Traffic notions extracted from PCAP network captures.
traffic_inspection contains extracted notions, mainly HTTP requests, from PCAP captures.
The object contains a http key, which value is a list of dictionaries, each one containing the following fields:
binary_hash: <string> downloaded content SHA256.binary_magic: <string> downloaded content file type.datetime: <string> download date in%Y-%m-%d %H:%M:%S.%fformat.interesting_magic: <integer>method: <string> HTTP request method.remote_host: <string> request destination, including IP and port.response_code: <string> HTTP response code.response_size: <integer> in bytes.url: <string> request URL.user-agent: <string> client user agent.
{
"data": {
"attributes": {
"traffic_inspection": {
"http": [
{
"binary_hash": "<string>",
"binary_magic": "<string>",
"datetime": "<string:%Y-%m-%d %H:%M:%S.%f>",
"interesting_magic": <int>,
"method": "<string>",
"remote_host": "<string>",
"response_code": "<string>",
"response_size": <int>,
"url": "<string>",
"user-agent": "<string>"
}
]
}
}
}
}
{
"data": {
"attributes": {
"traffic_inspection": {
"http": [
{
"binary_hash": "0e735aab56c55e954405cef52a5d9e59935c4a5ea151b85eb5a1cf5b25a50505",
"binary_magic": "ASCII text, with very long lines, with no line terminators",
"datetime": "2020-06-03 22:56:01.449486",
"interesting_magic": 0,
"method": "GET",
"remote_host": "66.66.66.66:80",
"response_code": "200",
"response_size": 226132,
"url": "http://blablabla.com/blablabla.jpg",
"user-agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1)"
},
{
"binary_hash": "0e73f4ab6645649e4402ce452a4d9eb9431c4adea141b8b4b3a14fbb24a20e05",
"binary_magic": "ASCII text, with very long lines, with no line terminators",
"datetime": "2020-06-03 22:56:32.097305",
"interesting_magic": 0,
"method": "GET",
"remote_host": "66.66.66.66:80",
"response_code": "200",
"response_size": 226132,
"url": "http://blablabla.com/blablabla2.jpg",
"user-agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1)"
}
]
}
}
}
}