#separator \x09 #set_separator , #empty_field (empty) #unset_field - #path http #open 2015-10-23-10-14-49 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types #types time string addr port addr port count string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] 385.057784 COEqnk4IurGuMPnQs3 10.0.2.107 49157 80.239.137.58 80 1 GET www.msftncsi.com /ncsi.txt - Microsoft NCSI 0 14 200 OK - - - (empty) - - - - - FJXwyP1bLgJ8qVLKSh text/plain 5040.725537 CBtR6a3gM7Pgy97tZ8 10.0.2.107 49192 191.234.4.50 80 1 GET www.download.windowsupdate.com /msdownload/update/v3/static/trustedr/en/authrootstl.cab - Microsoft-CryptoAPI/6.1 0 50006 200 OK - - - (empty) - - - - - F4lXca3t7MEFcAFC7e application/vnd.ms-cab-compressed 5040.786497 C7DDio1oWKi7UUQVFb 10.0.2.107 49193 191.234.4.50 80 1 GET www.download.windowsupdate.com /msdownload/update/v3/static/trustedr/en/authrootstl.cab - Microsoft-CryptoAPI/6.1 0 50006 200 OK - - - (empty) - - - - - F712kUWg4T9rj25Oa application/vnd.ms-cab-compressed #close 2015-10-23-10-17-07