codeout/sflow_decoded.json

## sflow_decoded.json
  {
    "_index": "packets-2018-09-16",
    "_type": "pcap_file",
    "_score": null,
    "_source": {
      "layers": {
        "frame_raw": ["080027f854e2080027a13a3b0800450000f800000000fe116792a9fe0002a9fe0064c88f18c700e4b6e50000000500000001a9fe000200000000000002fe0044de260000000100000001000000b8000004cb0000020000000001000004cc000000000000020000000000000000020000000100000078000000010000006a0000000400000066020586717403020586716403884700010140450000544a9500004001aec0c0a80002c0a800010800b31d400e004d5b1d85c70008389708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f30313233343536370000000003e90000001000000000000000000000000000000000", 0, 262, 0, 1],
        "frame": {
          "frame.encap_type": "1",
          "frame.number": "1",
          "frame.len": "262",
          "frame.cap_len": "262",
          "frame.marked": "0",
          "frame.ignored": "0",
          "frame.protocols": "eth:ethertype:ip:udp:sflow:eth:ethertype:mpls:ip:icmp:data"
        },
        "eth_raw": ["080027f854e2080027a13a3b0800", 0, 14, 0, 1],
        "eth": {
          "eth.dst_raw": ["080027f854e2", 0, 6, 0, 29],
          "eth.dst": "08:00:27:f8:54:e2",
          "eth.dst_tree": {
            "eth.dst_resolved_raw": ["080027f854e2", 0, 6, 0, 26],
            "eth.dst_resolved": "PcsCompu_f8:54:e2",
            "eth.addr_raw": ["080027f854e2", 0, 6, 0, 29],
            "eth.addr": "08:00:27:f8:54:e2",
            "eth.addr_resolved_raw": ["080027f854e2", 0, 6, 0, 26],
            "eth.addr_resolved": "PcsCompu_f8:54:e2",
            "eth.lg_raw": ["0", 0, 3, 131072, 2],
            "eth.lg": "0",
            "eth.ig_raw": ["0", 0, 3, 65536, 2],
            "eth.ig": "0"
          },
          "eth.src_raw": ["080027a13a3b", 6, 6, 0, 29],
          "eth.src": "08:00:27:a1:3a:3b",
          "eth.src_tree": {
            "eth.src_resolved_raw": ["080027a13a3b", 6, 6, 0, 26],
            "eth.src_resolved": "PcsCompu_a1:3a:3b",
            "eth.addr_raw": ["080027a13a3b", 6, 6, 0, 29],
            "eth.addr": "08:00:27:a1:3a:3b",
            "eth.addr_resolved_raw": ["080027a13a3b", 6, 6, 0, 26],
            "eth.addr_resolved": "PcsCompu_a1:3a:3b",
            "eth.lg_raw": ["0", 6, 3, 131072, 2],
            "eth.lg": "0",
            "eth.ig_raw": ["0", 6, 3, 65536, 2],
            "eth.ig": "0"
          },
          "eth.type_raw": ["0800", 12, 2, 0, 5],
          "eth.type": "0x00000800"
        },
        "ip_raw": ["450000f800000000fe116792a9fe0002a9fe0064", 14, 20, 0, 1],
        "ip": {
          "ip.version_raw": ["4", 14, 1, 240, 4],
          "ip.version": "4",
          "ip.hdr_len_raw": ["45", 14, 1, 0, 4],
          "ip.hdr_len": "20",
          "ip.dsfield_raw": ["00", 15, 1, 0, 4],
          "ip.dsfield": "0x00000000",
          "ip.dsfield_tree": {
            "ip.dsfield.dscp_raw": ["0", 15, 1, 252, 4],
            "ip.dsfield.dscp": "0",
            "ip.dsfield.ecn_raw": ["0", 15, 1, 3, 4],
            "ip.dsfield.ecn": "0"
          },
          "ip.len_raw": ["00f8", 16, 2, 0, 5],
          "ip.len": "248",
          "ip.id_raw": ["0000", 18, 2, 0, 5],
          "ip.id": "0x00000000",
          "ip.flags_raw": ["00", 20, 1, 0, 4],
          "ip.flags": "0x00000000",
          "ip.flags_tree": {
            "ip.flags.rb_raw": ["00", 20, 1, 0, 2],
            "ip.flags.rb": "0",
            "ip.flags.df_raw": ["00", 20, 1, 0, 2],
            "ip.flags.df": "0",
            "ip.flags.mf_raw": ["00", 20, 1, 0, 2],
            "ip.flags.mf": "0"
          },
          "ip.frag_offset_raw": ["0000", 20, 2, 0, 5],
          "ip.frag_offset": "0",
          "ip.ttl_raw": ["fe", 22, 1, 0, 4],
          "ip.ttl": "254",
          "ip.proto_raw": ["11", 23, 1, 0, 4],
          "ip.proto": "17",
          "ip.checksum_raw": ["6792", 24, 2, 0, 5],
          "ip.checksum": "0x00006792",
          "ip.checksum.status": "2",
          "ip.src_raw": ["a9fe0002", 26, 4, 0, 32],
          "ip.src": "169.254.0.2",
          "ip.addr_raw": ["a9fe0002", 26, 4, 0, 32],
          "ip.addr": "169.254.0.2",
          "ip.src_host_raw": ["a9fe0002", 26, 4, 0, 26],
          "ip.src_host": "169.254.0.2",
          "ip.host_raw": ["a9fe0002", 26, 4, 0, 26],
          "ip.host": "169.254.0.2",
          "ip.dst_raw": ["a9fe0064", 30, 4, 0, 32],
          "ip.dst": "169.254.0.100",
          "ip.addr_raw": ["a9fe0064", 30, 4, 0, 32],
          "ip.addr": "169.254.0.100",
          "ip.dst_host_raw": ["a9fe0064", 30, 4, 0, 26],
          "ip.dst_host": "169.254.0.100",
          "ip.host_raw": ["a9fe0064", 30, 4, 0, 26],
          "ip.host": "169.254.0.100",
          "Source GeoIP: Unknown": "",
          "Destination GeoIP: Unknown": ""
        },
        "udp_raw": ["c88f18c700e4b6e5", 34, 8, 0, 1],
        "udp": {
          "udp.srcport_raw": ["c88f", 34, 2, 0, 5],
          "udp.srcport": "51343",
          "udp.dstport_raw": ["18c7", 36, 2, 0, 5],
          "udp.dstport": "6343",
          "udp.port_raw": ["c88f", 34, 2, 0, 5],
          "udp.port": "51343",
          "udp.port_raw": ["18c7", 36, 2, 0, 5],
          "udp.port": "6343",
          "udp.length_raw": ["00e4", 38, 2, 0, 5],
          "udp.length": "228",
          "udp.checksum_raw": ["b6e5", 40, 2, 0, 5],
          "udp.checksum": "0x0000b6e5",
          "udp.checksum.status": "2",
          "udp.stream": "0"
        },
        "sflow_raw": ["0000000500000001a9fe000200000000000002fe0044de260000000100000001000000b8000004cb0000020000000001000004cc000000000000020000000000000000020000000100000078000000010000006a0000000400000066020586717403020586716403884700010140450000544a9500004001aec0c0a80002c0a800010800b31d400e004d5b1d85c70008389708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f30313233343536370000000003e90000001000000000000000000000000000000000", 42, 220, 0, 1],
        "sflow": {
          "sflow_245.version_raw": ["00000005", 42, 4, 0, 7],
          "sflow_245.version": "5",
          "sflow_245.agenttype_raw": ["00000001", 46, 4, 0, 7],
          "sflow_245.agenttype": "1",
          "sflow_245.agent_raw": ["a9fe0002", 50, 4, 0, 32],
          "sflow_245.agent": "169.254.0.2",
          "sflow_245.sub_agent_id_raw": ["00000000", 54, 4, 0, 7],
          "sflow_245.sub_agent_id": "0",
          "sflow_245.sequence_number_raw": ["000002fe", 58, 4, 0, 7],
          "sflow_245.sequence_number": "766",
          "sflow_245.sysuptime_raw": ["0044de26", 62, 4, 0, 7],
          "sflow_245.sysuptime": "4513318",
          "sflow_245.numsamples_raw": ["00000001", 66, 4, 0, 7],
          "sflow_245.numsamples": "1",
          "Flow sample, seq 1227": {
            "sflow.enterprise_raw": ["0", 70, 4, 4294963200, 7],
            "sflow.enterprise": "0",
            "sflow_245.sampletype_raw": ["1", 70, 4, 4095, 7],
            "sflow_245.sampletype": "1",
            "sflow_5.sample_length_raw": ["000000b8", 74, 4, 0, 7],
            "sflow_5.sample_length": "184",
            "sflow.flow_sample.sequence_number_raw": ["000004cb", 78, 4, 0, 7],
            "sflow.flow_sample.sequence_number": "1227",
            "sflow.flow_sample.source_id_class_raw": ["0", 82, 4, 4278190080, 7],
            "sflow.flow_sample.source_id_class": "0",
            "sflow.flow_sample.index_raw": ["200", 82, 4, 16777215, 7],
            "sflow.flow_sample.index": "512",
            "sflow.flow_sample.sampling_rate_raw": ["00000001", 86, 4, 0, 7],
            "sflow.flow_sample.sampling_rate": "1",
            "sflow.flow_sample.sample_pool_raw": ["000004cc", 90, 4, 0, 7],
            "sflow.flow_sample.sample_pool": "1228",
            "sflow.flow_sample.dropped_packets_raw": ["00000000", 94, 4, 0, 7],
            "sflow.flow_sample.dropped_packets": "0",
            "sflow.flow_sample.input_interface_raw": ["00000200", 98, 4, 0, 7],
            "sflow.flow_sample.input_interface": "512",
            "sflow.flow_sample.output_interface_raw": ["0", 102, 4, 2147483647, 7],
            "sflow.flow_sample.output_interface": "0",
            "sflow.flow_sample.flow_record_raw": ["00000002", 106, 4, 0, 7],
            "sflow.flow_sample.flow_record": "2",
            "Raw packet header": {
              "sflow.enterprise_raw": ["0", 110, 4, 4294963200, 7],
              "sflow.enterprise": "0",
              "sflow_245.flow_record_format_raw": ["00000001", 110, 4, 0, 7],
              "sflow_245.flow_record_format": "1",
              "sflow_5.flow_data_length_raw": ["00000078", 114, 4, 0, 7],
              "sflow_5.flow_data_length": "120",
              "sflow_245.header_protocol_raw": ["00000001", 118, 4, 0, 7],
              "sflow_245.header_protocol": "1",
              "sflow_245.header.frame_length_raw": ["0000006a", 122, 4, 0, 7],
              "sflow_245.header.frame_length": "106",
              "sflow_245.header.payload_removed_raw": ["00000004", 126, 4, 0, 7],
              "sflow_245.header.payload_removed": "4",
              "sflow_245.header.original_packet_header_length_raw": ["00000066", 130, 4, 0, 7],
              "sflow_245.header.original_packet_header_length": "102",
              "sflow_245.header_raw": ["020586717403020586716403884700010140450000544a9500004001aec0c0a80002c0a800010800b31d400e004d5b1d85c70008389708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f30313233343536370000", 134, 104, 0, 30],
              "sflow_245.header": "02:05:86:71:74:03:02:05:86:71:64:03:88:47:00:01:01:40:45:00:00:54:4a:95:00:00:40:01:ae:c0:c0:a8:00:02:c0:a8:00:01:08:00:b3:1d:40:0e:00:4d:5b:1d:85:c7:00:08:38:97:08:09:0a:0b:0c:0d:0e:0f:10:11:12:13:14:15:16:17:18:19:1a:1b:1c:1d:1e:1f:20:21:22:23:24:25:26:27:28:29:2a:2b:2c:2d:2e:2f:30:31:32:33:34:35:36:37:00:00",
              "sflow_245.header_tree": {
                "eth_raw": ["0205867174030205867164038847", 134, 14, 0, 1],
                "eth": {
                  "eth.dst_raw": ["020586717403", 134, 6, 0, 29],
                  "eth.dst": "02:05:86:71:74:03",
                  "eth.dst_tree": {
                    "eth.dst_resolved_raw": ["020586717403", 134, 6, 0, 26],
                    "eth.dst_resolved": "MS-NLB-PhysServer-05_86:71:74:03",
                    "eth.addr_raw": ["020586717403", 134, 6, 0, 29],
                    "eth.addr": "02:05:86:71:74:03",
                    "eth.addr_resolved_raw": ["020586717403", 134, 6, 0, 26],
                    "eth.addr_resolved": "MS-NLB-PhysServer-05_86:71:74:03",
                    "eth.lg_raw": ["1", 134, 3, 131072, 2],
                    "eth.lg": "1",
                    "eth.ig_raw": ["0", 134, 3, 65536, 2],
                    "eth.ig": "0"
                  },
                  "eth.src_raw": ["020586716403", 140, 6, 0, 29],
                  "eth.src": "02:05:86:71:64:03",
                  "eth.src_tree": {
                    "eth.src_resolved_raw": ["020586716403", 140, 6, 0, 26],
                    "eth.src_resolved": "MS-NLB-PhysServer-05_86:71:64:03",
                    "eth.addr_raw": ["020586716403", 140, 6, 0, 29],
                    "eth.addr": "02:05:86:71:64:03",
                    "eth.addr_resolved_raw": ["020586716403", 140, 6, 0, 26],
                    "eth.addr_resolved": "MS-NLB-PhysServer-05_86:71:64:03",
                    "eth.lg_raw": ["1", 140, 3, 131072, 2],
                    "eth.lg": "1",
                    "eth.ig_raw": ["0", 140, 3, 65536, 2],
                    "eth.ig": "0"
                  },
                  "eth.type_raw": ["8847", 146, 2, 0, 5],
                  "eth.type": "0x00008847",
                  "eth.trailer_raw": ["0000", 236, 2, 0, 30],
                  "eth.trailer": "00:00"
                },
                "mpls_raw": ["00010140", 148, 4, 0, 1],
                "mpls": {
                  "mpls.label_raw": ["10", 148, 4, 4294963200, 7],
                  "mpls.label": "16",
                  "mpls.exp_raw": ["0", 148, 4, 3584, 7],
                  "mpls.exp": "0",
                  "mpls.bottom_raw": ["1", 148, 4, 256, 7],
                  "mpls.bottom": "1",
                  "mpls.ttl_raw": ["40", 148, 4, 255, 7],
                  "mpls.ttl": "64"
                },
                "ip_raw": ["450000544a9500004001aec0c0a80002c0a80001", 152, 20, 0, 1],
                "ip": {
                  "ip.version_raw": ["4", 152, 1, 240, 4],
                  "ip.version": "4",
                  "ip.hdr_len_raw": ["45", 152, 1, 0, 4],
                  "ip.hdr_len": "20",
                  "ip.dsfield_raw": ["00", 153, 1, 0, 4],
                  "ip.dsfield": "0x00000000",
                  "ip.dsfield_tree": {
                    "ip.dsfield.dscp_raw": ["0", 153, 1, 252, 4],
                    "ip.dsfield.dscp": "0",
                    "ip.dsfield.ecn_raw": ["0", 153, 1, 3, 4],
                    "ip.dsfield.ecn": "0"
                  },
                  "ip.len_raw": ["0054", 154, 2, 0, 5],
                  "ip.len": "84",
                  "ip.id_raw": ["4a95", 156, 2, 0, 5],
                  "ip.id": "0x00004a95",
                  "ip.flags_raw": ["00", 158, 1, 0, 4],
                  "ip.flags": "0x00000000",
                  "ip.flags_tree": {
                    "ip.flags.rb_raw": ["00", 158, 1, 0, 2],
                    "ip.flags.rb": "0",
                    "ip.flags.df_raw": ["00", 158, 1, 0, 2],
                    "ip.flags.df": "0",
                    "ip.flags.mf_raw": ["00", 158, 1, 0, 2],
                    "ip.flags.mf": "0"
                  },
                  "ip.frag_offset_raw": ["0000", 158, 2, 0, 5],
                  "ip.frag_offset": "0",
                  "ip.ttl_raw": ["40", 160, 1, 0, 4],
                  "ip.ttl": "64",
                  "ip.proto_raw": ["01", 161, 1, 0, 4],
                  "ip.proto": "1",
                  "ip.checksum_raw": ["aec0", 162, 2, 0, 5],
                  "ip.checksum": "0x0000aec0",
                  "ip.checksum.status": "2",
                  "ip.src_raw": ["c0a80002", 164, 4, 0, 32],
                  "ip.src": "192.168.0.2",
                  "ip.addr_raw": ["c0a80002", 164, 4, 0, 32],
                  "ip.addr": "192.168.0.2",
                  "ip.src_host_raw": ["c0a80002", 164, 4, 0, 26],
                  "ip.src_host": "192.168.0.2",
                  "ip.host_raw": ["c0a80002", 164, 4, 0, 26],
                  "ip.host": "192.168.0.2",
                  "ip.dst_raw": ["c0a80001", 168, 4, 0, 32],
                  "ip.dst": "192.168.0.1",
                  "ip.addr_raw": ["c0a80001", 168, 4, 0, 32],
                  "ip.addr": "192.168.0.1",
                  "ip.dst_host_raw": ["c0a80001", 168, 4, 0, 26],
                  "ip.dst_host": "192.168.0.1",
                  "ip.host_raw": ["c0a80001", 168, 4, 0, 26],
                  "ip.host": "192.168.0.1",
                  "Source GeoIP: Unknown": "",
                  "Destination GeoIP: Unknown": ""
                },
                "icmp_raw": ["0800b31d400e004d5b1d85c70008389708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031323334353637", 172, 64, 0, 1],
                "icmp": {
                  "icmp.type_raw": ["08", 172, 1, 0, 4],
                  "icmp.type": "8",
                  "icmp.code_raw": ["00", 173, 1, 0, 4],
                  "icmp.code": "0",
                  "icmp.checksum_raw": ["b31d", 174, 2, 0, 5],
                  "icmp.checksum": "0x0000b31d",
                  "icmp.checksum.status": "2",
                  "icmp.ident_raw": ["400e", 176, 2, 0, 5],
                  "icmp.ident": "16398",
                  "icmp.ident_raw": ["400e", 176, 2, 0, 5],
                  "icmp.ident": "3648",
                  "icmp.seq_raw": ["004d", 178, 2, 0, 5],
                  "icmp.seq": "77",
                  "icmp.seq_le_raw": ["004d", 178, 2, 0, 5],
                  "icmp.seq_le": "19712",
                  "data_raw": ["5b1d85c70008389708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031323334353637", 180, 56, 0, 1],
                  "data": {
                    "data.data_raw": ["5b1d85c70008389708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031323334353637", 180, 56, 0, 30],
                    "data.data": "5b:1d:85:c7:00:08:38:97:08:09:0a:0b:0c:0d:0e:0f:10:11:12:13:14:15:16:17:18:19:1a:1b:1c:1d:1e:1f:20:21:22:23:24:25:26:27:28:29:2a:2b:2c:2d:2e:2f:30:31:32:33:34:35:36:37",
                    "data.len": "56"
                  }
                }
              }
            },
            "Extended switch data": {
              "sflow.enterprise_raw": ["0", 238, 4, 4294963200, 7],
              "sflow.enterprise": "0",
              "sflow_245.flow_record_format_raw": ["000003e9", 238, 4, 0, 7],
              "sflow_245.flow_record_format": "1001",
              "sflow_5.flow_data_length_raw": ["00000010", 242, 4, 0, 7],
              "sflow_5.flow_data_length": "16",
              "sflow_245.vlan.in_raw": ["00000000", 246, 4, 0, 7],
              "sflow_245.vlan.in": "0",
              "sflow_245.pri.in_raw": ["00000000", 250, 4, 0, 7],
              "sflow_245.pri.in": "0",
              "sflow_245.vlan.out_raw": ["00000000", 254, 4, 0, 7],
              "sflow_245.vlan.out": "0",
              "sflow_245.pri.out_raw": ["00000000", 258, 4, 0, 7],
              "sflow_245.pri.out": "0"
            }
          }
        }
      }
    }
  }
	{
	"_index": "packets-2018-09-16",
	"_type": "pcap_file",
	"_score": null,
	"_source": {
	"layers": {
	"frame_raw": ["080027f854e2080027a13a3b0800450000f800000000fe116792a9fe0002a9fe0064c88f18c700e4b6e50000000500000001a9fe000200000000000002fe0044de260000000100000001000000b8000004cb0000020000000001000004cc000000000000020000000000000000020000000100000078000000010000006a0000000400000066020586717403020586716403884700010140450000544a9500004001aec0c0a80002c0a800010800b31d400e004d5b1d85c70008389708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f30313233343536370000000003e90000001000000000000000000000000000000000", 0, 262, 0, 1],
	"frame": {
	"frame.encap_type": "1",
	"frame.number": "1",
	"frame.len": "262",
	"frame.cap_len": "262",
	"frame.marked": "0",
	"frame.ignored": "0",
	"frame.protocols": "eth:ethertype:ip:udp:sflow:eth:ethertype:mpls:ip:icmp:data"
	},
	"eth_raw": ["080027f854e2080027a13a3b0800", 0, 14, 0, 1],
	"eth": {
	"eth.dst_raw": ["080027f854e2", 0, 6, 0, 29],
	"eth.dst": "08:00:27:f8:54:e2",
	"eth.dst_tree": {
	"eth.dst_resolved_raw": ["080027f854e2", 0, 6, 0, 26],
	"eth.dst_resolved": "PcsCompu_f8:54:e2",
	"eth.addr_raw": ["080027f854e2", 0, 6, 0, 29],
	"eth.addr": "08:00:27:f8:54:e2",
	"eth.addr_resolved_raw": ["080027f854e2", 0, 6, 0, 26],
	"eth.addr_resolved": "PcsCompu_f8:54:e2",
	"eth.lg_raw": ["0", 0, 3, 131072, 2],
	"eth.lg": "0",
	"eth.ig_raw": ["0", 0, 3, 65536, 2],
	"eth.ig": "0"
	},
	"eth.src_raw": ["080027a13a3b", 6, 6, 0, 29],
	"eth.src": "08:00:27:a1:3a:3b",
	"eth.src_tree": {
	"eth.src_resolved_raw": ["080027a13a3b", 6, 6, 0, 26],
	"eth.src_resolved": "PcsCompu_a1:3a:3b",
	"eth.addr_raw": ["080027a13a3b", 6, 6, 0, 29],
	"eth.addr": "08:00:27:a1:3a:3b",
	"eth.addr_resolved_raw": ["080027a13a3b", 6, 6, 0, 26],
	"eth.addr_resolved": "PcsCompu_a1:3a:3b",
	"eth.lg_raw": ["0", 6, 3, 131072, 2],
	"eth.lg": "0",
	"eth.ig_raw": ["0", 6, 3, 65536, 2],
	"eth.ig": "0"
	},
	"eth.type_raw": ["0800", 12, 2, 0, 5],
	"eth.type": "0x00000800"
	},
	"ip_raw": ["450000f800000000fe116792a9fe0002a9fe0064", 14, 20, 0, 1],
	"ip": {
	"ip.version_raw": ["4", 14, 1, 240, 4],
	"ip.version": "4",
	"ip.hdr_len_raw": ["45", 14, 1, 0, 4],
	"ip.hdr_len": "20",
	"ip.dsfield_raw": ["00", 15, 1, 0, 4],
	"ip.dsfield": "0x00000000",
	"ip.dsfield_tree": {
	"ip.dsfield.dscp_raw": ["0", 15, 1, 252, 4],
	"ip.dsfield.dscp": "0",
	"ip.dsfield.ecn_raw": ["0", 15, 1, 3, 4],
	"ip.dsfield.ecn": "0"
	},
	"ip.len_raw": ["00f8", 16, 2, 0, 5],
	"ip.len": "248",
	"ip.id_raw": ["0000", 18, 2, 0, 5],
	"ip.id": "0x00000000",
	"ip.flags_raw": ["00", 20, 1, 0, 4],
	"ip.flags": "0x00000000",
	"ip.flags_tree": {
	"ip.flags.rb_raw": ["00", 20, 1, 0, 2],
	"ip.flags.rb": "0",
	"ip.flags.df_raw": ["00", 20, 1, 0, 2],
	"ip.flags.df": "0",
	"ip.flags.mf_raw": ["00", 20, 1, 0, 2],
	"ip.flags.mf": "0"
	},
	"ip.frag_offset_raw": ["0000", 20, 2, 0, 5],
	"ip.frag_offset": "0",
	"ip.ttl_raw": ["fe", 22, 1, 0, 4],
	"ip.ttl": "254",
	"ip.proto_raw": ["11", 23, 1, 0, 4],
	"ip.proto": "17",
	"ip.checksum_raw": ["6792", 24, 2, 0, 5],
	"ip.checksum": "0x00006792",
	"ip.checksum.status": "2",
	"ip.src_raw": ["a9fe0002", 26, 4, 0, 32],
	"ip.src": "169.254.0.2",
	"ip.addr_raw": ["a9fe0002", 26, 4, 0, 32],
	"ip.addr": "169.254.0.2",
	"ip.src_host_raw": ["a9fe0002", 26, 4, 0, 26],
	"ip.src_host": "169.254.0.2",
	"ip.host_raw": ["a9fe0002", 26, 4, 0, 26],
	"ip.host": "169.254.0.2",
	"ip.dst_raw": ["a9fe0064", 30, 4, 0, 32],
	"ip.dst": "169.254.0.100",
	"ip.addr_raw": ["a9fe0064", 30, 4, 0, 32],
	"ip.addr": "169.254.0.100",
	"ip.dst_host_raw": ["a9fe0064", 30, 4, 0, 26],
	"ip.dst_host": "169.254.0.100",
	"ip.host_raw": ["a9fe0064", 30, 4, 0, 26],
	"ip.host": "169.254.0.100",
	"Source GeoIP: Unknown": "",
	"Destination GeoIP: Unknown": ""
	},
	"udp_raw": ["c88f18c700e4b6e5", 34, 8, 0, 1],
	"udp": {
	"udp.srcport_raw": ["c88f", 34, 2, 0, 5],
	"udp.srcport": "51343",
	"udp.dstport_raw": ["18c7", 36, 2, 0, 5],
	"udp.dstport": "6343",
	"udp.port_raw": ["c88f", 34, 2, 0, 5],
	"udp.port": "51343",
	"udp.port_raw": ["18c7", 36, 2, 0, 5],
	"udp.port": "6343",
	"udp.length_raw": ["00e4", 38, 2, 0, 5],
	"udp.length": "228",
	"udp.checksum_raw": ["b6e5", 40, 2, 0, 5],
	"udp.checksum": "0x0000b6e5",
	"udp.checksum.status": "2",
	"udp.stream": "0"
	},
	"sflow_raw": ["0000000500000001a9fe000200000000000002fe0044de260000000100000001000000b8000004cb0000020000000001000004cc000000000000020000000000000000020000000100000078000000010000006a0000000400000066020586717403020586716403884700010140450000544a9500004001aec0c0a80002c0a800010800b31d400e004d5b1d85c70008389708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f30313233343536370000000003e90000001000000000000000000000000000000000", 42, 220, 0, 1],
	"sflow": {
	"sflow_245.version_raw": ["00000005", 42, 4, 0, 7],
	"sflow_245.version": "5",
	"sflow_245.agenttype_raw": ["00000001", 46, 4, 0, 7],
	"sflow_245.agenttype": "1",
	"sflow_245.agent_raw": ["a9fe0002", 50, 4, 0, 32],
	"sflow_245.agent": "169.254.0.2",
	"sflow_245.sub_agent_id_raw": ["00000000", 54, 4, 0, 7],
	"sflow_245.sub_agent_id": "0",
	"sflow_245.sequence_number_raw": ["000002fe", 58, 4, 0, 7],
	"sflow_245.sequence_number": "766",
	"sflow_245.sysuptime_raw": ["0044de26", 62, 4, 0, 7],
	"sflow_245.sysuptime": "4513318",
	"sflow_245.numsamples_raw": ["00000001", 66, 4, 0, 7],
	"sflow_245.numsamples": "1",
	"Flow sample, seq 1227": {
	"sflow.enterprise_raw": ["0", 70, 4, 4294963200, 7],
	"sflow.enterprise": "0",
	"sflow_245.sampletype_raw": ["1", 70, 4, 4095, 7],
	"sflow_245.sampletype": "1",
	"sflow_5.sample_length_raw": ["000000b8", 74, 4, 0, 7],
	"sflow_5.sample_length": "184",
	"sflow.flow_sample.sequence_number_raw": ["000004cb", 78, 4, 0, 7],
	"sflow.flow_sample.sequence_number": "1227",
	"sflow.flow_sample.source_id_class_raw": ["0", 82, 4, 4278190080, 7],
	"sflow.flow_sample.source_id_class": "0",
	"sflow.flow_sample.index_raw": ["200", 82, 4, 16777215, 7],
	"sflow.flow_sample.index": "512",
	"sflow.flow_sample.sampling_rate_raw": ["00000001", 86, 4, 0, 7],
	"sflow.flow_sample.sampling_rate": "1",
	"sflow.flow_sample.sample_pool_raw": ["000004cc", 90, 4, 0, 7],
	"sflow.flow_sample.sample_pool": "1228",
	"sflow.flow_sample.dropped_packets_raw": ["00000000", 94, 4, 0, 7],
	"sflow.flow_sample.dropped_packets": "0",
	"sflow.flow_sample.input_interface_raw": ["00000200", 98, 4, 0, 7],
	"sflow.flow_sample.input_interface": "512",
	"sflow.flow_sample.output_interface_raw": ["0", 102, 4, 2147483647, 7],
	"sflow.flow_sample.output_interface": "0",
	"sflow.flow_sample.flow_record_raw": ["00000002", 106, 4, 0, 7],
	"sflow.flow_sample.flow_record": "2",
	"Raw packet header": {
	"sflow.enterprise_raw": ["0", 110, 4, 4294963200, 7],
	"sflow.enterprise": "0",
	"sflow_245.flow_record_format_raw": ["00000001", 110, 4, 0, 7],
	"sflow_245.flow_record_format": "1",
	"sflow_5.flow_data_length_raw": ["00000078", 114, 4, 0, 7],
	"sflow_5.flow_data_length": "120",
	"sflow_245.header_protocol_raw": ["00000001", 118, 4, 0, 7],
	"sflow_245.header_protocol": "1",
	"sflow_245.header.frame_length_raw": ["0000006a", 122, 4, 0, 7],
	"sflow_245.header.frame_length": "106",
	"sflow_245.header.payload_removed_raw": ["00000004", 126, 4, 0, 7],
	"sflow_245.header.payload_removed": "4",
	"sflow_245.header.original_packet_header_length_raw": ["00000066", 130, 4, 0, 7],
	"sflow_245.header.original_packet_header_length": "102",
	"sflow_245.header_raw": ["020586717403020586716403884700010140450000544a9500004001aec0c0a80002c0a800010800b31d400e004d5b1d85c70008389708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f30313233343536370000", 134, 104, 0, 30],
	"sflow_245.header": "02:05:86:71:74:03:02:05:86:71:64:03:88:47:00:01:01:40:45:00:00:54:4a:95:00:00:40:01:ae:c0:c0:a8:00:02:c0:a8:00:01:08:00:b3:1d:40:0e:00:4d:5b:1d:85:c7:00:08:38:97:08:09:0a:0b:0c:0d:0e:0f:10:11:12:13:14:15:16:17:18:19:1a:1b:1c:1d:1e:1f:20:21:22:23:24:25:26:27:28:29:2a:2b:2c:2d:2e:2f:30:31:32:33:34:35:36:37:00:00",
	"sflow_245.header_tree": {
	"eth_raw": ["0205867174030205867164038847", 134, 14, 0, 1],
	"eth": {
	"eth.dst_raw": ["020586717403", 134, 6, 0, 29],
	"eth.dst": "02:05:86:71:74:03",
	"eth.dst_tree": {
	"eth.dst_resolved_raw": ["020586717403", 134, 6, 0, 26],
	"eth.dst_resolved": "MS-NLB-PhysServer-05_86:71:74:03",
	"eth.addr_raw": ["020586717403", 134, 6, 0, 29],
	"eth.addr": "02:05:86:71:74:03",
	"eth.addr_resolved_raw": ["020586717403", 134, 6, 0, 26],
	"eth.addr_resolved": "MS-NLB-PhysServer-05_86:71:74:03",
	"eth.lg_raw": ["1", 134, 3, 131072, 2],
	"eth.lg": "1",
	"eth.ig_raw": ["0", 134, 3, 65536, 2],
	"eth.ig": "0"
	},
	"eth.src_raw": ["020586716403", 140, 6, 0, 29],
	"eth.src": "02:05:86:71:64:03",
	"eth.src_tree": {
	"eth.src_resolved_raw": ["020586716403", 140, 6, 0, 26],
	"eth.src_resolved": "MS-NLB-PhysServer-05_86:71:64:03",
	"eth.addr_raw": ["020586716403", 140, 6, 0, 29],
	"eth.addr": "02:05:86:71:64:03",
	"eth.addr_resolved_raw": ["020586716403", 140, 6, 0, 26],
	"eth.addr_resolved": "MS-NLB-PhysServer-05_86:71:64:03",
	"eth.lg_raw": ["1", 140, 3, 131072, 2],
	"eth.lg": "1",
	"eth.ig_raw": ["0", 140, 3, 65536, 2],
	"eth.ig": "0"
	},
	"eth.type_raw": ["8847", 146, 2, 0, 5],
	"eth.type": "0x00008847",
	"eth.trailer_raw": ["0000", 236, 2, 0, 30],
	"eth.trailer": "00:00"
	},
	"mpls_raw": ["00010140", 148, 4, 0, 1],
	"mpls": {
	"mpls.label_raw": ["10", 148, 4, 4294963200, 7],
	"mpls.label": "16",
	"mpls.exp_raw": ["0", 148, 4, 3584, 7],
	"mpls.exp": "0",
	"mpls.bottom_raw": ["1", 148, 4, 256, 7],
	"mpls.bottom": "1",
	"mpls.ttl_raw": ["40", 148, 4, 255, 7],
	"mpls.ttl": "64"
	},
	"ip_raw": ["450000544a9500004001aec0c0a80002c0a80001", 152, 20, 0, 1],
	"ip": {
	"ip.version_raw": ["4", 152, 1, 240, 4],
	"ip.version": "4",
	"ip.hdr_len_raw": ["45", 152, 1, 0, 4],
	"ip.hdr_len": "20",
	"ip.dsfield_raw": ["00", 153, 1, 0, 4],
	"ip.dsfield": "0x00000000",
	"ip.dsfield_tree": {
	"ip.dsfield.dscp_raw": ["0", 153, 1, 252, 4],
	"ip.dsfield.dscp": "0",
	"ip.dsfield.ecn_raw": ["0", 153, 1, 3, 4],
	"ip.dsfield.ecn": "0"
	},
	"ip.len_raw": ["0054", 154, 2, 0, 5],
	"ip.len": "84",
	"ip.id_raw": ["4a95", 156, 2, 0, 5],
	"ip.id": "0x00004a95",
	"ip.flags_raw": ["00", 158, 1, 0, 4],
	"ip.flags": "0x00000000",
	"ip.flags_tree": {
	"ip.flags.rb_raw": ["00", 158, 1, 0, 2],
	"ip.flags.rb": "0",
	"ip.flags.df_raw": ["00", 158, 1, 0, 2],
	"ip.flags.df": "0",
	"ip.flags.mf_raw": ["00", 158, 1, 0, 2],
	"ip.flags.mf": "0"
	},
	"ip.frag_offset_raw": ["0000", 158, 2, 0, 5],
	"ip.frag_offset": "0",
	"ip.ttl_raw": ["40", 160, 1, 0, 4],
	"ip.ttl": "64",
	"ip.proto_raw": ["01", 161, 1, 0, 4],
	"ip.proto": "1",
	"ip.checksum_raw": ["aec0", 162, 2, 0, 5],
	"ip.checksum": "0x0000aec0",
	"ip.checksum.status": "2",
	"ip.src_raw": ["c0a80002", 164, 4, 0, 32],
	"ip.src": "192.168.0.2",
	"ip.addr_raw": ["c0a80002", 164, 4, 0, 32],
	"ip.addr": "192.168.0.2",
	"ip.src_host_raw": ["c0a80002", 164, 4, 0, 26],
	"ip.src_host": "192.168.0.2",
	"ip.host_raw": ["c0a80002", 164, 4, 0, 26],
	"ip.host": "192.168.0.2",
	"ip.dst_raw": ["c0a80001", 168, 4, 0, 32],
	"ip.dst": "192.168.0.1",
	"ip.addr_raw": ["c0a80001", 168, 4, 0, 32],
	"ip.addr": "192.168.0.1",
	"ip.dst_host_raw": ["c0a80001", 168, 4, 0, 26],
	"ip.dst_host": "192.168.0.1",
	"ip.host_raw": ["c0a80001", 168, 4, 0, 26],
	"ip.host": "192.168.0.1",
	"Source GeoIP: Unknown": "",
	"Destination GeoIP: Unknown": ""
	},
	"icmp_raw": ["0800b31d400e004d5b1d85c70008389708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031323334353637", 172, 64, 0, 1],
	"icmp": {
	"icmp.type_raw": ["08", 172, 1, 0, 4],
	"icmp.type": "8",
	"icmp.code_raw": ["00", 173, 1, 0, 4],
	"icmp.code": "0",
	"icmp.checksum_raw": ["b31d", 174, 2, 0, 5],
	"icmp.checksum": "0x0000b31d",
	"icmp.checksum.status": "2",
	"icmp.ident_raw": ["400e", 176, 2, 0, 5],
	"icmp.ident": "16398",
	"icmp.ident_raw": ["400e", 176, 2, 0, 5],
	"icmp.ident": "3648",
	"icmp.seq_raw": ["004d", 178, 2, 0, 5],
	"icmp.seq": "77",
	"icmp.seq_le_raw": ["004d", 178, 2, 0, 5],
	"icmp.seq_le": "19712",
	"data_raw": ["5b1d85c70008389708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031323334353637", 180, 56, 0, 1],
	"data": {
	"data.data_raw": ["5b1d85c70008389708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031323334353637", 180, 56, 0, 30],
	"data.data": "5b:1d:85:c7:00:08:38:97:08:09:0a:0b:0c:0d:0e:0f:10:11:12:13:14:15:16:17:18:19:1a:1b:1c:1d:1e:1f:20:21:22:23:24:25:26:27:28:29:2a:2b:2c:2d:2e:2f:30:31:32:33:34:35:36:37",
	"data.len": "56"
	}
	}
	}
	},
	"Extended switch data": {
	"sflow.enterprise_raw": ["0", 238, 4, 4294963200, 7],
	"sflow.enterprise": "0",
	"sflow_245.flow_record_format_raw": ["000003e9", 238, 4, 0, 7],
	"sflow_245.flow_record_format": "1001",
	"sflow_5.flow_data_length_raw": ["00000010", 242, 4, 0, 7],
	"sflow_5.flow_data_length": "16",
	"sflow_245.vlan.in_raw": ["00000000", 246, 4, 0, 7],
	"sflow_245.vlan.in": "0",
	"sflow_245.pri.in_raw": ["00000000", 250, 4, 0, 7],
	"sflow_245.pri.in": "0",
	"sflow_245.vlan.out_raw": ["00000000", 254, 4, 0, 7],
	"sflow_245.vlan.out": "0",
	"sflow_245.pri.out_raw": ["00000000", 258, 4, 0, 7],
	"sflow_245.pri.out": "0"
	}
	}
	}
	}
	}
	}