"json.member": {
"json.value.number": "13",
"json.key": "y"
}
}
}
}
}
},
{
"_index": "packets-2020-07-13",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.interface_id_tree": {
"frame.interface_name": "wlp3s0"
},
"frame.encap_type": "1",
"frame.time": "Jul 13, 2020 07:46:22.256875304 PDT",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1594651582.256875304",
"frame.time_delta": "0.000409803",
"frame.time_delta_displayed": "1.573726683",
"frame.time_relative": "42.052620303",
"frame.number": "571",
"frame.len": "676",
"frame.cap_len": "676",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "eth:ethertype:ip:tcp:tls:http:json",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"eth": {
"eth.dst": "50:ff:20:10:b1:f0",
"eth.dst_tree": {
"eth.dst_resolved": "Keenetic_10:b1:f0",
"eth.addr": "50:ff:20:10:b1:f0",
"eth.addr_resolved": "Keenetic_10:b1:f0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.src": "8c:70:5a:f5:9b:d0",
"eth.src_tree": {
"eth.src_resolved": "IntelCor_f5:9b:d0",
"eth.addr": "8c:70:5a:f5:9b:d0",
"eth.addr_resolved": "IntelCor_f5:9b:d0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.type": "0x00000800"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000000",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "0"
},
"ip.len": "662",
"ip.id": "0x0000d2f2",
"ip.flags": "0x00004000",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0",
"ip.frag_offset": "0"
},
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x00002d99",
"ip.checksum.status": "2",
"ip.src": "192.168.1.9",
"ip.addr": "192.168.1.9",
"ip.src_host": "192.168.1.9",
"ip.host": "192.168.1.9",
"ip.dst": "95.217.22.76",
"ip.addr": "95.217.22.76",
"ip.dst_host": "95.217.22.76",
"ip.host": "95.217.22.76"
},
"tcp": {
"tcp.srcport": "50470",
"tcp.dstport": "443",
"tcp.port": "50470",
"tcp.port": "443",
"tcp.stream": "40",
"tcp.len": "610",
"tcp.seq": "569",
"tcp.nxtseq": "1179",
"tcp.ack": "142",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "·······AP···"
},
"tcp.window_size_value": "501",
"tcp.window_size": "64128",
"tcp.window_size_scalefactor": "128",
"tcp.checksum": "0x0000a34c",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:93:68:b5:67:33:01:ff:2a",
"tcp.options_tree": {
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.timestamp": "08:0a:93:68:b5:67:33:01:ff:2a",
"tcp.options.timestamp_tree": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "2473112935",
"tcp.options.timestamp.tsecr": "855768874"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.042923853",
"tcp.analysis.bytes_in_flight": "661",
"tcp.analysis.push_bytes_sent": "610"
},
"Timestamps": {
"tcp.time_relative": "0.082658466",
"tcp.time_delta": "0.000409803"
},
"tcp.payload": "17:03:03:02:5d:00:00:00:00:00:00:00:01:f0:af:39:4f:66:95:38:7e:fb:2c:6b:cb:43:c1:e9:70:a8:5e:6b:f9:c2:a7:d9:b8:81:e0:80:1b:94:d5:6d:39:bb:25:21:d0:f7:6b:ca:f7:41:40:83:d3:8b:ef:50:8a:5b:74:a1:09:6c:10:c2:76:b5:2a:e9:8a:64:a3:47:a4:25:5c:5b:7e:ab:94:37:0f:d3:34:09:31:24:c9:92:7f:fa:f1:cc:78:12:51:3e:cb:d4:60:11:6c:1e:36:ce:93:33:27:fe:c4:5c:9a:ba:41:2a:0f:15:45:5a:db:f7:23:48:d7:fc:5e:b9:9b:c9:c0:5e:96:9f:bb:cc:c6:85:36:83:21:31:0e:4a:f5:fe:c2:18:c3:0f:7b:68:2e:78:3e:26:88:68:da:c0:b8:18:05:6d:1f:c1:6f:67:f5:57:64:b1:00:95:7c:a5:28:9a:89:a3:9d:71:24:10:cd:38:34:02:24:70:29:e9:04:4d:10:d5:3b:f1:b6:83:18:5a:e0:8c:c5:84:ec:b7:48:5b:ca:2c:37:b9:07:79:59:76:2d:9e:4d:8c:bf:66:ab:27:7b:7c:e8:6d:fd:88:b1:e4:ee:d1:f9:c8:a1:8b:29:87:37:cc:79:a6:ea:a8:43:38:3d:53:e1:16:a7:0d:c1:dc:6c:a9:a4:da:91:5a:bb:48:79:e9:81:c0:71:6c:30:58:87:4d:78:e9:32:30:e1:7e:1a:3f:dc:8e:d5:1b:0a:ce:10:79:ec:cb:38:df:9b:3e:58:73:4d:27:ea:e3:54:91:74:3e:92:0d:85:42:96:dd:24:30:24:9e:37:cf:74:ea:bd:a3:a6:c0:f8:26:5a:c0:8e:fc:4b:76:2c:6d:67:33:35:9b:ed:89:5e:84:3a:65:8c:3b:e3:47:16:74:6c:66:62:47:49:fe:0c:5c:f2:ba:a7:8b:09:6d:31:40:40:3a:1e:b5:af:00:54:a1:7d:fa:e1:5e:82:74:07:b1:b7:d8:2b:bb:f2:7e:14:35:21:89:4a:43:1b:56:1e:ff:aa:a2:6e:1f:a4:cf:ae:56:96:67:31:64:30:c1:bf:37:e6:41:f7:02:ca:c6:48:9b:25:bf:67:18:57:fe:78:f5:26:d4:1a:e3:18:93:3a:08:0c:8e:5a:ec:74:7e:40:66:02:b9:34:94:dc:2b:57:5e:11:d0:20:58:22:4f:9a:bc:8b:3a:ad:dd:74:7e:24:74:ba:5a:32:a9:33:28:c0:74:5f:7a:e1:bc:8b:be:f3:8f:60:5d:fc:42:c7:d7:0a:4f:47:ff:b8:d7:bb:f4:3d:cb:49:1f:17:58:89:b9:11:25:fd:4a:a0:19:e7:87:fb:fd:60:1f:03:af:1c:bd:30:7c:61:72:2d:c9:8f:3d:35:0e:db:c5:cf:02:64:71:d6:9f:b9:ea:e6:20:de:c5:e0:02:e3:62:08:eb:ad:9b:b7:f0:a2:07:df:24:4e:bd:13:16:5e:a4:84:12:7d:f0:31:3d:2d:2e:f7:7a:f1:91:32:0d:43:8e:91:3d:37:d1:76:46:58:40:dd:4a:ff:3a:4e:e2:b0:4a:06:14:96:8e:b8:af"
},
"tls": {
"tls.record": {
"tls.record.content_type": "23",
"tls.record.version": "0x00000303",
"tls.record.length": "605",
"tls.app_data": "00:00:00:00:00:00:00:01:f0:af:39:4f:66:95:38:7e:fb:2c:6b:cb:43:c1:e9:70:a8:5e:6b:f9:c2:a7:d9:b8:81:e0:80:1b:94:d5:6d:39:bb:25:21:d0:f7:6b:ca:f7:41:40:83:d3:8b:ef:50:8a:5b:74:a1:09:6c:10:c2:76:b5:2a:e9:8a:64:a3:47:a4:25:5c:5b:7e:ab:94:37:0f:d3:34:09:31:24:c9:92:7f:fa:f1:cc:78:12:51:3e:cb:d4:60:11:6c:1e:36:ce:93:33:27:fe:c4:5c:9a:ba:41:2a:0f:15:45:5a:db:f7:23:48:d7:fc:5e:b9:9b:c9:c0:5e:96:9f:bb:cc:c6:85:36:83:21:31:0e:4a:f5:fe:c2:18:c3:0f:7b:68:2e:78:3e:26:88:68:da:c0:b8:18:05:6d:1f:c1:6f:67:f5:57:64:b1:00:95:7c:a5:28:9a:89:a3:9d:71:24:10:cd:38:34:02:24:70:29:e9:04:4d:10:d5:3b:f1:b6:83:18:5a:e0:8c:c5:84:ec:b7:48:5b:ca:2c:37:b9:07:79:59:76:2d:9e:4d:8c:bf:66:ab:27:7b:7c:e8:6d:fd:88:b1:e4:ee:d1:f9:c8:a1:8b:29:87:37:cc:79:a6:ea:a8:43:38:3d:53:e1:16:a7:0d:c1:dc:6c:a9:a4:da:91:5a:bb:48:79:e9:81:c0:71:6c:30:58:87:4d:78:e9:32:30:e1:7e:1a:3f:dc:8e:d5:1b:0a:ce:10:79:ec:cb:38:df:9b:3e:58:73:4d:27:ea:e3:54:91:74:3e:92:0d:85:42:96:dd:24:30:24:9e:37:cf:74:ea:bd:a3:a6:c0:f8:26:5a:c0:8e:fc:4b:76:2c:6d:67:33:35:9b:ed:89:5e:84:3a:65:8c:3b:e3:47:16:74:6c:66:62:47:49:fe:0c:5c:f2:ba:a7:8b:09:6d:31:40:40:3a:1e:b5:af:00:54:a1:7d:fa:e1:5e:82:74:07:b1:b7:d8:2b:bb:f2:7e:14:35:21:89:4a:43:1b:56:1e:ff:aa:a2:6e:1f:a4:cf:ae:56:96:67:31:64:30:c1:bf:37:e6:41:f7:02:ca:c6:48:9b:25:bf:67:18:57:fe:78:f5:26:d4:1a:e3:18:93:3a:08:0c:8e:5a:ec:74:7e:40:66:02:b9:34:94:dc:2b:57:5e:11:d0:20:58:22:4f:9a:bc:8b:3a:ad:dd:74:7e:24:74:ba:5a:32:a9:33:28:c0:74:5f:7a:e1:bc:8b:be:f3:8f:60:5d:fc:42:c7:d7:0a:4f:47:ff:b8:d7:bb:f4:3d:cb:49:1f:17:58:89:b9:11:25:fd:4a:a0:19:e7:87:fb:fd:60:1f:03:af:1c:bd:30:7c:61:72:2d:c9:8f:3d:35:0e:db:c5:cf:02:64:71:d6:9f:b9:ea:e6:20:de:c5:e0:02:e3:62:08:eb:ad:9b:b7:f0:a2:07:df:24:4e:bd:13:16:5e:a4:84:12:7d:f0:31:3d:2d:2e:f7:7a:f1:91:32:0d:43:8e:91:3d:37:d1:76:46:58:40:dd:4a:ff:3a:4e:e2:b0:4a:06:14:96:8e:b8:af"
}
},
"http": {
"POST /key HTTP/1.1\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "POST /key HTTP/1.1\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.method": "POST",
"http.request.uri": "/key",
"http.request.version": "HTTP/1.1"
},
"http.host": "95.217.22.76",
"http.request.line": "Host: 95.217.22.76\r\n",
"http.connection": "keep-alive",
"http.request.line": "Connection: keep-alive\r\n",
"http.content_length_header": "17",
"http.content_length_header_tree": {
"http.content_length": "17"
},
"http.request.line": "Content-Length: 17\r\n",
"http.accept": "*/*",
"http.request.line": "Accept: */*\r\n",
"http.request.line": "X-Requested-With: XMLHttpRequest\r\n",
"http.user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36",
"http.request.line": "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36\r\n",
"http.content_type": "application/json",
"http.request.line": "Content-Type: application/json\r\n",
"http.request.line": "Origin: https://95.217.22.76\r\n",
"http.request.line": "Sec-Fetch-Site: same-origin\r\n",
"http.request.line": "Sec-Fetch-Mode: cors\r\n",
"http.request.line": "Sec-Fetch-Dest: empty\r\n",
"http.referer": "https://95.217.22.76/",
"http.request.line": "Referer: https://95.217.22.76/\r\n",
"http.accept_encoding": "gzip, deflate, br",
"http.request.line": "Accept-Encoding: gzip, deflate, br\r\n",
"http.accept_language": "ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7",
"http.request.line": "Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7\r\n",
"http.cookie": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c",
"http.cookie_tree": {
"http.cookie_pair": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c"
},
"http.request.line": "Cookie: session=fe307005-3191-4dfb-b04a-d8ee9b720d1c\r\n",
"\\r\\n": "",
"http.request.full_uri": "https://95.217.22.76/key",
"http.request": "1",
"http.request_number": "1",
"http.response_in": "576",
"http.file_data": "{\"x\":421,\"y\":139}"
},
"json": {
"json.object": {
"json.member": {
"json.value.number": "421",
"json.key": "x"
},
"json.member": {
"json.value.number": "139",
"json.key": "y"
}
}
}
}
}
},
{
"_index": "packets-2020-07-13",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.interface_id_tree": {
"frame.interface_name": "wlp3s0"
},
"frame.encap_type": "1",
"frame.time": "Jul 13, 2020 07:46:24.988704256 PDT",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1594651584.988704256",
"frame.time_delta": "0.000450458",
"frame.time_delta_displayed": "2.731828952",
"frame.time_relative": "44.784449255",
"frame.number": "600",
"frame.len": "676",
"frame.cap_len": "676",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "eth:ethertype:ip:tcp:tls:http:json",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"eth": {
"eth.dst": "50:ff:20:10:b1:f0",
"eth.dst_tree": {
"eth.dst_resolved": "Keenetic_10:b1:f0",
"eth.addr": "50:ff:20:10:b1:f0",
"eth.addr_resolved": "Keenetic_10:b1:f0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.src": "8c:70:5a:f5:9b:d0",
"eth.src_tree": {
"eth.src_resolved": "IntelCor_f5:9b:d0",
"eth.addr": "8c:70:5a:f5:9b:d0",
"eth.addr_resolved": "IntelCor_f5:9b:d0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.type": "0x00000800"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000000",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "0"
},
"ip.len": "662",
"ip.id": "0x0000cf19",
"ip.flags": "0x00004000",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0",
"ip.frag_offset": "0"
},
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x00003172",
"ip.checksum.status": "2",
"ip.src": "192.168.1.9",
"ip.addr": "192.168.1.9",
"ip.src_host": "192.168.1.9",
"ip.host": "192.168.1.9",
"ip.dst": "95.217.22.76",
"ip.addr": "95.217.22.76",
"ip.dst_host": "95.217.22.76",
"ip.host": "95.217.22.76"
},
"tcp": {
"tcp.srcport": "50474",
"tcp.dstport": "443",
"tcp.port": "50474",
"tcp.port": "443",
"tcp.stream": "42",
"tcp.len": "610",
"tcp.seq": "569",
"tcp.nxtseq": "1179",
"tcp.ack": "142",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "·······AP···"
},
"tcp.window_size_value": "501",
"tcp.window_size": "64128",
"tcp.window_size_scalefactor": "128",
"tcp.checksum": "0x0000fa20",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:93:68:c0:13:33:02:09:d5",
"tcp.options_tree": {
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.timestamp": "08:0a:93:68:c0:13:33:02:09:d5",
"tcp.options.timestamp_tree": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "2473115667",
"tcp.options.timestamp.tsecr": "855771605"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.041032332",
"tcp.analysis.bytes_in_flight": "661",
"tcp.analysis.push_bytes_sent": "610"
},
"Timestamps": {
"tcp.time_relative": "0.080950350",
"tcp.time_delta": "0.000450458"
},
"tcp.payload": "17:03:03:02:5d:00:00:00:00:00:00:00:01:22:7d:93:c3:1e:61:7d:77:6b:0c:18:39:5f:6e:97:8d:f7:09:17:52:6f:21:aa:c5:75:7c:9a:9e:bb:fd:6c:72:1c:6f:24:0d:40:32:60:9e:0a:87:b5:5d:75:a7:4c:43:7f:fa:a1:5e:2c:c1:d0:c5:33:1a:a5:40:39:73:62:b1:f9:20:5e:c1:29:39:ab:b6:f6:aa:81:66:25:54:a7:22:56:af:ab:be:37:29:bc:4a:12:50:f5:a1:8c:b0:97:62:f6:59:6b:56:9e:a7:7f:7d:e1:72:73:98:65:87:78:a8:c4:67:4a:fa:04:73:6b:16:e9:35:47:4e:9e:2b:5b:62:c1:22:1c:4c:54:2d:cb:2c:06:4d:34:35:c8:10:7e:d6:8c:06:55:ed:50:5e:9e:84:d6:3b:68:b0:b3:71:b7:28:cb:95:07:fa:89:a3:8f:73:04:dd:00:ad:ad:f9:74:88:fb:90:8a:72:9e:c3:a9:6c:1f:79:dc:d6:f4:c2:2d:9c:ac:36:10:05:99:4d:fb:25:64:c5:1b:9f:be:83:e0:19:9f:ed:18:5a:d7:20:1d:2c:cd:63:2e:61:1f:f4:dc:68:30:46:a7:df:6f:53:2d:03:df:e6:b4:35:2d:d2:13:64:60:9d:56:4d:3c:a3:3c:a5:08:d0:22:52:11:9c:1c:13:4c:04:73:ec:59:df:86:41:e2:79:d1:8e:ea:02:d4:9e:9f:f9:6d:c2:30:e6:ba:6d:da:20:88:54:b5:b3:99:ac:61:10:7e:e9:32:cf:d7:08:77:8a:f8:7a:55:c6:2a:66:d6:82:9f:08:84:fe:cb:58:f7:3c:a6:a4:aa:e6:f9:af:85:7c:42:db:f0:99:07:ea:bc:03:2a:22:d7:ab:1a:9a:db:ae:da:33:2c:04:68:c1:e1:52:59:a2:73:ce:19:27:95:e3:1d:69:9e:7c:e6:0f:fb:5a:8c:4d:d3:f1:30:2f:54:4f:5b:f6:83:3b:15:0b:7d:f7:3c:45:aa:02:18:f6:f9:4f:86:80:ff:43:97:d0:26:7e:8e:9c:a9:6f:5c:0e:ed:b1:ed:34:f4:04:87:c2:d5:19:06:f1:0d:fe:e4:82:53:8b:03:bb:01:fb:83:07:8d:7d:09:14:c5:2c:6a:e1:73:f6:3c:4c:58:11:64:6d:41:ef:12:ae:0d:22:79:de:35:71:04:03:40:47:eb:15:a4:fc:0b:d9:bd:c9:c9:e1:60:32:0e:dd:92:1a:07:b7:85:3d:47:4e:4e:ed:2a:54:65:63:19:41:7b:0c:ef:79:21:26:fe:a1:1a:ab:83:03:fd:4e:ea:74:4a:57:19:b1:91:20:40:8b:dc:9b:04:18:50:58:d6:7a:95:17:22:8a:b2:cb:7f:15:d8:79:46:cb:8c:7b:cf:27:e7:c4:89:b0:ca:06:73:67:fd:9c:8a:b7:e7:08:8c:db:cf:f5:55:91:57:1d:24:f8:79:fe:1e:ef:29:bb:72:2e:42:08:7e:98:41:82:2d:d6:6c:05:83:be:e4:67:56:a3:2f:02:c5:59:69:dd:91:f3:f6:e8:a4:b2:3f:65:a1:0a:9c"
},
"tls": {
"tls.record": {
"tls.record.content_type": "23",
"tls.record.version": "0x00000303",
"tls.record.length": "605",
"tls.app_data": "00:00:00:00:00:00:00:01:22:7d:93:c3:1e:61:7d:77:6b:0c:18:39:5f:6e:97:8d:f7:09:17:52:6f:21:aa:c5:75:7c:9a:9e:bb:fd:6c:72:1c:6f:24:0d:40:32:60:9e:0a:87:b5:5d:75:a7:4c:43:7f:fa:a1:5e:2c:c1:d0:c5:33:1a:a5:40:39:73:62:b1:f9:20:5e:c1:29:39:ab:b6:f6:aa:81:66:25:54:a7:22:56:af:ab:be:37:29:bc:4a:12:50:f5:a1:8c:b0:97:62:f6:59:6b:56:9e:a7:7f:7d:e1:72:73:98:65:87:78:a8:c4:67:4a:fa:04:73:6b:16:e9:35:47:4e:9e:2b:5b:62:c1:22:1c:4c:54:2d:cb:2c:06:4d:34:35:c8:10:7e:d6:8c:06:55:ed:50:5e:9e:84:d6:3b:68:b0:b3:71:b7:28:cb:95:07:fa:89:a3:8f:73:04:dd:00:ad:ad:f9:74:88:fb:90:8a:72:9e:c3:a9:6c:1f:79:dc:d6:f4:c2:2d:9c:ac:36:10:05:99:4d:fb:25:64:c5:1b:9f:be:83:e0:19:9f:ed:18:5a:d7:20:1d:2c:cd:63:2e:61:1f:f4:dc:68:30:46:a7:df:6f:53:2d:03:df:e6:b4:35:2d:d2:13:64:60:9d:56:4d:3c:a3:3c:a5:08:d0:22:52:11:9c:1c:13:4c:04:73:ec:59:df:86:41:e2:79:d1:8e:ea:02:d4:9e:9f:f9:6d:c2:30:e6:ba:6d:da:20:88:54:b5:b3:99:ac:61:10:7e:e9:32:cf:d7:08:77:8a:f8:7a:55:c6:2a:66:d6:82:9f:08:84:fe:cb:58:f7:3c:a6:a4:aa:e6:f9:af:85:7c:42:db:f0:99:07:ea:bc:03:2a:22:d7:ab:1a:9a:db:ae:da:33:2c:04:68:c1:e1:52:59:a2:73:ce:19:27:95:e3:1d:69:9e:7c:e6:0f:fb:5a:8c:4d:d3:f1:30:2f:54:4f:5b:f6:83:3b:15:0b:7d:f7:3c:45:aa:02:18:f6:f9:4f:86:80:ff:43:97:d0:26:7e:8e:9c:a9:6f:5c:0e:ed:b1:ed:34:f4:04:87:c2:d5:19:06:f1:0d:fe:e4:82:53:8b:03:bb:01:fb:83:07:8d:7d:09:14:c5:2c:6a:e1:73:f6:3c:4c:58:11:64:6d:41:ef:12:ae:0d:22:79:de:35:71:04:03:40:47:eb:15:a4:fc:0b:d9:bd:c9:c9:e1:60:32:0e:dd:92:1a:07:b7:85:3d:47:4e:4e:ed:2a:54:65:63:19:41:7b:0c:ef:79:21:26:fe:a1:1a:ab:83:03:fd:4e:ea:74:4a:57:19:b1:91:20:40:8b:dc:9b:04:18:50:58:d6:7a:95:17:22:8a:b2:cb:7f:15:d8:79:46:cb:8c:7b:cf:27:e7:c4:89:b0:ca:06:73:67:fd:9c:8a:b7:e7:08:8c:db:cf:f5:55:91:57:1d:24:f8:79:fe:1e:ef:29:bb:72:2e:42:08:7e:98:41:82:2d:d6:6c:05:83:be:e4:67:56:a3:2f:02:c5:59:69:dd:91:f3:f6:e8:a4:b2:3f:65:a1:0a:9c"
}
},
"http": {
"POST /key HTTP/1.1\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "POST /key HTTP/1.1\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.method": "POST",
"http.request.uri": "/key",
"http.request.version": "HTTP/1.1"
},
"http.host": "95.217.22.76",
"http.request.line": "Host: 95.217.22.76\r\n",
"http.connection": "keep-alive",
"http.request.line": "Connection: keep-alive\r\n",
"http.content_length_header": "17",
"http.content_length_header_tree": {
"http.content_length": "17"
},
"http.request.line": "Content-Length: 17\r\n",
"http.accept": "*/*",
"http.request.line": "Accept: */*\r\n",
"http.request.line": "X-Requested-With: XMLHttpRequest\r\n",
"http.user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36",
"http.request.line": "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36\r\n",
"http.content_type": "application/json",
"http.request.line": "Content-Type: application/json\r\n",
"http.request.line": "Origin: https://95.217.22.76\r\n",
"http.request.line": "Sec-Fetch-Site: same-origin\r\n",
"http.request.line": "Sec-Fetch-Mode: cors\r\n",
"http.request.line": "Sec-Fetch-Dest: empty\r\n",
"http.referer": "https://95.217.22.76/",
"http.request.line": "Referer: https://95.217.22.76/\r\n",
"http.accept_encoding": "gzip, deflate, br",
"http.request.line": "Accept-Encoding: gzip, deflate, br\r\n",
"http.accept_language": "ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7",
"http.request.line": "Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7\r\n",
"http.cookie": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c",
"http.cookie_tree": {
"http.cookie_pair": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c"
},
"http.request.line": "Cookie: session=fe307005-3191-4dfb-b04a-d8ee9b720d1c\r\n",
"\\r\\n": "",
"http.request.full_uri": "https://95.217.22.76/key",
"http.request": "1",
"http.request_number": "1",
"http.response_in": "605",
"http.file_data": "{\"x\":143,\"y\":106}"
},
"json": {
"json.object": {
"json.member": {
"json.value.number": "143",
"json.key": "x"
},
"json.member": {
"json.value.number": "106",
"json.key": "y"
}
}
}
}
}
},
{
"_index": "packets-2020-07-13",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.interface_id_tree": {
"frame.interface_name": "wlp3s0"
},
"frame.encap_type": "1",
"frame.time": "Jul 13, 2020 07:46:27.136300736 PDT",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1594651587.136300736",
"frame.time_delta": "0.000465907",
"frame.time_delta_displayed": "2.147596480",
"frame.time_relative": "46.932045735",
"frame.number": "629",
"frame.len": "675",
"frame.cap_len": "675",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "eth:ethertype:ip:tcp:tls:http:json",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"eth": {
"eth.dst": "50:ff:20:10:b1:f0",
"eth.dst_tree": {
"eth.dst_resolved": "Keenetic_10:b1:f0",
"eth.addr": "50:ff:20:10:b1:f0",
"eth.addr_resolved": "Keenetic_10:b1:f0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.src": "8c:70:5a:f5:9b:d0",
"eth.src_tree": {
"eth.src_resolved": "IntelCor_f5:9b:d0",
"eth.addr": "8c:70:5a:f5:9b:d0",
"eth.addr_resolved": "IntelCor_f5:9b:d0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.type": "0x00000800"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000000",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "0"
},
"ip.len": "661",
"ip.id": "0x00002d07",
"ip.flags": "0x00004000",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0",
"ip.frag_offset": "0"
},
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x0000d385",
"ip.checksum.status": "2",
"ip.src": "192.168.1.9",
"ip.addr": "192.168.1.9",
"ip.src_host": "192.168.1.9",
"ip.host": "192.168.1.9",
"ip.dst": "95.217.22.76",
"ip.addr": "95.217.22.76",
"ip.dst_host": "95.217.22.76",
"ip.host": "95.217.22.76"
},
"tcp": {
"tcp.srcport": "50478",
"tcp.dstport": "443",
"tcp.port": "50478",
"tcp.port": "443",
"tcp.stream": "44",
"tcp.len": "609",
"tcp.seq": "569",
"tcp.nxtseq": "1178",
"tcp.ack": "142",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "·······AP···"
},
"tcp.window_size_value": "501",
"tcp.window_size": "64128",
"tcp.window_size_scalefactor": "128",
"tcp.checksum": "0x0000e144",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:93:68:c8:76:33:02:12:32",
"tcp.options_tree": {
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.timestamp": "08:0a:93:68:c8:76:33:02:12:32",
"tcp.options.timestamp_tree": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "2473117814",
"tcp.options.timestamp.tsecr": "855773746"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.045294983",
"tcp.analysis.bytes_in_flight": "660",
"tcp.analysis.push_bytes_sent": "609"
},
"Timestamps": {
"tcp.time_relative": "0.092446902",
"tcp.time_delta": "0.000465907"
},
"tcp.payload": "17:03:03:02:5c:00:00:00:00:00:00:00:01:1a:08:dd:e6:28:16:a9:b2:b8:bb:18:dd:11:d0:bb:d9:3d:80:8a:7d:76:6d:50:0b:3f:88:03:7f:a0:07:31:a2:5d:f0:65:b0:f7:87:99:a9:be:3b:12:80:10:09:b2:8b:84:89:18:cf:0f:0a:98:de:1d:bc:be:bd:44:10:7a:cd:92:35:69:64:4b:a3:bb:c8:b9:76:d0:00:b3:31:2f:80:12:3f:3a:02:4b:23:ce:4f:d8:f2:0b:c9:1f:0a:bc:c4:c0:1e:3d:bc:96:1a:e8:c6:e7:c4:10:7b:3a:c6:cf:4e:78:2d:d5:a7:2a:fc:62:34:f3:4b:d6:62:6f:d6:27:e2:a4:a3:a1:ac:0a:fd:eb:d8:0b:d4:90:b8:88:b3:60:a5:a9:99:8d:a0:83:bd:a3:6b:9c:63:9d:49:cf:7c:af:03:c6:b2:04:57:50:12:8c:c6:55:30:4e:a7:f7:ba:af:83:45:52:08:57:dc:f7:d0:8b:f0:91:85:5a:bc:56:80:fb:0d:ad:13:dd:2b:8a:66:71:4f:fc:35:47:3a:f7:22:a8:66:91:ce:90:48:66:2a:f5:7f:74:43:b8:6d:88:fa:4a:d0:36:49:e0:ad:6e:10:45:8f:b0:e1:b1:9e:4b:87:4c:d7:f1:d8:f2:06:60:5c:ab:6f:c6:e5:67:f1:83:7b:14:63:8a:da:12:ca:9d:bf:4a:5c:df:15:f2:f4:f0:c8:0d:69:76:5c:06:d4:d4:69:31:0f:3f:d2:af:a8:f5:c5:c0:29:b0:5c:61:11:fd:a5:cb:6e:9c:da:d9:af:ee:24:24:54:04:c8:36:e7:67:6f:a4:98:a5:03:40:02:00:98:dc:4b:8e:19:64:55:02:b3:13:5a:a0:59:01:88:f3:94:ce:aa:5a:53:2c:4b:43:6c:35:1b:00:6f:99:80:68:de:e9:b9:cc:94:2a:c7:40:4e:a5:8c:f7:54:e7:98:07:8d:94:32:e7:09:5d:6a:dc:d1:bc:49:72:2c:9f:28:7f:0d:a1:5c:79:17:b9:cb:af:06:a1:be:54:b5:40:ab:e3:78:2a:f9:00:87:8e:6f:13:20:43:cd:09:61:0e:d5:4b:90:2d:30:d6:9c:44:92:99:96:36:5f:0a:c8:1d:03:8a:a1:e8:53:2d:a8:4f:22:25:9c:f2:6a:cd:df:ca:0a:9e:85:df:82:97:b2:c2:3d:3b:ff:29:4e:98:99:91:72:9e:41:50:24:ca:f6:fa:69:85:ab:35:1b:25:ce:62:82:2a:1e:57:22:00:0b:2b:a1:e3:ba:34:b2:45:40:1b:cd:12:98:30:cd:9a:45:01:c0:4d:5e:24:a0:1c:85:8d:41:66:ad:43:a9:a4:83:da:f5:f9:d3:6c:82:a9:f3:1c:6b:3c:70:39:79:40:45:28:cc:61:7f:27:a5:0c:0e:a3:2d:7e:fb:01:99:7b:5e:78:2b:48:e2:e7:c1:ed:3e:65:bc:ad:46:36:c3:ff:49:9a:36:86:2c:f9:3e:df:d0:07:b2:cc:c9:86:df:5a:13:71:dc:17:d0:6d:5c:d4:2f:02:b8:8c:02:4f:a2:7f:87:e1"
},
"tls": {
"tls.record": {
"tls.record.content_type": "23",
"tls.record.version": "0x00000303",
"tls.record.length": "604",
"tls.app_data": "00:00:00:00:00:00:00:01:1a:08:dd:e6:28:16:a9:b2:b8:bb:18:dd:11:d0:bb:d9:3d:80:8a:7d:76:6d:50:0b:3f:88:03:7f:a0:07:31:a2:5d:f0:65:b0:f7:87:99:a9:be:3b:12:80:10:09:b2:8b:84:89:18:cf:0f:0a:98:de:1d:bc:be:bd:44:10:7a:cd:92:35:69:64:4b:a3:bb:c8:b9:76:d0:00:b3:31:2f:80:12:3f:3a:02:4b:23:ce:4f:d8:f2:0b:c9:1f:0a:bc:c4:c0:1e:3d:bc:96:1a:e8:c6:e7:c4:10:7b:3a:c6:cf:4e:78:2d:d5:a7:2a:fc:62:34:f3:4b:d6:62:6f:d6:27:e2:a4:a3:a1:ac:0a:fd:eb:d8:0b:d4:90:b8:88:b3:60:a5:a9:99:8d:a0:83:bd:a3:6b:9c:63:9d:49:cf:7c:af:03:c6:b2:04:57:50:12:8c:c6:55:30:4e:a7:f7:ba:af:83:45:52:08:57:dc:f7:d0:8b:f0:91:85:5a:bc:56:80:fb:0d:ad:13:dd:2b:8a:66:71:4f:fc:35:47:3a:f7:22:a8:66:91:ce:90:48:66:2a:f5:7f:74:43:b8:6d:88:fa:4a:d0:36:49:e0:ad:6e:10:45:8f:b0:e1:b1:9e:4b:87:4c:d7:f1:d8:f2:06:60:5c:ab:6f:c6:e5:67:f1:83:7b:14:63:8a:da:12:ca:9d:bf:4a:5c:df:15:f2:f4:f0:c8:0d:69:76:5c:06:d4:d4:69:31:0f:3f:d2:af:a8:f5:c5:c0:29:b0:5c:61:11:fd:a5:cb:6e:9c:da:d9:af:ee:24:24:54:04:c8:36:e7:67:6f:a4:98:a5:03:40:02:00:98:dc:4b:8e:19:64:55:02:b3:13:5a:a0:59:01:88:f3:94:ce:aa:5a:53:2c:4b:43:6c:35:1b:00:6f:99:80:68:de:e9:b9:cc:94:2a:c7:40:4e:a5:8c:f7:54:e7:98:07:8d:94:32:e7:09:5d:6a:dc:d1:bc:49:72:2c:9f:28:7f:0d:a1:5c:79:17:b9:cb:af:06:a1:be:54:b5:40:ab:e3:78:2a:f9:00:87:8e:6f:13:20:43:cd:09:61:0e:d5:4b:90:2d:30:d6:9c:44:92:99:96:36:5f:0a:c8:1d:03:8a:a1:e8:53:2d:a8:4f:22:25:9c:f2:6a:cd:df:ca:0a:9e:85:df:82:97:b2:c2:3d:3b:ff:29:4e:98:99:91:72:9e:41:50:24:ca:f6:fa:69:85:ab:35:1b:25:ce:62:82:2a:1e:57:22:00:0b:2b:a1:e3:ba:34:b2:45:40:1b:cd:12:98:30:cd:9a:45:01:c0:4d:5e:24:a0:1c:85:8d:41:66:ad:43:a9:a4:83:da:f5:f9:d3:6c:82:a9:f3:1c:6b:3c:70:39:79:40:45:28:cc:61:7f:27:a5:0c:0e:a3:2d:7e:fb:01:99:7b:5e:78:2b:48:e2:e7:c1:ed:3e:65:bc:ad:46:36:c3:ff:49:9a:36:86:2c:f9:3e:df:d0:07:b2:cc:c9:86:df:5a:13:71:dc:17:d0:6d:5c:d4:2f:02:b8:8c:02:4f:a2:7f:87:e1"
}
},
"http": {
"POST /key HTTP/1.1\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "POST /key HTTP/1.1\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.method": "POST",
"http.request.uri": "/key",
"http.request.version": "HTTP/1.1"
},
"http.host": "95.217.22.76",
"http.request.line": "Host: 95.217.22.76\r\n",
"http.connection": "keep-alive",
"http.request.line": "Connection: keep-alive\r\n",
"http.content_length_header": "16",
"http.content_length_header_tree": {
"http.content_length": "16"
},
"http.request.line": "Content-Length: 16\r\n",
"http.accept": "*/*",
"http.request.line": "Accept: */*\r\n",
"http.request.line": "X-Requested-With: XMLHttpRequest\r\n",
"http.user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36",
"http.request.line": "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36\r\n",
"http.content_type": "application/json",
"http.request.line": "Content-Type: application/json\r\n",
"http.request.line": "Origin: https://95.217.22.76\r\n",
"http.request.line": "Sec-Fetch-Site: same-origin\r\n",
"http.request.line": "Sec-Fetch-Mode: cors\r\n",
"http.request.line": "Sec-Fetch-Dest: empty\r\n",
"http.referer": "https://95.217.22.76/",
"http.request.line": "Referer: https://95.217.22.76/\r\n",
"http.accept_encoding": "gzip, deflate, br",
"http.request.line": "Accept-Encoding: gzip, deflate, br\r\n",
"http.accept_language": "ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7",
"http.request.line": "Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7\r\n",
"http.cookie": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c",
"http.cookie_tree": {
"http.cookie_pair": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c"
},
"http.request.line": "Cookie: session=fe307005-3191-4dfb-b04a-d8ee9b720d1c\r\n",
"\\r\\n": "",
"http.request.full_uri": "https://95.217.22.76/key",
"http.request": "1",
"http.request_number": "1",
"http.response_in": "634",
"http.file_data": "{\"x\":639,\"y\":10}"
},
"json": {
"json.object": {
"json.member": {
"json.value.number": "639",
"json.key": "x"
},
"json.member": {
"json.value.number": "10",
"json.key": "y"
}
}
}
}
}
},
{
"_index": "packets-2020-07-13",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.interface_id_tree": {
"frame.interface_name": "wlp3s0"
},
"frame.encap_type": "1",
"frame.time": "Jul 13, 2020 07:46:28.862909141 PDT",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1594651588.862909141",
"frame.time_delta": "0.000455868",
"frame.time_delta_displayed": "1.726608405",
"frame.time_relative": "48.658654140",
"frame.number": "657",
"frame.len": "676",
"frame.cap_len": "676",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "eth:ethertype:ip:tcp:tls:http:json",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"eth": {
"eth.dst": "50:ff:20:10:b1:f0",
"eth.dst_tree": {
"eth.dst_resolved": "Keenetic_10:b1:f0",
"eth.addr": "50:ff:20:10:b1:f0",
"eth.addr_resolved": "Keenetic_10:b1:f0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.src": "8c:70:5a:f5:9b:d0",
"eth.src_tree": {
"eth.src_resolved": "IntelCor_f5:9b:d0",
"eth.addr": "8c:70:5a:f5:9b:d0",
"eth.addr_resolved": "IntelCor_f5:9b:d0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.type": "0x00000800"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000000",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "0"
},
"ip.len": "662",
"ip.id": "0x0000fec2",
"ip.flags": "0x00004000",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0",
"ip.frag_offset": "0"
},
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x000001c9",
"ip.checksum.status": "2",
"ip.src": "192.168.1.9",
"ip.addr": "192.168.1.9",
"ip.src_host": "192.168.1.9",
"ip.host": "192.168.1.9",
"ip.dst": "95.217.22.76",
"ip.addr": "95.217.22.76",
"ip.dst_host": "95.217.22.76",
"ip.host": "95.217.22.76"
},
"tcp": {
"tcp.srcport": "50482",
"tcp.dstport": "443",
"tcp.port": "50482",
"tcp.port": "443",
"tcp.stream": "46",
"tcp.len": "610",
"tcp.seq": "569",
"tcp.nxtseq": "1179",
"tcp.ack": "142",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "·······AP···"
},
"tcp.window_size_value": "501",
"tcp.window_size": "64128",
"tcp.window_size_scalefactor": "128",
"tcp.checksum": "0x0000b294",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:93:68:cf:35:33:02:18:f7",
"tcp.options_tree": {
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.timestamp": "08:0a:93:68:cf:35:33:02:18:f7",
"tcp.options.timestamp_tree": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "2473119541",
"tcp.options.timestamp.tsecr": "855775479"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.037620055",
"tcp.analysis.bytes_in_flight": "661",
"tcp.analysis.push_bytes_sent": "610"
},
"Timestamps": {
"tcp.time_relative": "0.078577990",
"tcp.time_delta": "0.000455868"
},
"tcp.payload": "17:03:03:02:5d:00:00:00:00:00:00:00:01:5d:04:50:c0:89:d8:b9:f9:f5:f9:e9:f9:38:8e:ad:c3:9c:54:b1:3f:63:1d:71:df:f2:ef:02:fc:15:e6:7a:ee:7a:e0:cb:8f:18:15:e5:b6:49:bf:1b:30:24:68:a3:e3:6c:e8:d0:70:b8:51:27:68:25:d0:e9:bc:cc:23:83:65:b2:97:76:e8:ac:21:a2:e9:00:90:4f:7d:f4:6c:51:3f:f1:b9:8d:9b:3f:6e:77:6e:f1:f7:1a:fd:0d:97:13:76:55:03:81:0e:65:b8:95:3e:02:95:93:1c:68:16:ba:ca:43:c5:95:60:b2:9d:9a:09:8f:b3:59:29:63:c6:34:3c:b1:51:8d:16:84:e0:84:82:76:24:35:f4:69:fe:9a:f7:76:10:c7:71:f4:a7:97:b3:4f:80:01:3a:f2:09:52:9a:2b:12:3b:e0:85:2b:ae:fa:b4:6c:11:7b:96:bc:33:5a:90:e1:1b:32:6b:6c:b9:a9:2b:5a:c2:14:92:b7:98:10:29:4f:75:89:c7:2a:02:da:17:94:71:56:70:0f:07:ce:7a:11:b6:45:2c:a7:94:77:30:fb:67:9d:fb:d2:ee:08:35:8a:64:41:15:db:d2:aa:19:9e:e2:23:8f:70:a1:00:b1:98:23:50:98:2a:b5:60:72:13:c8:d6:5f:29:ba:4d:7f:84:1f:a0:43:6c:41:84:76:aa:65:47:57:15:6f:d6:ae:fc:3f:84:98:b4:26:92:3d:81:67:2f:9b:3a:e2:6c:a3:68:60:62:80:05:9b:ab:dd:b2:e6:f7:29:3e:5e:2f:4e:2b:73:7d:63:68:e3:78:e8:8b:11:0d:0b:01:f3:ba:3a:1c:1a:4e:5c:b5:6e:97:56:b5:fd:82:38:85:01:bc:1d:1f:b7:80:10:f6:e9:b5:d7:49:af:e3:96:6d:76:ee:a4:32:e5:c8:c9:65:b4:c0:ce:e7:ac:82:1a:42:74:d1:f9:de:9a:c2:05:e2:af:4b:17:1b:4e:ea:a2:ca:33:4a:5e:bc:25:49:88:3f:c1:9d:26:d6:c9:cb:15:f9:aa:6b:70:d8:65:b8:e3:dd:ef:cb:b2:75:c6:a0:a3:64:11:87:f0:ff:9e:42:44:9e:87:5f:b6:9b:2d:13:0d:f2:ae:18:32:84:f6:68:41:6b:66:7a:96:36:fe:e7:fe:49:88:55:83:f5:de:df:27:e2:b0:14:14:c8:09:97:4c:5b:6a:f5:0b:b2:f6:5a:9c:45:e4:ba:0c:19:2d:03:54:51:1a:16:7b:04:5b:14:48:45:60:60:62:89:56:65:dc:67:04:74:8b:6a:56:5a:e1:67:6e:cf:34:af:9e:0d:ed:0d:38:65:50:70:82:32:30:bc:4e:c0:16:6e:cb:6f:93:da:4d:1a:4b:ff:69:df:a5:a1:2f:6c:4d:f1:84:ae:4a:e3:cb:5e:39:cc:92:77:73:79:18:6b:98:cf:07:a6:41:a7:2f:e6:1c:ec:50:8e:4e:4a:38:0d:e9:fe:30:97:21:63:0d:96:43:df:77:68:ff:72:bd:70:e4:43:c6:61:4b:ea:fd:a2:15:11:18:1b:de"
},
"tls": {
"tls.record": {
"tls.record.content_type": "23",
"tls.record.version": "0x00000303",
"tls.record.length": "605",
"tls.app_data": "00:00:00:00:00:00:00:01:5d:04:50:c0:89:d8:b9:f9:f5:f9:e9:f9:38:8e:ad:c3:9c:54:b1:3f:63:1d:71:df:f2:ef:02:fc:15:e6:7a:ee:7a:e0:cb:8f:18:15:e5:b6:49:bf:1b:30:24:68:a3:e3:6c:e8:d0:70:b8:51:27:68:25:d0:e9:bc:cc:23:83:65:b2:97:76:e8:ac:21:a2:e9:00:90:4f:7d:f4:6c:51:3f:f1:b9:8d:9b:3f:6e:77:6e:f1:f7:1a:fd:0d:97:13:76:55:03:81:0e:65:b8:95:3e:02:95:93:1c:68:16:ba:ca:43:c5:95:60:b2:9d:9a:09:8f:b3:59:29:63:c6:34:3c:b1:51:8d:16:84:e0:84:82:76:24:35:f4:69:fe:9a:f7:76:10:c7:71:f4:a7:97:b3:4f:80:01:3a:f2:09:52:9a:2b:12:3b:e0:85:2b:ae:fa:b4:6c:11:7b:96:bc:33:5a:90:e1:1b:32:6b:6c:b9:a9:2b:5a:c2:14:92:b7:98:10:29:4f:75:89:c7:2a:02:da:17:94:71:56:70:0f:07:ce:7a:11:b6:45:2c:a7:94:77:30:fb:67:9d:fb:d2:ee:08:35:8a:64:41:15:db:d2:aa:19:9e:e2:23:8f:70:a1:00:b1:98:23:50:98:2a:b5:60:72:13:c8:d6:5f:29:ba:4d:7f:84:1f:a0:43:6c:41:84:76:aa:65:47:57:15:6f:d6:ae:fc:3f:84:98:b4:26:92:3d:81:67:2f:9b:3a:e2:6c:a3:68:60:62:80:05:9b:ab:dd:b2:e6:f7:29:3e:5e:2f:4e:2b:73:7d:63:68:e3:78:e8:8b:11:0d:0b:01:f3:ba:3a:1c:1a:4e:5c:b5:6e:97:56:b5:fd:82:38:85:01:bc:1d:1f:b7:80:10:f6:e9:b5:d7:49:af:e3:96:6d:76:ee:a4:32:e5:c8:c9:65:b4:c0:ce:e7:ac:82:1a:42:74:d1:f9:de:9a:c2:05:e2:af:4b:17:1b:4e:ea:a2:ca:33:4a:5e:bc:25:49:88:3f:c1:9d:26:d6:c9:cb:15:f9:aa:6b:70:d8:65:b8:e3:dd:ef:cb:b2:75:c6:a0:a3:64:11:87:f0:ff:9e:42:44:9e:87:5f:b6:9b:2d:13:0d:f2:ae:18:32:84:f6:68:41:6b:66:7a:96:36:fe:e7:fe:49:88:55:83:f5:de:df:27:e2:b0:14:14:c8:09:97:4c:5b:6a:f5:0b:b2:f6:5a:9c:45:e4:ba:0c:19:2d:03:54:51:1a:16:7b:04:5b:14:48:45:60:60:62:89:56:65:dc:67:04:74:8b:6a:56:5a:e1:67:6e:cf:34:af:9e:0d:ed:0d:38:65:50:70:82:32:30:bc:4e:c0:16:6e:cb:6f:93:da:4d:1a:4b:ff:69:df:a5:a1:2f:6c:4d:f1:84:ae:4a:e3:cb:5e:39:cc:92:77:73:79:18:6b:98:cf:07:a6:41:a7:2f:e6:1c:ec:50:8e:4e:4a:38:0d:e9:fe:30:97:21:63:0d:96:43:df:77:68:ff:72:bd:70:e4:43:c6:61:4b:ea:fd:a2:15:11:18:1b:de"
}
},
"http": {
"POST /key HTTP/1.1\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "POST /key HTTP/1.1\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.method": "POST",
"http.request.uri": "/key",
"http.request.version": "HTTP/1.1"
},
"http.host": "95.217.22.76",
"http.request.line": "Host: 95.217.22.76\r\n",
"http.connection": "keep-alive",
"http.request.line": "Connection: keep-alive\r\n",
"http.content_length_header": "17",
"http.content_length_header_tree": {
"http.content_length": "17"
},
"http.request.line": "Content-Length: 17\r\n",
"http.accept": "*/*",
"http.request.line": "Accept: */*\r\n",
"http.request.line": "X-Requested-With: XMLHttpRequest\r\n",
"http.user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36",
"http.request.line": "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36\r\n",
"http.content_type": "application/json",
"http.request.line": "Content-Type: application/json\r\n",
"http.request.line": "Origin: https://95.217.22.76\r\n",
"http.request.line": "Sec-Fetch-Site: same-origin\r\n",
"http.request.line": "Sec-Fetch-Mode: cors\r\n",
"http.request.line": "Sec-Fetch-Dest: empty\r\n",
"http.referer": "https://95.217.22.76/",
"http.request.line": "Referer: https://95.217.22.76/\r\n",
"http.accept_encoding": "gzip, deflate, br",
"http.request.line": "Accept-Encoding: gzip, deflate, br\r\n",
"http.accept_language": "ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7",
"http.request.line": "Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7\r\n",
"http.cookie": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c",
"http.cookie_tree": {
"http.cookie_pair": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c"
},
"http.request.line": "Cookie: session=fe307005-3191-4dfb-b04a-d8ee9b720d1c\r\n",
"\\r\\n": "",
"http.request.full_uri": "https://95.217.22.76/key",
"http.request": "1",
"http.request_number": "1",
"http.response_in": "662",
"http.file_data": "{\"x\":288,\"y\":100}"
},
"json": {
"json.object": {
"json.member": {
"json.value.number": "288",
"json.key": "x"
},
"json.member": {
"json.value.number": "100",
"json.key": "y"
}
}
}
}
}
},
{
"_index": "packets-2020-07-13",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.interface_id_tree": {
"frame.interface_name": "wlp3s0"
},
"frame.encap_type": "1",
"frame.time": "Jul 13, 2020 07:46:30.697308135 PDT",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1594651590.697308135",
"frame.time_delta": "0.000456936",
"frame.time_delta_displayed": "1.834398994",
"frame.time_relative": "50.493053134",
"frame.number": "686",
"frame.len": "675",
"frame.cap_len": "675",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "eth:ethertype:ip:tcp:tls:http:json",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"eth": {
"eth.dst": "50:ff:20:10:b1:f0",
"eth.dst_tree": {
"eth.dst_resolved": "Keenetic_10:b1:f0",
"eth.addr": "50:ff:20:10:b1:f0",
"eth.addr_resolved": "Keenetic_10:b1:f0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.src": "8c:70:5a:f5:9b:d0",
"eth.src_tree": {
"eth.src_resolved": "IntelCor_f5:9b:d0",
"eth.addr": "8c:70:5a:f5:9b:d0",
"eth.addr_resolved": "IntelCor_f5:9b:d0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.type": "0x00000800"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000000",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "0"
},
"ip.len": "661",
"ip.id": "0x0000d7b6",
"ip.flags": "0x00004000",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0",
"ip.frag_offset": "0"
},
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x000028d6",
"ip.checksum.status": "2",
"ip.src": "192.168.1.9",
"ip.addr": "192.168.1.9",
"ip.src_host": "192.168.1.9",
"ip.host": "192.168.1.9",
"ip.dst": "95.217.22.76",
"ip.addr": "95.217.22.76",
"ip.dst_host": "95.217.22.76",
"ip.host": "95.217.22.76"
},
"tcp": {
"tcp.srcport": "50486",
"tcp.dstport": "443",
"tcp.port": "50486",
"tcp.port": "443",
"tcp.stream": "48",
"tcp.len": "609",
"tcp.seq": "569",
"tcp.nxtseq": "1178",
"tcp.ack": "142",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "·······AP···"
},
"tcp.window_size_value": "501",
"tcp.window_size": "64128",
"tcp.window_size_scalefactor": "128",
"tcp.checksum": "0x00005c0b",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:93:68:d6:5f:33:02:20:23",
"tcp.options_tree": {
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.timestamp": "08:0a:93:68:d6:5f:33:02:20:23",
"tcp.options.timestamp_tree": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "2473121375",
"tcp.options.timestamp.tsecr": "855777315"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.043386187",
"tcp.analysis.bytes_in_flight": "660",
"tcp.analysis.push_bytes_sent": "609"
},
"Timestamps": {
"tcp.time_relative": "0.082754609",
"tcp.time_delta": "0.000456936"
},
"tcp.payload": "17:03:03:02:5c:00:00:00:00:00:00:00:01:0a:c8:f0:e5:78:b7:47:07:a0:1a:7c:5a:7f:83:57:17:79:5c:81:12:ac:06:f6:88:be:75:66:41:6e:44:18:d5:c4:0d:e0:6e:b2:fa:84:4f:42:a1:01:86:99:c5:2b:1c:12:08:72:ea:74:44:9d:de:2f:b8:37:0a:03:ab:4d:f9:6a:5f:b8:87:0b:4f:dc:1d:33:61:a1:49:57:4e:78:06:aa:52:e2:9d:f1:2f:3e:07:9d:25:ec:cb:9a:7e:73:0f:fb:ed:0c:c5:b6:e9:1a:f8:1d:46:cf:05:5e:81:4f:ec:c5:22:1b:4b:26:cf:21:d5:47:d7:3d:dd:ad:2b:58:5c:1d:58:a2:a8:0c:4a:a4:83:ff:70:63:f9:5d:aa:8e:8a:6d:84:db:25:62:3a:c7:27:31:4e:ce:91:8e:8f:89:d9:84:57:63:64:22:48:83:99:ee:2c:8e:5a:fe:7c:0d:1d:26:02:5c:a5:bc:be:8c:7e:95:24:14:7a:be:2b:18:5b:83:3d:dc:d2:46:37:27:c3:a8:be:b2:9d:7b:50:60:9e:20:a6:34:28:ee:60:22:06:fa:24:78:c8:83:2e:25:90:82:d7:6d:06:c6:b2:0b:08:b0:bf:d8:18:55:df:85:00:3d:d1:2d:e0:a9:d9:0c:8e:23:9c:3a:13:48:8b:34:97:03:34:b0:f0:96:00:2e:f8:2d:24:00:00:e6:fd:aa:93:ab:59:66:dc:3f:98:49:96:83:0e:dc:50:e0:29:7b:53:e4:c8:ea:15:3a:e6:93:6d:d2:ed:76:31:6a:77:7b:e8:73:f4:14:0d:6c:3e:4a:f5:9b:ea:47:de:cc:97:9e:4b:7a:ee:c4:3d:ac:9e:ec:5f:f2:f6:37:cb:87:ad:ad:3b:68:94:14:0b:d3:77:65:e3:f4:6e:dc:4b:37:2b:84:cb:18:e6:f8:c4:11:2d:44:ce:02:fa:d3:15:78:98:8f:19:9f:6a:a0:48:86:ef:8d:e4:51:e6:43:9b:4a:cd:99:2f:29:09:37:70:e8:15:ea:11:bb:19:2f:d4:53:0f:27:6d:62:9a:fa:36:14:83:da:06:ac:a3:55:9e:a2:8b:71:1c:e5:f4:28:96:a4:95:eb:13:ee:16:21:0a:3c:07:7c:37:98:7d:1a:80:2c:2a:a1:9c:4e:03:c1:3e:de:0f:61:69:ed:43:1f:78:69:23:99:33:90:37:36:50:17:be:10:1a:d7:b2:be:50:7a:b2:84:83:18:6f:8d:52:48:d3:8c:89:18:9a:05:50:2a:48:d7:2d:d0:59:ea:55:b2:22:d8:1b:c0:b8:bd:80:bb:a6:12:8d:15:d2:8b:37:53:4d:2b:2c:5b:97:a3:47:af:75:d0:9f:aa:bc:48:9c:37:6b:d1:31:d8:13:33:7a:9a:ea:db:b5:e2:71:4d:d3:5e:b5:c3:18:b5:28:17:1a:cf:e0:1b:18:63:97:b9:1f:2b:0e:ae:86:5b:60:7a:68:29:b3:9d:3d:c4:14:ba:2a:56:23:26:05:6a:51:b4:5d:cd:31:4a:c4:f1:d5:72:16:4f:3c:6d:2e:90:a5:32:f7"
},
"tls": {
"tls.record": {
"tls.record.content_type": "23",
"tls.record.version": "0x00000303",
"tls.record.length": "604",
"tls.app_data": "00:00:00:00:00:00:00:01:0a:c8:f0:e5:78:b7:47:07:a0:1a:7c:5a:7f:83:57:17:79:5c:81:12:ac:06:f6:88:be:75:66:41:6e:44:18:d5:c4:0d:e0:6e:b2:fa:84:4f:42:a1:01:86:99:c5:2b:1c:12:08:72:ea:74:44:9d:de:2f:b8:37:0a:03:ab:4d:f9:6a:5f:b8:87:0b:4f:dc:1d:33:61:a1:49:57:4e:78:06:aa:52:e2:9d:f1:2f:3e:07:9d:25:ec:cb:9a:7e:73:0f:fb:ed:0c:c5:b6:e9:1a:f8:1d:46:cf:05:5e:81:4f:ec:c5:22:1b:4b:26:cf:21:d5:47:d7:3d:dd:ad:2b:58:5c:1d:58:a2:a8:0c:4a:a4:83:ff:70:63:f9:5d:aa:8e:8a:6d:84:db:25:62:3a:c7:27:31:4e:ce:91:8e:8f:89:d9:84:57:63:64:22:48:83:99:ee:2c:8e:5a:fe:7c:0d:1d:26:02:5c:a5:bc:be:8c:7e:95:24:14:7a:be:2b:18:5b:83:3d:dc:d2:46:37:27:c3:a8:be:b2:9d:7b:50:60:9e:20:a6:34:28:ee:60:22:06:fa:24:78:c8:83:2e:25:90:82:d7:6d:06:c6:b2:0b:08:b0:bf:d8:18:55:df:85:00:3d:d1:2d:e0:a9:d9:0c:8e:23:9c:3a:13:48:8b:34:97:03:34:b0:f0:96:00:2e:f8:2d:24:00:00:e6:fd:aa:93:ab:59:66:dc:3f:98:49:96:83:0e:dc:50:e0:29:7b:53:e4:c8:ea:15:3a:e6:93:6d:d2:ed:76:31:6a:77:7b:e8:73:f4:14:0d:6c:3e:4a:f5:9b:ea:47:de:cc:97:9e:4b:7a:ee:c4:3d:ac:9e:ec:5f:f2:f6:37:cb:87:ad:ad:3b:68:94:14:0b:d3:77:65:e3:f4:6e:dc:4b:37:2b:84:cb:18:e6:f8:c4:11:2d:44:ce:02:fa:d3:15:78:98:8f:19:9f:6a:a0:48:86:ef:8d:e4:51:e6:43:9b:4a:cd:99:2f:29:09:37:70:e8:15:ea:11:bb:19:2f:d4:53:0f:27:6d:62:9a:fa:36:14:83:da:06:ac:a3:55:9e:a2:8b:71:1c:e5:f4:28:96:a4:95:eb:13:ee:16:21:0a:3c:07:7c:37:98:7d:1a:80:2c:2a:a1:9c:4e:03:c1:3e:de:0f:61:69:ed:43:1f:78:69:23:99:33:90:37:36:50:17:be:10:1a:d7:b2:be:50:7a:b2:84:83:18:6f:8d:52:48:d3:8c:89:18:9a:05:50:2a:48:d7:2d:d0:59:ea:55:b2:22:d8:1b:c0:b8:bd:80:bb:a6:12:8d:15:d2:8b:37:53:4d:2b:2c:5b:97:a3:47:af:75:d0:9f:aa:bc:48:9c:37:6b:d1:31:d8:13:33:7a:9a:ea:db:b5:e2:71:4d:d3:5e:b5:c3:18:b5:28:17:1a:cf:e0:1b:18:63:97:b9:1f:2b:0e:ae:86:5b:60:7a:68:29:b3:9d:3d:c4:14:ba:2a:56:23:26:05:6a:51:b4:5d:cd:31:4a:c4:f1:d5:72:16:4f:3c:6d:2e:90:a5:32:f7"
}
},
"http": {
"POST /key HTTP/1.1\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "POST /key HTTP/1.1\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.method": "POST",
"http.request.uri": "/key",
"http.request.version": "HTTP/1.1"
},
"http.host": "95.217.22.76",
"http.request.line": "Host: 95.217.22.76\r\n",
"http.connection": "keep-alive",
"http.request.line": "Connection: keep-alive\r\n",
"http.content_length_header": "16",
"http.content_length_header_tree": {
"http.content_length": "16"
},
"http.request.line": "Content-Length: 16\r\n",
"http.accept": "*/*",
"http.request.line": "Accept: */*\r\n",
"http.request.line": "X-Requested-With: XMLHttpRequest\r\n",
"http.user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36",
"http.request.line": "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36\r\n",
"http.content_type": "application/json",
"http.request.line": "Content-Type: application/json\r\n",
"http.request.line": "Origin: https://95.217.22.76\r\n",
"http.request.line": "Sec-Fetch-Site: same-origin\r\n",
"http.request.line": "Sec-Fetch-Mode: cors\r\n",
"http.request.line": "Sec-Fetch-Dest: empty\r\n",
"http.referer": "https://95.217.22.76/",
"http.request.line": "Referer: https://95.217.22.76/\r\n",
"http.accept_encoding": "gzip, deflate, br",
"http.request.line": "Accept-Encoding: gzip, deflate, br\r\n",
"http.accept_language": "ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7",
"http.request.line": "Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7\r\n",
"http.cookie": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c",
"http.cookie_tree": {
"http.cookie_pair": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c"
},
"http.request.line": "Cookie: session=fe307005-3191-4dfb-b04a-d8ee9b720d1c\r\n",
"\\r\\n": "",
"http.request.full_uri": "https://95.217.22.76/key",
"http.request": "1",
"http.request_number": "1",
"http.response_in": "691",
"http.file_data": "{\"x\":318,\"y\":64}"
},
"json": {
"json.object": {
"json.member": {
"json.value.number": "318",
"json.key": "x"
},
"json.member": {
"json.value.number": "64",
"json.key": "y"
}
}
}
}
}
},
{
"_index": "packets-2020-07-13",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.interface_id_tree": {
"frame.interface_name": "wlp3s0"
},
"frame.encap_type": "1",
"frame.time": "Jul 13, 2020 07:46:32.504498626 PDT",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1594651592.504498626",
"frame.time_delta": "0.000315773",
"frame.time_delta_displayed": "1.807190491",
"frame.time_relative": "52.300243625",
"frame.number": "715",
"frame.len": "676",
"frame.cap_len": "676",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "eth:ethertype:ip:tcp:tls:http:json",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"eth": {
"eth.dst": "50:ff:20:10:b1:f0",
"eth.dst_tree": {
"eth.dst_resolved": "Keenetic_10:b1:f0",
"eth.addr": "50:ff:20:10:b1:f0",
"eth.addr_resolved": "Keenetic_10:b1:f0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.src": "8c:70:5a:f5:9b:d0",
"eth.src_tree": {
"eth.src_resolved": "IntelCor_f5:9b:d0",
"eth.addr": "8c:70:5a:f5:9b:d0",
"eth.addr_resolved": "IntelCor_f5:9b:d0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.type": "0x00000800"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000000",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "0"
},
"ip.len": "662",
"ip.id": "0x000024d7",
"ip.flags": "0x00004000",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0",
"ip.frag_offset": "0"
},
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x0000dbb4",
"ip.checksum.status": "2",
"ip.src": "192.168.1.9",
"ip.addr": "192.168.1.9",
"ip.src_host": "192.168.1.9",
"ip.host": "192.168.1.9",
"ip.dst": "95.217.22.76",
"ip.addr": "95.217.22.76",
"ip.dst_host": "95.217.22.76",
"ip.host": "95.217.22.76"
},
"tcp": {
"tcp.srcport": "50490",
"tcp.dstport": "443",
"tcp.port": "50490",
"tcp.port": "443",
"tcp.stream": "50",
"tcp.len": "610",
"tcp.seq": "569",
"tcp.nxtseq": "1179",
"tcp.ack": "142",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "·······AP···"
},
"tcp.window_size_value": "501",
"tcp.window_size": "64128",
"tcp.window_size_scalefactor": "128",
"tcp.checksum": "0x00008015",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:93:68:dd:6f:33:02:27:2c",
"tcp.options_tree": {
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.timestamp": "08:0a:93:68:dd:6f:33:02:27:2c",
"tcp.options.timestamp_tree": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "2473123183",
"tcp.options.timestamp.tsecr": "855779116"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.037592756",
"tcp.analysis.bytes_in_flight": "661",
"tcp.analysis.push_bytes_sent": "610"
},
"Timestamps": {
"tcp.time_relative": "0.082739942",
"tcp.time_delta": "0.000315773"
},
"tcp.payload": "17:03:03:02:5d:00:00:00:00:00:00:00:01:55:6a:30:4d:30:9b:19:a6:c5:2a:5e:8f:f4:3c:ff:0a:12:6b:24:cf:49:26:75:c8:bf:aa:b1:76:94:42:2f:21:82:66:90:90:34:bb:80:ba:a9:06:63:0d:b1:30:5d:0a:2b:72:57:3a:cb:a7:92:ef:f9:f1:d5:93:4e:54:84:c5:b6:f3:15:99:09:5c:03:0f:84:45:56:fa:0a:e5:fc:c3:15:cb:1e:a2:33:86:2d:d5:d5:42:cc:cc:82:39:47:82:14:8d:0c:8f:6b:d0:63:34:36:60:37:23:b6:22:82:d6:5a:ad:23:40:ce:b8:9c:23:6f:b4:d2:8e:43:75:f5:d1:75:6e:79:17:75:36:ba:fe:a2:94:81:e8:33:e7:cc:34:c1:dc:5f:5f:bd:ff:2b:94:1d:b6:2b:8c:7d:da:cb:0c:17:11:eb:82:71:73:6d:64:18:d8:ff:8b:9b:49:dc:73:a9:36:fc:fe:24:67:ff:34:0a:b4:b5:1d:62:5b:d4:b3:fb:4f:66:e1:21:b3:b4:6a:4f:62:18:24:d3:0f:f9:c4:7f:1c:64:a9:cf:7e:4f:9d:d4:73:89:8b:44:6e:db:f1:38:cb:d5:56:87:75:8d:e9:0e:25:51:ea:5a:fa:5d:b7:09:ae:0a:89:10:60:0e:49:3e:56:c2:08:ea:63:bd:4c:06:7a:9e:84:ab:cf:56:fd:fd:10:53:a1:6d:af:af:1b:7f:8e:62:85:f9:26:5b:c1:f6:8a:2c:1d:d1:cf:de:2a:e0:e4:bb:be:70:c1:31:b0:71:95:7c:02:c5:ec:71:f0:e4:98:af:1e:26:4b:30:55:ed:b6:d2:67:64:9f:83:26:fa:cb:8c:54:bc:19:a5:15:15:50:0e:ca:db:76:14:d7:9d:8f:28:4e:26:86:23:f7:0c:3d:a2:ef:23:e1:8b:06:81:4f:a1:c6:a0:95:5b:7d:73:03:04:c2:40:65:00:c3:9d:d6:cb:71:bc:ac:b8:8c:6e:70:53:65:29:97:24:1e:bc:6c:39:84:0d:38:32:06:db:cf:ac:bd:72:ff:c1:f5:4d:94:db:e9:f9:44:9c:68:a0:6b:f0:12:34:54:fe:b1:97:8a:78:fc:9e:4b:2b:d5:9e:87:5c:99:35:61:8e:38:48:dd:81:51:eb:a0:60:ca:ea:cc:f9:44:4e:bd:8b:bc:a6:f2:8b:c4:1d:24:b5:fa:3f:8d:1f:e4:2f:27:45:39:55:19:95:a2:f0:42:6a:ff:95:77:0f:46:9c:49:6c:c7:ea:8a:55:c7:da:2b:43:dd:73:b2:01:f8:35:1f:a7:f8:9a:30:cb:43:41:bf:1f:e6:5c:36:18:6d:fe:2b:e9:62:ea:e7:31:a2:ee:45:f6:cd:20:c2:bb:a4:9e:ae:d1:19:2e:df:dc:54:32:c9:60:5b:9c:87:4d:b1:39:ed:03:c3:a2:77:fd:08:ee:ea:02:17:d9:0b:0d:75:c5:e9:7d:01:f0:8e:d7:8d:68:85:c2:9b:9b:bc:04:dc:9d:df:13:37:32:52:17:ec:36:9d:2e:0b:23:f6:42:76:d0:67:4f:8e:b1:ee:e3:c1:b0"
},
"tls": {
"tls.record": {
"tls.record.content_type": "23",
"tls.record.version": "0x00000303",
"tls.record.length": "605",
"tls.app_data": "00:00:00:00:00:00:00:01:55:6a:30:4d:30:9b:19:a6:c5:2a:5e:8f:f4:3c:ff:0a:12:6b:24:cf:49:26:75:c8:bf:aa:b1:76:94:42:2f:21:82:66:90:90:34:bb:80:ba:a9:06:63:0d:b1:30:5d:0a:2b:72:57:3a:cb:a7:92:ef:f9:f1:d5:93:4e:54:84:c5:b6:f3:15:99:09:5c:03:0f:84:45:56:fa:0a:e5:fc:c3:15:cb:1e:a2:33:86:2d:d5:d5:42:cc:cc:82:39:47:82:14:8d:0c:8f:6b:d0:63:34:36:60:37:23:b6:22:82:d6:5a:ad:23:40:ce:b8:9c:23:6f:b4:d2:8e:43:75:f5:d1:75:6e:79:17:75:36:ba:fe:a2:94:81:e8:33:e7:cc:34:c1:dc:5f:5f:bd:ff:2b:94:1d:b6:2b:8c:7d:da:cb:0c:17:11:eb:82:71:73:6d:64:18:d8:ff:8b:9b:49:dc:73:a9:36:fc:fe:24:67:ff:34:0a:b4:b5:1d:62:5b:d4:b3:fb:4f:66:e1:21:b3:b4:6a:4f:62:18:24:d3:0f:f9:c4:7f:1c:64:a9:cf:7e:4f:9d:d4:73:89:8b:44:6e:db:f1:38:cb:d5:56:87:75:8d:e9:0e:25:51:ea:5a:fa:5d:b7:09:ae:0a:89:10:60:0e:49:3e:56:c2:08:ea:63:bd:4c:06:7a:9e:84:ab:cf:56:fd:fd:10:53:a1:6d:af:af:1b:7f:8e:62:85:f9:26:5b:c1:f6:8a:2c:1d:d1:cf:de:2a:e0:e4:bb:be:70:c1:31:b0:71:95:7c:02:c5:ec:71:f0:e4:98:af:1e:26:4b:30:55:ed:b6:d2:67:64:9f:83:26:fa:cb:8c:54:bc:19:a5:15:15:50:0e:ca:db:76:14:d7:9d:8f:28:4e:26:86:23:f7:0c:3d:a2:ef:23:e1:8b:06:81:4f:a1:c6:a0:95:5b:7d:73:03:04:c2:40:65:00:c3:9d:d6:cb:71:bc:ac:b8:8c:6e:70:53:65:29:97:24:1e:bc:6c:39:84:0d:38:32:06:db:cf:ac:bd:72:ff:c1:f5:4d:94:db:e9:f9:44:9c:68:a0:6b:f0:12:34:54:fe:b1:97:8a:78:fc:9e:4b:2b:d5:9e:87:5c:99:35:61:8e:38:48:dd:81:51:eb:a0:60:ca:ea:cc:f9:44:4e:bd:8b:bc:a6:f2:8b:c4:1d:24:b5:fa:3f:8d:1f:e4:2f:27:45:39:55:19:95:a2:f0:42:6a:ff:95:77:0f:46:9c:49:6c:c7:ea:8a:55:c7:da:2b:43:dd:73:b2:01:f8:35:1f:a7:f8:9a:30:cb:43:41:bf:1f:e6:5c:36:18:6d:fe:2b:e9:62:ea:e7:31:a2:ee:45:f6:cd:20:c2:bb:a4:9e:ae:d1:19:2e:df:dc:54:32:c9:60:5b:9c:87:4d:b1:39:ed:03:c3:a2:77:fd:08:ee:ea:02:17:d9:0b:0d:75:c5:e9:7d:01:f0:8e:d7:8d:68:85:c2:9b:9b:bc:04:dc:9d:df:13:37:32:52:17:ec:36:9d:2e:0b:23:f6:42:76:d0:67:4f:8e:b1:ee:e3:c1:b0"
}
},
"http": {
"POST /key HTTP/1.1\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "POST /key HTTP/1.1\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.method": "POST",
"http.request.uri": "/key",
"http.request.version": "HTTP/1.1"
},
"http.host": "95.217.22.76",
"http.request.line": "Host: 95.217.22.76\r\n",
"http.connection": "keep-alive",
"http.request.line": "Connection: keep-alive\r\n",
"http.content_length_header": "17",
"http.content_length_header_tree": {
"http.content_length": "17"
},
"http.request.line": "Content-Length: 17\r\n",
"http.accept": "*/*",
"http.request.line": "Accept: */*\r\n",
"http.request.line": "X-Requested-With: XMLHttpRequest\r\n",
"http.user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36",
"http.request.line": "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36\r\n",
"http.content_type": "application/json",
"http.request.line": "Content-Type: application/json\r\n",
"http.request.line": "Origin: https://95.217.22.76\r\n",
"http.request.line": "Sec-Fetch-Site: same-origin\r\n",
"http.request.line": "Sec-Fetch-Mode: cors\r\n",
"http.request.line": "Sec-Fetch-Dest: empty\r\n",
"http.referer": "https://95.217.22.76/",
"http.request.line": "Referer: https://95.217.22.76/\r\n",
"http.accept_encoding": "gzip, deflate, br",
"http.request.line": "Accept-Encoding: gzip, deflate, br\r\n",
"http.accept_language": "ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7",
"http.request.line": "Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7\r\n",
"http.cookie": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c",
"http.cookie_tree": {
"http.cookie_pair": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c"
},
"http.request.line": "Cookie: session=fe307005-3191-4dfb-b04a-d8ee9b720d1c\r\n",
"\\r\\n": "",
"http.request.full_uri": "https://95.217.22.76/key",
"http.request": "1",
"http.request_number": "1",
"http.response_in": "720",
"http.file_data": "{\"x\":331,\"y\":186}"
},
"json": {
"json.object": {
"json.member": {
"json.value.number": "331",
"json.key": "x"
},
"json.member": {
"json.value.number": "186",
"json.key": "y"
}
}
}
}
}
},
{
"_index": "packets-2020-07-13",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.interface_id_tree": {
"frame.interface_name": "wlp3s0"
},
"frame.encap_type": "1",
"frame.time": "Jul 13, 2020 07:46:34.105377507 PDT",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1594651594.105377507",
"frame.time_delta": "0.000234699",
"frame.time_delta_displayed": "1.600878881",
"frame.time_relative": "53.901122506",
"frame.number": "744",
"frame.len": "676",
"frame.cap_len": "676",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "eth:ethertype:ip:tcp:tls:http:json",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"eth": {
"eth.dst": "50:ff:20:10:b1:f0",
"eth.dst_tree": {
"eth.dst_resolved": "Keenetic_10:b1:f0",
"eth.addr": "50:ff:20:10:b1:f0",
"eth.addr_resolved": "Keenetic_10:b1:f0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.src": "8c:70:5a:f5:9b:d0",
"eth.src_tree": {
"eth.src_resolved": "IntelCor_f5:9b:d0",
"eth.addr": "8c:70:5a:f5:9b:d0",
"eth.addr_resolved": "IntelCor_f5:9b:d0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.type": "0x00000800"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000000",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "0"
},
"ip.len": "662",
"ip.id": "0x0000b664",
"ip.flags": "0x00004000",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0",
"ip.frag_offset": "0"
},
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x00004a27",
"ip.checksum.status": "2",
"ip.src": "192.168.1.9",
"ip.addr": "192.168.1.9",
"ip.src_host": "192.168.1.9",
"ip.host": "192.168.1.9",
"ip.dst": "95.217.22.76",
"ip.addr": "95.217.22.76",
"ip.dst_host": "95.217.22.76",
"ip.host": "95.217.22.76"
},
"tcp": {
"tcp.srcport": "50494",
"tcp.dstport": "443",
"tcp.port": "50494",
"tcp.port": "443",
"tcp.stream": "52",
"tcp.len": "610",
"tcp.seq": "569",
"tcp.nxtseq": "1179",
"tcp.ack": "142",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "·······AP···"
},
"tcp.window_size_value": "501",
"tcp.window_size": "64128",
"tcp.window_size_scalefactor": "128",
"tcp.checksum": "0x0000a71e",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:93:68:e3:af:33:02:2d:73",
"tcp.options_tree": {
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.timestamp": "08:0a:93:68:e3:af:33:02:2d:73",
"tcp.options.timestamp_tree": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "2473124783",
"tcp.options.timestamp.tsecr": "855780723"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.038497096",
"tcp.analysis.bytes_in_flight": "661",
"tcp.analysis.push_bytes_sent": "610"
},
"Timestamps": {
"tcp.time_relative": "0.077303045",
"tcp.time_delta": "0.000234699"
},
"tcp.payload": "17:03:03:02:5d:00:00:00:00:00:00:00:01:83:4d:fb:6e:02:fa:e5:06:06:f3:4e:84:11:80:94:a4:cb:39:23:f6:b2:85:a6:64:4c:11:09:c3:43:8f:a7:6d:f5:36:c6:83:1d:74:42:74:9c:3c:72:fe:72:58:ab:0c:9a:9a:16:77:f4:dc:9d:4c:06:86:9e:df:25:b9:45:c3:e1:36:29:1f:ec:ab:25:a3:ef:d6:c3:ba:9c:be:f4:0f:b9:8b:a4:04:d6:a2:64:32:9c:10:68:2c:11:ac:4a:8f:70:55:1d:69:71:4e:3b:d2:f8:9d:fb:ec:49:c0:59:d2:bd:49:ce:5d:97:b3:34:1a:8a:8b:4f:87:06:71:ac:d7:71:80:e6:1e:20:42:e9:8a:7b:6a:a2:14:b8:35:d1:3c:6e:81:09:96:f3:4c:56:9b:79:b0:8c:7b:e7:88:07:c7:62:09:3e:41:3f:fd:c2:4f:89:c9:d8:da:0b:7f:43:0a:ab:35:cd:28:53:bd:7a:d0:1d:b1:e9:26:93:97:91:28:ee:b7:c2:ac:69:08:0e:16:30:1e:4b:55:c4:76:60:da:de:8b:0a:ce:22:36:d0:9d:59:ce:f2:e1:c3:20:d2:00:e8:3c:52:dd:0a:55:b4:9c:ee:ac:de:ad:1d:76:30:aa:67:4a:da:76:4f:74:da:a2:1c:0e:7d:63:b5:a0:7f:42:67:d4:67:46:64:dc:fa:3c:8c:99:9c:f7:90:b8:53:0b:eb:9f:5e:ff:e2:15:fe:05:51:a9:5f:70:ef:05:cd:20:b4:a9:cd:09:03:67:df:a7:5f:7e:59:dd:10:25:93:97:b0:e4:f3:18:6d:24:8a:43:b7:be:4b:38:bf:49:7f:28:6b:6a:e3:a6:55:26:5e:fc:f4:98:ab:c2:c9:db:80:d4:8a:03:2e:f8:cc:5c:90:03:31:6e:df:e2:5a:a3:52:27:fc:89:cf:25:92:d8:e3:0c:39:d1:97:dd:db:ee:22:4e:c5:69:54:43:a3:2b:b0:be:2f:83:d7:09:c3:0f:90:de:71:08:38:3d:04:28:90:91:74:32:da:55:25:db:51:06:52:be:9b:32:9d:ea:2e:13:c9:92:57:3f:dd:0f:bb:92:f2:cb:cb:70:6a:a8:20:22:1d:bc:42:c8:f4:28:cf:da:de:fa:52:86:a8:9d:74:8e:55:7b:cc:e7:39:50:4d:44:1d:e9:c6:91:a4:cf:36:3c:84:d9:8d:27:b6:02:3c:72:d0:e4:ab:75:49:48:e7:b6:8e:a8:4b:ef:e1:63:a2:e8:47:71:c7:78:c1:b7:44:e7:4e:3f:c7:8c:08:93:2d:58:e8:8d:5f:0d:2e:51:f2:21:51:7e:b4:c4:84:ed:73:59:23:2f:73:ee:7e:ea:12:59:46:1b:db:a6:84:4c:93:3a:f8:41:1b:34:06:97:c2:2c:88:cc:2e:1b:09:dd:a1:fc:a7:8d:6f:ba:bc:e3:67:6f:d7:3f:30:40:b6:95:f9:9d:95:97:fe:50:75:2c:a9:51:aa:50:44:12:87:b8:76:5e:89:05:e6:3f:d6:f1:e1:7a:1c:f4:12:2b:31:f4:56:3d:81:18:75:e7:a1"
},
"tls": {
"tls.record": {
"tls.record.content_type": "23",
"tls.record.version": "0x00000303",
"tls.record.length": "605",
"tls.app_data": "00:00:00:00:00:00:00:01:83:4d:fb:6e:02:fa:e5:06:06:f3:4e:84:11:80:94:a4:cb:39:23:f6:b2:85:a6:64:4c:11:09:c3:43:8f:a7:6d:f5:36:c6:83:1d:74:42:74:9c:3c:72:fe:72:58:ab:0c:9a:9a:16:77:f4:dc:9d:4c:06:86:9e:df:25:b9:45:c3:e1:36:29:1f:ec:ab:25:a3:ef:d6:c3:ba:9c:be:f4:0f:b9:8b:a4:04:d6:a2:64:32:9c:10:68:2c:11:ac:4a:8f:70:55:1d:69:71:4e:3b:d2:f8:9d:fb:ec:49:c0:59:d2:bd:49:ce:5d:97:b3:34:1a:8a:8b:4f:87:06:71:ac:d7:71:80:e6:1e:20:42:e9:8a:7b:6a:a2:14:b8:35:d1:3c:6e:81:09:96:f3:4c:56:9b:79:b0:8c:7b:e7:88:07:c7:62:09:3e:41:3f:fd:c2:4f:89:c9:d8:da:0b:7f:43:0a:ab:35:cd:28:53:bd:7a:d0:1d:b1:e9:26:93:97:91:28:ee:b7:c2:ac:69:08:0e:16:30:1e:4b:55:c4:76:60:da:de:8b:0a:ce:22:36:d0:9d:59:ce:f2:e1:c3:20:d2:00:e8:3c:52:dd:0a:55:b4:9c:ee:ac:de:ad:1d:76:30:aa:67:4a:da:76:4f:74:da:a2:1c:0e:7d:63:b5:a0:7f:42:67:d4:67:46:64:dc:fa:3c:8c:99:9c:f7:90:b8:53:0b:eb:9f:5e:ff:e2:15:fe:05:51:a9:5f:70:ef:05:cd:20:b4:a9:cd:09:03:67:df:a7:5f:7e:59:dd:10:25:93:97:b0:e4:f3:18:6d:24:8a:43:b7:be:4b:38:bf:49:7f:28:6b:6a:e3:a6:55:26:5e:fc:f4:98:ab:c2:c9:db:80:d4:8a:03:2e:f8:cc:5c:90:03:31:6e:df:e2:5a:a3:52:27:fc:89:cf:25:92:d8:e3:0c:39:d1:97:dd:db:ee:22:4e:c5:69:54:43:a3:2b:b0:be:2f:83:d7:09:c3:0f:90:de:71:08:38:3d:04:28:90:91:74:32:da:55:25:db:51:06:52:be:9b:32:9d:ea:2e:13:c9:92:57:3f:dd:0f:bb:92:f2:cb:cb:70:6a:a8:20:22:1d:bc:42:c8:f4:28:cf:da:de:fa:52:86:a8:9d:74:8e:55:7b:cc:e7:39:50:4d:44:1d:e9:c6:91:a4:cf:36:3c:84:d9:8d:27:b6:02:3c:72:d0:e4:ab:75:49:48:e7:b6:8e:a8:4b:ef:e1:63:a2:e8:47:71:c7:78:c1:b7:44:e7:4e:3f:c7:8c:08:93:2d:58:e8:8d:5f:0d:2e:51:f2:21:51:7e:b4:c4:84:ed:73:59:23:2f:73:ee:7e:ea:12:59:46:1b:db:a6:84:4c:93:3a:f8:41:1b:34:06:97:c2:2c:88:cc:2e:1b:09:dd:a1:fc:a7:8d:6f:ba:bc:e3:67:6f:d7:3f:30:40:b6:95:f9:9d:95:97:fe:50:75:2c:a9:51:aa:50:44:12:87:b8:76:5e:89:05:e6:3f:d6:f1:e1:7a:1c:f4:12:2b:31:f4:56:3d:81:18:75:e7:a1"
}
},
"http": {
"POST /key HTTP/1.1\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "POST /key HTTP/1.1\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.method": "POST",
"http.request.uri": "/key",
"http.request.version": "HTTP/1.1"
},
"http.host": "95.217.22.76",
"http.request.line": "Host: 95.217.22.76\r\n",
"http.connection": "keep-alive",
"http.request.line": "Connection: keep-alive\r\n",
"http.content_length_header": "17",
"http.content_length_header_tree": {
"http.content_length": "17"
},
"http.request.line": "Content-Length: 17\r\n",
"http.accept": "*/*",
"http.request.line": "Accept: */*\r\n",
"http.request.line": "X-Requested-With: XMLHttpRequest\r\n",
"http.user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36",
"http.request.line": "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36\r\n",
"http.content_type": "application/json",
"http.request.line": "Content-Type: application/json\r\n",
"http.request.line": "Origin: https://95.217.22.76\r\n",
"http.request.line": "Sec-Fetch-Site: same-origin\r\n",
"http.request.line": "Sec-Fetch-Mode: cors\r\n",
"http.request.line": "Sec-Fetch-Dest: empty\r\n",
"http.referer": "https://95.217.22.76/",
"http.request.line": "Referer: https://95.217.22.76/\r\n",
"http.accept_encoding": "gzip, deflate, br",
"http.request.line": "Accept-Encoding: gzip, deflate, br\r\n",
"http.accept_language": "ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7",
"http.request.line": "Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7\r\n",
"http.cookie": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c",
"http.cookie_tree": {
"http.cookie_pair": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c"
},
"http.request.line": "Cookie: session=fe307005-3191-4dfb-b04a-d8ee9b720d1c\r\n",
"\\r\\n": "",
"http.request.full_uri": "https://95.217.22.76/key",
"http.request": "1",
"http.request_number": "1",
"http.response_in": "749",
"http.file_data": "{\"x\":409,\"y\":153}"
},
"json": {
"json.object": {
"json.member": {
"json.value.number": "409",
"json.key": "x"
},
"json.member": {
"json.value.number": "153",
"json.key": "y"
}
}
}
}
}
},
{
"_index": "packets-2020-07-13",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.interface_id_tree": {
"frame.interface_name": "wlp3s0"
},
"frame.encap_type": "1",
"frame.time": "Jul 13, 2020 07:46:35.875274887 PDT",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1594651595.875274887",
"frame.time_delta": "0.000453674",
"frame.time_delta_displayed": "1.769897380",
"frame.time_relative": "55.671019886",
"frame.number": "773",
"frame.len": "676",
"frame.cap_len": "676",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "eth:ethertype:ip:tcp:tls:http:json",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"eth": {
"eth.dst": "50:ff:20:10:b1:f0",
"eth.dst_tree": {
"eth.dst_resolved": "Keenetic_10:b1:f0",
"eth.addr": "50:ff:20:10:b1:f0",
"eth.addr_resolved": "Keenetic_10:b1:f0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.src": "8c:70:5a:f5:9b:d0",
"eth.src_tree": {
"eth.src_resolved": "IntelCor_f5:9b:d0",
"eth.addr": "8c:70:5a:f5:9b:d0",
"eth.addr_resolved": "IntelCor_f5:9b:d0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.type": "0x00000800"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000000",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "0"
},
"ip.len": "662",
"ip.id": "0x00007949",
"ip.flags": "0x00004000",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0",
"ip.frag_offset": "0"
},
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x00008742",
"ip.checksum.status": "2",
"ip.src": "192.168.1.9",
"ip.addr": "192.168.1.9",
"ip.src_host": "192.168.1.9",
"ip.host": "192.168.1.9",
"ip.dst": "95.217.22.76",
"ip.addr": "95.217.22.76",
"ip.dst_host": "95.217.22.76",
"ip.host": "95.217.22.76"
},
"tcp": {
"tcp.srcport": "50498",
"tcp.dstport": "443",
"tcp.port": "50498",
"tcp.port": "443",
"tcp.stream": "54",
"tcp.len": "610",
"tcp.seq": "569",
"tcp.nxtseq": "1179",
"tcp.ack": "142",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "·······AP···"
},
"tcp.window_size_value": "501",
"tcp.window_size": "64128",
"tcp.window_size_scalefactor": "128",
"tcp.checksum": "0x000004cc",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:93:68:ea:99:33:02:34:56",
"tcp.options_tree": {
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.timestamp": "08:0a:93:68:ea:99:33:02:34:56",
"tcp.options.timestamp_tree": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "2473126553",
"tcp.options.timestamp.tsecr": "855782486"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.039733128",
"tcp.analysis.bytes_in_flight": "661",
"tcp.analysis.push_bytes_sent": "610"
},
"Timestamps": {
"tcp.time_relative": "0.085286074",
"tcp.time_delta": "0.000453674"
},
"tcp.payload": "17:03:03:02:5d:00:00:00:00:00:00:00:01:27:4f:61:3d:99:61:45:52:c8:1b:88:1c:0c:30:41:99:b4:30:a1:76:20:c2:76:47:34:39:82:11:4d:3e:d5:68:7b:1c:0e:e4:13:cc:87:22:af:70:cd:15:fb:d4:e6:e9:66:33:1d:b6:bf:bd:df:0e:4d:a6:1b:1f:6d:35:b9:62:d2:ff:c3:47:f6:ab:01:5f:e6:33:83:04:5e:8c:69:90:c9:17:3c:fe:93:b2:94:80:41:20:8f:f2:08:47:76:8c:d5:50:01:0d:63:60:06:c3:94:55:74:41:cc:96:b9:82:a0:ab:a9:21:f0:c2:94:95:f8:a0:6f:fb:08:d5:e1:81:57:09:63:25:dc:fb:44:02:e3:aa:d4:db:cb:1b:12:ff:8f:88:d0:42:c4:ed:35:54:38:3f:dd:9e:80:39:c4:d8:b0:c8:7e:77:7e:7f:51:c2:f9:9f:8f:3f:62:a9:22:8a:e8:c7:a5:e1:35:39:97:ca:8e:40:cf:e9:f0:79:7e:50:be:e3:4d:c1:e2:4f:8f:bf:e3:bc:9e:c7:6d:d1:dd:c7:73:f4:3b:28:bf:38:c9:4f:30:c4:e3:bd:0e:e3:67:1b:a0:fc:39:c9:f3:4e:4a:b2:b4:5f:ce:af:c3:5a:33:a5:02:ac:f9:12:f7:7d:05:eb:02:19:c4:1f:fb:a2:21:ed:2c:ca:1b:55:19:d1:60:e3:20:e9:0a:4d:e6:f1:b4:0b:4e:1d:c8:da:a7:84:9e:cb:c0:20:88:06:44:f0:7b:2a:2e:4f:ec:bb:2e:dc:2a:87:1d:fc:85:ab:47:14:9a:e2:96:f5:ae:66:95:c0:41:99:62:64:49:35:a1:cf:11:19:f4:05:b1:7d:f8:f3:34:77:4d:f1:10:f0:8b:e1:e4:71:cd:5a:03:3d:18:9c:48:d3:5e:b3:c3:5a:a2:25:bd:dd:83:ae:c6:7c:50:94:2c:1b:e7:4a:f7:0c:de:66:0a:54:09:75:37:c3:78:85:96:bb:84:8f:c2:73:24:c7:9d:b4:34:a1:f1:76:1d:9f:ce:29:19:1f:c9:08:64:35:c1:84:b1:b5:93:3a:c5:ba:7f:a9:a9:af:51:86:6f:ce:0d:06:66:5d:6b:e6:82:25:49:aa:65:38:ea:7e:be:c3:83:19:84:5a:7e:a7:3d:f4:a2:be:d1:55:89:07:a2:52:aa:88:8e:cc:21:62:f1:b4:61:fc:9c:78:06:bf:51:82:a6:e0:9a:62:6a:7f:35:bf:d9:0e:34:88:aa:59:95:8a:70:7e:e4:5a:ac:d3:fa:7e:14:2b:2b:99:a9:68:9d:49:39:5d:d3:32:a8:e1:fe:3b:1e:2d:5b:9d:f5:a4:e7:73:99:38:26:66:42:e5:22:02:c2:0d:64:fc:13:cc:d7:66:c1:4f:6c:26:ad:80:2c:0c:29:cd:e3:0b:8a:fb:ab:04:9f:27:f5:9d:69:64:72:4d:8a:91:2e:23:24:18:36:46:be:0c:c8:65:92:8f:3b:59:32:f0:05:21:31:f8:ec:a4:fc:bf:14:f1:0e:01:d3:cc:3d:bb:4c:db:66:57:20:ea:e2:8e:85:85:e8:c8:ca"
},
"tls": {
"tls.record": {
"tls.record.content_type": "23",
"tls.record.version": "0x00000303",
"tls.record.length": "605",
"tls.app_data": "00:00:00:00:00:00:00:01:27:4f:61:3d:99:61:45:52:c8:1b:88:1c:0c:30:41:99:b4:30:a1:76:20:c2:76:47:34:39:82:11:4d:3e:d5:68:7b:1c:0e:e4:13:cc:87:22:af:70:cd:15:fb:d4:e6:e9:66:33:1d:b6:bf:bd:df:0e:4d:a6:1b:1f:6d:35:b9:62:d2:ff:c3:47:f6:ab:01:5f:e6:33:83:04:5e:8c:69:90:c9:17:3c:fe:93:b2:94:80:41:20:8f:f2:08:47:76:8c:d5:50:01:0d:63:60:06:c3:94:55:74:41:cc:96:b9:82:a0:ab:a9:21:f0:c2:94:95:f8:a0:6f:fb:08:d5:e1:81:57:09:63:25:dc:fb:44:02:e3:aa:d4:db:cb:1b:12:ff:8f:88:d0:42:c4:ed:35:54:38:3f:dd:9e:80:39:c4:d8:b0:c8:7e:77:7e:7f:51:c2:f9:9f:8f:3f:62:a9:22:8a:e8:c7:a5:e1:35:39:97:ca:8e:40:cf:e9:f0:79:7e:50:be:e3:4d:c1:e2:4f:8f:bf:e3:bc:9e:c7:6d:d1:dd:c7:73:f4:3b:28:bf:38:c9:4f:30:c4:e3:bd:0e:e3:67:1b:a0:fc:39:c9:f3:4e:4a:b2:b4:5f:ce:af:c3:5a:33:a5:02:ac:f9:12:f7:7d:05:eb:02:19:c4:1f:fb:a2:21:ed:2c:ca:1b:55:19:d1:60:e3:20:e9:0a:4d:e6:f1:b4:0b:4e:1d:c8:da:a7:84:9e:cb:c0:20:88:06:44:f0:7b:2a:2e:4f:ec:bb:2e:dc:2a:87:1d:fc:85:ab:47:14:9a:e2:96:f5:ae:66:95:c0:41:99:62:64:49:35:a1:cf:11:19:f4:05:b1:7d:f8:f3:34:77:4d:f1:10:f0:8b:e1:e4:71:cd:5a:03:3d:18:9c:48:d3:5e:b3:c3:5a:a2:25:bd:dd:83:ae:c6:7c:50:94:2c:1b:e7:4a:f7:0c:de:66:0a:54:09:75:37:c3:78:85:96:bb:84:8f:c2:73:24:c7:9d:b4:34:a1:f1:76:1d:9f:ce:29:19:1f:c9:08:64:35:c1:84:b1:b5:93:3a:c5:ba:7f:a9:a9:af:51:86:6f:ce:0d:06:66:5d:6b:e6:82:25:49:aa:65:38:ea:7e:be:c3:83:19:84:5a:7e:a7:3d:f4:a2:be:d1:55:89:07:a2:52:aa:88:8e:cc:21:62:f1:b4:61:fc:9c:78:06:bf:51:82:a6:e0:9a:62:6a:7f:35:bf:d9:0e:34:88:aa:59:95:8a:70:7e:e4:5a:ac:d3:fa:7e:14:2b:2b:99:a9:68:9d:49:39:5d:d3:32:a8:e1:fe:3b:1e:2d:5b:9d:f5:a4:e7:73:99:38:26:66:42:e5:22:02:c2:0d:64:fc:13:cc:d7:66:c1:4f:6c:26:ad:80:2c:0c:29:cd:e3:0b:8a:fb:ab:04:9f:27:f5:9d:69:64:72:4d:8a:91:2e:23:24:18:36:46:be:0c:c8:65:92:8f:3b:59:32:f0:05:21:31:f8:ec:a4:fc:bf:14:f1:0e:01:d3:cc:3d:bb:4c:db:66:57:20:ea:e2:8e:85:85:e8:c8:ca"
}
},
"http": {
"POST /key HTTP/1.1\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "POST /key HTTP/1.1\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.method": "POST",
"http.request.uri": "/key",
"http.request.version": "HTTP/1.1"
},
"http.host": "95.217.22.76",
"http.request.line": "Host: 95.217.22.76\r\n",
"http.connection": "keep-alive",
"http.request.line": "Connection: keep-alive\r\n",
"http.content_length_header": "17",
"http.content_length_header_tree": {
"http.content_length": "17"
},
"http.request.line": "Content-Length: 17\r\n",
"http.accept": "*/*",
"http.request.line": "Accept: */*\r\n",
"http.request.line": "X-Requested-With: XMLHttpRequest\r\n",
"http.user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36",
"http.request.line": "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36\r\n",
"http.content_type": "application/json",
"http.request.line": "Content-Type: application/json\r\n",
"http.request.line": "Origin: https://95.217.22.76\r\n",
"http.request.line": "Sec-Fetch-Site: same-origin\r\n",
"http.request.line": "Sec-Fetch-Mode: cors\r\n",
"http.request.line": "Sec-Fetch-Dest: empty\r\n",
"http.referer": "https://95.217.22.76/",
"http.request.line": "Referer: https://95.217.22.76/\r\n",
"http.accept_encoding": "gzip, deflate, br",
"http.request.line": "Accept-Encoding: gzip, deflate, br\r\n",
"http.accept_language": "ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7",
"http.request.line": "Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7\r\n",
"http.cookie": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c",
"http.cookie_tree": {
"http.cookie_pair": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c"
},
"http.request.line": "Cookie: session=fe307005-3191-4dfb-b04a-d8ee9b720d1c\r\n",
"\\r\\n": "",
"http.request.full_uri": "https://95.217.22.76/key",
"http.request": "1",
"http.request_number": "1",
"http.response_in": "778",
"http.file_data": "{\"x\":483,\"y\":110}"
},
"json": {
"json.object": {
"json.member": {
"json.value.number": "483",
"json.key": "x"
},
"json.member": {
"json.value.number": "110",
"json.key": "y"
}
}
}
}
}
},
{
"_index": "packets-2020-07-13",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.interface_id_tree": {
"frame.interface_name": "wlp3s0"
},
"frame.encap_type": "1",
"frame.time": "Jul 13, 2020 07:46:37.686880530 PDT",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1594651597.686880530",
"frame.time_delta": "0.000293986",
"frame.time_delta_displayed": "1.811605643",
"frame.time_relative": "57.482625529",
"frame.number": "801",
"frame.len": "674",
"frame.cap_len": "674",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "eth:ethertype:ip:tcp:tls:http:json",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"eth": {
"eth.dst": "50:ff:20:10:b1:f0",
"eth.dst_tree": {
"eth.dst_resolved": "Keenetic_10:b1:f0",
"eth.addr": "50:ff:20:10:b1:f0",
"eth.addr_resolved": "Keenetic_10:b1:f0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.src": "8c:70:5a:f5:9b:d0",
"eth.src_tree": {
"eth.src_resolved": "IntelCor_f5:9b:d0",
"eth.addr": "8c:70:5a:f5:9b:d0",
"eth.addr_resolved": "IntelCor_f5:9b:d0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.type": "0x00000800"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000000",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "0"
},
"ip.len": "660",
"ip.id": "0x000013b9",
"ip.flags": "0x00004000",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0",
"ip.frag_offset": "0"
},
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x0000ecd4",
"ip.checksum.status": "2",
"ip.src": "192.168.1.9",
"ip.addr": "192.168.1.9",
"ip.src_host": "192.168.1.9",
"ip.host": "192.168.1.9",
"ip.dst": "95.217.22.76",
"ip.addr": "95.217.22.76",
"ip.dst_host": "95.217.22.76",
"ip.host": "95.217.22.76"
},
"tcp": {
"tcp.srcport": "50502",
"tcp.dstport": "443",
"tcp.port": "50502",
"tcp.port": "443",
"tcp.stream": "56",
"tcp.len": "608",
"tcp.seq": "569",
"tcp.nxtseq": "1177",
"tcp.ack": "142",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "·······AP···"
},
"tcp.window_size_value": "501",
"tcp.window_size": "64128",
"tcp.window_size_scalefactor": "128",
"tcp.checksum": "0x0000d673",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:93:68:f1:ad:33:02:3b:6e",
"tcp.options_tree": {
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.timestamp": "08:0a:93:68:f1:ad:33:02:3b:6e",
"tcp.options.timestamp_tree": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "2473128365",
"tcp.options.timestamp.tsecr": "855784302"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.037419254",
"tcp.analysis.bytes_in_flight": "659",
"tcp.analysis.push_bytes_sent": "608"
},
"Timestamps": {
"tcp.time_relative": "0.078766856",
"tcp.time_delta": "0.000293986"
},
"tcp.payload": "17:03:03:02:5b:00:00:00:00:00:00:00:01:e7:2e:7b:f0:9f:fc:ee:10:18:b6:0a:6f:63:2c:bc:dd:94:4b:89:31:ed:59:6f:98:d8:a1:6b:88:d1:13:d4:28:eb:ed:99:98:c3:71:7f:d6:d9:16:c2:ef:70:09:5b:7b:58:d8:fa:f4:e6:43:e4:79:1c:cf:e7:e8:c5:64:4d:18:17:4d:15:0e:ac:0e:6a:39:e4:29:82:b0:a6:d0:3c:11:a5:1f:dc:32:c3:4f:21:78:99:c9:d1:2c:60:81:2a:50:0f:e5:57:2e:02:13:b1:09:c0:fb:48:6e:46:f5:55:4b:fc:fd:ca:c8:4e:c0:f6:c1:64:72:df:87:30:b0:77:5a:10:b3:88:69:33:25:f4:79:3c:6d:a7:93:e7:66:5c:89:7d:b4:3a:b4:47:07:81:22:2e:2a:fa:8c:f8:0e:b0:cd:1e:95:89:74:fc:5d:cc:51:1c:5d:30:15:2e:76:0d:3a:21:16:de:4d:85:27:d2:2f:f8:c5:b6:16:86:43:4f:7e:6e:2c:3f:10:9c:70:b5:4e:f1:f7:b4:4b:77:9a:11:d6:25:bf:d2:ee:f4:7c:f0:95:bc:c3:00:83:ed:48:68:71:af:4e:67:64:7e:89:bd:70:d8:7b:c0:0a:db:8e:1e:c7:5e:7d:76:4a:b4:53:6d:65:29:a4:97:04:9c:77:b6:54:8c:a3:10:a2:be:f7:da:41:6e:de:30:46:d9:77:1e:c8:14:61:75:39:f1:34:35:7a:1a:9a:0d:5d:2c:df:54:4e:3f:1c:5b:be:29:d0:7e:7f:4f:c8:21:da:d5:2b:a5:74:91:c6:98:14:95:7e:d0:62:ce:fd:c2:29:e2:35:fe:60:50:da:a1:a2:e2:bd:74:84:a7:95:90:07:34:ca:16:a6:52:52:41:03:43:54:07:10:85:1a:39:ab:90:ac:f4:1e:56:05:63:ab:49:50:f2:64:b3:ea:6b:52:97:70:18:e9:cf:93:4d:35:4e:83:a2:e4:45:dc:f3:43:a5:04:01:18:4b:c1:1f:8f:8f:94:99:5c:ec:da:96:3b:e9:94:72:2a:a0:81:6e:08:e9:d5:4f:2c:a3:b1:e3:d7:1b:73:de:a0:14:24:26:e7:5d:f9:ef:d2:4d:4c:ef:0f:42:75:c3:85:ca:25:93:ba:43:59:fa:c2:62:af:0e:5f:ea:fe:da:5a:6b:23:90:51:ea:47:e5:26:90:c4:38:3b:90:76:6d:36:48:6c:22:8b:a6:5e:c7:68:7e:7c:c3:d2:25:b7:9c:2a:83:81:07:3d:89:50:7f:b4:c4:11:42:95:70:15:a0:7e:4c:41:9c:32:00:9b:b9:d6:9b:80:0e:4f:97:a0:15:99:a0:91:d8:c1:d5:47:a8:b4:55:b6:f5:23:e7:db:ed:62:be:5b:9a:49:39:95:70:8f:38:23:ae:a7:f2:95:ca:e4:6f:d1:95:da:ae:43:f9:16:80:42:c2:68:f4:b9:bd:43:13:2b:c7:7c:cf:b1:8b:c3:a0:6e:2a:d0:51:0b:64:dc:50:46:43:10:67:8d:90:73:a0:39:a8:fe:50:f9:ca:8e:5f:79:1f"
},
"tls": {
"tls.record": {
"tls.record.content_type": "23",
"tls.record.version": "0x00000303",
"tls.record.length": "603",
"tls.app_data": "00:00:00:00:00:00:00:01:e7:2e:7b:f0:9f:fc:ee:10:18:b6:0a:6f:63:2c:bc:dd:94:4b:89:31:ed:59:6f:98:d8:a1:6b:88:d1:13:d4:28:eb:ed:99:98:c3:71:7f:d6:d9:16:c2:ef:70:09:5b:7b:58:d8:fa:f4:e6:43:e4:79:1c:cf:e7:e8:c5:64:4d:18:17:4d:15:0e:ac:0e:6a:39:e4:29:82:b0:a6:d0:3c:11:a5:1f:dc:32:c3:4f:21:78:99:c9:d1:2c:60:81:2a:50:0f:e5:57:2e:02:13:b1:09:c0:fb:48:6e:46:f5:55:4b:fc:fd:ca:c8:4e:c0:f6:c1:64:72:df:87:30:b0:77:5a:10:b3:88:69:33:25:f4:79:3c:6d:a7:93:e7:66:5c:89:7d:b4:3a:b4:47:07:81:22:2e:2a:fa:8c:f8:0e:b0:cd:1e:95:89:74:fc:5d:cc:51:1c:5d:30:15:2e:76:0d:3a:21:16:de:4d:85:27:d2:2f:f8:c5:b6:16:86:43:4f:7e:6e:2c:3f:10:9c:70:b5:4e:f1:f7:b4:4b:77:9a:11:d6:25:bf:d2:ee:f4:7c:f0:95:bc:c3:00:83:ed:48:68:71:af:4e:67:64:7e:89:bd:70:d8:7b:c0:0a:db:8e:1e:c7:5e:7d:76:4a:b4:53:6d:65:29:a4:97:04:9c:77:b6:54:8c:a3:10:a2:be:f7:da:41:6e:de:30:46:d9:77:1e:c8:14:61:75:39:f1:34:35:7a:1a:9a:0d:5d:2c:df:54:4e:3f:1c:5b:be:29:d0:7e:7f:4f:c8:21:da:d5:2b:a5:74:91:c6:98:14:95:7e:d0:62:ce:fd:c2:29:e2:35:fe:60:50:da:a1:a2:e2:bd:74:84:a7:95:90:07:34:ca:16:a6:52:52:41:03:43:54:07:10:85:1a:39:ab:90:ac:f4:1e:56:05:63:ab:49:50:f2:64:b3:ea:6b:52:97:70:18:e9:cf:93:4d:35:4e:83:a2:e4:45:dc:f3:43:a5:04:01:18:4b:c1:1f:8f:8f:94:99:5c:ec:da:96:3b:e9:94:72:2a:a0:81:6e:08:e9:d5:4f:2c:a3:b1:e3:d7:1b:73:de:a0:14:24:26:e7:5d:f9:ef:d2:4d:4c:ef:0f:42:75:c3:85:ca:25:93:ba:43:59:fa:c2:62:af:0e:5f:ea:fe:da:5a:6b:23:90:51:ea:47:e5:26:90:c4:38:3b:90:76:6d:36:48:6c:22:8b:a6:5e:c7:68:7e:7c:c3:d2:25:b7:9c:2a:83:81:07:3d:89:50:7f:b4:c4:11:42:95:70:15:a0:7e:4c:41:9c:32:00:9b:b9:d6:9b:80:0e:4f:97:a0:15:99:a0:91:d8:c1:d5:47:a8:b4:55:b6:f5:23:e7:db:ed:62:be:5b:9a:49:39:95:70:8f:38:23:ae:a7:f2:95:ca:e4:6f:d1:95:da:ae:43:f9:16:80:42:c2:68:f4:b9:bd:43:13:2b:c7:7c:cf:b1:8b:c3:a0:6e:2a:d0:51:0b:64:dc:50:46:43:10:67:8d:90:73:a0:39:a8:fe:50:f9:ca:8e:5f:79:1f"
}
},
"http": {
"POST /key HTTP/1.1\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "POST /key HTTP/1.1\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.method": "POST",
"http.request.uri": "/key",
"http.request.version": "HTTP/1.1"
},
"http.host": "95.217.22.76",
"http.request.line": "Host: 95.217.22.76\r\n",
"http.connection": "keep-alive",
"http.request.line": "Connection: keep-alive\r\n",
"http.content_length_header": "15",
"http.content_length_header_tree": {
"http.content_length": "15"
},
"http.request.line": "Content-Length: 15\r\n",
"http.accept": "*/*",
"http.request.line": "Accept: */*\r\n",
"http.request.line": "X-Requested-With: XMLHttpRequest\r\n",
"http.user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36",
"http.request.line": "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36\r\n",
"http.content_type": "application/json",
"http.request.line": "Content-Type: application/json\r\n",
"http.request.line": "Origin: https://95.217.22.76\r\n",
"http.request.line": "Sec-Fetch-Site: same-origin\r\n",
"http.request.line": "Sec-Fetch-Mode: cors\r\n",
"http.request.line": "Sec-Fetch-Dest: empty\r\n",
"http.referer": "https://95.217.22.76/",
"http.request.line": "Referer: https://95.217.22.76/\r\n",
"http.accept_encoding": "gzip, deflate, br",
"http.request.line": "Accept-Encoding: gzip, deflate, br\r\n",
"http.accept_language": "ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7",
"http.request.line": "Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7\r\n",
"http.cookie": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c",
"http.cookie_tree": {
"http.cookie_pair": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c"
},
"http.request.line": "Cookie: session=fe307005-3191-4dfb-b04a-d8ee9b720d1c\r\n",
"\\r\\n": "",
"http.request.full_uri": "https://95.217.22.76/key",
"http.request": "1",
"http.request_number": "1",
"http.response_in": "806",
"http.file_data": "{\"x\":43,\"y\":22}"
},
"json": {
"json.object": {
"json.member": {
"json.value.number": "43",
"json.key": "x"
},
"json.member": {
"json.value.number": "22",
"json.key": "y"
}
}
}
}
}
},
{
"_index": "packets-2020-07-13",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.interface_id_tree": {
"frame.interface_name": "wlp3s0"
},
"frame.encap_type": "1",
"frame.time": "Jul 13, 2020 07:46:40.730201552 PDT",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1594651600.730201552",
"frame.time_delta": "0.000482592",
"frame.time_delta_displayed": "3.043321022",
"frame.time_relative": "60.525946551",
"frame.number": "829",
"frame.len": "675",
"frame.cap_len": "675",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "eth:ethertype:ip:tcp:tls:http:json",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"eth": {
"eth.dst": "50:ff:20:10:b1:f0",
"eth.dst_tree": {
"eth.dst_resolved": "Keenetic_10:b1:f0",
"eth.addr": "50:ff:20:10:b1:f0",
"eth.addr_resolved": "Keenetic_10:b1:f0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.src": "8c:70:5a:f5:9b:d0",
"eth.src_tree": {
"eth.src_resolved": "IntelCor_f5:9b:d0",
"eth.addr": "8c:70:5a:f5:9b:d0",
"eth.addr_resolved": "IntelCor_f5:9b:d0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.type": "0x00000800"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000000",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "0"
},
"ip.len": "661",
"ip.id": "0x0000d694",
"ip.flags": "0x00004000",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0",
"ip.frag_offset": "0"
},
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x000029f8",
"ip.checksum.status": "2",
"ip.src": "192.168.1.9",
"ip.addr": "192.168.1.9",
"ip.src_host": "192.168.1.9",
"ip.host": "192.168.1.9",
"ip.dst": "95.217.22.76",
"ip.addr": "95.217.22.76",
"ip.dst_host": "95.217.22.76",
"ip.host": "95.217.22.76"
},
"tcp": {
"tcp.srcport": "50506",
"tcp.dstport": "443",
"tcp.port": "50506",
"tcp.port": "443",
"tcp.stream": "58",
"tcp.len": "609",
"tcp.seq": "569",
"tcp.nxtseq": "1178",
"tcp.ack": "142",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "·······AP···"
},
"tcp.window_size_value": "501",
"tcp.window_size": "64128",
"tcp.window_size_scalefactor": "128",
"tcp.checksum": "0x0000a757",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:93:68:fd:90:33:02:47:53",
"tcp.options_tree": {
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.timestamp": "08:0a:93:68:fd:90:33:02:47:53",
"tcp.options.timestamp_tree": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "2473131408",
"tcp.options.timestamp.tsecr": "855787347"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.049899361",
"tcp.analysis.bytes_in_flight": "660",
"tcp.analysis.push_bytes_sent": "609"
},
"Timestamps": {
"tcp.time_relative": "0.089202619",
"tcp.time_delta": "0.000482592"
},
"tcp.payload": "17:03:03:02:5c:00:00:00:00:00:00:00:01:a2:f5:3e:12:ed:f2:39:85:4b:04:21:f7:33:ab:78:b2:e2:7f:62:be:90:7d:fd:50:d6:5d:77:90:0d:4c:f0:f0:d9:27:00:10:ea:3b:d9:77:b5:b5:de:91:8b:3d:f7:78:02:13:dc:a0:44:6b:0d:fc:e4:32:7c:8b:41:d7:19:35:c1:d6:c5:92:fd:3b:5b:09:93:f5:8f:c7:d1:3a:88:ce:e9:7a:0a:46:3c:66:00:2f:94:a3:dc:36:d7:12:ce:02:89:f5:41:b1:e9:63:a7:9c:b2:1f:36:bf:b9:54:51:e7:ca:bd:7b:01:ee:87:3f:e8:02:20:11:1d:83:e7:aa:7b:a8:de:d7:bb:24:73:03:77:38:f1:84:f7:bf:76:cb:3f:ea:32:92:6c:52:8e:e5:76:3e:6f:6f:66:a7:f9:74:88:64:78:da:b5:eb:e2:93:24:65:9c:36:e5:33:b0:b3:71:28:3f:d1:74:65:55:53:2c:ab:c0:18:bd:b3:b2:f9:00:6f:f8:96:c1:d7:f2:ff:89:14:e0:ec:eb:74:99:8b:b0:de:22:a8:17:93:3a:af:32:bc:a8:b0:12:25:44:72:0e:7f:da:50:79:d6:d3:aa:aa:81:dc:f4:55:f1:e0:23:fe:39:05:86:67:80:8a:4a:e7:23:bc:13:de:87:ff:33:be:89:7f:39:06:e3:0b:90:32:2a:ee:66:04:05:bb:63:71:32:64:cc:8a:c3:f1:4e:a6:56:53:04:fc:ff:93:8d:17:d2:ff:b3:f5:cf:39:64:10:16:de:ca:36:f2:fe:32:c4:d3:27:78:b0:b8:2e:9b:3b:73:19:87:11:2a:31:6c:20:8e:4c:40:16:c8:82:06:18:17:41:fe:6b:56:6f:b7:f4:b7:29:c4:4f:44:7d:b7:82:45:ce:df:30:6e:05:62:88:f3:96:d7:3a:e1:ab:14:7d:4b:2a:b6:51:ef:60:2c:b7:6d:df:bd:c5:4e:0c:cf:92:cf:3a:e9:3a:ef:9e:95:af:fa:3f:d1:4e:50:ff:9e:ce:a0:5d:34:f5:d4:21:11:1a:43:b1:7d:f8:26:c2:02:d8:6a:fb:8f:bc:db:6f:f4:9d:8f:23:fb:09:79:a2:aa:4b:51:26:b3:08:b4:a0:44:9a:48:df:ac:ee:c1:48:67:65:3e:e9:a7:e9:cd:22:bc:34:9f:31:18:e9:f9:ca:59:bb:be:f6:7f:29:52:0d:51:b3:d0:6f:2c:3e:17:49:15:25:02:2c:ae:cc:f5:a2:6c:52:9a:70:ee:a7:3d:32:84:88:d2:e6:5b:da:0d:c5:06:57:ba:a0:8f:f9:72:7b:36:2e:54:8f:d2:69:d6:a9:5e:1c:fd:f3:d5:ff:35:de:16:ec:23:20:dd:ec:73:00:76:0c:8e:4e:28:17:f0:a5:da:7f:12:f6:1f:86:0f:89:bd:29:5a:be:6a:8d:96:77:3e:89:9e:3e:34:08:71:f8:4e:c6:b8:d3:10:49:48:1d:27:2b:e1:f8:9c:67:4f:ae:52:3a:8a:41:f2:a6:7f:9b:db:e5:7e:f8:a8:da:b0:6f:02:48:9d:27:16:96"
},
"tls": {
"tls.record": {
"tls.record.content_type": "23",
"tls.record.version": "0x00000303",
"tls.record.length": "604",
"tls.app_data": "00:00:00:00:00:00:00:01:a2:f5:3e:12:ed:f2:39:85:4b:04:21:f7:33:ab:78:b2:e2:7f:62:be:90:7d:fd:50:d6:5d:77:90:0d:4c:f0:f0:d9:27:00:10:ea:3b:d9:77:b5:b5:de:91:8b:3d:f7:78:02:13:dc:a0:44:6b:0d:fc:e4:32:7c:8b:41:d7:19:35:c1:d6:c5:92:fd:3b:5b:09:93:f5:8f:c7:d1:3a:88:ce:e9:7a:0a:46:3c:66:00:2f:94:a3:dc:36:d7:12:ce:02:89:f5:41:b1:e9:63:a7:9c:b2:1f:36:bf:b9:54:51:e7:ca:bd:7b:01:ee:87:3f:e8:02:20:11:1d:83:e7:aa:7b:a8:de:d7:bb:24:73:03:77:38:f1:84:f7:bf:76:cb:3f:ea:32:92:6c:52:8e:e5:76:3e:6f:6f:66:a7:f9:74:88:64:78:da:b5:eb:e2:93:24:65:9c:36:e5:33:b0:b3:71:28:3f:d1:74:65:55:53:2c:ab:c0:18:bd:b3:b2:f9:00:6f:f8:96:c1:d7:f2:ff:89:14:e0:ec:eb:74:99:8b:b0:de:22:a8:17:93:3a:af:32:bc:a8:b0:12:25:44:72:0e:7f:da:50:79:d6:d3:aa:aa:81:dc:f4:55:f1:e0:23:fe:39:05:86:67:80:8a:4a:e7:23:bc:13:de:87:ff:33:be:89:7f:39:06:e3:0b:90:32:2a:ee:66:04:05:bb:63:71:32:64:cc:8a:c3:f1:4e:a6:56:53:04:fc:ff:93:8d:17:d2:ff:b3:f5:cf:39:64:10:16:de:ca:36:f2:fe:32:c4:d3:27:78:b0:b8:2e:9b:3b:73:19:87:11:2a:31:6c:20:8e:4c:40:16:c8:82:06:18:17:41:fe:6b:56:6f:b7:f4:b7:29:c4:4f:44:7d:b7:82:45:ce:df:30:6e:05:62:88:f3:96:d7:3a:e1:ab:14:7d:4b:2a:b6:51:ef:60:2c:b7:6d:df:bd:c5:4e:0c:cf:92:cf:3a:e9:3a:ef:9e:95:af:fa:3f:d1:4e:50:ff:9e:ce:a0:5d:34:f5:d4:21:11:1a:43:b1:7d:f8:26:c2:02:d8:6a:fb:8f:bc:db:6f:f4:9d:8f:23:fb:09:79:a2:aa:4b:51:26:b3:08:b4:a0:44:9a:48:df:ac:ee:c1:48:67:65:3e:e9:a7:e9:cd:22:bc:34:9f:31:18:e9:f9:ca:59:bb:be:f6:7f:29:52:0d:51:b3:d0:6f:2c:3e:17:49:15:25:02:2c:ae:cc:f5:a2:6c:52:9a:70:ee:a7:3d:32:84:88:d2:e6:5b:da:0d:c5:06:57:ba:a0:8f:f9:72:7b:36:2e:54:8f:d2:69:d6:a9:5e:1c:fd:f3:d5:ff:35:de:16:ec:23:20:dd:ec:73:00:76:0c:8e:4e:28:17:f0:a5:da:7f:12:f6:1f:86:0f:89:bd:29:5a:be:6a:8d:96:77:3e:89:9e:3e:34:08:71:f8:4e:c6:b8:d3:10:49:48:1d:27:2b:e1:f8:9c:67:4f:ae:52:3a:8a:41:f2:a6:7f:9b:db:e5:7e:f8:a8:da:b0:6f:02:48:9d:27:16:96"
}
},
"http": {
"POST /key HTTP/1.1\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "POST /key HTTP/1.1\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.method": "POST",
"http.request.uri": "/key",
"http.request.version": "HTTP/1.1"
},
"http.host": "95.217.22.76",
"http.request.line": "Host: 95.217.22.76\r\n",
"http.connection": "keep-alive",
"http.request.line": "Connection: keep-alive\r\n",
"http.content_length_header": "16",
"http.content_length_header_tree": {
"http.content_length": "16"
},
"http.request.line": "Content-Length: 16\r\n",
"http.accept": "*/*",
"http.request.line": "Accept: */*\r\n",
"http.request.line": "X-Requested-With: XMLHttpRequest\r\n",
"http.user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36",
"http.request.line": "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36\r\n",
"http.content_type": "application/json",
"http.request.line": "Content-Type: application/json\r\n",
"http.request.line": "Origin: https://95.217.22.76\r\n",
"http.request.line": "Sec-Fetch-Site: same-origin\r\n",
"http.request.line": "Sec-Fetch-Mode: cors\r\n",
"http.request.line": "Sec-Fetch-Dest: empty\r\n",
"http.referer": "https://95.217.22.76/",
"http.request.line": "Referer: https://95.217.22.76/\r\n",
"http.accept_encoding": "gzip, deflate, br",
"http.request.line": "Accept-Encoding: gzip, deflate, br\r\n",
"http.accept_language": "ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7",
"http.request.line": "Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7\r\n",
"http.cookie": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c",
"http.cookie_tree": {
"http.cookie_pair": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c"
},
"http.request.line": "Cookie: session=fe307005-3191-4dfb-b04a-d8ee9b720d1c\r\n",
"\\r\\n": "",
"http.request.full_uri": "https://95.217.22.76/key",
"http.request": "1",
"http.request_number": "1",
"http.response_in": "834",
"http.file_data": "{\"x\":459,\"y\":57}"
},
"json": {
"json.object": {
"json.member": {
"json.value.number": "459",
"json.key": "x"
},
"json.member": {
"json.value.number": "57",
"json.key": "y"
}
}
}
}
}
},
{
"_index": "packets-2020-07-13",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.interface_id_tree": {
"frame.interface_name": "wlp3s0"
},
"frame.encap_type": "1",
"frame.time": "Jul 13, 2020 07:46:42.167420705 PDT",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1594651602.167420705",
"frame.time_delta": "0.000393773",
"frame.time_delta_displayed": "1.437219153",
"frame.time_relative": "61.963165704",
"frame.number": "858",
"frame.len": "675",
"frame.cap_len": "675",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "eth:ethertype:ip:tcp:tls:http:json",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"eth": {
"eth.dst": "50:ff:20:10:b1:f0",
"eth.dst_tree": {
"eth.dst_resolved": "Keenetic_10:b1:f0",
"eth.addr": "50:ff:20:10:b1:f0",
"eth.addr_resolved": "Keenetic_10:b1:f0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.src": "8c:70:5a:f5:9b:d0",
"eth.src_tree": {
"eth.src_resolved": "IntelCor_f5:9b:d0",
"eth.addr": "8c:70:5a:f5:9b:d0",
"eth.addr_resolved": "IntelCor_f5:9b:d0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.type": "0x00000800"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000000",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "0"
},
"ip.len": "661",
"ip.id": "0x000052c7",
"ip.flags": "0x00004000",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0",
"ip.frag_offset": "0"
},
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x0000adc5",
"ip.checksum.status": "2",
"ip.src": "192.168.1.9",
"ip.addr": "192.168.1.9",
"ip.src_host": "192.168.1.9",
"ip.host": "192.168.1.9",
"ip.dst": "95.217.22.76",
"ip.addr": "95.217.22.76",
"ip.dst_host": "95.217.22.76",
"ip.host": "95.217.22.76"
},
"tcp": {
"tcp.srcport": "50510",
"tcp.dstport": "443",
"tcp.port": "50510",
"tcp.port": "443",
"tcp.stream": "60",
"tcp.len": "609",
"tcp.seq": "569",
"tcp.nxtseq": "1178",
"tcp.ack": "142",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "·······AP···"
},
"tcp.window_size_value": "501",
"tcp.window_size": "64128",
"tcp.window_size_scalefactor": "128",
"tcp.checksum": "0x00003b08",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:93:69:03:2d:33:02:4c:f1",
"tcp.options_tree": {
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.timestamp": "08:0a:93:69:03:2d:33:02:4c:f1",
"tcp.options.timestamp_tree": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "2473132845",
"tcp.options.timestamp.tsecr": "855788785"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.037639717",
"tcp.analysis.bytes_in_flight": "660",
"tcp.analysis.push_bytes_sent": "609"
},
"Timestamps": {
"tcp.time_relative": "0.076814080",
"tcp.time_delta": "0.000393773"
},
"tcp.payload": "17:03:03:02:5c:00:00:00:00:00:00:00:01:b0:be:60:b2:ac:46:76:5b:3b:09:5e:ab:e5:07:12:cd:ed:c5:71:55:d8:ab:0a:5e:ca:e4:75:ac:d6:41:86:36:ca:fb:d1:c2:64:6c:d5:23:81:0a:31:60:87:d8:bb:63:7e:df:4e:8a:a3:d1:a2:2f:9b:6f:86:cf:b5:ad:cb:c4:32:eb:8e:0c:5e:dd:89:e5:39:ce:68:e2:ed:34:86:ab:9b:ad:4d:7c:13:86:4c:fb:c6:2c:ee:95:6b:5e:4e:15:ea:d7:c6:fe:c2:5c:df:f4:61:a0:7f:9c:fd:cc:cc:08:45:f4:d9:06:3b:b7:68:50:85:d2:36:7c:e1:26:78:d6:d0:ed:11:51:8a:0b:5d:63:54:72:c8:e0:d0:7c:b6:e4:71:eb:2f:78:97:9d:00:4c:25:0d:12:23:18:e3:93:ac:4b:46:8a:62:e2:e6:9b:57:64:43:c6:c7:af:5b:32:a1:bd:6c:50:4f:31:1a:48:6d:37:86:5e:db:e6:e3:fc:8f:4e:50:60:e4:1b:e2:92:13:44:f8:39:00:39:2e:21:8d:6d:7f:19:13:7f:f9:fa:be:38:c7:81:60:39:4f:1f:40:20:8d:dd:fd:09:30:2e:02:ac:90:7d:99:9d:6d:47:c9:7f:75:3c:8e:13:92:4f:0b:0d:fc:92:d5:b3:42:f1:01:e0:9b:52:74:60:97:2f:42:0d:a8:26:4f:2e:8c:31:e2:d8:a9:e8:d5:d3:5d:8b:db:47:bb:4f:f7:56:79:78:20:b5:4d:fa:02:81:b1:bc:0e:1c:66:d3:08:97:af:f6:4b:c1:61:a5:2c:3a:eb:bd:c3:ba:9f:7a:08:1f:40:17:8f:9b:8d:70:1d:71:d7:2a:3c:df:0b:ad:22:94:97:3f:0b:ab:d8:e3:b8:c5:49:eb:95:40:8a:25:32:60:7c:87:36:73:47:48:de:04:a8:e0:d9:53:45:22:b1:bc:cb:e1:a2:07:70:e2:16:af:95:de:8f:29:4d:2c:eb:9f:ce:ba:e9:8c:92:9a:99:60:11:1f:4b:46:7c:6f:c9:5e:a9:53:f5:36:73:b8:d6:64:bd:0b:ec:52:2d:b2:c7:32:e0:fe:d7:ca:e8:7e:bc:5b:18:41:df:d6:8d:6b:3d:25:d6:fc:9c:ad:b9:3b:49:7c:43:87:21:d8:03:57:57:ff:67:1f:93:ce:a9:1d:ba:36:d7:3e:21:34:c0:65:a8:a3:33:dc:b4:a0:43:1d:3c:ef:57:cc:dd:c5:63:9a:eb:c2:c8:30:69:5a:0c:e8:11:17:22:d1:fb:00:ea:06:9c:35:cf:4f:d2:0f:39:02:6c:e2:4a:19:12:fb:a9:ae:2e:89:2b:0a:d0:41:d4:e3:23:3c:52:ba:9e:6f:5a:12:12:11:8c:13:7a:b0:0b:4c:a5:cc:59:23:d5:26:8d:40:58:f2:c9:5b:cd:62:d9:f5:95:91:f5:e2:67:3b:e3:91:91:9e:aa:97:31:b0:28:5e:9a:3a:4a:84:42:6a:75:0b:a1:ad:2c:8b:be:01:29:d4:53:1e:a9:f0:42:94:b7:f4:a2:5f:8e:0a:a9:db:13:21:92"
},
"tls": {
"tls.record": {
"tls.record.content_type": "23",
"tls.record.version": "0x00000303",
"tls.record.length": "604",
"tls.app_data": "00:00:00:00:00:00:00:01:b0:be:60:b2:ac:46:76:5b:3b:09:5e:ab:e5:07:12:cd:ed:c5:71:55:d8:ab:0a:5e:ca:e4:75:ac:d6:41:86:36:ca:fb:d1:c2:64:6c:d5:23:81:0a:31:60:87:d8:bb:63:7e:df:4e:8a:a3:d1:a2:2f:9b:6f:86:cf:b5:ad:cb:c4:32:eb:8e:0c:5e:dd:89:e5:39:ce:68:e2:ed:34:86:ab:9b:ad:4d:7c:13:86:4c:fb:c6:2c:ee:95:6b:5e:4e:15:ea:d7:c6:fe:c2:5c:df:f4:61:a0:7f:9c:fd:cc:cc:08:45:f4:d9:06:3b:b7:68:50:85:d2:36:7c:e1:26:78:d6:d0:ed:11:51:8a:0b:5d:63:54:72:c8:e0:d0:7c:b6:e4:71:eb:2f:78:97:9d:00:4c:25:0d:12:23:18:e3:93:ac:4b:46:8a:62:e2:e6:9b:57:64:43:c6:c7:af:5b:32:a1:bd:6c:50:4f:31:1a:48:6d:37:86:5e:db:e6:e3:fc:8f:4e:50:60:e4:1b:e2:92:13:44:f8:39:00:39:2e:21:8d:6d:7f:19:13:7f:f9:fa:be:38:c7:81:60:39:4f:1f:40:20:8d:dd:fd:09:30:2e:02:ac:90:7d:99:9d:6d:47:c9:7f:75:3c:8e:13:92:4f:0b:0d:fc:92:d5:b3:42:f1:01:e0:9b:52:74:60:97:2f:42:0d:a8:26:4f:2e:8c:31:e2:d8:a9:e8:d5:d3:5d:8b:db:47:bb:4f:f7:56:79:78:20:b5:4d:fa:02:81:b1:bc:0e:1c:66:d3:08:97:af:f6:4b:c1:61:a5:2c:3a:eb:bd:c3:ba:9f:7a:08:1f:40:17:8f:9b:8d:70:1d:71:d7:2a:3c:df:0b:ad:22:94:97:3f:0b:ab:d8:e3:b8:c5:49:eb:95:40:8a:25:32:60:7c:87:36:73:47:48:de:04:a8:e0:d9:53:45:22:b1:bc:cb:e1:a2:07:70:e2:16:af:95:de:8f:29:4d:2c:eb:9f:ce:ba:e9:8c:92:9a:99:60:11:1f:4b:46:7c:6f:c9:5e:a9:53:f5:36:73:b8:d6:64:bd:0b:ec:52:2d:b2:c7:32:e0:fe:d7:ca:e8:7e:bc:5b:18:41:df:d6:8d:6b:3d:25:d6:fc:9c:ad:b9:3b:49:7c:43:87:21:d8:03:57:57:ff:67:1f:93:ce:a9:1d:ba:36:d7:3e:21:34:c0:65:a8:a3:33:dc:b4:a0:43:1d:3c:ef:57:cc:dd:c5:63:9a:eb:c2:c8:30:69:5a:0c:e8:11:17:22:d1:fb:00:ea:06:9c:35:cf:4f:d2:0f:39:02:6c:e2:4a:19:12:fb:a9:ae:2e:89:2b:0a:d0:41:d4:e3:23:3c:52:ba:9e:6f:5a:12:12:11:8c:13:7a:b0:0b:4c:a5:cc:59:23:d5:26:8d:40:58:f2:c9:5b:cd:62:d9:f5:95:91:f5:e2:67:3b:e3:91:91:9e:aa:97:31:b0:28:5e:9a:3a:4a:84:42:6a:75:0b:a1:ad:2c:8b:be:01:29:d4:53:1e:a9:f0:42:94:b7:f4:a2:5f:8e:0a:a9:db:13:21:92"
}
},
"http": {
"POST /key HTTP/1.1\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "POST /key HTTP/1.1\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.method": "POST",
"http.request.uri": "/key",
"http.request.version": "HTTP/1.1"
},
"http.host": "95.217.22.76",
"http.request.line": "Host: 95.217.22.76\r\n",
"http.connection": "keep-alive",
"http.request.line": "Connection: keep-alive\r\n",
"http.content_length_header": "16",
"http.content_length_header_tree": {
"http.content_length": "16"
},
"http.request.line": "Content-Length: 16\r\n",
"http.accept": "*/*",
"http.request.line": "Accept: */*\r\n",
"http.request.line": "X-Requested-With: XMLHttpRequest\r\n",
"http.user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36",
"http.request.line": "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36\r\n",
"http.content_type": "application/json",
"http.request.line": "Content-Type: application/json\r\n",
"http.request.line": "Origin: https://95.217.22.76\r\n",
"http.request.line": "Sec-Fetch-Site: same-origin\r\n",
"http.request.line": "Sec-Fetch-Mode: cors\r\n",
"http.request.line": "Sec-Fetch-Dest: empty\r\n",
"http.referer": "https://95.217.22.76/",
"http.request.line": "Referer: https://95.217.22.76/\r\n",
"http.accept_encoding": "gzip, deflate, br",
"http.request.line": "Accept-Encoding: gzip, deflate, br\r\n",
"http.accept_language": "ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7",
"http.request.line": "Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7\r\n",
"http.cookie": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c",
"http.cookie_tree": {
"http.cookie_pair": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c"
},
"http.request.line": "Cookie: session=fe307005-3191-4dfb-b04a-d8ee9b720d1c\r\n",
"\\r\\n": "",
"http.request.full_uri": "https://95.217.22.76/key",
"http.request": "1",
"http.request_number": "1",
"http.response_in": "863",
"http.file_data": "{\"x\":108,\"y\":53}"
},
"json": {
"json.object": {
"json.member": {
"json.value.number": "108",
"json.key": "x"
},
"json.member": {
"json.value.number": "53",
"json.key": "y"
}
}
}
}
}
},
{
"_index": "packets-2020-07-13",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.interface_id_tree": {
"frame.interface_name": "wlp3s0"
},
"frame.encap_type": "1",
"frame.time": "Jul 13, 2020 07:46:43.803461381 PDT",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1594651603.803461381",
"frame.time_delta": "0.000434451",
"frame.time_delta_displayed": "1.636040676",
"frame.time_relative": "63.599206380",
"frame.number": "886",
"frame.len": "676",
"frame.cap_len": "676",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "eth:ethertype:ip:tcp:tls:http:json",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"eth": {
"eth.dst": "50:ff:20:10:b1:f0",
"eth.dst_tree": {
"eth.dst_resolved": "Keenetic_10:b1:f0",
"eth.addr": "50:ff:20:10:b1:f0",
"eth.addr_resolved": "Keenetic_10:b1:f0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.src": "8c:70:5a:f5:9b:d0",
"eth.src_tree": {
"eth.src_resolved": "IntelCor_f5:9b:d0",
"eth.addr": "8c:70:5a:f5:9b:d0",
"eth.addr_resolved": "IntelCor_f5:9b:d0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.type": "0x00000800"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000000",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "0"
},
"ip.len": "662",
"ip.id": "0x0000b400",
"ip.flags": "0x00004000",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0",
"ip.frag_offset": "0"
},
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x00004c8b",
"ip.checksum.status": "2",
"ip.src": "192.168.1.9",
"ip.addr": "192.168.1.9",
"ip.src_host": "192.168.1.9",
"ip.host": "192.168.1.9",
"ip.dst": "95.217.22.76",
"ip.addr": "95.217.22.76",
"ip.dst_host": "95.217.22.76",
"ip.host": "95.217.22.76"
},
"tcp": {
"tcp.srcport": "50514",
"tcp.dstport": "443",
"tcp.port": "50514",
"tcp.port": "443",
"tcp.stream": "62",
"tcp.len": "610",
"tcp.seq": "569",
"tcp.nxtseq": "1179",
"tcp.ack": "142",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "·······AP···"
},
"tcp.window_size_value": "501",
"tcp.window_size": "64128",
"tcp.window_size_scalefactor": "128",
"tcp.checksum": "0x0000e5f4",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:93:69:09:92:33:02:53:54",
"tcp.options_tree": {
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.timestamp": "08:0a:93:69:09:92:33:02:53:54",
"tcp.options.timestamp_tree": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "2473134482",
"tcp.options.timestamp.tsecr": "855790420"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.046036168",
"tcp.analysis.bytes_in_flight": "661",
"tcp.analysis.push_bytes_sent": "610"
},
"Timestamps": {
"tcp.time_relative": "0.085588730",
"tcp.time_delta": "0.000434451"
},
"tcp.payload": "17:03:03:02:5d:00:00:00:00:00:00:00:01:e0:2d:e5:b4:fc:ff:2b:72:e4:9b:f9:ab:43:94:73:33:c6:5b:c4:ba:cd:e8:53:88:60:ec:4f:91:f0:c8:8a:7f:b6:b9:ab:f8:57:78:33:17:63:0f:a6:1b:80:35:b8:52:0a:fc:7b:5c:b6:a1:37:e7:47:19:c3:14:4f:5a:a2:ac:53:f7:a0:e1:ef:5a:88:6b:64:83:2e:e7:1a:44:01:3c:b0:6a:1e:23:e6:bb:2e:b7:4b:9f:7d:c7:8a:98:15:72:71:2e:47:f5:36:fa:2b:b5:2a:a4:f2:62:d6:be:f9:af:ef:a2:3b:fd:65:72:f1:f6:09:2e:66:b1:8d:dd:19:08:d9:9c:43:6f:d0:c5:27:65:7e:c9:8c:7b:27:c6:8b:d3:7c:b5:e6:61:93:5c:f6:fe:16:28:19:02:cd:40:56:87:d7:bb:be:cf:74:42:35:d8:fe:a4:94:32:da:af:2c:e0:27:96:c1:a8:87:68:b7:84:28:cc:ac:86:6e:a2:55:0f:54:8f:1f:19:d1:eb:94:d7:30:c0:a1:d0:d5:d5:22:a9:ff:00:14:72:fb:cf:69:21:5b:d6:be:91:b8:70:f4:81:fb:86:5e:79:2e:cf:88:d1:e5:fa:62:d1:af:62:86:77:c9:20:85:95:00:5f:d0:6f:4e:71:35:c6:7b:bb:35:ea:e0:73:47:6b:b9:4b:01:6e:96:08:f1:c3:6a:07:d3:ae:8d:58:b2:06:32:2a:20:4a:07:a0:d7:fe:64:e5:ee:1c:57:18:76:e1:27:2e:95:2b:e8:e8:6a:7b:cd:70:1a:6a:7d:65:83:85:b2:04:8d:0e:0b:e3:b3:f8:20:28:d3:3d:62:1c:74:7a:5e:ef:35:d0:42:a6:4e:a2:a3:ff:8f:c2:8f:b2:c4:cf:34:7e:a9:7b:5e:4e:d6:18:44:ce:e1:76:f5:5c:d2:12:b0:ff:d3:2a:0d:35:47:b2:d7:6f:0b:8e:6d:c0:71:45:75:4f:ac:d4:37:f8:5a:37:13:47:31:f9:42:6f:14:11:f8:42:04:bc:42:19:06:ec:83:e1:96:a2:89:b8:cc:69:98:9f:46:c7:63:99:2f:77:11:e2:11:2b:68:d7:89:33:52:f5:fb:5d:c9:52:22:0f:a5:fb:9b:c0:c4:30:16:62:6c:1e:02:13:81:96:6f:d8:bf:91:a7:d7:af:30:b8:0e:8c:e2:54:5c:8d:8c:60:5f:ee:22:9d:5b:7b:14:e3:32:aa:22:3a:d6:42:34:b4:a1:bc:db:f7:c5:7d:17:c1:4e:17:97:9b:38:eb:b7:f5:ae:9b:7b:33:b7:5f:a3:85:68:24:21:28:5e:61:df:f5:89:de:96:8d:60:fb:b8:bc:01:84:23:88:52:c7:6c:a5:44:ca:ea:53:aa:24:1d:3c:96:85:86:96:ce:51:89:8a:2f:9e:e4:8b:4f:96:c2:fb:77:fb:cd:b8:72:1c:84:46:82:b4:bb:2c:6b:d4:16:00:43:ad:25:e1:88:c3:0f:77:9e:52:d4:14:56:fe:21:4e:ce:ca:8e:2d:04:ff:c4:53:ce:19:fe:20:db:d5:e1:ec:9b:3f"
},
"tls": {
"tls.record": {
"tls.record.content_type": "23",
"tls.record.version": "0x00000303",
"tls.record.length": "605",
"tls.app_data": "00:00:00:00:00:00:00:01:e0:2d:e5:b4:fc:ff:2b:72:e4:9b:f9:ab:43:94:73:33:c6:5b:c4:ba:cd:e8:53:88:60:ec:4f:91:f0:c8:8a:7f:b6:b9:ab:f8:57:78:33:17:63:0f:a6:1b:80:35:b8:52:0a:fc:7b:5c:b6:a1:37:e7:47:19:c3:14:4f:5a:a2:ac:53:f7:a0:e1:ef:5a:88:6b:64:83:2e:e7:1a:44:01:3c:b0:6a:1e:23:e6:bb:2e:b7:4b:9f:7d:c7:8a:98:15:72:71:2e:47:f5:36:fa:2b:b5:2a:a4:f2:62:d6:be:f9:af:ef:a2:3b:fd:65:72:f1:f6:09:2e:66:b1:8d:dd:19:08:d9:9c:43:6f:d0:c5:27:65:7e:c9:8c:7b:27:c6:8b:d3:7c:b5:e6:61:93:5c:f6:fe:16:28:19:02:cd:40:56:87:d7:bb:be:cf:74:42:35:d8:fe:a4:94:32:da:af:2c:e0:27:96:c1:a8:87:68:b7:84:28:cc:ac:86:6e:a2:55:0f:54:8f:1f:19:d1:eb:94:d7:30:c0:a1:d0:d5:d5:22:a9:ff:00:14:72:fb:cf:69:21:5b:d6:be:91:b8:70:f4:81:fb:86:5e:79:2e:cf:88:d1:e5:fa:62:d1:af:62:86:77:c9:20:85:95:00:5f:d0:6f:4e:71:35:c6:7b:bb:35:ea:e0:73:47:6b:b9:4b:01:6e:96:08:f1:c3:6a:07:d3:ae:8d:58:b2:06:32:2a:20:4a:07:a0:d7:fe:64:e5:ee:1c:57:18:76:e1:27:2e:95:2b:e8:e8:6a:7b:cd:70:1a:6a:7d:65:83:85:b2:04:8d:0e:0b:e3:b3:f8:20:28:d3:3d:62:1c:74:7a:5e:ef:35:d0:42:a6:4e:a2:a3:ff:8f:c2:8f:b2:c4:cf:34:7e:a9:7b:5e:4e:d6:18:44:ce:e1:76:f5:5c:d2:12:b0:ff:d3:2a:0d:35:47:b2:d7:6f:0b:8e:6d:c0:71:45:75:4f:ac:d4:37:f8:5a:37:13:47:31:f9:42:6f:14:11:f8:42:04:bc:42:19:06:ec:83:e1:96:a2:89:b8:cc:69:98:9f:46:c7:63:99:2f:77:11:e2:11:2b:68:d7:89:33:52:f5:fb:5d:c9:52:22:0f:a5:fb:9b:c0:c4:30:16:62:6c:1e:02:13:81:96:6f:d8:bf:91:a7:d7:af:30:b8:0e:8c:e2:54:5c:8d:8c:60:5f:ee:22:9d:5b:7b:14:e3:32:aa:22:3a:d6:42:34:b4:a1:bc:db:f7:c5:7d:17:c1:4e:17:97:9b:38:eb:b7:f5:ae:9b:7b:33:b7:5f:a3:85:68:24:21:28:5e:61:df:f5:89:de:96:8d:60:fb:b8:bc:01:84:23:88:52:c7:6c:a5:44:ca:ea:53:aa:24:1d:3c:96:85:86:96:ce:51:89:8a:2f:9e:e4:8b:4f:96:c2:fb:77:fb:cd:b8:72:1c:84:46:82:b4:bb:2c:6b:d4:16:00:43:ad:25:e1:88:c3:0f:77:9e:52:d4:14:56:fe:21:4e:ce:ca:8e:2d:04:ff:c4:53:ce:19:fe:20:db:d5:e1:ec:9b:3f"
}
},
"http": {
"POST /key HTTP/1.1\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "POST /key HTTP/1.1\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.method": "POST",
"http.request.uri": "/key",
"http.request.version": "HTTP/1.1"
},
"http.host": "95.217.22.76",
"http.request.line": "Host: 95.217.22.76\r\n",
"http.connection": "keep-alive",
"http.request.line": "Connection: keep-alive\r\n",
"http.content_length_header": "17",
"http.content_length_header_tree": {
"http.content_length": "17"
},
"http.request.line": "Content-Length: 17\r\n",
"http.accept": "*/*",
"http.request.line": "Accept: */*\r\n",
"http.request.line": "X-Requested-With: XMLHttpRequest\r\n",
"http.user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36",
"http.request.line": "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36\r\n",
"http.content_type": "application/json",
"http.request.line": "Content-Type: application/json\r\n",
"http.request.line": "Origin: https://95.217.22.76\r\n",
"http.request.line": "Sec-Fetch-Site: same-origin\r\n",
"http.request.line": "Sec-Fetch-Mode: cors\r\n",
"http.request.line": "Sec-Fetch-Dest: empty\r\n",
"http.referer": "https://95.217.22.76/",
"http.request.line": "Referer: https://95.217.22.76/\r\n",
"http.accept_encoding": "gzip, deflate, br",
"http.request.line": "Accept-Encoding: gzip, deflate, br\r\n",
"http.accept_language": "ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7",
"http.request.line": "Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7\r\n",
"http.cookie": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c",
"http.cookie_tree": {
"http.cookie_pair": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c"
},
"http.request.line": "Cookie: session=fe307005-3191-4dfb-b04a-d8ee9b720d1c\r\n",
"\\r\\n": "",
"http.request.full_uri": "https://95.217.22.76/key",
"http.request": "1",
"http.request_number": "1",
"http.response_in": "891",
"http.file_data": "{\"x\":285,\"y\":104}"
},
"json": {
"json.object": {
"json.member": {
"json.value.number": "285",
"json.key": "x"
},
"json.member": {
"json.value.number": "104",
"json.key": "y"
}
}
}
}
}
},
{
"_index": "packets-2020-07-13",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.interface_id_tree": {
"frame.interface_name": "wlp3s0"
},
"frame.encap_type": "1",
"frame.time": "Jul 13, 2020 07:46:47.010925192 PDT",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1594651607.010925192",
"frame.time_delta": "0.000460919",
"frame.time_delta_displayed": "3.207463811",
"frame.time_relative": "66.806670191",
"frame.number": "914",
"frame.len": "675",
"frame.cap_len": "675",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "eth:ethertype:ip:tcp:tls:http:json",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"eth": {
"eth.dst": "50:ff:20:10:b1:f0",
"eth.dst_tree": {
"eth.dst_resolved": "Keenetic_10:b1:f0",
"eth.addr": "50:ff:20:10:b1:f0",
"eth.addr_resolved": "Keenetic_10:b1:f0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.src": "8c:70:5a:f5:9b:d0",
"eth.src_tree": {
"eth.src_resolved": "IntelCor_f5:9b:d0",
"eth.addr": "8c:70:5a:f5:9b:d0",
"eth.addr_resolved": "IntelCor_f5:9b:d0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.type": "0x00000800"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000000",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "0"
},
"ip.len": "661",
"ip.id": "0x00005a46",
"ip.flags": "0x00004000",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0",
"ip.frag_offset": "0"
},
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x0000a646",
"ip.checksum.status": "2",
"ip.src": "192.168.1.9",
"ip.addr": "192.168.1.9",
"ip.src_host": "192.168.1.9",
"ip.host": "192.168.1.9",
"ip.dst": "95.217.22.76",
"ip.addr": "95.217.22.76",
"ip.dst_host": "95.217.22.76",
"ip.host": "95.217.22.76"
},
"tcp": {
"tcp.srcport": "50518",
"tcp.dstport": "443",
"tcp.port": "50518",
"tcp.port": "443",
"tcp.stream": "64",
"tcp.len": "609",
"tcp.seq": "569",
"tcp.nxtseq": "1178",
"tcp.ack": "142",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "·······AP···"
},
"tcp.window_size_value": "501",
"tcp.window_size": "64128",
"tcp.window_size_scalefactor": "128",
"tcp.checksum": "0x0000913c",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:93:69:16:19:33:02:5f:d8",
"tcp.options_tree": {
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.timestamp": "08:0a:93:69:16:19:33:02:5f:d8",
"tcp.options.timestamp_tree": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "2473137689",
"tcp.options.timestamp.tsecr": "855793624"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.037488032",
"tcp.analysis.bytes_in_flight": "660",
"tcp.analysis.push_bytes_sent": "609"
},
"Timestamps": {
"tcp.time_relative": "0.080853718",
"tcp.time_delta": "0.000460919"
},
"tcp.payload": "17:03:03:02:5c:00:00:00:00:00:00:00:01:bf:03:ea:cf:b5:0c:73:62:7d:88:e9:17:12:25:db:29:70:97:01:16:c2:ef:9e:9b:df:9b:2b:49:69:bf:cd:80:11:c0:9a:79:14:a0:44:dc:0e:96:62:a4:8a:00:af:ed:3c:72:7a:31:f0:27:a7:0a:c1:35:bb:16:df:5a:df:47:77:e7:af:01:7f:74:a5:bb:b1:6e:a4:db:37:46:9b:c6:9b:ea:28:ff:02:5e:e6:8e:66:c1:90:1d:b2:7e:95:ac:d1:2e:48:ca:e9:07:98:0e:7c:11:f5:64:ca:c6:8a:c2:a7:c8:67:a7:18:93:22:79:6f:20:aa:bd:dc:47:9e:c1:4a:86:76:a3:01:71:55:8d:b3:e5:6a:95:c1:9d:12:a7:2f:a3:ae:18:38:5d:87:59:fd:ab:e2:b5:40:db:25:18:49:53:80:15:12:d1:9e:30:88:3d:67:bf:8f:94:7f:f8:2f:04:f4:70:d8:f7:b8:c7:75:2a:51:bc:a2:7c:d0:45:f4:3c:83:e9:69:71:08:0c:68:13:d7:a1:c0:71:6e:8f:fa:d0:71:cf:58:bd:b6:6e:50:6e:99:14:da:e0:e1:e7:a6:4c:00:52:86:64:0a:03:af:68:8e:af:fe:5a:da:68:2f:9d:1e:1e:b0:6d:70:dd:78:b2:7e:fb:ef:cb:cf:8e:79:7f:22:60:bd:d6:b1:b7:bc:b6:a2:a6:e8:9b:1b:98:0c:1b:26:69:e2:96:16:3e:3e:9e:fc:35:d5:fa:e9:c4:0f:06:52:64:18:b2:bc:74:fa:07:20:ae:06:ae:66:58:94:f5:a8:6c:33:a6:55:5e:f1:24:a2:00:2c:de:5f:51:f5:39:6a:74:25:f7:87:57:68:4d:8b:d7:13:90:01:99:7e:2f:da:b5:de:b4:cf:09:56:1a:bd:cc:5f:3c:ac:e9:39:40:64:d3:0f:34:24:46:52:de:b0:27:26:91:07:c8:b5:51:78:e7:77:d3:f5:28:f8:02:48:57:07:2c:d7:2b:72:11:6d:ad:74:33:e5:64:36:04:8d:49:86:3b:8f:e6:28:b4:df:4f:98:af:1c:c7:8f:49:a6:ba:fc:9c:68:73:3e:29:96:37:ed:c8:91:61:9b:81:03:cf:b8:93:70:0e:a4:a3:3c:4d:88:4d:75:b9:0d:d7:21:bb:f0:98:a0:bc:8a:93:40:39:c7:b7:24:3c:e9:83:43:40:23:72:a0:2c:56:48:00:d5:c6:8e:af:8d:2d:e0:56:a6:9a:0a:a9:a1:1e:1c:a0:9b:f2:72:45:8c:87:92:69:67:62:da:42:5d:17:94:9f:f0:4a:d1:2a:b9:e7:d7:a1:69:63:3d:e2:71:e4:c1:2b:a7:26:fa:bd:b1:8c:4e:36:18:be:84:34:aa:0d:20:d3:70:a4:96:57:02:9a:89:cb:c3:d2:6a:5b:51:0e:b7:ea:75:40:80:82:3c:1c:46:cb:7a:b4:9d:47:96:1d:af:7d:2e:c3:35:97:65:2d:d9:14:4c:0d:e8:43:f1:50:88:f1:dc:95:60:2a:d9:5d:21:35:f3:47:27:f5:97:8a:da:44:0a"
},
"tls": {
"tls.record": {
"tls.record.content_type": "23",
"tls.record.version": "0x00000303",
"tls.record.length": "604",
"tls.app_data": "00:00:00:00:00:00:00:01:bf:03:ea:cf:b5:0c:73:62:7d:88:e9:17:12:25:db:29:70:97:01:16:c2:ef:9e:9b:df:9b:2b:49:69:bf:cd:80:11:c0:9a:79:14:a0:44:dc:0e:96:62:a4:8a:00:af:ed:3c:72:7a:31:f0:27:a7:0a:c1:35:bb:16:df:5a:df:47:77:e7:af:01:7f:74:a5:bb:b1:6e:a4:db:37:46:9b:c6:9b:ea:28:ff:02:5e:e6:8e:66:c1:90:1d:b2:7e:95:ac:d1:2e:48:ca:e9:07:98:0e:7c:11:f5:64:ca:c6:8a:c2:a7:c8:67:a7:18:93:22:79:6f:20:aa:bd:dc:47:9e:c1:4a:86:76:a3:01:71:55:8d:b3:e5:6a:95:c1:9d:12:a7:2f:a3:ae:18:38:5d:87:59:fd:ab:e2:b5:40:db:25:18:49:53:80:15:12:d1:9e:30:88:3d:67:bf:8f:94:7f:f8:2f:04:f4:70:d8:f7:b8:c7:75:2a:51:bc:a2:7c:d0:45:f4:3c:83:e9:69:71:08:0c:68:13:d7:a1:c0:71:6e:8f:fa:d0:71:cf:58:bd:b6:6e:50:6e:99:14:da:e0:e1:e7:a6:4c:00:52:86:64:0a:03:af:68:8e:af:fe:5a:da:68:2f:9d:1e:1e:b0:6d:70:dd:78:b2:7e:fb:ef:cb:cf:8e:79:7f:22:60:bd:d6:b1:b7:bc:b6:a2:a6:e8:9b:1b:98:0c:1b:26:69:e2:96:16:3e:3e:9e:fc:35:d5:fa:e9:c4:0f:06:52:64:18:b2:bc:74:fa:07:20:ae:06:ae:66:58:94:f5:a8:6c:33:a6:55:5e:f1:24:a2:00:2c:de:5f:51:f5:39:6a:74:25:f7:87:57:68:4d:8b:d7:13:90:01:99:7e:2f:da:b5:de:b4:cf:09:56:1a:bd:cc:5f:3c:ac:e9:39:40:64:d3:0f:34:24:46:52:de:b0:27:26:91:07:c8:b5:51:78:e7:77:d3:f5:28:f8:02:48:57:07:2c:d7:2b:72:11:6d:ad:74:33:e5:64:36:04:8d:49:86:3b:8f:e6:28:b4:df:4f:98:af:1c:c7:8f:49:a6:ba:fc:9c:68:73:3e:29:96:37:ed:c8:91:61:9b:81:03:cf:b8:93:70:0e:a4:a3:3c:4d:88:4d:75:b9:0d:d7:21:bb:f0:98:a0:bc:8a:93:40:39:c7:b7:24:3c:e9:83:43:40:23:72:a0:2c:56:48:00:d5:c6:8e:af:8d:2d:e0:56:a6:9a:0a:a9:a1:1e:1c:a0:9b:f2:72:45:8c:87:92:69:67:62:da:42:5d:17:94:9f:f0:4a:d1:2a:b9:e7:d7:a1:69:63:3d:e2:71:e4:c1:2b:a7:26:fa:bd:b1:8c:4e:36:18:be:84:34:aa:0d:20:d3:70:a4:96:57:02:9a:89:cb:c3:d2:6a:5b:51:0e:b7:ea:75:40:80:82:3c:1c:46:cb:7a:b4:9d:47:96:1d:af:7d:2e:c3:35:97:65:2d:d9:14:4c:0d:e8:43:f1:50:88:f1:dc:95:60:2a:d9:5d:21:35:f3:47:27:f5:97:8a:da:44:0a"
}
},
"http": {
"POST /key HTTP/1.1\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "POST /key HTTP/1.1\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.method": "POST",
"http.request.uri": "/key",
"http.request.version": "HTTP/1.1"
},
"http.host": "95.217.22.76",
"http.request.line": "Host: 95.217.22.76\r\n",
"http.connection": "keep-alive",
"http.request.line": "Connection: keep-alive\r\n",
"http.content_length_header": "16",
"http.content_length_header_tree": {
"http.content_length": "16"
},
"http.request.line": "Content-Length: 16\r\n",
"http.accept": "*/*",
"http.request.line": "Accept: */*\r\n",
"http.request.line": "X-Requested-With: XMLHttpRequest\r\n",
"http.user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36",
"http.request.line": "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36\r\n",
"http.content_type": "application/json",
"http.request.line": "Content-Type: application/json\r\n",
"http.request.line": "Origin: https://95.217.22.76\r\n",
"http.request.line": "Sec-Fetch-Site: same-origin\r\n",
"http.request.line": "Sec-Fetch-Mode: cors\r\n",
"http.request.line": "Sec-Fetch-Dest: empty\r\n",
"http.referer": "https://95.217.22.76/",
"http.request.line": "Referer: https://95.217.22.76/\r\n",
"http.accept_encoding": "gzip, deflate, br",
"http.request.line": "Accept-Encoding: gzip, deflate, br\r\n",
"http.accept_language": "ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7",
"http.request.line": "Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7\r\n",
"http.cookie": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c",
"http.cookie_tree": {
"http.cookie_pair": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c"
},
"http.request.line": "Cookie: session=fe307005-3191-4dfb-b04a-d8ee9b720d1c\r\n",
"\\r\\n": "",
"http.request.full_uri": "https://95.217.22.76/key",
"http.request": "1",
"http.request_number": "1",
"http.response_in": "919",
"http.file_data": "{\"x\":248,\"y\":15}"
},
"json": {
"json.object": {
"json.member": {
"json.value.number": "248",
"json.key": "x"
},
"json.member": {
"json.value.number": "15",
"json.key": "y"
}
}
}
}
}
},
{
"_index": "packets-2020-07-13",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.interface_id_tree": {
"frame.interface_name": "wlp3s0"
},
"frame.encap_type": "1",
"frame.time": "Jul 13, 2020 07:46:48.530265578 PDT",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1594651608.530265578",
"frame.time_delta": "0.000238907",
"frame.time_delta_displayed": "1.519340386",
"frame.time_relative": "68.326010577",
"frame.number": "943",
"frame.len": "676",
"frame.cap_len": "676",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "eth:ethertype:ip:tcp:tls:http:json",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"eth": {
"eth.dst": "50:ff:20:10:b1:f0",
"eth.dst_tree": {
"eth.dst_resolved": "Keenetic_10:b1:f0",
"eth.addr": "50:ff:20:10:b1:f0",
"eth.addr_resolved": "Keenetic_10:b1:f0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.src": "8c:70:5a:f5:9b:d0",
"eth.src_tree": {
"eth.src_resolved": "IntelCor_f5:9b:d0",
"eth.addr": "8c:70:5a:f5:9b:d0",
"eth.addr_resolved": "IntelCor_f5:9b:d0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.type": "0x00000800"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000000",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "0"
},
"ip.len": "662",
"ip.id": "0x00004e59",
"ip.flags": "0x00004000",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0",
"ip.frag_offset": "0"
},
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x0000b232",
"ip.checksum.status": "2",
"ip.src": "192.168.1.9",
"ip.addr": "192.168.1.9",
"ip.src_host": "192.168.1.9",
"ip.host": "192.168.1.9",
"ip.dst": "95.217.22.76",
"ip.addr": "95.217.22.76",
"ip.dst_host": "95.217.22.76",
"ip.host": "95.217.22.76"
},
"tcp": {
"tcp.srcport": "50522",
"tcp.dstport": "443",
"tcp.port": "50522",
"tcp.port": "443",
"tcp.stream": "66",
"tcp.len": "610",
"tcp.seq": "569",
"tcp.nxtseq": "1179",
"tcp.ack": "142",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "·······AP···"
},
"tcp.window_size_value": "501",
"tcp.window_size": "64128",
"tcp.window_size_scalefactor": "128",
"tcp.checksum": "0x0000c587",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:93:69:1c:08:33:02:65:cc",
"tcp.options_tree": {
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.timestamp": "08:0a:93:69:1c:08:33:02:65:cc",
"tcp.options.timestamp_tree": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "2473139208",
"tcp.options.timestamp.tsecr": "855795148"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.043063096",
"tcp.analysis.bytes_in_flight": "661",
"tcp.analysis.push_bytes_sent": "610"
},
"Timestamps": {
"tcp.time_relative": "0.081919508",
"tcp.time_delta": "0.000238907"
},
"tcp.payload": "17:03:03:02:5d:00:00:00:00:00:00:00:01:29:51:a3:63:6c:fe:96:58:b8:a7:99:8d:a9:7f:be:0a:d8:ee:1a:58:36:b9:67:82:33:b9:75:db:ef:50:6d:7e:38:77:bd:5d:df:05:d7:d1:79:c5:47:75:8a:7f:43:fb:69:77:80:ac:99:bb:c3:2e:92:24:a1:47:5e:c6:ba:19:93:77:87:0d:dd:6f:dc:25:50:2d:bb:be:cd:9a:bc:4f:64:3a:30:24:43:df:b6:79:10:3f:44:51:61:ce:ad:5f:94:15:46:c1:f2:d0:2d:9e:94:7e:98:0e:21:77:5f:7e:74:0f:30:27:d4:06:e1:ff:6d:18:bc:2a:26:d3:41:17:f4:d8:8d:95:0e:66:e6:3b:f0:ca:dc:77:bd:52:55:51:93:1a:ff:a2:1e:0b:6c:85:7d:4b:67:76:95:73:46:ed:51:cc:87:db:1f:1f:d6:65:98:8b:65:eb:66:bc:e4:35:ed:03:c1:ca:5f:5a:37:e0:a7:ea:ce:b0:01:c8:2a:b6:56:ef:78:a3:85:c0:48:0d:9b:b5:a8:07:44:96:a0:8c:ba:dd:34:9d:b3:68:e8:dc:72:45:68:95:d0:8a:d0:ae:9f:2b:8c:f1:e5:26:46:7b:7c:1c:0c:1b:45:df:e9:bb:37:d0:e8:29:51:1d:3b:1c:71:5f:d9:1c:db:cd:e4:77:e9:b1:68:bf:27:42:54:6c:96:11:fd:f3:3e:34:1e:c8:1d:f8:7d:df:c0:43:44:4d:93:00:af:7b:27:a2:8d:de:80:6d:68:b9:c8:a3:45:24:17:55:1b:df:74:31:81:3d:96:56:fc:db:64:7d:00:52:5c:22:13:5e:27:e4:c4:8f:20:f6:7c:3e:30:f0:50:af:cf:8b:12:77:aa:79:56:f4:be:6d:15:9b:40:f6:c2:6b:fa:3e:9f:52:ab:f7:23:8f:c6:52:69:4d:da:73:22:47:3f:c4:05:b3:e5:91:36:49:94:11:9c:3c:79:0c:94:be:85:57:b9:4a:05:e1:ed:fc:46:f0:37:80:a2:e4:1e:d7:80:c5:d4:ce:f4:07:9b:18:20:5f:00:f3:09:2b:71:c8:4d:ff:bb:4b:16:0c:f4:06:b2:c6:67:8a:5f:8b:f7:d5:b3:cd:06:9d:79:cb:16:57:ae:cf:e7:67:b8:5f:82:75:95:c2:70:e7:19:e1:1b:4b:2c:f1:87:05:89:a8:49:bc:96:df:e2:d6:b6:3c:a9:e4:79:ce:b8:a4:a3:f3:fc:12:fe:1d:d1:e8:77:da:81:93:61:2a:f6:d9:90:6c:84:05:ce:b7:cc:af:2e:32:22:2e:60:2e:c2:b3:c2:73:45:5c:5e:98:df:c2:74:ca:d8:f4:91:1c:dc:9c:56:25:f8:f7:0f:c2:e5:09:61:c3:75:67:c6:32:67:c0:29:f8:c7:27:13:dd:ad:95:74:ad:4f:3f:e7:80:8d:78:e7:b2:d6:18:8c:55:59:91:3d:36:85:74:2d:74:ac:f0:c0:d4:9b:05:3a:6b:9a:32:4a:68:93:c4:32:d5:b1:fc:5d:ec:be:2c:fd:25:0c:16:cc:ca:25:b5:08:d0:30:9d:3c"
},
"tls": {
"tls.record": {
"tls.record.content_type": "23",
"tls.record.version": "0x00000303",
"tls.record.length": "605",
"tls.app_data": "00:00:00:00:00:00:00:01:29:51:a3:63:6c:fe:96:58:b8:a7:99:8d:a9:7f:be:0a:d8:ee:1a:58:36:b9:67:82:33:b9:75:db:ef:50:6d:7e:38:77:bd:5d:df:05:d7:d1:79:c5:47:75:8a:7f:43:fb:69:77:80:ac:99:bb:c3:2e:92:24:a1:47:5e:c6:ba:19:93:77:87:0d:dd:6f:dc:25:50:2d:bb:be:cd:9a:bc:4f:64:3a:30:24:43:df:b6:79:10:3f:44:51:61:ce:ad:5f:94:15:46:c1:f2:d0:2d:9e:94:7e:98:0e:21:77:5f:7e:74:0f:30:27:d4:06:e1:ff:6d:18:bc:2a:26:d3:41:17:f4:d8:8d:95:0e:66:e6:3b:f0:ca:dc:77:bd:52:55:51:93:1a:ff:a2:1e:0b:6c:85:7d:4b:67:76:95:73:46:ed:51:cc:87:db:1f:1f:d6:65:98:8b:65:eb:66:bc:e4:35:ed:03:c1:ca:5f:5a:37:e0:a7:ea:ce:b0:01:c8:2a:b6:56:ef:78:a3:85:c0:48:0d:9b:b5:a8:07:44:96:a0:8c:ba:dd:34:9d:b3:68:e8:dc:72:45:68:95:d0:8a:d0:ae:9f:2b:8c:f1:e5:26:46:7b:7c:1c:0c:1b:45:df:e9:bb:37:d0:e8:29:51:1d:3b:1c:71:5f:d9:1c:db:cd:e4:77:e9:b1:68:bf:27:42:54:6c:96:11:fd:f3:3e:34:1e:c8:1d:f8:7d:df:c0:43:44:4d:93:00:af:7b:27:a2:8d:de:80:6d:68:b9:c8:a3:45:24:17:55:1b:df:74:31:81:3d:96:56:fc:db:64:7d:00:52:5c:22:13:5e:27:e4:c4:8f:20:f6:7c:3e:30:f0:50:af:cf:8b:12:77:aa:79:56:f4:be:6d:15:9b:40:f6:c2:6b:fa:3e:9f:52:ab:f7:23:8f:c6:52:69:4d:da:73:22:47:3f:c4:05:b3:e5:91:36:49:94:11:9c:3c:79:0c:94:be:85:57:b9:4a:05:e1:ed:fc:46:f0:37:80:a2:e4:1e:d7:80:c5:d4:ce:f4:07:9b:18:20:5f:00:f3:09:2b:71:c8:4d:ff:bb:4b:16:0c:f4:06:b2:c6:67:8a:5f:8b:f7:d5:b3:cd:06:9d:79:cb:16:57:ae:cf:e7:67:b8:5f:82:75:95:c2:70:e7:19:e1:1b:4b:2c:f1:87:05:89:a8:49:bc:96:df:e2:d6:b6:3c:a9:e4:79:ce:b8:a4:a3:f3:fc:12:fe:1d:d1:e8:77:da:81:93:61:2a:f6:d9:90:6c:84:05:ce:b7:cc:af:2e:32:22:2e:60:2e:c2:b3:c2:73:45:5c:5e:98:df:c2:74:ca:d8:f4:91:1c:dc:9c:56:25:f8:f7:0f:c2:e5:09:61:c3:75:67:c6:32:67:c0:29:f8:c7:27:13:dd:ad:95:74:ad:4f:3f:e7:80:8d:78:e7:b2:d6:18:8c:55:59:91:3d:36:85:74:2d:74:ac:f0:c0:d4:9b:05:3a:6b:9a:32:4a:68:93:c4:32:d5:b1:fc:5d:ec:be:2c:fd:25:0c:16:cc:ca:25:b5:08:d0:30:9d:3c"
}
},
"http": {
"POST /key HTTP/1.1\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "POST /key HTTP/1.1\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.method": "POST",
"http.request.uri": "/key",
"http.request.version": "HTTP/1.1"
},
"http.host": "95.217.22.76",
"http.request.line": "Host: 95.217.22.76\r\n",
"http.connection": "keep-alive",
"http.request.line": "Connection: keep-alive\r\n",
"http.content_length_header": "17",
"http.content_length_header_tree": {
"http.content_length": "17"
},
"http.request.line": "Content-Length: 17\r\n",
"http.accept": "*/*",
"http.request.line": "Accept: */*\r\n",
"http.request.line": "X-Requested-With: XMLHttpRequest\r\n",
"http.user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36",
"http.request.line": "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36\r\n",
"http.content_type": "application/json",
"http.request.line": "Content-Type: application/json\r\n",
"http.request.line": "Origin: https://95.217.22.76\r\n",
"http.request.line": "Sec-Fetch-Site: same-origin\r\n",
"http.request.line": "Sec-Fetch-Mode: cors\r\n",
"http.request.line": "Sec-Fetch-Dest: empty\r\n",
"http.referer": "https://95.217.22.76/",
"http.request.line": "Referer: https://95.217.22.76/\r\n",
"http.accept_encoding": "gzip, deflate, br",
"http.request.line": "Accept-Encoding: gzip, deflate, br\r\n",
"http.accept_language": "ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7",
"http.request.line": "Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7\r\n",
"http.cookie": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c",
"http.cookie_tree": {
"http.cookie_pair": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c"
},
"http.request.line": "Cookie: session=fe307005-3191-4dfb-b04a-d8ee9b720d1c\r\n",
"\\r\\n": "",
"http.request.full_uri": "https://95.217.22.76/key",
"http.request": "1",
"http.request_number": "1",
"http.response_in": "948",
"http.file_data": "{\"x\":301,\"y\":185}"
},
"json": {
"json.object": {
"json.member": {
"json.value.number": "301",
"json.key": "x"
},
"json.member": {
"json.value.number": "185",
"json.key": "y"
}
}
}
}
}
},
{
"_index": "packets-2020-07-13",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.interface_id_tree": {
"frame.interface_name": "wlp3s0"
},
"frame.encap_type": "1",
"frame.time": "Jul 13, 2020 07:46:50.634264711 PDT",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1594651610.634264711",
"frame.time_delta": "0.000409958",
"frame.time_delta_displayed": "2.103999133",
"frame.time_relative": "70.430009710",
"frame.number": "972",
"frame.len": "675",
"frame.cap_len": "675",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "eth:ethertype:ip:tcp:tls:http:json",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"eth": {
"eth.dst": "50:ff:20:10:b1:f0",
"eth.dst_tree": {
"eth.dst_resolved": "Keenetic_10:b1:f0",
"eth.addr": "50:ff:20:10:b1:f0",
"eth.addr_resolved": "Keenetic_10:b1:f0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.src": "8c:70:5a:f5:9b:d0",
"eth.src_tree": {
"eth.src_resolved": "IntelCor_f5:9b:d0",
"eth.addr": "8c:70:5a:f5:9b:d0",
"eth.addr_resolved": "IntelCor_f5:9b:d0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.type": "0x00000800"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000000",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "0"
},
"ip.len": "661",
"ip.id": "0x0000bdcd",
"ip.flags": "0x00004000",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0",
"ip.frag_offset": "0"
},
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x000042bf",
"ip.checksum.status": "2",
"ip.src": "192.168.1.9",
"ip.addr": "192.168.1.9",
"ip.src_host": "192.168.1.9",
"ip.host": "192.168.1.9",
"ip.dst": "95.217.22.76",
"ip.addr": "95.217.22.76",
"ip.dst_host": "95.217.22.76",
"ip.host": "95.217.22.76"
},
"tcp": {
"tcp.srcport": "50526",
"tcp.dstport": "443",
"tcp.port": "50526",
"tcp.port": "443",
"tcp.stream": "68",
"tcp.len": "609",
"tcp.seq": "569",
"tcp.nxtseq": "1178",
"tcp.ack": "142",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "·······AP···"
},
"tcp.window_size_value": "501",
"tcp.window_size": "64128",
"tcp.window_size_scalefactor": "128",
"tcp.checksum": "0x000002a4",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:93:69:24:40:33:02:6e:03",
"tcp.options_tree": {
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.timestamp": "08:0a:93:69:24:40:33:02:6e:03",
"tcp.options.timestamp_tree": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "2473141312",
"tcp.options.timestamp.tsecr": "855797251"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.037540739",
"tcp.analysis.bytes_in_flight": "660",
"tcp.analysis.push_bytes_sent": "609"
},
"Timestamps": {
"tcp.time_relative": "0.077143978",
"tcp.time_delta": "0.000409958"
},
"tcp.payload": "17:03:03:02:5c:00:00:00:00:00:00:00:01:b1:01:5b:5f:8b:d9:a1:8d:cb:d2:a0:bb:fe:5c:68:b1:31:a1:42:8d:ab:4c:e9:3e:45:77:4c:30:93:59:df:12:9b:18:36:ec:74:35:cc:a6:99:7d:b8:f0:35:a2:e0:ff:d7:7e:04:ca:96:76:c7:d0:23:27:b9:71:d9:3a:bf:df:f3:bd:54:e4:59:96:7b:b6:a2:f2:4d:85:c2:b1:92:75:1d:56:63:a5:c7:a2:f5:92:1a:69:44:c6:b8:4e:f4:84:f7:a1:df:a2:6e:f3:b0:89:5e:ab:19:17:3a:c0:0a:e9:c4:de:dc:17:b8:a0:ce:65:7d:4e:65:a1:b3:55:58:74:90:25:a9:f4:78:a0:5a:b8:55:1a:f5:67:ee:13:60:04:19:1a:dc:4b:8f:9d:25:a3:ec:e7:b6:39:30:84:43:95:48:30:f7:d3:3f:d7:d4:75:91:64:30:1a:63:b8:43:7c:57:ff:9c:63:82:1e:89:01:20:6d:82:83:3f:05:57:0b:04:5d:14:3e:2c:49:3b:32:27:cc:76:47:b2:d4:fa:24:a7:0d:dd:e6:cd:e6:a1:fe:df:ef:67:a4:f3:cf:34:1f:8c:14:dc:ce:c4:63:6c:f3:29:83:2d:a6:74:6d:f4:a0:aa:ac:c1:9e:5b:67:29:1b:c3:72:a7:fc:17:4c:fc:b8:fb:0c:ac:0d:71:6b:5a:31:0d:03:f6:a5:93:fa:6d:cf:4a:ce:5a:e2:e5:c8:67:f0:7e:0a:78:2b:3c:83:11:66:9f:07:e6:d9:3e:1f:ce:a9:e7:93:b2:2e:5f:b4:19:53:63:c2:3e:8f:94:b6:c4:b5:49:af:11:43:75:e0:11:e0:62:7d:f0:5b:0e:e0:dd:66:06:96:38:f7:7f:18:7e:bb:7f:33:08:46:fb:e0:6b:6d:78:05:7d:16:55:28:e5:33:c0:5c:4f:63:14:74:0d:0b:c5:79:24:cf:cf:01:ec:da:a4:45:35:76:fd:f9:34:f1:90:1c:58:a4:62:55:8b:27:dc:0a:eb:85:33:d0:09:a8:73:09:ff:e1:7f:c7:32:1f:79:fe:d3:38:31:d4:58:56:a7:1d:b8:58:8f:80:36:62:e9:bd:0b:90:21:76:27:19:ee:40:de:97:14:8a:1c:a7:12:94:a7:ad:02:e6:b9:70:7e:2a:a2:ce:98:b7:6e:2c:fc:91:6a:bc:80:5c:05:d1:b7:37:16:6e:a4:07:0d:4c:83:2e:83:81:36:76:28:e3:29:d0:9d:af:ba:a8:6d:77:b7:35:fa:b4:ed:3d:0d:39:aa:ab:c3:3d:8b:dc:9e:2f:0c:70:76:6b:bc:5d:02:25:d2:e4:9e:2a:f9:43:99:56:12:72:99:1d:8d:fd:ed:16:3f:46:fe:ec:ff:9c:92:0b:88:f9:28:f1:5b:fe:a6:f0:7b:d3:dc:53:06:75:91:d7:d2:e9:7e:3e:8f:a3:9a:54:46:2a:7d:df:e4:e9:f1:a3:e8:73:7c:81:b9:fe:a3:bf:24:c0:4a:3e:d0:6c:9b:29:1e:86:02:22:07:f2:77:71:72:83:6b:03:74:73:e6:6f:d7:a7:4c:4b"
},
"tls": {
"tls.record": {
"tls.record.content_type": "23",
"tls.record.version": "0x00000303",
"tls.record.length": "604",
"tls.app_data": "00:00:00:00:00:00:00:01:b1:01:5b:5f:8b:d9:a1:8d:cb:d2:a0:bb:fe:5c:68:b1:31:a1:42:8d:ab:4c:e9:3e:45:77:4c:30:93:59:df:12:9b:18:36:ec:74:35:cc:a6:99:7d:b8:f0:35:a2:e0:ff:d7:7e:04:ca:96:76:c7:d0:23:27:b9:71:d9:3a:bf:df:f3:bd:54:e4:59:96:7b:b6:a2:f2:4d:85:c2:b1:92:75:1d:56:63:a5:c7:a2:f5:92:1a:69:44:c6:b8:4e:f4:84:f7:a1:df:a2:6e:f3:b0:89:5e:ab:19:17:3a:c0:0a:e9:c4:de:dc:17:b8:a0:ce:65:7d:4e:65:a1:b3:55:58:74:90:25:a9:f4:78:a0:5a:b8:55:1a:f5:67:ee:13:60:04:19:1a:dc:4b:8f:9d:25:a3:ec:e7:b6:39:30:84:43:95:48:30:f7:d3:3f:d7:d4:75:91:64:30:1a:63:b8:43:7c:57:ff:9c:63:82:1e:89:01:20:6d:82:83:3f:05:57:0b:04:5d:14:3e:2c:49:3b:32:27:cc:76:47:b2:d4:fa:24:a7:0d:dd:e6:cd:e6:a1:fe:df:ef:67:a4:f3:cf:34:1f:8c:14:dc:ce:c4:63:6c:f3:29:83:2d:a6:74:6d:f4:a0:aa:ac:c1:9e:5b:67:29:1b:c3:72:a7:fc:17:4c:fc:b8:fb:0c:ac:0d:71:6b:5a:31:0d:03:f6:a5:93:fa:6d:cf:4a:ce:5a:e2:e5:c8:67:f0:7e:0a:78:2b:3c:83:11:66:9f:07:e6:d9:3e:1f:ce:a9:e7:93:b2:2e:5f:b4:19:53:63:c2:3e:8f:94:b6:c4:b5:49:af:11:43:75:e0:11:e0:62:7d:f0:5b:0e:e0:dd:66:06:96:38:f7:7f:18:7e:bb:7f:33:08:46:fb:e0:6b:6d:78:05:7d:16:55:28:e5:33:c0:5c:4f:63:14:74:0d:0b:c5:79:24:cf:cf:01:ec:da:a4:45:35:76:fd:f9:34:f1:90:1c:58:a4:62:55:8b:27:dc:0a:eb:85:33:d0:09:a8:73:09:ff:e1:7f:c7:32:1f:79:fe:d3:38:31:d4:58:56:a7:1d:b8:58:8f:80:36:62:e9:bd:0b:90:21:76:27:19:ee:40:de:97:14:8a:1c:a7:12:94:a7:ad:02:e6:b9:70:7e:2a:a2:ce:98:b7:6e:2c:fc:91:6a:bc:80:5c:05:d1:b7:37:16:6e:a4:07:0d:4c:83:2e:83:81:36:76:28:e3:29:d0:9d:af:ba:a8:6d:77:b7:35:fa:b4:ed:3d:0d:39:aa:ab:c3:3d:8b:dc:9e:2f:0c:70:76:6b:bc:5d:02:25:d2:e4:9e:2a:f9:43:99:56:12:72:99:1d:8d:fd:ed:16:3f:46:fe:ec:ff:9c:92:0b:88:f9:28:f1:5b:fe:a6:f0:7b:d3:dc:53:06:75:91:d7:d2:e9:7e:3e:8f:a3:9a:54:46:2a:7d:df:e4:e9:f1:a3:e8:73:7c:81:b9:fe:a3:bf:24:c0:4a:3e:d0:6c:9b:29:1e:86:02:22:07:f2:77:71:72:83:6b:03:74:73:e6:6f:d7:a7:4c:4b"
}
},
"http": {
"POST /key HTTP/1.1\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "POST /key HTTP/1.1\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.method": "POST",
"http.request.uri": "/key",
"http.request.version": "HTTP/1.1"
},
"http.host": "95.217.22.76",
"http.request.line": "Host: 95.217.22.76\r\n",
"http.connection": "keep-alive",
"http.request.line": "Connection: keep-alive\r\n",
"http.content_length_header": "16",
"http.content_length_header_tree": {
"http.content_length": "16"
},
"http.request.line": "Content-Length: 16\r\n",
"http.accept": "*/*",
"http.request.line": "Accept: */*\r\n",
"http.request.line": "X-Requested-With: XMLHttpRequest\r\n",
"http.user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36",
"http.request.line": "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36\r\n",
"http.content_type": "application/json",
"http.request.line": "Content-Type: application/json\r\n",
"http.request.line": "Origin: https://95.217.22.76\r\n",
"http.request.line": "Sec-Fetch-Site: same-origin\r\n",
"http.request.line": "Sec-Fetch-Mode: cors\r\n",
"http.request.line": "Sec-Fetch-Dest: empty\r\n",
"http.referer": "https://95.217.22.76/",
"http.request.line": "Referer: https://95.217.22.76/\r\n",
"http.accept_encoding": "gzip, deflate, br",
"http.request.line": "Accept-Encoding: gzip, deflate, br\r\n",
"http.accept_language": "ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7",
"http.request.line": "Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7\r\n",
"http.cookie": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c",
"http.cookie_tree": {
"http.cookie_pair": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c"
},
"http.request.line": "Cookie: session=fe307005-3191-4dfb-b04a-d8ee9b720d1c\r\n",
"\\r\\n": "",
"http.request.full_uri": "https://95.217.22.76/key",
"http.request": "1",
"http.request_number": "1",
"http.response_in": "977",
"http.file_data": "{\"x\":648,\"y\":56}"
},
"json": {
"json.object": {
"json.member": {
"json.value.number": "648",
"json.key": "x"
},
"json.member": {
"json.value.number": "56",
"json.key": "y"
}
}
}
}
}
},
{
"_index": "packets-2020-07-13",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.interface_id_tree": {
"frame.interface_name": "wlp3s0"
},
"frame.encap_type": "1",
"frame.time": "Jul 13, 2020 07:46:52.885425295 PDT",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1594651612.885425295",
"frame.time_delta": "0.000488885",
"frame.time_delta_displayed": "2.251160584",
"frame.time_relative": "72.681170294",
"frame.number": "1000",
"frame.len": "675",
"frame.cap_len": "675",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "eth:ethertype:ip:tcp:tls:http:json",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"eth": {
"eth.dst": "50:ff:20:10:b1:f0",
"eth.dst_tree": {
"eth.dst_resolved": "Keenetic_10:b1:f0",
"eth.addr": "50:ff:20:10:b1:f0",
"eth.addr_resolved": "Keenetic_10:b1:f0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.src": "8c:70:5a:f5:9b:d0",
"eth.src_tree": {
"eth.src_resolved": "IntelCor_f5:9b:d0",
"eth.addr": "8c:70:5a:f5:9b:d0",
"eth.addr_resolved": "IntelCor_f5:9b:d0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.type": "0x00000800"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000000",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "0"
},
"ip.len": "661",
"ip.id": "0x0000908c",
"ip.flags": "0x00004000",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0",
"ip.frag_offset": "0"
},
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x00007000",
"ip.checksum.status": "2",
"ip.src": "192.168.1.9",
"ip.addr": "192.168.1.9",
"ip.src_host": "192.168.1.9",
"ip.host": "192.168.1.9",
"ip.dst": "95.217.22.76",
"ip.addr": "95.217.22.76",
"ip.dst_host": "95.217.22.76",
"ip.host": "95.217.22.76"
},
"tcp": {
"tcp.srcport": "50530",
"tcp.dstport": "443",
"tcp.port": "50530",
"tcp.port": "443",
"tcp.stream": "70",
"tcp.len": "609",
"tcp.seq": "569",
"tcp.nxtseq": "1178",
"tcp.ack": "142",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "·······AP···"
},
"tcp.window_size_value": "501",
"tcp.window_size": "64128",
"tcp.window_size_scalefactor": "128",
"tcp.checksum": "0x00003da7",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:93:69:2d:0b:33:02:76:cd",
"tcp.options_tree": {
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.timestamp": "08:0a:93:69:2d:0b:33:02:76:cd",
"tcp.options.timestamp_tree": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "2473143563",
"tcp.options.timestamp.tsecr": "855799501"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.038920852",
"tcp.analysis.bytes_in_flight": "660",
"tcp.analysis.push_bytes_sent": "609"
},
"Timestamps": {
"tcp.time_relative": "0.080126627",
"tcp.time_delta": "0.000488885"
},
"tcp.payload": "17:03:03:02:5c:00:00:00:00:00:00:00:01:cb:54:7c:c0:ac:e0:55:07:e9:fd:f5:df:1b:db:26:8f:d5:33:03:f0:1c:87:22:27:16:70:06:5d:32:20:0a:f2:a0:a7:7c:20:e1:b5:dc:9c:bf:be:e9:d0:ea:ed:ad:75:8c:d3:af:a3:e2:2a:82:bc:a7:fb:7d:d0:9f:5c:e1:30:7e:0c:f9:7b:60:40:1a:89:b2:c0:39:27:6f:87:e0:b6:c6:bb:45:27:d5:6b:e3:04:75:7d:8b:a8:32:de:fe:7d:b0:70:36:4c:d9:3b:f1:7c:49:56:c7:bc:5a:0f:35:f6:39:eb:d7:43:e3:23:a8:69:30:33:f1:af:2d:a8:6b:24:4b:84:f8:2b:c1:f1:9d:08:3e:d6:39:8b:3b:8e:78:14:c7:e7:58:32:3c:2f:50:ca:1b:ca:2f:be:6f:54:ea:ce:c8:d1:80:c6:5a:7f:a1:8c:b0:7f:36:41:6a:9d:63:0f:df:66:31:35:3c:6c:b4:24:83:9f:76:48:06:ce:5d:65:49:5b:58:ea:ad:33:74:cc:1a:94:31:26:e6:2f:d2:39:90:aa:15:d1:ac:e0:39:0e:0a:5a:d6:0c:b9:2a:2d:f8:35:04:db:47:15:26:d3:05:f0:4f:9b:eb:51:f9:ad:6c:19:e5:bd:02:f5:4d:8e:8c:e6:b9:dd:4e:4d:00:3e:b5:ba:54:d2:75:56:5b:42:35:5a:1c:6f:93:77:80:4d:9e:3f:29:50:c5:f4:87:0b:ab:fd:04:4b:70:21:22:17:d0:3d:19:03:6c:7f:f4:03:26:3c:58:c3:cd:43:f7:16:43:5c:bd:97:f2:ec:18:cb:b4:66:17:cf:c6:f5:90:df:ff:bc:95:58:44:05:53:1a:e1:02:06:60:58:55:a2:75:27:58:2c:49:f4:cf:e4:01:5a:79:1a:fd:e7:76:d2:bc:bc:a4:e7:29:b0:ab:22:96:d4:9d:d1:70:d9:77:04:96:25:e2:e2:ba:43:37:9b:93:ba:35:27:ff:a5:2b:48:fe:c4:55:fc:b3:09:4d:f6:72:77:74:ad:ba:92:21:e1:39:e1:ce:39:aa:e0:9d:21:e9:f4:58:6b:69:9f:1e:67:a6:04:c0:da:fa:4c:b7:fa:2b:53:e3:cf:8c:fc:55:94:48:ad:18:14:43:48:fe:55:74:26:4f:30:e3:c6:db:02:2f:22:f6:13:a0:29:7f:61:e1:32:be:bd:6f:ac:dc:03:83:85:a3:76:78:ca:d9:8b:0d:92:a3:68:85:ae:d3:77:44:f6:ab:48:b6:f0:16:40:77:0c:f1:46:84:90:3a:03:d2:65:6c:de:92:9a:1f:07:19:16:e2:f9:1a:48:fa:92:9b:ab:0c:2b:b2:49:c4:03:92:ef:7e:a4:91:a1:e4:9d:8c:2f:9b:e3:11:0a:ab:72:f4:4a:d1:a7:e0:f7:1e:ee:ed:d2:f2:23:5e:c0:c0:b4:c0:13:df:af:1e:d9:aa:25:c2:f2:08:29:e4:4c:39:99:cd:b4:e1:6f:c8:15:15:f0:36:c2:51:fb:40:be:39:e9:ef:e9:68:99:44:10:8c:93:62:1a:41:c3:6e:e5"
},
"tls": {
"tls.record": {
"tls.record.content_type": "23",
"tls.record.version": "0x00000303",
"tls.record.length": "604",
"tls.app_data": "00:00:00:00:00:00:00:01:cb:54:7c:c0:ac:e0:55:07:e9:fd:f5:df:1b:db:26:8f:d5:33:03:f0:1c:87:22:27:16:70:06:5d:32:20:0a:f2:a0:a7:7c:20:e1:b5:dc:9c:bf:be:e9:d0:ea:ed:ad:75:8c:d3:af:a3:e2:2a:82:bc:a7:fb:7d:d0:9f:5c:e1:30:7e:0c:f9:7b:60:40:1a:89:b2:c0:39:27:6f:87:e0:b6:c6:bb:45:27:d5:6b:e3:04:75:7d:8b:a8:32:de:fe:7d:b0:70:36:4c:d9:3b:f1:7c:49:56:c7:bc:5a:0f:35:f6:39:eb:d7:43:e3:23:a8:69:30:33:f1:af:2d:a8:6b:24:4b:84:f8:2b:c1:f1:9d:08:3e:d6:39:8b:3b:8e:78:14:c7:e7:58:32:3c:2f:50:ca:1b:ca:2f:be:6f:54:ea:ce:c8:d1:80:c6:5a:7f:a1:8c:b0:7f:36:41:6a:9d:63:0f:df:66:31:35:3c:6c:b4:24:83:9f:76:48:06:ce:5d:65:49:5b:58:ea:ad:33:74:cc:1a:94:31:26:e6:2f:d2:39:90:aa:15:d1:ac:e0:39:0e:0a:5a:d6:0c:b9:2a:2d:f8:35:04:db:47:15:26:d3:05:f0:4f:9b:eb:51:f9:ad:6c:19:e5:bd:02:f5:4d:8e:8c:e6:b9:dd:4e:4d:00:3e:b5:ba:54:d2:75:56:5b:42:35:5a:1c:6f:93:77:80:4d:9e:3f:29:50:c5:f4:87:0b:ab:fd:04:4b:70:21:22:17:d0:3d:19:03:6c:7f:f4:03:26:3c:58:c3:cd:43:f7:16:43:5c:bd:97:f2:ec:18:cb:b4:66:17:cf:c6:f5:90:df:ff:bc:95:58:44:05:53:1a:e1:02:06:60:58:55:a2:75:27:58:2c:49:f4:cf:e4:01:5a:79:1a:fd:e7:76:d2:bc:bc:a4:e7:29:b0:ab:22:96:d4:9d:d1:70:d9:77:04:96:25:e2:e2:ba:43:37:9b:93:ba:35:27:ff:a5:2b:48:fe:c4:55:fc:b3:09:4d:f6:72:77:74:ad:ba:92:21:e1:39:e1:ce:39:aa:e0:9d:21:e9:f4:58:6b:69:9f:1e:67:a6:04:c0:da:fa:4c:b7:fa:2b:53:e3:cf:8c:fc:55:94:48:ad:18:14:43:48:fe:55:74:26:4f:30:e3:c6:db:02:2f:22:f6:13:a0:29:7f:61:e1:32:be:bd:6f:ac:dc:03:83:85:a3:76:78:ca:d9:8b:0d:92:a3:68:85:ae:d3:77:44:f6:ab:48:b6:f0:16:40:77:0c:f1:46:84:90:3a:03:d2:65:6c:de:92:9a:1f:07:19:16:e2:f9:1a:48:fa:92:9b:ab:0c:2b:b2:49:c4:03:92:ef:7e:a4:91:a1:e4:9d:8c:2f:9b:e3:11:0a:ab:72:f4:4a:d1:a7:e0:f7:1e:ee:ed:d2:f2:23:5e:c0:c0:b4:c0:13:df:af:1e:d9:aa:25:c2:f2:08:29:e4:4c:39:99:cd:b4:e1:6f:c8:15:15:f0:36:c2:51:fb:40:be:39:e9:ef:e9:68:99:44:10:8c:93:62:1a:41:c3:6e:e5"
}
},
"http": {
"POST /key HTTP/1.1\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "POST /key HTTP/1.1\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.method": "POST",
"http.request.uri": "/key",
"http.request.version": "HTTP/1.1"
},
"http.host": "95.217.22.76",
"http.request.line": "Host: 95.217.22.76\r\n",
"http.connection": "keep-alive",
"http.request.line": "Connection: keep-alive\r\n",
"http.content_length_header": "16",
"http.content_length_header_tree": {
"http.content_length": "16"
},
"http.request.line": "Content-Length: 16\r\n",
"http.accept": "*/*",
"http.request.line": "Accept: */*\r\n",
"http.request.line": "X-Requested-With: XMLHttpRequest\r\n",
"http.user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36",
"http.request.line": "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36\r\n",
"http.content_type": "application/json",
"http.request.line": "Content-Type: application/json\r\n",
"http.request.line": "Origin: https://95.217.22.76\r\n",
"http.request.line": "Sec-Fetch-Site: same-origin\r\n",
"http.request.line": "Sec-Fetch-Mode: cors\r\n",
"http.request.line": "Sec-Fetch-Dest: empty\r\n",
"http.referer": "https://95.217.22.76/",
"http.request.line": "Referer: https://95.217.22.76/\r\n",
"http.accept_encoding": "gzip, deflate, br",
"http.request.line": "Accept-Encoding: gzip, deflate, br\r\n",
"http.accept_language": "ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7",
"http.request.line": "Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7\r\n",
"http.cookie": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c",
"http.cookie_tree": {
"http.cookie_pair": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c"
},
"http.request.line": "Cookie: session=fe307005-3191-4dfb-b04a-d8ee9b720d1c\r\n",
"\\r\\n": "",
"http.request.full_uri": "https://95.217.22.76/key",
"http.request": "1",
"http.request_number": "1",
"http.response_in": "1005",
"http.file_data": "{\"x\":253,\"y\":27}"
},
"json": {
"json.object": {
"json.member": {
"json.value.number": "253",
"json.key": "x"
},
"json.member": {
"json.value.number": "27",
"json.key": "y"
}
}
}
}
}
},
{
"_index": "packets-2020-07-13",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.interface_id_tree": {
"frame.interface_name": "wlp3s0"
},
"frame.encap_type": "1",
"frame.time": "Jul 13, 2020 07:46:54.420865315 PDT",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1594651614.420865315",
"frame.time_delta": "0.000374215",
"frame.time_delta_displayed": "1.535440020",
"frame.time_relative": "74.216610314",
"frame.number": "1028",
"frame.len": "675",
"frame.cap_len": "675",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "eth:ethertype:ip:tcp:tls:http:json",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"eth": {
"eth.dst": "50:ff:20:10:b1:f0",
"eth.dst_tree": {
"eth.dst_resolved": "Keenetic_10:b1:f0",
"eth.addr": "50:ff:20:10:b1:f0",
"eth.addr_resolved": "Keenetic_10:b1:f0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.src": "8c:70:5a:f5:9b:d0",
"eth.src_tree": {
"eth.src_resolved": "IntelCor_f5:9b:d0",
"eth.addr": "8c:70:5a:f5:9b:d0",
"eth.addr_resolved": "IntelCor_f5:9b:d0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.type": "0x00000800"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000000",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "0"
},
"ip.len": "661",
"ip.id": "0x00008261",
"ip.flags": "0x00004000",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0",
"ip.frag_offset": "0"
},
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x00007e2b",
"ip.checksum.status": "2",
"ip.src": "192.168.1.9",
"ip.addr": "192.168.1.9",
"ip.src_host": "192.168.1.9",
"ip.host": "192.168.1.9",
"ip.dst": "95.217.22.76",
"ip.addr": "95.217.22.76",
"ip.dst_host": "95.217.22.76",
"ip.host": "95.217.22.76"
},
"tcp": {
"tcp.srcport": "50534",
"tcp.dstport": "443",
"tcp.port": "50534",
"tcp.port": "443",
"tcp.stream": "72",
"tcp.len": "609",
"tcp.seq": "569",
"tcp.nxtseq": "1178",
"tcp.ack": "142",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "·······AP···"
},
"tcp.window_size_value": "501",
"tcp.window_size": "64128",
"tcp.window_size_scalefactor": "128",
"tcp.checksum": "0x00000968",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:93:69:33:0b:33:02:7c:ce",
"tcp.options_tree": {
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.timestamp": "08:0a:93:69:33:0b:33:02:7c:ce",
"tcp.options.timestamp_tree": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "2473145099",
"tcp.options.timestamp.tsecr": "855801038"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.038037533",
"tcp.analysis.bytes_in_flight": "660",
"tcp.analysis.push_bytes_sent": "609"
},
"Timestamps": {
"tcp.time_relative": "0.077237135",
"tcp.time_delta": "0.000374215"
},
"tcp.payload": "17:03:03:02:5c:00:00:00:00:00:00:00:01:82:2b:67:10:ef:d9:4c:38:a8:36:de:39:7d:23:0a:48:06:ab:18:d6:8b:ee:6f:4c:fd:5e:3a:d4:9c:31:6e:1e:43:6f:b1:e5:41:2c:7f:f1:06:43:c9:e7:97:1b:be:97:85:09:7b:1b:df:c3:02:8f:70:a8:ca:78:5c:13:36:23:95:e2:50:0c:d7:7c:a6:70:61:70:a8:7f:12:11:05:b5:f7:48:ed:ed:3e:16:b5:02:f2:5a:ec:56:4b:df:d2:f9:65:d2:9c:eb:55:17:a8:5c:6c:d5:86:8f:9f:73:60:88:4b:62:bc:3a:63:e4:2d:d0:51:8d:df:a9:b0:d3:cc:8c:bc:a6:1f:2c:c5:72:d2:b4:d1:92:9d:4f:24:c4:b6:4f:34:a0:1a:6c:60:fa:0a:23:b7:85:d5:52:76:e3:23:fa:be:18:dd:5c:71:be:0a:f5:d9:45:01:1b:7c:b1:3b:c1:33:d5:ca:5d:53:9a:b0:68:8e:94:a9:a4:bc:35:69:e7:47:54:49:ec:cd:9c:f9:44:5e:ae:29:a2:19:d7:f1:d9:e7:53:49:05:0d:98:49:33:e3:29:63:1b:fa:d7:f0:a2:a7:d9:ab:4a:5a:d4:8a:86:3f:bb:7a:ca:ce:2c:c2:d4:1b:37:63:40:60:d0:37:9d:75:2d:6b:47:59:ce:b4:7f:4b:bc:d4:6e:be:f4:24:38:d6:aa:86:58:74:38:43:3e:47:32:f0:54:31:1b:e5:23:c8:c5:e9:56:6c:c0:6e:25:aa:c2:67:80:a6:fc:b8:09:86:8a:c0:83:94:cc:a1:87:89:f0:0d:bf:2f:0d:06:00:9d:9c:88:6f:cf:7b:8f:58:dc:0e:0e:be:9e:73:f9:41:4d:77:b0:d2:04:b6:e9:4b:80:9f:3d:b4:01:dd:63:ae:b6:1b:84:8d:e8:f6:5c:04:4e:88:cd:a9:34:b8:a8:f3:b5:5f:2a:7f:27:de:94:15:9b:d8:4f:35:78:c7:2b:52:6e:62:07:62:22:99:bd:47:0d:a7:6f:f7:2f:92:6b:20:5f:c5:7a:d9:49:d2:96:33:d3:3a:fb:5e:39:06:0b:3f:5c:31:82:58:5b:dd:94:9d:a9:30:e9:da:11:24:89:83:da:ed:cd:9d:4e:3d:0c:92:d7:19:c7:d4:66:5c:7f:2d:e3:f3:f7:a7:98:8b:f7:8f:73:fd:ee:ac:6e:de:39:5a:9e:87:9a:da:b0:5a:be:88:01:8c:25:bd:af:75:76:0c:e2:32:16:ac:29:51:51:c2:3c:af:94:9f:f3:80:e8:ce:8c:99:a2:f3:af:4e:1b:2a:42:e6:c3:57:e0:97:66:59:16:83:a7:de:72:57:79:8a:70:d8:13:cc:cb:4d:8d:4e:bf:78:a2:f0:f8:34:00:2f:d4:3c:74:1b:05:04:0b:82:44:66:85:80:ad:c6:28:30:cb:1f:50:dd:56:bc:70:ab:5f:5a:9d:a4:2f:6f:07:12:62:ea:38:5c:62:57:26:5a:6d:d7:f8:f7:dd:5e:d2:5a:8e:78:74:28:a3:1e:35:e0:3c:36:12:d2:27:18:b6:16:5a:a1:92:18"
},
"tls": {
"tls.record": {
"tls.record.content_type": "23",
"tls.record.version": "0x00000303",
"tls.record.length": "604",
"tls.app_data": "00:00:00:00:00:00:00:01:82:2b:67:10:ef:d9:4c:38:a8:36:de:39:7d:23:0a:48:06:ab:18:d6:8b:ee:6f:4c:fd:5e:3a:d4:9c:31:6e:1e:43:6f:b1:e5:41:2c:7f:f1:06:43:c9:e7:97:1b:be:97:85:09:7b:1b:df:c3:02:8f:70:a8:ca:78:5c:13:36:23:95:e2:50:0c:d7:7c:a6:70:61:70:a8:7f:12:11:05:b5:f7:48:ed:ed:3e:16:b5:02:f2:5a:ec:56:4b:df:d2:f9:65:d2:9c:eb:55:17:a8:5c:6c:d5:86:8f:9f:73:60:88:4b:62:bc:3a:63:e4:2d:d0:51:8d:df:a9:b0:d3:cc:8c:bc:a6:1f:2c:c5:72:d2:b4:d1:92:9d:4f:24:c4:b6:4f:34:a0:1a:6c:60:fa:0a:23:b7:85:d5:52:76:e3:23:fa:be:18:dd:5c:71:be:0a:f5:d9:45:01:1b:7c:b1:3b:c1:33:d5:ca:5d:53:9a:b0:68:8e:94:a9:a4:bc:35:69:e7:47:54:49:ec:cd:9c:f9:44:5e:ae:29:a2:19:d7:f1:d9:e7:53:49:05:0d:98:49:33:e3:29:63:1b:fa:d7:f0:a2:a7:d9:ab:4a:5a:d4:8a:86:3f:bb:7a:ca:ce:2c:c2:d4:1b:37:63:40:60:d0:37:9d:75:2d:6b:47:59:ce:b4:7f:4b:bc:d4:6e:be:f4:24:38:d6:aa:86:58:74:38:43:3e:47:32:f0:54:31:1b:e5:23:c8:c5:e9:56:6c:c0:6e:25:aa:c2:67:80:a6:fc:b8:09:86:8a:c0:83:94:cc:a1:87:89:f0:0d:bf:2f:0d:06:00:9d:9c:88:6f:cf:7b:8f:58:dc:0e:0e:be:9e:73:f9:41:4d:77:b0:d2:04:b6:e9:4b:80:9f:3d:b4:01:dd:63:ae:b6:1b:84:8d:e8:f6:5c:04:4e:88:cd:a9:34:b8:a8:f3:b5:5f:2a:7f:27:de:94:15:9b:d8:4f:35:78:c7:2b:52:6e:62:07:62:22:99:bd:47:0d:a7:6f:f7:2f:92:6b:20:5f:c5:7a:d9:49:d2:96:33:d3:3a:fb:5e:39:06:0b:3f:5c:31:82:58:5b:dd:94:9d:a9:30:e9:da:11:24:89:83:da:ed:cd:9d:4e:3d:0c:92:d7:19:c7:d4:66:5c:7f:2d:e3:f3:f7:a7:98:8b:f7:8f:73:fd:ee:ac:6e:de:39:5a:9e:87:9a:da:b0:5a:be:88:01:8c:25:bd:af:75:76:0c:e2:32:16:ac:29:51:51:c2:3c:af:94:9f:f3:80:e8:ce:8c:99:a2:f3:af:4e:1b:2a:42:e6:c3:57:e0:97:66:59:16:83:a7:de:72:57:79:8a:70:d8:13:cc:cb:4d:8d:4e:bf:78:a2:f0:f8:34:00:2f:d4:3c:74:1b:05:04:0b:82:44:66:85:80:ad:c6:28:30:cb:1f:50:dd:56:bc:70:ab:5f:5a:9d:a4:2f:6f:07:12:62:ea:38:5c:62:57:26:5a:6d:d7:f8:f7:dd:5e:d2:5a:8e:78:74:28:a3:1e:35:e0:3c:36:12:d2:27:18:b6:16:5a:a1:92:18"
}
},
"http": {
"POST /key HTTP/1.1\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "POST /key HTTP/1.1\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.method": "POST",
"http.request.uri": "/key",
"http.request.version": "HTTP/1.1"
},
"http.host": "95.217.22.76",
"http.request.line": "Host: 95.217.22.76\r\n",
"http.connection": "keep-alive",
"http.request.line": "Connection: keep-alive\r\n",
"http.content_length_header": "16",
"http.content_length_header_tree": {
"http.content_length": "16"
},
"http.request.line": "Content-Length: 16\r\n",
"http.accept": "*/*",
"http.request.line": "Accept: */*\r\n",
"http.request.line": "X-Requested-With: XMLHttpRequest\r\n",
"http.user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36",
"http.request.line": "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36\r\n",
"http.content_type": "application/json",
"http.request.line": "Content-Type: application/json\r\n",
"http.request.line": "Origin: https://95.217.22.76\r\n",
"http.request.line": "Sec-Fetch-Site: same-origin\r\n",
"http.request.line": "Sec-Fetch-Mode: cors\r\n",
"http.request.line": "Sec-Fetch-Dest: empty\r\n",
"http.referer": "https://95.217.22.76/",
"http.request.line": "Referer: https://95.217.22.76/\r\n",
"http.accept_encoding": "gzip, deflate, br",
"http.request.line": "Accept-Encoding: gzip, deflate, br\r\n",
"http.accept_language": "ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7",
"http.request.line": "Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7\r\n",
"http.cookie": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c",
"http.cookie_tree": {
"http.cookie_pair": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c"
},
"http.request.line": "Cookie: session=fe307005-3191-4dfb-b04a-d8ee9b720d1c\r\n",
"\\r\\n": "",
"http.request.full_uri": "https://95.217.22.76/key",
"http.request": "1",
"http.request_number": "1",
"http.response_in": "1033",
"http.file_data": "{\"x\":258,\"y\":63}"
},
"json": {
"json.object": {
"json.member": {
"json.value.number": "258",
"json.key": "x"
},
"json.member": {
"json.value.number": "63",
"json.key": "y"
}
}
}
}
}
},
{
"_index": "packets-2020-07-13",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.interface_id_tree": {
"frame.interface_name": "wlp3s0"
},
"frame.encap_type": "1",
"frame.time": "Jul 13, 2020 07:46:56.983371638 PDT",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1594651616.983371638",
"frame.time_delta": "0.000591146",
"frame.time_delta_displayed": "2.562506323",
"frame.time_relative": "76.779116637",
"frame.number": "1056",
"frame.len": "676",
"frame.cap_len": "676",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "eth:ethertype:ip:tcp:tls:http:json",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"eth": {
"eth.dst": "50:ff:20:10:b1:f0",
"eth.dst_tree": {
"eth.dst_resolved": "Keenetic_10:b1:f0",
"eth.addr": "50:ff:20:10:b1:f0",
"eth.addr_resolved": "Keenetic_10:b1:f0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.src": "8c:70:5a:f5:9b:d0",
"eth.src_tree": {
"eth.src_resolved": "IntelCor_f5:9b:d0",
"eth.addr": "8c:70:5a:f5:9b:d0",
"eth.addr_resolved": "IntelCor_f5:9b:d0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.type": "0x00000800"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000000",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "0"
},
"ip.len": "662",
"ip.id": "0x00008623",
"ip.flags": "0x00004000",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0",
"ip.frag_offset": "0"
},
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x00007a68",
"ip.checksum.status": "2",
"ip.src": "192.168.1.9",
"ip.addr": "192.168.1.9",
"ip.src_host": "192.168.1.9",
"ip.host": "192.168.1.9",
"ip.dst": "95.217.22.76",
"ip.addr": "95.217.22.76",
"ip.dst_host": "95.217.22.76",
"ip.host": "95.217.22.76"
},
"tcp": {
"tcp.srcport": "50538",
"tcp.dstport": "443",
"tcp.port": "50538",
"tcp.port": "443",
"tcp.stream": "74",
"tcp.len": "610",
"tcp.seq": "569",
"tcp.nxtseq": "1179",
"tcp.ack": "142",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "·······AP···"
},
"tcp.window_size_value": "501",
"tcp.window_size": "64128",
"tcp.window_size_scalefactor": "128",
"tcp.checksum": "0x00000f8e",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:93:69:3d:0d:33:02:86:d0",
"tcp.options_tree": {
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.timestamp": "08:0a:93:69:3d:0d:33:02:86:d0",
"tcp.options.timestamp_tree": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "2473147661",
"tcp.options.timestamp.tsecr": "855803600"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.037507507",
"tcp.analysis.bytes_in_flight": "661",
"tcp.analysis.push_bytes_sent": "610"
},
"Timestamps": {
"tcp.time_relative": "0.076984145",
"tcp.time_delta": "0.000591146"
},
"tcp.payload": "17:03:03:02:5d:00:00:00:00:00:00:00:01:fc:08:30:9c:59:d1:2c:2b:c0:3a:4f:a5:c7:bc:62:c5:5f:58:91:97:51:0b:bb:84:88:6f:e0:fb:e6:80:ec:63:ec:40:54:23:e5:c1:7a:f2:14:15:d5:05:f4:c2:5f:89:fa:44:87:e1:9d:0f:75:e9:a6:c2:78:3b:08:33:21:c2:89:87:04:cd:1f:1c:1c:6a:88:69:79:6a:6c:e2:a9:ca:17:a8:1d:29:ab:03:f4:60:51:53:42:bf:61:4b:fc:56:3b:24:2e:e0:3b:39:c1:a0:13:55:f7:fe:66:8f:a4:86:6a:b2:35:51:06:43:a4:ca:fe:29:11:e0:06:96:c4:a0:70:11:5b:f2:9d:fd:89:fb:66:0a:74:a9:e7:a8:f9:84:04:05:aa:94:41:8e:3f:49:86:12:d4:bf:0e:b6:4b:2e:d6:3f:35:37:8e:a4:2c:c4:0d:e3:85:fb:38:de:72:63:c0:ab:0d:63:b8:ae:7f:61:49:21:95:b8:6e:7e:ee:2f:6e:d6:dc:4b:03:f2:4b:cd:19:03:41:dd:78:66:f1:a2:c5:f9:81:b5:d0:91:79:31:02:6b:ff:ed:7c:09:99:c7:83:57:1a:e1:cd:3e:ae:2d:17:23:59:73:3e:b9:ea:e4:95:49:0e:c3:42:bf:d0:b0:7e:26:3c:70:fd:d7:bc:44:39:b6:b2:4f:29:e8:63:60:2f:e6:f1:1e:0c:ce:c3:50:e2:45:04:ff:cb:d4:74:4e:b6:72:15:a0:d0:9a:64:76:39:6c:c0:d5:cf:2b:8f:f0:43:a3:65:35:74:3a:a5:c6:d0:f8:53:a2:45:f2:da:be:6f:87:49:f4:6c:e5:27:42:78:cf:29:ab:6f:07:2a:3e:04:6e:3d:be:71:d9:31:83:5e:58:3e:4c:95:11:fd:1a:21:04:25:f8:6c:03:73:97:6b:f8:fc:9c:16:bb:eb:9a:27:09:1a:e4:4c:cb:bc:bf:88:22:68:c8:85:fb:e1:04:ef:bd:7e:49:1c:f4:50:0a:08:a6:a3:51:a4:04:e5:d5:2e:1e:47:4f:dc:bd:bd:79:8f:0f:2a:96:ca:ce:f5:c0:3a:db:77:78:ee:b7:25:47:e2:3a:c0:64:b3:cd:d1:a7:f4:6a:aa:60:82:bb:17:25:13:3d:f3:a0:07:68:12:b5:c5:a2:c1:23:30:08:24:bd:63:a9:7f:05:fc:f2:fd:9b:a0:b9:ff:1b:2f:e8:07:e4:7f:d8:18:5f:c1:27:ee:e1:a5:ae:85:58:90:ef:40:02:8f:6e:98:7e:13:3e:97:f2:b0:81:1a:85:b6:54:95:0d:1a:cf:ff:68:6c:1e:88:6d:8a:92:a9:b6:02:9c:40:a7:b6:a7:a2:b5:ff:3e:e1:d8:7d:39:fd:b8:86:31:0c:9c:3e:0e:82:c0:4e:1f:e6:1e:38:c9:b4:82:4f:7f:2f:dd:4f:f8:99:03:27:e6:fc:2a:8d:d5:90:07:65:56:34:6d:cb:b9:1a:be:0b:76:e8:3c:51:99:5d:05:92:9b:42:79:24:75:56:a8:57:08:69:a7:a2:0c:aa:ba:16:91:87:23:38:45:60:d5:b6"
},
"tls": {
"tls.record": {
"tls.record.content_type": "23",
"tls.record.version": "0x00000303",
"tls.record.length": "605",
"tls.app_data": "00:00:00:00:00:00:00:01:fc:08:30:9c:59:d1:2c:2b:c0:3a:4f:a5:c7:bc:62:c5:5f:58:91:97:51:0b:bb:84:88:6f:e0:fb:e6:80:ec:63:ec:40:54:23:e5:c1:7a:f2:14:15:d5:05:f4:c2:5f:89:fa:44:87:e1:9d:0f:75:e9:a6:c2:78:3b:08:33:21:c2:89:87:04:cd:1f:1c:1c:6a:88:69:79:6a:6c:e2:a9:ca:17:a8:1d:29:ab:03:f4:60:51:53:42:bf:61:4b:fc:56:3b:24:2e:e0:3b:39:c1:a0:13:55:f7:fe:66:8f:a4:86:6a:b2:35:51:06:43:a4:ca:fe:29:11:e0:06:96:c4:a0:70:11:5b:f2:9d:fd:89:fb:66:0a:74:a9:e7:a8:f9:84:04:05:aa:94:41:8e:3f:49:86:12:d4:bf:0e:b6:4b:2e:d6:3f:35:37:8e:a4:2c:c4:0d:e3:85:fb:38:de:72:63:c0:ab:0d:63:b8:ae:7f:61:49:21:95:b8:6e:7e:ee:2f:6e:d6:dc:4b:03:f2:4b:cd:19:03:41:dd:78:66:f1:a2:c5:f9:81:b5:d0:91:79:31:02:6b:ff:ed:7c:09:99:c7:83:57:1a:e1:cd:3e:ae:2d:17:23:59:73:3e:b9:ea:e4:95:49:0e:c3:42:bf:d0:b0:7e:26:3c:70:fd:d7:bc:44:39:b6:b2:4f:29:e8:63:60:2f:e6:f1:1e:0c:ce:c3:50:e2:45:04:ff:cb:d4:74:4e:b6:72:15:a0:d0:9a:64:76:39:6c:c0:d5:cf:2b:8f:f0:43:a3:65:35:74:3a:a5:c6:d0:f8:53:a2:45:f2:da:be:6f:87:49:f4:6c:e5:27:42:78:cf:29:ab:6f:07:2a:3e:04:6e:3d:be:71:d9:31:83:5e:58:3e:4c:95:11:fd:1a:21:04:25:f8:6c:03:73:97:6b:f8:fc:9c:16:bb:eb:9a:27:09:1a:e4:4c:cb:bc:bf:88:22:68:c8:85:fb:e1:04:ef:bd:7e:49:1c:f4:50:0a:08:a6:a3:51:a4:04:e5:d5:2e:1e:47:4f:dc:bd:bd:79:8f:0f:2a:96:ca:ce:f5:c0:3a:db:77:78:ee:b7:25:47:e2:3a:c0:64:b3:cd:d1:a7:f4:6a:aa:60:82:bb:17:25:13:3d:f3:a0:07:68:12:b5:c5:a2:c1:23:30:08:24:bd:63:a9:7f:05:fc:f2:fd:9b:a0:b9:ff:1b:2f:e8:07:e4:7f:d8:18:5f:c1:27:ee:e1:a5:ae:85:58:90:ef:40:02:8f:6e:98:7e:13:3e:97:f2:b0:81:1a:85:b6:54:95:0d:1a:cf:ff:68:6c:1e:88:6d:8a:92:a9:b6:02:9c:40:a7:b6:a7:a2:b5:ff:3e:e1:d8:7d:39:fd:b8:86:31:0c:9c:3e:0e:82:c0:4e:1f:e6:1e:38:c9:b4:82:4f:7f:2f:dd:4f:f8:99:03:27:e6:fc:2a:8d:d5:90:07:65:56:34:6d:cb:b9:1a:be:0b:76:e8:3c:51:99:5d:05:92:9b:42:79:24:75:56:a8:57:08:69:a7:a2:0c:aa:ba:16:91:87:23:38:45:60:d5:b6"
}
},
"http": {
"POST /key HTTP/1.1\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "POST /key HTTP/1.1\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.method": "POST",
"http.request.uri": "/key",
"http.request.version": "HTTP/1.1"
},
"http.host": "95.217.22.76",
"http.request.line": "Host: 95.217.22.76\r\n",
"http.connection": "keep-alive",
"http.request.line": "Connection: keep-alive\r\n",
"http.content_length_header": "17",
"http.content_length_header_tree": {
"http.content_length": "17"
},
"http.request.line": "Content-Length: 17\r\n",
"http.accept": "*/*",
"http.request.line": "Accept: */*\r\n",
"http.request.line": "X-Requested-With: XMLHttpRequest\r\n",
"http.user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36",
"http.request.line": "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36\r\n",
"http.content_type": "application/json",
"http.request.line": "Content-Type: application/json\r\n",
"http.request.line": "Origin: https://95.217.22.76\r\n",
"http.request.line": "Sec-Fetch-Site: same-origin\r\n",
"http.request.line": "Sec-Fetch-Mode: cors\r\n",
"http.request.line": "Sec-Fetch-Dest: empty\r\n",
"http.referer": "https://95.217.22.76/",
"http.request.line": "Referer: https://95.217.22.76/\r\n",
"http.accept_encoding": "gzip, deflate, br",
"http.request.line": "Accept-Encoding: gzip, deflate, br\r\n",
"http.accept_language": "ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7",
"http.request.line": "Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7\r\n",
"http.cookie": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c",
"http.cookie_tree": {
"http.cookie_pair": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c"
},
"http.request.line": "Cookie: session=fe307005-3191-4dfb-b04a-d8ee9b720d1c\r\n",
"\\r\\n": "",
"http.request.full_uri": "https://95.217.22.76/key",
"http.request": "1",
"http.request_number": "1",
"http.response_in": "1061",
"http.file_data": "{\"x\":552,\"y\":108}"
},
"json": {
"json.object": {
"json.member": {
"json.value.number": "552",
"json.key": "x"
},
"json.member": {
"json.value.number": "108",
"json.key": "y"
}
}
}
}
}
},
{
"_index": "packets-2020-07-13",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.interface_id_tree": {
"frame.interface_name": "wlp3s0"
},
"frame.encap_type": "1",
"frame.time": "Jul 13, 2020 07:46:58.337773639 PDT",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1594651618.337773639",
"frame.time_delta": "0.000445463",
"frame.time_delta_displayed": "1.354402001",
"frame.time_relative": "78.133518638",
"frame.number": "1085",
"frame.len": "675",
"frame.cap_len": "675",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "eth:ethertype:ip:tcp:tls:http:json",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"eth": {
"eth.dst": "50:ff:20:10:b1:f0",
"eth.dst_tree": {
"eth.dst_resolved": "Keenetic_10:b1:f0",
"eth.addr": "50:ff:20:10:b1:f0",
"eth.addr_resolved": "Keenetic_10:b1:f0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.src": "8c:70:5a:f5:9b:d0",
"eth.src_tree": {
"eth.src_resolved": "IntelCor_f5:9b:d0",
"eth.addr": "8c:70:5a:f5:9b:d0",
"eth.addr_resolved": "IntelCor_f5:9b:d0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.type": "0x00000800"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000000",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "0"
},
"ip.len": "661",
"ip.id": "0x000025ee",
"ip.flags": "0x00004000",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0",
"ip.frag_offset": "0"
},
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x0000da9e",
"ip.checksum.status": "2",
"ip.src": "192.168.1.9",
"ip.addr": "192.168.1.9",
"ip.src_host": "192.168.1.9",
"ip.host": "192.168.1.9",
"ip.dst": "95.217.22.76",
"ip.addr": "95.217.22.76",
"ip.dst_host": "95.217.22.76",
"ip.host": "95.217.22.76"
},
"tcp": {
"tcp.srcport": "50542",
"tcp.dstport": "443",
"tcp.port": "50542",
"tcp.port": "443",
"tcp.stream": "76",
"tcp.len": "609",
"tcp.seq": "569",
"tcp.nxtseq": "1178",
"tcp.ack": "142",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "·······AP···"
},
"tcp.window_size_value": "501",
"tcp.window_size": "64128",
"tcp.window_size_scalefactor": "128",
"tcp.checksum": "0x00007fb5",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:93:69:42:58:33:02:8c:1a",
"tcp.options_tree": {
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.timestamp": "08:0a:93:69:42:58:33:02:8c:1a",
"tcp.options.timestamp_tree": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "2473149016",
"tcp.options.timestamp.tsecr": "855804954"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.039606997",
"tcp.analysis.bytes_in_flight": "660",
"tcp.analysis.push_bytes_sent": "609"
},
"Timestamps": {
"tcp.time_relative": "0.079441010",
"tcp.time_delta": "0.000445463"
},
"tcp.payload": "17:03:03:02:5c:00:00:00:00:00:00:00:01:96:3c:73:0a:59:57:7c:85:49:e4:34:ee:97:10:c9:39:29:67:08:58:29:0d:8a:89:11:4c:88:90:d1:3e:92:f4:e4:1d:ce:66:3f:93:18:30:98:1b:e3:c6:3e:02:e1:f2:6b:c2:d7:7c:ce:59:c4:36:8f:64:35:00:76:51:67:93:65:27:2f:7f:5a:70:8c:c8:2a:e1:71:f9:6f:4e:ef:57:de:ad:6f:46:19:5a:82:70:0d:b6:1a:57:00:d9:c2:d8:5d:80:69:04:8d:61:64:14:5b:cf:b8:0d:90:3f:4b:0d:d9:07:ab:c8:92:f4:04:37:5f:6a:d7:90:1a:48:e8:24:f2:68:96:08:76:6d:a4:a0:87:87:0d:bb:77:f8:49:9d:fa:58:5e:fc:42:b5:86:d9:ee:d5:cf:54:a9:b8:0e:3a:de:b8:cb:fe:85:39:46:4a:63:1a:a1:16:2b:44:8a:c4:a1:83:fe:06:b0:cd:4c:c7:35:79:51:d5:b3:05:9f:62:df:fc:fb:02:73:75:b5:aa:4f:41:31:c7:75:80:e4:9d:51:1b:3b:69:66:24:eb:92:b8:dd:f6:45:16:df:91:73:06:98:84:de:73:61:10:d1:de:57:4c:4c:43:88:8b:2a:60:af:32:b9:07:96:9d:bb:d4:88:05:0e:12:c8:cf:1d:d2:bc:a3:c0:df:a4:33:7e:75:72:33:d3:a4:2f:f2:47:3e:3b:67:ae:57:37:63:e0:4a:cc:78:fb:00:32:06:58:60:0c:1c:30:8c:fd:65:9d:8e:38:de:5e:03:97:db:20:ed:31:62:bb:98:88:8f:d1:54:69:10:3b:ec:43:a6:9b:98:7e:b1:d2:55:13:d1:bf:ab:fe:d1:f1:14:a3:b0:92:0c:0a:57:63:1b:dd:ea:3b:0b:01:0b:08:12:d3:23:df:58:a8:fe:92:12:80:b4:10:7f:18:44:2d:a3:0b:10:b5:b5:50:34:22:54:8e:e9:89:13:ca:a7:6b:8e:be:dc:e3:42:d8:b7:39:9f:9a:ad:e0:4b:fa:aa:35:63:13:79:21:e3:31:b6:a8:4d:25:7c:95:b5:cc:5f:4a:05:5b:69:f7:cf:ac:68:87:87:be:d0:3b:20:0a:3f:e6:02:e3:27:cd:34:e4:47:c4:0e:29:97:6a:ed:8d:91:c3:25:fd:f7:70:0f:07:24:f9:74:94:d5:e6:4a:2b:53:47:9d:69:eb:4f:9f:91:67:27:b5:42:01:a5:23:76:87:fb:7a:64:a0:0e:89:83:bc:73:3a:46:f3:d5:68:ab:72:2b:6b:f7:c5:8f:75:31:d8:bb:47:62:88:05:dc:c5:e3:28:6c:e2:e4:3c:4c:30:ba:19:bb:96:99:06:3d:aa:2c:d7:80:72:17:da:f1:61:ca:ba:5d:d0:92:4a:cb:8b:69:49:d2:aa:87:9e:91:3e:d9:aa:41:43:bd:c0:50:f9:9d:ab:68:98:16:e9:89:06:2b:d2:d7:78:c9:77:94:6f:18:3f:f7:28:c5:da:67:40:eb:bd:12:39:40:94:4f:e1:ac:7a:59:33:94:4b:d0:02:9f:0b"
},
"tls": {
"tls.record": {
"tls.record.content_type": "23",
"tls.record.version": "0x00000303",
"tls.record.length": "604",
"tls.app_data": "00:00:00:00:00:00:00:01:96:3c:73:0a:59:57:7c:85:49:e4:34:ee:97:10:c9:39:29:67:08:58:29:0d:8a:89:11:4c:88:90:d1:3e:92:f4:e4:1d:ce:66:3f:93:18:30:98:1b:e3:c6:3e:02:e1:f2:6b:c2:d7:7c:ce:59:c4:36:8f:64:35:00:76:51:67:93:65:27:2f:7f:5a:70:8c:c8:2a:e1:71:f9:6f:4e:ef:57:de:ad:6f:46:19:5a:82:70:0d:b6:1a:57:00:d9:c2:d8:5d:80:69:04:8d:61:64:14:5b:cf:b8:0d:90:3f:4b:0d:d9:07:ab:c8:92:f4:04:37:5f:6a:d7:90:1a:48:e8:24:f2:68:96:08:76:6d:a4:a0:87:87:0d:bb:77:f8:49:9d:fa:58:5e:fc:42:b5:86:d9:ee:d5:cf:54:a9:b8:0e:3a:de:b8:cb:fe:85:39:46:4a:63:1a:a1:16:2b:44:8a:c4:a1:83:fe:06:b0:cd:4c:c7:35:79:51:d5:b3:05:9f:62:df:fc:fb:02:73:75:b5:aa:4f:41:31:c7:75:80:e4:9d:51:1b:3b:69:66:24:eb:92:b8:dd:f6:45:16:df:91:73:06:98:84:de:73:61:10:d1:de:57:4c:4c:43:88:8b:2a:60:af:32:b9:07:96:9d:bb:d4:88:05:0e:12:c8:cf:1d:d2:bc:a3:c0:df:a4:33:7e:75:72:33:d3:a4:2f:f2:47:3e:3b:67:ae:57:37:63:e0:4a:cc:78:fb:00:32:06:58:60:0c:1c:30:8c:fd:65:9d:8e:38:de:5e:03:97:db:20:ed:31:62:bb:98:88:8f:d1:54:69:10:3b:ec:43:a6:9b:98:7e:b1:d2:55:13:d1:bf:ab:fe:d1:f1:14:a3:b0:92:0c:0a:57:63:1b:dd:ea:3b:0b:01:0b:08:12:d3:23:df:58:a8:fe:92:12:80:b4:10:7f:18:44:2d:a3:0b:10:b5:b5:50:34:22:54:8e:e9:89:13:ca:a7:6b:8e:be:dc:e3:42:d8:b7:39:9f:9a:ad:e0:4b:fa:aa:35:63:13:79:21:e3:31:b6:a8:4d:25:7c:95:b5:cc:5f:4a:05:5b:69:f7:cf:ac:68:87:87:be:d0:3b:20:0a:3f:e6:02:e3:27:cd:34:e4:47:c4:0e:29:97:6a:ed:8d:91:c3:25:fd:f7:70:0f:07:24:f9:74:94:d5:e6:4a:2b:53:47:9d:69:eb:4f:9f:91:67:27:b5:42:01:a5:23:76:87:fb:7a:64:a0:0e:89:83:bc:73:3a:46:f3:d5:68:ab:72:2b:6b:f7:c5:8f:75:31:d8:bb:47:62:88:05:dc:c5:e3:28:6c:e2:e4:3c:4c:30:ba:19:bb:96:99:06:3d:aa:2c:d7:80:72:17:da:f1:61:ca:ba:5d:d0:92:4a:cb:8b:69:49:d2:aa:87:9e:91:3e:d9:aa:41:43:bd:c0:50:f9:9d:ab:68:98:16:e9:89:06:2b:d2:d7:78:c9:77:94:6f:18:3f:f7:28:c5:da:67:40:eb:bd:12:39:40:94:4f:e1:ac:7a:59:33:94:4b:d0:02:9f:0b"
}
},
"http": {
"POST /key HTTP/1.1\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "POST /key HTTP/1.1\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.method": "POST",
"http.request.uri": "/key",
"http.request.version": "HTTP/1.1"
},
"http.host": "95.217.22.76",
"http.request.line": "Host: 95.217.22.76\r\n",
"http.connection": "keep-alive",
"http.request.line": "Connection: keep-alive\r\n",
"http.content_length_header": "16",
"http.content_length_header_tree": {
"http.content_length": "16"
},
"http.request.line": "Content-Length: 16\r\n",
"http.accept": "*/*",
"http.request.line": "Accept: */*\r\n",
"http.request.line": "X-Requested-With: XMLHttpRequest\r\n",
"http.user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36",
"http.request.line": "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36\r\n",
"http.content_type": "application/json",
"http.request.line": "Content-Type: application/json\r\n",
"http.request.line": "Origin: https://95.217.22.76\r\n",
"http.request.line": "Sec-Fetch-Site: same-origin\r\n",
"http.request.line": "Sec-Fetch-Mode: cors\r\n",
"http.request.line": "Sec-Fetch-Dest: empty\r\n",
"http.referer": "https://95.217.22.76/",
"http.request.line": "Referer: https://95.217.22.76/\r\n",
"http.accept_encoding": "gzip, deflate, br",
"http.request.line": "Accept-Encoding: gzip, deflate, br\r\n",
"http.accept_language": "ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7",
"http.request.line": "Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7\r\n",
"http.cookie": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c",
"http.cookie_tree": {
"http.cookie_pair": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c"
},
"http.request.line": "Cookie: session=fe307005-3191-4dfb-b04a-d8ee9b720d1c\r\n",
"\\r\\n": "",
"http.request.full_uri": "https://95.217.22.76/key",
"http.request": "1",
"http.request_number": "1",
"http.response_in": "1090",
"http.file_data": "{\"x\":106,\"y\":20}"
},
"json": {
"json.object": {
"json.member": {
"json.value.number": "106",
"json.key": "x"
},
"json.member": {
"json.value.number": "20",
"json.key": "y"
}
}
}
}
}
},
{
"_index": "packets-2020-07-13",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.interface_id_tree": {
"frame.interface_name": "wlp3s0"
},
"frame.encap_type": "1",
"frame.time": "Jul 13, 2020 07:46:59.926512170 PDT",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1594651619.926512170",
"frame.time_delta": "0.000270713",
"frame.time_delta_displayed": "1.588738531",
"frame.time_relative": "79.722257169",
"frame.number": "1113",
"frame.len": "676",
"frame.cap_len": "676",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "eth:ethertype:ip:tcp:tls:http:json",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"eth": {
"eth.dst": "50:ff:20:10:b1:f0",
"eth.dst_tree": {
"eth.dst_resolved": "Keenetic_10:b1:f0",
"eth.addr": "50:ff:20:10:b1:f0",
"eth.addr_resolved": "Keenetic_10:b1:f0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.src": "8c:70:5a:f5:9b:d0",
"eth.src_tree": {
"eth.src_resolved": "IntelCor_f5:9b:d0",
"eth.addr": "8c:70:5a:f5:9b:d0",
"eth.addr_resolved": "IntelCor_f5:9b:d0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.type": "0x00000800"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000000",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "0"
},
"ip.len": "662",
"ip.id": "0x00001934",
"ip.flags": "0x00004000",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0",
"ip.frag_offset": "0"
},
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x0000e757",
"ip.checksum.status": "2",
"ip.src": "192.168.1.9",
"ip.addr": "192.168.1.9",
"ip.src_host": "192.168.1.9",
"ip.host": "192.168.1.9",
"ip.dst": "95.217.22.76",
"ip.addr": "95.217.22.76",
"ip.dst_host": "95.217.22.76",
"ip.host": "95.217.22.76"
},
"tcp": {
"tcp.srcport": "50546",
"tcp.dstport": "443",
"tcp.port": "50546",
"tcp.port": "443",
"tcp.stream": "78",
"tcp.len": "610",
"tcp.seq": "569",
"tcp.nxtseq": "1179",
"tcp.ack": "142",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "·······AP···"
},
"tcp.window_size_value": "501",
"tcp.window_size": "64128",
"tcp.window_size_scalefactor": "128",
"tcp.checksum": "0x00003053",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:93:69:48:8d:33:02:92:50",
"tcp.options_tree": {
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.timestamp": "08:0a:93:69:48:8d:33:02:92:50",
"tcp.options.timestamp_tree": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "2473150605",
"tcp.options.timestamp.tsecr": "855806544"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.037862774",
"tcp.analysis.bytes_in_flight": "661",
"tcp.analysis.push_bytes_sent": "610"
},
"Timestamps": {
"tcp.time_relative": "0.076504879",
"tcp.time_delta": "0.000270713"
},
"tcp.payload": "17:03:03:02:5d:00:00:00:00:00:00:00:01:0f:75:0c:9a:68:1e:39:ef:ad:f4:4e:bc:ee:6c:2f:25:85:e6:ed:58:fc:95:ec:5f:72:6c:03:05:8c:25:8a:07:bf:b5:9b:3e:10:65:c6:d9:fd:bb:7e:79:64:2d:98:c0:45:5d:e0:92:9f:26:a1:03:8c:de:21:77:c1:7e:f4:64:93:66:50:f0:98:0c:e6:f1:4e:2d:fd:5f:75:1b:3b:13:ff:dd:56:4a:c2:ba:95:74:68:a8:1a:80:3c:ab:38:c2:f3:e2:1c:fa:73:3a:ab:a9:c0:a2:4b:5a:fd:28:47:78:f6:81:5a:5c:96:4c:29:3f:95:cb:41:14:97:9c:d7:5b:53:77:b7:38:90:21:01:98:75:a1:84:a5:e4:c2:b9:09:e6:bb:41:2c:0e:d8:4a:da:5d:67:73:a8:ad:d4:c5:67:e0:9c:92:67:57:79:a9:9a:46:aa:f2:00:a4:0b:bb:b2:40:49:ea:0f:48:12:4e:89:56:e8:a6:d8:19:59:f4:cc:39:12:c8:47:1b:f1:1a:10:a2:40:2e:65:99:e3:73:93:44:50:00:89:a2:00:ed:7b:74:c7:dc:01:42:6e:c8:5d:71:6f:99:f3:f5:a7:9f:26:7f:1f:1f:0e:e7:86:6f:93:2b:1c:33:9f:d0:10:6a:a8:20:53:27:ac:02:54:f0:c6:20:38:7a:04:98:80:13:cf:05:96:93:c1:fa:ae:7c:39:8c:1d:5d:44:17:31:80:b7:d1:d0:5e:3f:01:b8:40:30:7c:c4:64:79:b7:f6:44:ef:8f:0d:4f:04:e0:7d:e7:c5:9a:74:65:c0:80:c4:bc:9f:d5:dc:3a:61:a7:21:b3:aa:f5:a9:d3:46:3b:6a:2d:de:1f:97:4b:79:fb:e4:b6:61:a5:ec:47:46:84:4f:59:3b:ce:a0:b5:3b:e5:01:8c:4d:c3:f6:70:7d:ce:59:16:d4:7a:7a:03:cb:cf:25:f6:ba:19:d9:e9:82:f5:fd:e0:b0:32:b5:8a:8a:b2:2e:10:01:8f:41:89:78:eb:a9:ae:74:32:15:e9:97:99:8a:b3:91:5a:c6:51:1c:c2:73:62:55:96:eb:35:3b:1b:71:38:2e:13:bc:e4:b9:60:97:3d:4a:86:3e:dc:05:ac:70:c5:66:6c:b1:f5:0e:22:d5:a8:c6:eb:18:78:9b:63:c7:f4:b6:7d:03:4d:9a:a6:c1:70:97:d1:34:9f:5e:3f:c5:83:1e:17:52:22:e9:b8:8f:1b:3a:f0:e0:1e:c4:96:7f:6f:1b:2c:71:03:1a:85:3f:7c:07:54:12:eb:9a:07:ec:e0:c3:a3:72:af:f5:4e:23:81:99:b4:bf:db:d7:d7:63:92:e2:4c:98:b5:13:0e:b0:a0:f9:fd:2d:89:41:5a:06:fa:24:23:3f:d1:b8:cb:63:75:5b:90:a4:14:a7:b7:7f:8b:95:aa:07:11:16:05:da:1b:0c:05:bc:ef:76:b0:83:cc:51:1e:30:73:22:ee:18:e2:c1:99:6a:80:d7:6b:70:7a:a4:0d:b1:15:c1:e5:52:51:63:1f:96:bc:43:3a:00:db:7b:16:88:82:4e:ee"
},
"tls": {
"tls.record": {
"tls.record.content_type": "23",
"tls.record.version": "0x00000303",
"tls.record.length": "605",
"tls.app_data": "00:00:00:00:00:00:00:01:0f:75:0c:9a:68:1e:39:ef:ad:f4:4e:bc:ee:6c:2f:25:85:e6:ed:58:fc:95:ec:5f:72:6c:03:05:8c:25:8a:07:bf:b5:9b:3e:10:65:c6:d9:fd:bb:7e:79:64:2d:98:c0:45:5d:e0:92:9f:26:a1:03:8c:de:21:77:c1:7e:f4:64:93:66:50:f0:98:0c:e6:f1:4e:2d:fd:5f:75:1b:3b:13:ff:dd:56:4a:c2:ba:95:74:68:a8:1a:80:3c:ab:38:c2:f3:e2:1c:fa:73:3a:ab:a9:c0:a2:4b:5a:fd:28:47:78:f6:81:5a:5c:96:4c:29:3f:95:cb:41:14:97:9c:d7:5b:53:77:b7:38:90:21:01:98:75:a1:84:a5:e4:c2:b9:09:e6:bb:41:2c:0e:d8:4a:da:5d:67:73:a8:ad:d4:c5:67:e0:9c:92:67:57:79:a9:9a:46:aa:f2:00:a4:0b:bb:b2:40:49:ea:0f:48:12:4e:89:56:e8:a6:d8:19:59:f4:cc:39:12:c8:47:1b:f1:1a:10:a2:40:2e:65:99:e3:73:93:44:50:00:89:a2:00:ed:7b:74:c7:dc:01:42:6e:c8:5d:71:6f:99:f3:f5:a7:9f:26:7f:1f:1f:0e:e7:86:6f:93:2b:1c:33:9f:d0:10:6a:a8:20:53:27:ac:02:54:f0:c6:20:38:7a:04:98:80:13:cf:05:96:93:c1:fa:ae:7c:39:8c:1d:5d:44:17:31:80:b7:d1:d0:5e:3f:01:b8:40:30:7c:c4:64:79:b7:f6:44:ef:8f:0d:4f:04:e0:7d:e7:c5:9a:74:65:c0:80:c4:bc:9f:d5:dc:3a:61:a7:21:b3:aa:f5:a9:d3:46:3b:6a:2d:de:1f:97:4b:79:fb:e4:b6:61:a5:ec:47:46:84:4f:59:3b:ce:a0:b5:3b:e5:01:8c:4d:c3:f6:70:7d:ce:59:16:d4:7a:7a:03:cb:cf:25:f6:ba:19:d9:e9:82:f5:fd:e0:b0:32:b5:8a:8a:b2:2e:10:01:8f:41:89:78:eb:a9:ae:74:32:15:e9:97:99:8a:b3:91:5a:c6:51:1c:c2:73:62:55:96:eb:35:3b:1b:71:38:2e:13:bc:e4:b9:60:97:3d:4a:86:3e:dc:05:ac:70:c5:66:6c:b1:f5:0e:22:d5:a8:c6:eb:18:78:9b:63:c7:f4:b6:7d:03:4d:9a:a6:c1:70:97:d1:34:9f:5e:3f:c5:83:1e:17:52:22:e9:b8:8f:1b:3a:f0:e0:1e:c4:96:7f:6f:1b:2c:71:03:1a:85:3f:7c:07:54:12:eb:9a:07:ec:e0:c3:a3:72:af:f5:4e:23:81:99:b4:bf:db:d7:d7:63:92:e2:4c:98:b5:13:0e:b0:a0:f9:fd:2d:89:41:5a:06:fa:24:23:3f:d1:b8:cb:63:75:5b:90:a4:14:a7:b7:7f:8b:95:aa:07:11:16:05:da:1b:0c:05:bc:ef:76:b0:83:cc:51:1e:30:73:22:ee:18:e2:c1:99:6a:80:d7:6b:70:7a:a4:0d:b1:15:c1:e5:52:51:63:1f:96:bc:43:3a:00:db:7b:16:88:82:4e:ee"
}
},
"http": {
"POST /key HTTP/1.1\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "POST /key HTTP/1.1\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.method": "POST",
"http.request.uri": "/key",
"http.request.version": "HTTP/1.1"
},
"http.host": "95.217.22.76",
"http.request.line": "Host: 95.217.22.76\r\n",
"http.connection": "keep-alive",
"http.request.line": "Connection: keep-alive\r\n",
"http.content_length_header": "17",
"http.content_length_header_tree": {
"http.content_length": "17"
},
"http.request.line": "Content-Length: 17\r\n",
"http.accept": "*/*",
"http.request.line": "Accept: */*\r\n",
"http.request.line": "X-Requested-With: XMLHttpRequest\r\n",
"http.user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36",
"http.request.line": "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36\r\n",
"http.content_type": "application/json",
"http.request.line": "Content-Type: application/json\r\n",
"http.request.line": "Origin: https://95.217.22.76\r\n",
"http.request.line": "Sec-Fetch-Site: same-origin\r\n",
"http.request.line": "Sec-Fetch-Mode: cors\r\n",
"http.request.line": "Sec-Fetch-Dest: empty\r\n",
"http.referer": "https://95.217.22.76/",
"http.request.line": "Referer: https://95.217.22.76/\r\n",
"http.accept_encoding": "gzip, deflate, br",
"http.request.line": "Accept-Encoding: gzip, deflate, br\r\n",
"http.accept_language": "ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7",
"http.request.line": "Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7\r\n",
"http.cookie": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c",
"http.cookie_tree": {
"http.cookie_pair": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c"
},
"http.request.line": "Cookie: session=fe307005-3191-4dfb-b04a-d8ee9b720d1c\r\n",
"\\r\\n": "",
"http.request.full_uri": "https://95.217.22.76/key",
"http.request": "1",
"http.request_number": "1",
"http.response_in": "1118",
"http.file_data": "{\"x\":557,\"y\":145}"
},
"json": {
"json.object": {
"json.member": {
"json.value.number": "557",
"json.key": "x"
},
"json.member": {
"json.value.number": "145",
"json.key": "y"
}
}
}
}
}
},
{
"_index": "packets-2020-07-13",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.interface_id_tree": {
"frame.interface_name": "wlp3s0"
},
"frame.encap_type": "1",
"frame.time": "Jul 13, 2020 07:47:01.486112718 PDT",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1594651621.486112718",
"frame.time_delta": "0.000441056",
"frame.time_delta_displayed": "1.559600548",
"frame.time_relative": "81.281857717",
"frame.number": "1141",
"frame.len": "675",
"frame.cap_len": "675",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "eth:ethertype:ip:tcp:tls:http:json",
"frame.coloring_rule.name": "HTTP",
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
},
"eth": {
"eth.dst": "50:ff:20:10:b1:f0",
"eth.dst_tree": {
"eth.dst_resolved": "Keenetic_10:b1:f0",
"eth.addr": "50:ff:20:10:b1:f0",
"eth.addr_resolved": "Keenetic_10:b1:f0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.src": "8c:70:5a:f5:9b:d0",
"eth.src_tree": {
"eth.src_resolved": "IntelCor_f5:9b:d0",
"eth.addr": "8c:70:5a:f5:9b:d0",
"eth.addr_resolved": "IntelCor_f5:9b:d0",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.type": "0x00000800"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000000",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "0"
},
"ip.len": "661",
"ip.id": "0x0000427c",
"ip.flags": "0x00004000",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0",
"ip.frag_offset": "0"
},
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x0000be10",
"ip.checksum.status": "2",
"ip.src": "192.168.1.9",
"ip.addr": "192.168.1.9",
"ip.src_host": "192.168.1.9",
"ip.host": "192.168.1.9",
"ip.dst": "95.217.22.76",
"ip.addr": "95.217.22.76",
"ip.dst_host": "95.217.22.76",
"ip.host": "95.217.22.76"
},
"tcp": {
"tcp.srcport": "50550",
"tcp.dstport": "443",
"tcp.port": "50550",
"tcp.port": "443",
"tcp.stream": "80",
"tcp.len": "609",
"tcp.seq": "569",
"tcp.nxtseq": "1178",
"tcp.ack": "142",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "·······AP···"
},
"tcp.window_size_value": "501",
"tcp.window_size": "64128",
"tcp.window_size_scalefactor": "128",
"tcp.checksum": "0x0000ceaa",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:93:69:4e:a4:33:02:98:64",
"tcp.options_tree": {
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.timestamp": "08:0a:93:69:4e:a4:33:02:98:64",
"tcp.options.timestamp_tree": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "2473152164",
"tcp.options.timestamp.tsecr": "855808100"
}
},
"tcp.analysis": {
"tcp.analysis.initial_rtt": "0.043796346",
"tcp.analysis.bytes_in_flight": "660",
"tcp.analysis.push_bytes_sent": "609"
},
"Timestamps": {
"tcp.time_relative": "0.086132158",
"tcp.time_delta": "0.000441056"
},
"tcp.payload": "17:03:03:02:5c:00:00:00:00:00:00:00:01:6d:f1:1c:d9:5b:2c:4c:79:82:a8:30:22:cf:48:8f:73:48:90:23:52:01:20:a1:be:56:e5:f6:8c:58:66:b0:d7:b6:fd:b9:44:79:12:0f:e7:46:48:dd:26:f5:11:1f:26:15:2b:61:a5:86:d7:b5:9a:a2:2d:17:9f:0c:ac:9d:68:16:2b:ab:19:a2:21:25:5f:24:d5:4a:b0:8c:47:4d:55:f7:25:a3:db:2c:e1:9f:ef:87:39:ee:18:63:44:19:b1:32:dd:8f:a3:48:2a:5a:b6:63:03:98:dd:35:59:2e:f1:92:5a:77:90:9e:36:96:61:03:7b:37:33:cf:50:69:de:32:f6:7b:62:90:dc:98:9f:45:08:2f:36:3e:34:5b:50:20:4d:fc:2c:ad:11:53:8e:90:b6:d7:f7:68:4c:46:6f:5a:14:b4:da:28:3f:1e:8a:6f:0f:63:5b:12:44:6e:ab:05:9a:22:e3:17:58:0e:ee:59:2e:b0:a6:ce:7e:ee:ce:be:25:7f:ab:44:9a:de:aa:9c:92:08:24:31:02:d7:46:0d:4b:5e:88:c9:54:fc:bf:53:80:24:2d:6a:7c:27:b4:0e:e0:7e:df:9a:51:a4:f1:01:59:2b:0c:35:49:2a:bd:c5:6c:1b:fc:23:5d:da:0d:38:40:62:d9:ed:36:6a:e1:a1:61:4a:0d:44:5b:87:f8:f2:b2:cd:f3:4a:14:34:f1:7a:67:0d:8f:93:8e:de:ab:71:c7:7a:f7:6f:72:f5:ad:55:a7:63:db:47:08:c6:63:34:1a:1e:a8:60:2a:0a:bc:40:3e:4f:5f:98:3d:f8:07:71:5a:22:25:e2:f8:91:3d:83:79:ee:6c:39:3c:79:0e:95:45:b6:52:8d:81:7e:73:92:f2:e4:87:03:6b:60:04:4d:c4:0a:8d:39:b3:e8:da:8c:39:3d:cf:35:79:7a:04:6b:6e:31:97:88:90:a0:87:ad:1b:f7:94:ea:e0:73:17:38:2a:47:63:11:1c:90:f4:b2:a6:26:b1:54:ed:b0:f8:36:a7:a1:72:36:d9:2c:cf:8b:d0:a7:29:f9:c7:96:d7:f3:e0:6e:99:33:c4:0a:87:2d:3b:7a:bb:16:62:e7:9b:75:f9:f7:d3:f2:63:82:7f:a9:67:f5:63:1d:38:30:d2:90:8b:89:04:51:34:04:d9:a5:a3:7d:7c:5f:53:e6:51:64:e6:73:78:80:a1:dc:6d:0e:f6:de:7b:c5:5b:83:52:41:f2:7b:84:19:bf:39:95:dc:9d:3b:ff:24:56:07:0d:81:49:48:c5:0f:ad:22:94:50:58:3f:aa:7c:ca:bb:9a:d1:e4:09:6a:13:62:35:f9:d3:e4:b2:0e:eb:dc:d2:01:1b:61:a6:f4:1e:21:ab:15:30:44:3e:52:a6:5d:77:61:fb:13:6f:c6:8f:c5:fc:ca:68:59:01:fb:63:24:59:d3:4b:79:b9:c4:b1:0c:ea:46:59:50:4d:74:3e:61:94:b6:66:ad:94:62:48:01:cd:dd:9e:ce:e4:dd:31:3c:be:9d:a7:a1:f8:b8:14:d0:35:b6:b1:2e:59:83"
},
"tls": {
"tls.record": {
"tls.record.content_type": "23",
"tls.record.version": "0x00000303",
"tls.record.length": "604",
"tls.app_data": "00:00:00:00:00:00:00:01:6d:f1:1c:d9:5b:2c:4c:79:82:a8:30:22:cf:48:8f:73:48:90:23:52:01:20:a1:be:56:e5:f6:8c:58:66:b0:d7:b6:fd:b9:44:79:12:0f:e7:46:48:dd:26:f5:11:1f:26:15:2b:61:a5:86:d7:b5:9a:a2:2d:17:9f:0c:ac:9d:68:16:2b:ab:19:a2:21:25:5f:24:d5:4a:b0:8c:47:4d:55:f7:25:a3:db:2c:e1:9f:ef:87:39:ee:18:63:44:19:b1:32:dd:8f:a3:48:2a:5a:b6:63:03:98:dd:35:59:2e:f1:92:5a:77:90:9e:36:96:61:03:7b:37:33:cf:50:69:de:32:f6:7b:62:90:dc:98:9f:45:08:2f:36:3e:34:5b:50:20:4d:fc:2c:ad:11:53:8e:90:b6:d7:f7:68:4c:46:6f:5a:14:b4:da:28:3f:1e:8a:6f:0f:63:5b:12:44:6e:ab:05:9a:22:e3:17:58:0e:ee:59:2e:b0:a6:ce:7e:ee:ce:be:25:7f:ab:44:9a:de:aa:9c:92:08:24:31:02:d7:46:0d:4b:5e:88:c9:54:fc:bf:53:80:24:2d:6a:7c:27:b4:0e:e0:7e:df:9a:51:a4:f1:01:59:2b:0c:35:49:2a:bd:c5:6c:1b:fc:23:5d:da:0d:38:40:62:d9:ed:36:6a:e1:a1:61:4a:0d:44:5b:87:f8:f2:b2:cd:f3:4a:14:34:f1:7a:67:0d:8f:93:8e:de:ab:71:c7:7a:f7:6f:72:f5:ad:55:a7:63:db:47:08:c6:63:34:1a:1e:a8:60:2a:0a:bc:40:3e:4f:5f:98:3d:f8:07:71:5a:22:25:e2:f8:91:3d:83:79:ee:6c:39:3c:79:0e:95:45:b6:52:8d:81:7e:73:92:f2:e4:87:03:6b:60:04:4d:c4:0a:8d:39:b3:e8:da:8c:39:3d:cf:35:79:7a:04:6b:6e:31:97:88:90:a0:87:ad:1b:f7:94:ea:e0:73:17:38:2a:47:63:11:1c:90:f4:b2:a6:26:b1:54:ed:b0:f8:36:a7:a1:72:36:d9:2c:cf:8b:d0:a7:29:f9:c7:96:d7:f3:e0:6e:99:33:c4:0a:87:2d:3b:7a:bb:16:62:e7:9b:75:f9:f7:d3:f2:63:82:7f:a9:67:f5:63:1d:38:30:d2:90:8b:89:04:51:34:04:d9:a5:a3:7d:7c:5f:53:e6:51:64:e6:73:78:80:a1:dc:6d:0e:f6:de:7b:c5:5b:83:52:41:f2:7b:84:19:bf:39:95:dc:9d:3b:ff:24:56:07:0d:81:49:48:c5:0f:ad:22:94:50:58:3f:aa:7c:ca:bb:9a:d1:e4:09:6a:13:62:35:f9:d3:e4:b2:0e:eb:dc:d2:01:1b:61:a6:f4:1e:21:ab:15:30:44:3e:52:a6:5d:77:61:fb:13:6f:c6:8f:c5:fc:ca:68:59:01:fb:63:24:59:d3:4b:79:b9:c4:b1:0c:ea:46:59:50:4d:74:3e:61:94:b6:66:ad:94:62:48:01:cd:dd:9e:ce:e4:dd:31:3c:be:9d:a7:a1:f8:b8:14:d0:35:b6:b1:2e:59:83"
}
},
"http": {
"POST /key HTTP/1.1\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "POST /key HTTP/1.1\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.method": "POST",
"http.request.uri": "/key",
"http.request.version": "HTTP/1.1"
},
"http.host": "95.217.22.76",
"http.request.line": "Host: 95.217.22.76\r\n",
"http.connection": "keep-alive",
"http.request.line": "Connection: keep-alive\r\n",
"http.content_length_header": "16",
"http.content_length_header_tree": {
"http.content_length": "16"
},
"http.request.line": "Content-Length: 16\r\n",
"http.accept": "*/*",
"http.request.line": "Accept: */*\r\n",
"http.request.line": "X-Requested-With: XMLHttpRequest\r\n",
"http.user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36",
"http.request.line": "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36\r\n",
"http.content_type": "application/json",
"http.request.line": "Content-Type: application/json\r\n",
"http.request.line": "Origin: https://95.217.22.76\r\n",
"http.request.line": "Sec-Fetch-Site: same-origin\r\n",
"http.request.line": "Sec-Fetch-Mode: cors\r\n",
"http.request.line": "Sec-Fetch-Dest: empty\r\n",
"http.referer": "https://95.217.22.76/",
"http.request.line": "Referer: https://95.217.22.76/\r\n",
"http.accept_encoding": "gzip, deflate, br",
"http.request.line": "Accept-Encoding: gzip, deflate, br\r\n",
"http.accept_language": "ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7",
"http.request.line": "Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7\r\n",
"http.cookie": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c",
"http.cookie_tree": {
"http.cookie_pair": "session=fe307005-3191-4dfb-b04a-d8ee9b720d1c"
},
"http.request.line": "Cookie: session=fe307005-3191-4dfb-b04a-d8ee9b720d1c\r\n",
"\\r\\n": "",
"http.request.full_uri": "https://95.217.22.76/key",
"http.request": "1",
"http.request_number": "1",
"http.response_in": "1146",
"http.file_data": "{\"x\":584,\"y\":54}"
},
"json": {
"json.object": {
"json.member": {
"json.value.number": "584",
"json.key": "x"
},
"json.member": {
"json.value.number": "54",
"json.key": "y"
}
}
}
}
}
}
]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment