[ { "_index": "packets-2016-09-28", "_type": "pcap_file", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.encap_type": "1", "frame.time": "Nov 5, 2015 14:29:04.471519000 Jerusalem Standard Time", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1446726544.471519000", "frame.time_delta": "0.000000000", "frame.time_delta_displayed": "0.000000000", "frame.time_relative": "0.000000000", "frame.number": "1", "frame.len": "258", "frame.cap_len": "258", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "eth:ethertype:ip:tcp:104apci:104asdu:104asdu", "frame.coloring_rule.name": "TCP", "frame.coloring_rule.string": "tcp" }, "eth": { "eth.dst": { "eth.dst_resolved": "IbmCorp_b5:01:ee", "eth.addr": "5c:f3:fc:b5:01:ee", "eth.addr_resolved": "IbmCorp_b5:01:ee", "eth.lg": "0", "eth.ig": "0" }, "eth.src": { "eth.src_resolved": "Netscreen_ff:10:02", "eth.addr": "00:10:db:ff:10:02", "eth.addr_resolved": "Netscreen_ff:10:02", "eth.lg": "0", "eth.ig": "0" }, "eth.type": "0x00000800" }, "ip": { "ip.version": "4", "ip.hdr_len": "20", "ip.dsfield": { "ip.dsfield.dscp": "0", "ip.dsfield.ecn": "0" }, "ip.len": "244", "ip.id": "0x00000000", "ip.flags": { "ip.flags.rb": "0", "ip.flags.df": "1", "ip.flags.mf": "0" }, "ip.frag_offset": "0", "ip.ttl": "252", "ip.proto": "6", "ip.checksum": "0x00001b5b", "ip.checksum.status": "2", "ip.src": "172.30.208.113", "ip.addr": "172.30.208.113", "ip.src_host": "172.30.208.113", "ip.host": "172.30.208.113", "ip.dst": "10.20.220.4", "ip.addr": "10.20.220.4", "ip.dst_host": "10.20.220.4", "ip.host": "10.20.220.4", "Source GeoIP: Unknown": "", "Destination GeoIP: Unknown": "" }, "tcp": { "tcp.srcport": "2404", "tcp.dstport": "61613", "tcp.port": "2404", "tcp.port": "61613", "tcp.stream": "0", "tcp.len": "204", "tcp.seq": "1", "tcp.nxtseq": "205", "tcp.ack": "1", "tcp.hdr_len": "20", "tcp.flags": { "tcp.flags.res": "0", "tcp.flags.ns": "0", "tcp.flags.cwr": "0", "tcp.flags.ecn": "0", "tcp.flags.urg": "0", "tcp.flags.ack": "1", "tcp.flags.push": "1", "tcp.flags.reset": "0", "tcp.flags.syn": "0", "tcp.flags.fin": "0", "tcp.flags.str": "\u00194\u00183\u00194\u00183\u00194\u00183\u00194\u00183\u00194\u00183\u00194\u00183\u00194\u00183AP\u00194\u00183\u00194\u00183\u00194\u00183" }, "tcp.window_size_value": "512", "tcp.window_size": "512", "tcp.window_size_scalefactor": "-1", "tcp.checksum": "0x0000f404", "tcp.checksum.status": "2", "tcp.urgent_pointer": "0", "tcp.analysis": { "tcp.analysis.bytes_in_flight": "204", "tcp.analysis.push_bytes_sent": "204" }, "tcp.pdu.size": "102", "tcp.pdu.size": "102" }, "104apci": { "104asdu.start": "0x00000068", "104apci.apdulen": "100", "104apci.type": "0x00000000", "104apci.tx": "30198", "104apci.rx": "0" }, "104asdu": { "104asdu.typeid": "37", "104asdu.sq": "0", "104asdu.numix": "6", "104asdu.causetx": "3", "104asdu.nega": "0", "104asdu.test": "0", "104asdu.oa": "0", "104asdu.addr": "134", "IOA: 12289": { "104asdu.ioa": "12289", "104asdu.bcr.count": "0", "104asdu.bcr.sq": "15", "104asdu.bcr.cy": "0", "104asdu.bcr.ca": "0", "104asdu.bcr.iv": "0", "104asdu.cp56time": { "104asdu.cp56time.ms": "36", "104asdu.cp56time.min": "29", "104asdu.cp56time.iv": "0", "104asdu.cp56time.hour": "14", "104asdu.cp56time.su": "0", "104asdu.cp56time.day": "5", "104asdu.cp56time.dow": "0", "104asdu.cp56time.month": "11", "104asdu.cp56time.year": "15" } }, "IOA: 12290": { "104asdu.ioa": "12290", "104asdu.bcr.count": "0", "104asdu.bcr.sq": "15", "104asdu.bcr.cy": "0", "104asdu.bcr.ca": "0", "104asdu.bcr.iv": "0", "104asdu.cp56time": { "104asdu.cp56time.ms": "36", "104asdu.cp56time.min": "29", "104asdu.cp56time.iv": "0", "104asdu.cp56time.hour": "14", "104asdu.cp56time.su": "0", "104asdu.cp56time.day": "5", "104asdu.cp56time.dow": "0", "104asdu.cp56time.month": "11", "104asdu.cp56time.year": "15" } }, "IOA: 12291": { "104asdu.ioa": "12291", "104asdu.bcr.count": "0", "104asdu.bcr.sq": "15", "104asdu.bcr.cy": "0", "104asdu.bcr.ca": "0", "104asdu.bcr.iv": "0", "104asdu.cp56time": { "104asdu.cp56time.ms": "36", "104asdu.cp56time.min": "29", "104asdu.cp56time.iv": "0", "104asdu.cp56time.hour": "14", "104asdu.cp56time.su": "0", "104asdu.cp56time.day": "5", "104asdu.cp56time.dow": "0", "104asdu.cp56time.month": "11", "104asdu.cp56time.year": "15" } }, "IOA: 12292": { "104asdu.ioa": "12292", "104asdu.bcr.count": "0", "104asdu.bcr.sq": "15", "104asdu.bcr.cy": "0", "104asdu.bcr.ca": "0", "104asdu.bcr.iv": "0", "104asdu.cp56time": { "104asdu.cp56time.ms": "36", "104asdu.cp56time.min": "29", "104asdu.cp56time.iv": "0", "104asdu.cp56time.hour": "14", "104asdu.cp56time.su": "0", "104asdu.cp56time.day": "5", "104asdu.cp56time.dow": "0", "104asdu.cp56time.month": "11", "104asdu.cp56time.year": "15" } }, "IOA: 12293": { "104asdu.ioa": "12293", "104asdu.bcr.count": "0", "104asdu.bcr.sq": "15", "104asdu.bcr.cy": "0", "104asdu.bcr.ca": "0", "104asdu.bcr.iv": "0", "104asdu.cp56time": { "104asdu.cp56time.ms": "36", "104asdu.cp56time.min": "29", "104asdu.cp56time.iv": "0", "104asdu.cp56time.hour": "14", "104asdu.cp56time.su": "0", "104asdu.cp56time.day": "5", "104asdu.cp56time.dow": "0", "104asdu.cp56time.month": "11", "104asdu.cp56time.year": "15" } }, "IOA: 12294": { "104asdu.ioa": "12294", "104asdu.bcr.count": "0", "104asdu.bcr.sq": "15", "104asdu.bcr.cy": "0", "104asdu.bcr.ca": "0", "104asdu.bcr.iv": "0", "104asdu.cp56time": { "104asdu.cp56time.ms": "37", "104asdu.cp56time.min": "29", "104asdu.cp56time.iv": "0", "104asdu.cp56time.hour": "14", "104asdu.cp56time.su": "0", "104asdu.cp56time.day": "5", "104asdu.cp56time.dow": "0", "104asdu.cp56time.month": "11", "104asdu.cp56time.year": "15" } } }, "104apci": { "104asdu.start": "0x00000068", "104apci.apdulen": "100", "104apci.type": "0x00000000", "104apci.tx": "30199", "104apci.rx": "0" }, "104asdu": { "104asdu.typeid": "37", "104asdu.sq": "0", "104asdu.numix": "6", "104asdu.causetx": "3", "104asdu.nega": "0", "104asdu.test": "0", "104asdu.oa": "0", "104asdu.addr": "134", "IOA: 12295": { "104asdu.ioa": "12295", "104asdu.bcr.count": "0", "104asdu.bcr.sq": "15", "104asdu.bcr.cy": "0", "104asdu.bcr.ca": "0", "104asdu.bcr.iv": "0", "104asdu.cp56time": { "104asdu.cp56time.ms": "37", "104asdu.cp56time.min": "29", "104asdu.cp56time.iv": "0", "104asdu.cp56time.hour": "14", "104asdu.cp56time.su": "0", "104asdu.cp56time.day": "5", "104asdu.cp56time.dow": "0", "104asdu.cp56time.month": "11", "104asdu.cp56time.year": "15" } }, "IOA: 12296": { "104asdu.ioa": "12296", "104asdu.bcr.count": "0", "104asdu.bcr.sq": "15", "104asdu.bcr.cy": "0", "104asdu.bcr.ca": "0", "104asdu.bcr.iv": "0", "104asdu.cp56time": { "104asdu.cp56time.ms": "37", "104asdu.cp56time.min": "29", "104asdu.cp56time.iv": "0", "104asdu.cp56time.hour": "14", "104asdu.cp56time.su": "0", "104asdu.cp56time.day": "5", "104asdu.cp56time.dow": "0", "104asdu.cp56time.month": "11", "104asdu.cp56time.year": "15" } }, "IOA: 12297": { "104asdu.ioa": "12297", "104asdu.bcr.count": "28536336", "104asdu.bcr.sq": "15", "104asdu.bcr.cy": "0", "104asdu.bcr.ca": "0", "104asdu.bcr.iv": "0", "104asdu.cp56time": { "104asdu.cp56time.ms": "37", "104asdu.cp56time.min": "29", "104asdu.cp56time.iv": "0", "104asdu.cp56time.hour": "14", "104asdu.cp56time.su": "0", "104asdu.cp56time.day": "5", "104asdu.cp56time.dow": "0", "104asdu.cp56time.month": "11", "104asdu.cp56time.year": "15" } }, "IOA: 12298": { "104asdu.ioa": "12298", "104asdu.bcr.count": "1025812", "104asdu.bcr.sq": "15", "104asdu.bcr.cy": "0", "104asdu.bcr.ca": "0", "104asdu.bcr.iv": "0", "104asdu.cp56time": { "104asdu.cp56time.ms": "37", "104asdu.cp56time.min": "29", "104asdu.cp56time.iv": "0", "104asdu.cp56time.hour": "14", "104asdu.cp56time.su": "0", "104asdu.cp56time.day": "5", "104asdu.cp56time.dow": "0", "104asdu.cp56time.month": "11", "104asdu.cp56time.year": "15" } }, "IOA: 12299": { "104asdu.ioa": "12299", "104asdu.bcr.count": "28643909", "104asdu.bcr.sq": "15", "104asdu.bcr.cy": "0", "104asdu.bcr.ca": "0", "104asdu.bcr.iv": "0", "104asdu.cp56time": { "104asdu.cp56time.ms": "37", "104asdu.cp56time.min": "29", "104asdu.cp56time.iv": "0", "104asdu.cp56time.hour": "14", "104asdu.cp56time.su": "0", "104asdu.cp56time.day": "5", "104asdu.cp56time.dow": "0", "104asdu.cp56time.month": "11", "104asdu.cp56time.year": "15" } }, "IOA: 12300": { "104asdu.ioa": "12300", "104asdu.bcr.count": "1029692", "104asdu.bcr.sq": "15", "104asdu.bcr.cy": "0", "104asdu.bcr.ca": "0", "104asdu.bcr.iv": "0", "104asdu.cp56time": { "104asdu.cp56time.ms": "37", "104asdu.cp56time.min": "29", "104asdu.cp56time.iv": "0", "104asdu.cp56time.hour": "14", "104asdu.cp56time.su": "0", "104asdu.cp56time.day": "5", "104asdu.cp56time.dow": "0", "104asdu.cp56time.month": "11", "104asdu.cp56time.year": "15" } } } } } }]