Skip to content

Instantly share code, notes, and snippets.

@SteveClement
Created September 22, 2021 09:34
Show Gist options
  • Save SteveClement/9a6a41afe8714bcf23c438f42fc619d9 to your computer and use it in GitHub Desktop.
Save SteveClement/9a6a41afe8714bcf23c438f42fc619d9 to your computer and use it in GitHub Desktop.
simple port 80 get request (with a 404)
[
{
"_index": "packets-2021-09-22",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.interface_id_tree": {
"frame.interface_name": "eth0"
},
"frame.encap_type": "1",
"frame.time": "Sep 22, 2021 04:21:46.181510727 EDT",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1632298906.181510727",
"frame.time_delta": "0.000000000",
"frame.time_delta_displayed": "0.000000000",
"frame.time_relative": "0.000000000",
"frame.number": "1",
"frame.len": "215",
"frame.cap_len": "215",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "eth:ethertype:ip:tcp:http"
},
"eth": {
"eth.dst": "00:16:3e:4d:02:6f",
"eth.dst_tree": {
"eth.dst_resolved": "00:16:3e:4d:02:6f",
"eth.addr": "00:16:3e:4d:02:6f",
"eth.addr_resolved": "00:16:3e:4d:02:6f",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.src": "cc:ef:48:fc:d0:11",
"eth.src_tree": {
"eth.src_resolved": "cc:ef:48:fc:d0:11",
"eth.addr": "cc:ef:48:fc:d0:11",
"eth.addr_resolved": "cc:ef:48:fc:d0:11",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.type": "0x00000800"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000000",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "0"
},
"ip.len": "201",
"ip.id": "0x00008819",
"ip.flags": "0x00004000",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0"
},
"ip.frag_offset": "0",
"ip.ttl": "39",
"ip.proto": "6",
"ip.checksum": "0x000000d0",
"ip.checksum.status": "2",
"ip.src": "124.100.104.95",
"ip.addr": "169.255.59.131",
"ip.src_host": "124.100.104.95",
"ip.host": "169.255.59.131",
"ip.dst": "169.255.59.131",
"ip.dst_host": "169.255.59.131"
},
"tcp": {
"tcp.srcport": "36988",
"tcp.dstport": "80",
"tcp.port": "80",
"tcp.stream": "0",
"tcp.len": "149",
"tcp.seq": "1",
"tcp.nxtseq": "150",
"tcp.ack": "1",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "·······AP···"
},
"tcp.window_size_value": "502",
"tcp.window_size": "502",
"tcp.window_size_scalefactor": "-1",
"tcp.checksum": "0x0000f7f9",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:d0:d7:1a:58:04:aa:67:05",
"tcp.options_tree": {
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.timestamp": "08:0a:d0:d7:1a:58:04:aa:67:05",
"tcp.options.timestamp_tree": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "3503757912",
"tcp.options.timestamp.tsecr": "78276357"
}
},
"tcp.analysis": {
"tcp.analysis.bytes_in_flight": "149",
"tcp.analysis.push_bytes_sent": "149"
},
"Timestamps": {
"tcp.time_relative": "0.000000000",
"tcp.time_delta": "0.000000000"
},
"tcp.payload": "47:45:54:20:2f:61:74:74:61:63:6b:65:72:20:48:54:54:50:2f:31:2e:31:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:57:67:65:74:2f:31:2e:32:30:2e:33:20:28:6c:69:6e:75:78:2d:67:6e:75:29:0d:0a:41:63:63:65:70:74:3a:20:2a:2f:2a:0d:0a:41:63:63:65:70:74:2d:45:6e:63:6f:64:69:6e:67:3a:20:69:64:65:6e:74:69:74:79:0d:0a:48:6f:73:74:3a:20:31:36:39:2e:32:35:35:2e:35:39:2e:31:33:31:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a"
},
"http": {
"GET /attacker HTTP/1.1\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "GET /attacker HTTP/1.1\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.request.method": "GET",
"http.request.uri": "/attacker",
"http.request.version": "HTTP/1.1"
},
"http.user_agent": "Wget/1.20.3 (linux-gnu)",
"http.request.line": "Connection: Keep-Alive\r\n",
"http.accept": "*/*",
"http.accept_encoding": "identity",
"http.host": "169.255.59.131",
"http.connection": "Keep-Alive",
"\\r\\n": "",
"http.request.full_uri": "http://169.255.59.131/attacker",
"http.request": "1",
"http.request_number": "1"
}
}
}
},
{
"_index": "packets-2021-09-22",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.interface_id_tree": {
"frame.interface_name": "eth0"
},
"frame.encap_type": "1",
"frame.time": "Sep 22, 2021 04:21:46.182231800 EDT",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1632298906.182231800",
"frame.time_delta": "0.000721073",
"frame.time_delta_displayed": "0.000721073",
"frame.time_relative": "0.000721073",
"frame.number": "2",
"frame.len": "559",
"frame.cap_len": "559",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "eth:ethertype:ip:tcp:http:data-text-lines"
},
"eth": {
"eth.dst": "cc:ef:48:fc:d0:11",
"eth.dst_tree": {
"eth.dst_resolved": "cc:ef:48:fc:d0:11",
"eth.addr": "cc:ef:48:fc:d0:11",
"eth.addr_resolved": "cc:ef:48:fc:d0:11",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.src": "00:16:3e:4d:02:6f",
"eth.src_tree": {
"eth.src_resolved": "00:16:3e:4d:02:6f",
"eth.addr": "00:16:3e:4d:02:6f",
"eth.addr_resolved": "00:16:3e:4d:02:6f",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.type": "0x00000800"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000000",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "0"
},
"ip.len": "545",
"ip.id": "0x0000829f",
"ip.flags": "0x00004000",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0"
},
"ip.frag_offset": "0",
"ip.ttl": "64",
"ip.proto": "6",
"ip.checksum": "0x0000ebf1",
"ip.checksum.status": "2",
"ip.src": "169.255.59.131",
"ip.addr": "124.100.104.95",
"ip.src_host": "169.255.59.131",
"ip.host": "124.100.104.95",
"ip.dst": "124.100.104.95",
"ip.dst_host": "124.100.104.95"
},
"tcp": {
"tcp.srcport": "80",
"tcp.dstport": "36988",
"tcp.port": "36988",
"tcp.stream": "0",
"tcp.len": "493",
"tcp.seq": "1",
"tcp.nxtseq": "494",
"tcp.ack": "150",
"tcp.hdr_len": "32",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "·······AP···"
},
"tcp.window_size_value": "489",
"tcp.window_size": "489",
"tcp.window_size_scalefactor": "-1",
"tcp.checksum": "0x0000cc59",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.options": "01:01:08:0a:04:aa:68:93:d0:d7:1a:58",
"tcp.options_tree": {
"tcp.options.nop": "01",
"tcp.options.nop_tree": {
"tcp.option_kind": "1"
},
"tcp.options.timestamp": "08:0a:04:aa:68:93:d0:d7:1a:58",
"tcp.options.timestamp_tree": {
"tcp.option_kind": "8",
"tcp.option_len": "10",
"tcp.options.timestamp.tsval": "78276755",
"tcp.options.timestamp.tsecr": "3503757912"
}
},
"tcp.analysis": {
"tcp.analysis.acks_frame": "1",
"tcp.analysis.ack_rtt": "0.000721073",
"tcp.analysis.bytes_in_flight": "493",
"tcp.analysis.push_bytes_sent": "493"
},
"Timestamps": {
"tcp.time_relative": "0.000721073",
"tcp.time_delta": "0.000721073"
},
"tcp.payload": "48:54:54:50:2f:31:2e:31:20:34:30:34:20:4e:6f:74:20:46:6f:75:6e:64:0d:0a:44:61:74:65:3a:20:57:65:64:2c:20:32:32:20:53:65:70:20:32:30:32:31:20:30:38:3a:32:31:3a:34:36:20:47:4d:54:0d:0a:53:65:72:76:65:72:3a:20:41:70:61:63:68:65:2f:32:2e:34:2e:33:38:20:28:44:65:62:69:61:6e:29:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:32:37:36:0d:0a:4b:65:65:70:2d:41:6c:69:76:65:3a:20:74:69:6d:65:6f:75:74:3d:35:2c:20:6d:61:78:3d:31:30:30:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:74:65:78:74:2f:68:74:6d:6c:3b:20:63:68:61:72:73:65:74:3d:69:73:6f:2d:38:38:35:39:2d:31:0d:0a:0d:0a:3c:21:44:4f:43:54:59:50:45:20:48:54:4d:4c:20:50:55:42:4c:49:43:20:22:2d:2f:2f:49:45:54:46:2f:2f:44:54:44:20:48:54:4d:4c:20:32:2e:30:2f:2f:45:4e:22:3e:0a:3c:68:74:6d:6c:3e:3c:68:65:61:64:3e:0a:3c:74:69:74:6c:65:3e:34:30:34:20:4e:6f:74:20:46:6f:75:6e:64:3c:2f:74:69:74:6c:65:3e:0a:3c:2f:68:65:61:64:3e:3c:62:6f:64:79:3e:0a:3c:68:31:3e:4e:6f:74:20:46:6f:75:6e:64:3c:2f:68:31:3e:0a:3c:70:3e:54:68:65:20:72:65:71:75:65:73:74:65:64:20:55:52:4c:20:77:61:73:20:6e:6f:74:20:66:6f:75:6e:64:20:6f:6e:20:74:68:69:73:20:73:65:72:76:65:72:2e:3c:2f:70:3e:0a:3c:68:72:3e:0a:3c:61:64:64:72:65:73:73:3e:41:70:61:63:68:65:2f:32:2e:34:2e:33:38:20:28:44:65:62:69:61:6e:29:20:53:65:72:76:65:72:20:61:74:20:31:36:39:2e:32:35:35:2e:35:39:2e:31:33:31:20:50:6f:72:74:20:38:30:3c:2f:61:64:64:72:65:73:73:3e:0a:3c:2f:62:6f:64:79:3e:3c:2f:68:74:6d:6c:3e:0a"
},
"http": {
"HTTP/1.1 404 Not Found\\r\\n": {
"_ws.expert": {
"http.chat": "",
"_ws.expert.message": "HTTP/1.1 404 Not Found\\r\\n",
"_ws.expert.severity": "2097152",
"_ws.expert.group": "33554432"
},
"http.response.version": "HTTP/1.1",
"http.response.code": "404",
"http.response.code.desc": "Not Found",
"http.response.phrase": "Not Found"
},
"http.date": "Wed, 22 Sep 2021 08:21:46 GMT",
"http.response.line": "Content-Type: text/html; charset=iso-8859-1\r\n",
"http.server": "Apache/2.4.38 (Debian)",
"http.content_length_header": "276",
"http.content_length_header_tree": {
"http.content_length": "276"
},
"http.connection": "Keep-Alive",
"http.content_type": "text/html; charset=iso-8859-1",
"\\r\\n": "",
"http.response": "1",
"http.response_number": "1",
"http.time": "0.000721073",
"http.request_in": "1",
"http.response_for.uri": "http://169.255.59.131/attacker",
"http.file_data": "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL was not found on this server.</p>\n<hr>\n<address>Apache/2.4.38 (Debian) Server at 169.255.59.131 Port 80</address>\n</body></html>\n"
},
"data-text-lines": {
"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\\n": "",
"<html><head>\\n": "",
"<title>404 Not Found</title>\\n": "",
"</head><body>\\n": "",
"<h1>Not Found</h1>\\n": "",
"<p>The requested URL was not found on this server.</p>\\n": "",
"<hr>\\n": "",
"<address>Apache/2.4.38 (Debian) Server at 169.255.59.131 Port 80</address>\\n": "",
"</body></html>\\n": ""
}
}
}
}
]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment