Created
January 24, 2019 10:27
-
-
Save rmoff/c5c8453da5da4d5be03069fc9a1e9a16 to your computer and use it in GitHub Desktop.
pcap sample
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"timestamp": "1547735265961", | |
"layers": { | |
"frame": { | |
"frame_frame_interface_id": "0", | |
"frame_interface_id_frame_interface_name": "en0", | |
"frame_frame_encap_type": "1", | |
"frame_frame_time": "Jan 17, 2019 14:27:45.961581000 GMT", | |
"frame_frame_offset_shift": "0.000000000", | |
"frame_frame_time_epoch": "1547735265.961581000", | |
"frame_frame_time_delta": "0.000403000", | |
"frame_frame_time_delta_displayed": "0.000403000", | |
"frame_frame_time_relative": "12.857668000", | |
"frame_frame_number": "76", | |
"frame_frame_len": "413", | |
"frame_frame_cap_len": "413", | |
"frame_frame_marked": "0", | |
"frame_frame_ignored": "0", | |
"frame_frame_protocols": "eth:ethertype:ip:tcp:http" | |
}, | |
"eth": { | |
"eth_eth_dst": "d4:ca:6d:b0:a7:f3", | |
"eth_dst_eth_dst_resolved": "Routerbo_b0:a7:f3", | |
"eth_dst_eth_addr": "d4:ca:6d:b0:a7:f3", | |
"eth_dst_eth_addr_resolved": "Routerbo_b0:a7:f3", | |
"eth_dst_eth_lg": "0", | |
"eth_dst_eth_ig": "0", | |
"eth_eth_src": "xx:xx:xx:xx:xx:xx", | |
"eth_src_eth_src_resolved": "Apple_d2:2a:35", | |
"eth_src_eth_addr": "xx:xx:xx:xx:xx:xx", | |
"eth_src_eth_addr_resolved": "Apple_d2:2a:35", | |
"eth_src_eth_lg": "0", | |
"eth_src_eth_ig": "0", | |
"eth_eth_type": "0x00000800" | |
}, | |
"ip": { | |
"ip_ip_version": "4", | |
"ip_ip_hdr_len": "20", | |
"ip_ip_dsfield": "0x00000002", | |
"ip_dsfield_ip_dsfield_dscp": "0", | |
"ip_dsfield_ip_dsfield_ecn": "2", | |
"ip_ip_len": "399", | |
"ip_ip_id": "0x00000000", | |
"ip_ip_flags": "0x00004000", | |
"ip_flags_ip_flags_rb": "0", | |
"ip_flags_ip_flags_df": "1", | |
"ip_flags_ip_flags_mf": "0", | |
"ip_flags_ip_frag_offset": "0", | |
"ip_ip_ttl": "64", | |
"ip_ip_proto": "6", | |
"ip_ip_checksum": "0x0000bd66", | |
"ip_ip_checksum_status": "2", | |
"ip_ip_src": "10.5.60.53", | |
"ip_ip_addr": [ | |
"10.5.60.53", | |
"17.253.35.202" | |
], | |
"ip_ip_src_host": "10.5.60.53", | |
"ip_ip_host": [ | |
"10.5.60.53", | |
"17.253.35.202" | |
], | |
"ip_ip_dst": "17.253.35.202", | |
"ip_ip_dst_host": "17.253.35.202" | |
}, | |
"tcp": { | |
"tcp_tcp_srcport": "64355", | |
"tcp_tcp_dstport": "80", | |
"tcp_tcp_port": [ | |
"64355", | |
"80" | |
], | |
"tcp_tcp_stream": "3", | |
"tcp_tcp_len": "347", | |
"tcp_tcp_seq": "1", | |
"tcp_tcp_nxtseq": "348", | |
"tcp_tcp_ack": "1", | |
"tcp_tcp_hdr_len": "32", | |
"tcp_tcp_flags": "0x00000018", | |
"tcp_flags_tcp_flags_res": "0", | |
"tcp_flags_tcp_flags_ns": "0", | |
"tcp_flags_tcp_flags_cwr": "0", | |
"tcp_flags_tcp_flags_ecn": "0", | |
"tcp_flags_tcp_flags_urg": "0", | |
"tcp_flags_tcp_flags_ack": "1", | |
"tcp_flags_tcp_flags_push": "1", | |
"tcp_flags_tcp_flags_reset": "0", | |
"tcp_flags_tcp_flags_syn": "0", | |
"tcp_flags_tcp_flags_fin": "0", | |
"tcp_flags_tcp_flags_str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7", | |
"tcp_tcp_window_size_value": "4117", | |
"tcp_tcp_window_size": "131744", | |
"tcp_tcp_window_size_scalefactor": "32", | |
"tcp_tcp_checksum": "0x000059d7", | |
"tcp_tcp_checksum_status": "2", | |
"tcp_tcp_urgent_pointer": "0", | |
"tcp_tcp_options": "01:01:08:0a:68:56:d8:c8:0f:aa:69:ac", | |
"tcp_options_tcp_options_nop": [ | |
"01", | |
"01" | |
], | |
"tcp_options_nop_tcp_option_kind": [ | |
"1", | |
"1" | |
], | |
"tcp_options_tcp_options_timestamp": "08:0a:68:56:d8:c8:0f:aa:69:ac", | |
"tcp_options_timestamp_tcp_option_kind": "8", | |
"tcp_options_timestamp_tcp_option_len": "10", | |
"tcp_options_timestamp_tcp_options_timestamp_tsval": "1750522056", | |
"tcp_options_timestamp_tcp_options_timestamp_tsecr": "262826412", | |
"tcp_tcp_analysis": "", | |
"tcp_analysis_tcp_analysis_initial_rtt": "0.016684000", | |
"tcp_analysis_tcp_analysis_bytes_in_flight": "347", | |
"tcp_analysis_tcp_analysis_push_bytes_sent": "347", | |
"tcp_text": "Timestamps", | |
"text_tcp_time_relative": "0.017087000", | |
"text_tcp_time_delta": "0.000403000", | |
"tcp_tcp_payload": "47:45:54:20:2f:68:6f:74:73:70:6f:74:2d:64:65:74:65:63:74:2e:68:74:6d:6c:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:63:61:70:74:69:76:65:2e:61:70:70:6c:65:2e:63:6f:6d:0d:0a:55:70:67:72:61:64:65:2d:49:6e:73:65:63:75:72:65:2d:52:65:71:75:65:73:74:73:3a:20:31:0d:0a:41:63:63:65:70:74:3a:20:74:65:78:74:2f:68:74:6d:6c:2c:61:70:70:6c:69:63:61:74:69:6f:6e:2f:78:68:74:6d:6c:2b:78:6d:6c:2c:61:70:70:6c:69:63:61:74:69:6f:6e:2f:78:6d:6c:3b:71:3d:30:2e:39:2c:2a:2f:2a:3b:71:3d:30:2e:38:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:4d:6f:7a:69:6c:6c:61:2f:35:2e:30:20:28:4d:61:63:69:6e:74:6f:73:68:3b:20:49:6e:74:65:6c:20:4d:61:63:20:4f:53:20:58:20:31:30:5f:31:33:5f:36:29:20:41:70:70:6c:65:57:65:62:4b:69:74:2f:36:30:35:2e:31:2e:31:35:20:28:4b:48:54:4d:4c:2c:20:6c:69:6b:65:20:47:65:63:6b:6f:29:0d:0a:41:63:63:65:70:74:2d:4c:61:6e:67:75:61:67:65:3a:20:65:6e:2d:67:62:0d:0a:41:63:63:65:70:74:2d:45:6e:63:6f:64:69:6e:67:3a:20:67:7a:69:70:2c:20:64:65:66:6c:61:74:65:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:6b:65:65:70:2d:61:6c:69:76:65:0d:0a:0d:0a" | |
}, | |
"http": { | |
"http_text": [ | |
"GET \/hotspot-detect.html HTTP\/1.1\\r\\n", | |
"\\r\\n" | |
], | |
"text__ws_expert": { | |
"_ws_expert_http_chat": "", | |
"_ws_expert__ws_expert_message": "GET \/hotspot-detect.html HTTP\/1.1\\r\\n", | |
"_ws_expert__ws_expert_severity": "2097152", | |
"_ws_expert__ws_expert_group": "33554432" | |
}, | |
"text_http_request_method": "GET", | |
"text_http_request_uri": "\/hotspot-detect.html", | |
"text_http_request_version": "HTTP\/1.1", | |
"http_http_host": "captive.apple.com", | |
"http_http_request_line": [ | |
"Host: captive.apple.com\r\n", | |
"Upgrade-Insecure-Requests: 1\r\n", | |
"Accept: text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8\r\n", | |
"User-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit\/605.1.15 (KHTML, like Gecko)\r\n", | |
"Accept-Language: en-gb\r\n", | |
"Accept-Encoding: gzip, deflate\r\n", | |
"Connection: keep-alive\r\n" | |
], | |
"http_http_accept": "text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8", | |
"http_http_user_agent": "Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit\/605.1.15 (KHTML, like Gecko)", | |
"http_http_accept_language": "en-gb", | |
"http_http_accept_encoding": "gzip, deflate", | |
"http_http_connection": "keep-alive", | |
"http_http_request_full_uri": "http:\/\/captive.apple.com\/hotspot-detect.html", | |
"http_http_request": "1", | |
"http_http_request_number": "1" | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment