wireshark

Metadata produced by Wireshark when acting on the file.

wireshark contains metadata produced by the Wireshark tool when acting on the file. Only available for PCAP network captures.

The object contains the following fields:

  • dns: <list of lists> list containing DNS requests and their resolutions. Every sublist contains two items:
    • <string> domain name to resolve
    • <list of strings> IP addresses to which the domain resolved.
  • pcap: PCAP capture metadata:
    • Capture duration: <string> duration in seconds.
    • Data size: <string> human readable size of the PCAP file.
    • End time: <string> date when the capture was stopped in %Y-%m-%d %H:%M:%S format.
    • File encapsulation: <string> file encapsulation.
    • File type: <string> file type (usually pcap).
    • Number of packets: <string> human readable number of packets in the network capture.
    • Start time: <string> date when the capture was started in %Y-%m-%d %H:%M:%S format.
{
    "data": {
        "attributes": {
            "wireshark": {
                "dns": [
                    [
                        "<string>",
                        [
                            "<string>",...
                        ]
                    ],...
                ],
                "pcap": {
                    "Capture duration": "<string>",
                    "Data size": "<string>",
                    "End time": "<string:%Y-%m-%d %H:%M:%S>",
                    "File encapsulation": "<string>",
                    "File type": "<string>",
                    "Number of packets": "<string>",
                    "Start time": "<string:%Y-%m-%d %H:%M:%S>"
                }
            }
        }
    }
}
{
    "data": {
        "attributes": {
            "wireshark": {
                "dns": [
                    [
                        "nonexistent.com",
                        []
                    ],
                    [
                        "blablabla.com",
                        [
                            "66.66.66.666",
                            "222.222.222.222"
                        ]
                    ],
                    [
                        "example.com",
                        [
                            "55.66.77.88"
                        ]
                    ]
                ],
                "pcap": {
                    "Capture duration": "3599.812545 seconds",
                    "Data size": "29 MB",
                    "End time": "2020-06-03 23:55:31",
                    "File encapsulation": "Ethernet",
                    "File type": "pcap",
                    "Number of packets": "30 k",
                    "Start time": "2020-06-03 22:55:31"
                }
            }
        }
    }
}