1.1.9.2. Network Capture Metrics#
1.1.9.2.1. Metric Format#
{
"capture_time": 1614265958928905,
"layers": { ... }
}
1.1.9.2.1.1. TCP-TLS-SSL Eample Metric for 1 decoded packet:#
TCP - TLS-SSL Example metric that is recorded in the metric database.
1 {
2 "layers":
3 {
4 "ip": { "id":"0xbe51",
5 "dst":"192.168.1.20",
6 "len":"1500",
7 "src":"192.0.73.2",
8 "ttl":"55",
9 "addr":["192.0.73.2","192.168.1.20"],
10 "host":["192.0.73.2","192.168.1.20"],
11 "flags":"0x40",
12 "proto":"6",
13 "dsfield":"0x00",
14 "hdr_len":"20",
15 "version":"4",
16 "checksum":"0xb50b",
17 "dst_host":"192.168.1.20",
18 "flags_df":true,
19 "flags_mf":false,
20 "flags_rb":false,
21 "src_host":"192.0.73.2",
22 "dsfield_ecn":"0",
23 "frag_offset":"0",
24 "dsfield_dscp":"0",
25 "checksum_status":"2"},
26 "eth": {"ig":false,
27 "lg":false,
28 "dst":"64:51:06:5c:4b:7c",
29 "src":"20:aa:4b:5b:b6:b0",
30 "addr":"20:aa:4b:5b:b6:b0",
31 "type":"0x0800",
32 "dst_ig":false,
33 "dst_lg":false,
34 "src_ig":false,
35 "src_lg":false,
36 "dst_oui":"6574342",
37 "src_oui":"2140747",
38 "addr_oui":"2140747",
39 "dst_resolved":"HewlettP_5c:4b:7c",
40 "src_resolved":"Cisco-Li_5b:b6:b0",
41 "addr_resolved":"Cisco-Li_5b:b6:b0",
42 "dst_oui_resolved":"Hewlett Packard",
43 "src_oui_resolved":"Cisco-Linksys, LLC",
44 "addr_oui_resolved":"Cisco-Linksys, LLC"},
45 "tcp": {"ack":"290",
46 "len":"1460",
47 "seq":"1",
48 "port":["443","52826"],
49 "text":"Timestamps",
50 "flags":"0x0010",
51 "nxtseq":"1461",
52 "stream":"1710",
53 "ack_raw":"548885903",
54 "dstport":"52826",
55 "hdr_len":"20",
56 "seq_raw":"2578392726",
57 "srcport":"443",
58 "analysis":null,
59 "checksum":"0xaabd",
60 "flags_ns":false,
61 "flags_ack":true,
62 "flags_cwr":false,
63 "flags_ecn":false,
64 "flags_fin":false,
65 "flags_res":false,
66 "flags_str":"A",
67 "flags_syn":false,
68 "flags_urg":false,
69 "flags_push":false,
70 "time_delta":"0.000467008",
71 "flags_reset":false,
72 "window_size":"30720",
73 "completeness":"15",
74 "time_relative":"0.037282548",
75 "urgent_pointer":"0",
76 "checksum_status":"2",
77 "window_size_value":"60",
78 "analysis_initial_rtt":"0.018522768",
79 "window_size_scalefactor":"512",
80 "analysis_bytes_in_flight":"1460",
81 "analysis_push_bytes_sent":"1460"},
82 "tls": {"text":["Key Share extension","Key Share Entry: Group: x25519, Key Exchange length: 32"],
83 "record":[null,null,null],
84 "handshake":null,
85 "record_length":["122","1","36"],
86 "app_data_proto":"http-over-tls",
87 "handshake_ja3s":"f4febc55ea12b31ae17cfb7e614afda8",
88 "handshake_type":"2",
89 "record_version":["0x0303","0x0303","0x0303"],
90 "handshake_length":"118",
91 "handshake_version":"0x0303",
92 "change_cipher_spec":null,
93 "record_opaque_type":"23",
94 "handshake_ja3s_full":"771,4865,43-51",
95 "record_content_type":["22","20"],
96 "handshake_ciphersuite":"0x1301",
97 "handshake_comp_method":"0",
98 "handshake_extension_len":["2","36"],
99 "handshake_extension_type":["43","51"],
100 "handshake_extensions_length":"46",
101 "handshake_session_id_length":"32",
102 "handshake_extensions_key_share_group":"29",
103 "handshake_extensions_supported_version":"0x0304",
104 "handshake_extensions_key_share_key_exchange_length":"32"},
105 "frame": {"len":"1514",
106 "time":"2022-04-09T00:58:34.872258777Z",
107 "marked":false,
108 "number":"137120",
109 "cap_len":"1514",
110 "ignored":false,
111 "protocols":"eth:ethertype:ip:tcp:tls",
112 "encap_type":"1",
113 "time_delta":"0.000467008",
114 "time_epoch":"1649465914.872258777",
115 "interface_id":"0",
116 "offset_shift":"0.000000000",
117 "time_relative":"35875.095977575",
118 "interface_name":"eno1",
119 "time_delta_displayed":"0.000467008"}
120 }
121 }
122 }