diff options
author | Michael Mann <mmann78@netscape.net> | 2019-01-06 12:10:48 -0500 |
---|---|---|
committer | Michael Mann <mmann78@netscape.net> | 2019-09-15 02:15:40 +0000 |
commit | e90b2401be5a10e51ead15fc58d4c99310af688d (patch) | |
tree | 84682e0d76c08565e68af716fd09bb14321acef4 | |
parent | 4853fb93b2e64a882f233cd91743976075faf6da (diff) |
Add new filters for Ethernet src and dst OUI's as well as their resolved OUI's
Bug: 15393
Change-Id: I931813ce3492557a5673e6bbd0269d34c0d550b2
Reviewed-on: https://code.wireshark.org/review/31416
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
-rw-r--r-- | epan/dissectors/packet-eth.c | 257 | ||||
-rw-r--r-- | test/baseline/dhcp.ek | 8 | ||||
-rw-r--r-- | test/baseline/dhcp.json | 28 | ||||
-rw-r--r-- | test/baseline/dhcp.jsonraw | 196 |
4 files changed, 369 insertions, 120 deletions
diff --git a/epan/dissectors/packet-eth.c b/epan/dissectors/packet-eth.c index 0da632467f..fdd8496c85 100644 --- a/epan/dissectors/packet-eth.c +++ b/epan/dissectors/packet-eth.c @@ -57,13 +57,19 @@ static gboolean ccsds_heuristic_bit = FALSE; static int proto_eth = -1; static int hf_eth_dst = -1; static int hf_eth_dst_resolved = -1; +static int hf_eth_dst_oui = -1; +static int hf_eth_dst_oui_resolved = -1; static int hf_eth_src = -1; static int hf_eth_src_resolved = -1; +static int hf_eth_src_oui = -1; +static int hf_eth_src_oui_resolved = -1; static int hf_eth_len = -1; static int hf_eth_type = -1; static int hf_eth_invalid_lentype = -1; static int hf_eth_addr = -1; static int hf_eth_addr_resolved = -1; +static int hf_eth_addr_oui = -1; +static int hf_eth_addr_oui_resolved = -1; static int hf_eth_dst_lg = -1; static int hf_eth_dst_ig = -1; static int hf_eth_src_lg = -1; @@ -279,6 +285,110 @@ capture_eth(const guchar *pd, int offset, int len, capture_packet_info_t *cpinfo static gboolean check_is_802_2(tvbuff_t *tvb, int fcs_len); +static void +dissect_address_data(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gboolean check_group) +{ + const guint8 *src_addr, *dst_addr; + const char *src_addr_name, *dst_addr_name; + const gchar *src_oui_name, *dst_oui_name; + proto_item *addr_item; + proto_tree *addr_tree; + + dst_addr = (const guint8*)pinfo->dst.data; + dst_addr_name = get_ether_name(dst_addr); + + src_addr = (const guint8*)pinfo->src.data; + src_addr_name = get_ether_name(src_addr); + + addr_item = proto_tree_add_ether(tree, hf_eth_dst, tvb, 0, 6, dst_addr); + addr_tree = proto_item_add_subtree(addr_item, ett_addr); + + addr_item = proto_tree_add_string(addr_tree, hf_eth_dst_resolved, tvb, 0, 6, + dst_addr_name); + proto_item_set_generated(addr_item); + proto_item_set_hidden(addr_item); + + addr_item = proto_tree_add_item(addr_tree, hf_eth_dst_oui, tvb, 0, 3, ENC_NA); + PROTO_ITEM_SET_GENERATED(addr_item); + PROTO_ITEM_SET_HIDDEN(addr_item); + + dst_oui_name = tvb_get_manuf_name_if_known(tvb, 0); + if (dst_oui_name != NULL) { + addr_item = proto_tree_add_string(addr_tree, hf_eth_dst_oui_resolved, tvb, 0, 6, dst_oui_name); + PROTO_ITEM_SET_GENERATED(addr_item); + PROTO_ITEM_SET_HIDDEN(addr_item); + } + + proto_tree_add_ether(addr_tree, hf_eth_addr, tvb, 0, 6, dst_addr); + addr_item = proto_tree_add_string(addr_tree, hf_eth_addr_resolved, tvb, 0, 6, + dst_addr_name); + proto_item_set_generated(addr_item); + proto_item_set_hidden(addr_item); + + addr_item = proto_tree_add_item(addr_tree, hf_eth_addr_oui, tvb, 0, 3, ENC_NA); + PROTO_ITEM_SET_GENERATED(addr_item); + PROTO_ITEM_SET_HIDDEN(addr_item); + + if (dst_oui_name != NULL) { + addr_item = proto_tree_add_string(addr_tree, hf_eth_addr_oui_resolved, tvb, 0, 6, dst_oui_name); + PROTO_ITEM_SET_GENERATED(addr_item); + PROTO_ITEM_SET_HIDDEN(addr_item); + } + + proto_tree_add_item(addr_tree, hf_eth_dst_lg, tvb, 0, 3, ENC_BIG_ENDIAN); + addr_item = proto_tree_add_item(addr_tree, hf_eth_lg, tvb, 0, 3, ENC_BIG_ENDIAN); + proto_item_set_hidden(addr_item); + proto_tree_add_item(addr_tree, hf_eth_dst_ig, tvb, 0, 3, ENC_BIG_ENDIAN); + addr_item = proto_tree_add_item(addr_tree, hf_eth_ig, tvb, 0, 3, ENC_BIG_ENDIAN); + proto_item_set_hidden(addr_item); + + addr_item = proto_tree_add_ether(tree, hf_eth_src, tvb, 6, 6, src_addr); + addr_tree = proto_item_add_subtree(addr_item, ett_addr); + if (check_group) { + if (tvb_get_guint8(tvb, 6) & 0x01) { + expert_add_info(pinfo, addr_item, &ei_eth_src_not_group); + } + } + addr_item = proto_tree_add_string(addr_tree, hf_eth_src_resolved, tvb, 6, 6, + src_addr_name); + proto_item_set_generated(addr_item); + proto_item_set_hidden(addr_item); + + addr_item = proto_tree_add_item(addr_tree, hf_eth_src_oui, tvb, 6, 3, ENC_NA); + PROTO_ITEM_SET_GENERATED(addr_item); + PROTO_ITEM_SET_HIDDEN(addr_item); + + src_oui_name = tvb_get_manuf_name_if_known(tvb, 6); + if (src_oui_name != NULL) { + addr_item = proto_tree_add_string(addr_tree, hf_eth_src_oui_resolved, tvb, 6, 6, src_oui_name); + PROTO_ITEM_SET_GENERATED(addr_item); + PROTO_ITEM_SET_HIDDEN(addr_item); + } + + proto_tree_add_ether(addr_tree, hf_eth_addr, tvb, 6, 6, src_addr); + addr_item = proto_tree_add_string(addr_tree, hf_eth_addr_resolved, tvb, 6, 6, + src_addr_name); + proto_item_set_generated(addr_item); + proto_item_set_hidden(addr_item); + + addr_item = proto_tree_add_item(addr_tree, hf_eth_addr_oui, tvb, 6, 3, ENC_NA); + PROTO_ITEM_SET_GENERATED(addr_item); + PROTO_ITEM_SET_HIDDEN(addr_item); + + if (src_oui_name != NULL) { + addr_item = proto_tree_add_string(addr_tree, hf_eth_addr_oui_resolved, tvb, 6, 6, src_oui_name); + PROTO_ITEM_SET_GENERATED(addr_item); + PROTO_ITEM_SET_HIDDEN(addr_item); + } + + proto_tree_add_item(addr_tree, hf_eth_src_lg, tvb, 6, 3, ENC_BIG_ENDIAN); + addr_item = proto_tree_add_item(addr_tree, hf_eth_lg, tvb, 6, 3, ENC_BIG_ENDIAN); + proto_item_set_hidden(addr_item); + proto_tree_add_item(addr_tree, hf_eth_src_ig, tvb, 6, 3, ENC_BIG_ENDIAN); + addr_item = proto_tree_add_item(addr_tree, hf_eth_ig, tvb, 6, 3, ENC_BIG_ENDIAN); + proto_item_set_hidden(addr_item); +} + static proto_tree * dissect_eth_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int fcs_len) @@ -287,13 +397,9 @@ dissect_eth_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, eth_hdr *ehdr; gboolean is_802_2; proto_tree *fh_tree = NULL; - const guint8 *src_addr, *dst_addr; - const char *src_addr_name, *dst_addr_name; static eth_hdr ehdrs[4]; static int ehdr_num=0; proto_tree *tree; - proto_item *addr_item; - proto_tree *addr_tree=NULL; ethertype_data_t ethertype_data; heur_dtbl_entry_t *hdtbl_entry = NULL; @@ -310,14 +416,10 @@ dissect_eth_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, set_address_tvb(&pinfo->dl_dst, AT_ETHER, 6, tvb, 0); copy_address_shallow(&pinfo->dst, &pinfo->dl_dst); copy_address_shallow(&ehdr->dst, &pinfo->dl_dst); - dst_addr = (const guint8*)pinfo->dst.data; - dst_addr_name = get_ether_name(dst_addr); set_address_tvb(&pinfo->dl_src, AT_ETHER, 6, tvb, 6); copy_address_shallow(&pinfo->src, &pinfo->dl_src); copy_address_shallow(&ehdr->src, &pinfo->dl_src); - src_addr = (const guint8*)pinfo->src.data; - src_addr_name = get_ether_name(src_addr); ehdr->type = tvb_get_ntohs(tvb, 12); @@ -378,41 +480,8 @@ dissect_eth_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, address_with_resolution_to_str(wmem_packet_scope(), &pinfo->src), address_with_resolution_to_str(wmem_packet_scope(), &pinfo->dst)); fh_tree = proto_item_add_subtree(ti, ett_ether); - addr_item = proto_tree_add_ether(fh_tree, hf_eth_dst, tvb, 0, 6, dst_addr); - addr_tree = proto_item_add_subtree(addr_item, ett_addr); - addr_item=proto_tree_add_string(addr_tree, hf_eth_dst_resolved, tvb, 0, 6, - dst_addr_name); - proto_item_set_generated(addr_item); - proto_item_set_hidden(addr_item); - proto_tree_add_ether(addr_tree, hf_eth_addr, tvb, 0, 6, dst_addr); - addr_item=proto_tree_add_string(addr_tree, hf_eth_addr_resolved, tvb, 0, 6, - dst_addr_name); - proto_item_set_generated(addr_item); - proto_item_set_hidden(addr_item); - proto_tree_add_item(addr_tree, hf_eth_dst_lg, tvb, 0, 3, ENC_BIG_ENDIAN); - addr_item = proto_tree_add_item(addr_tree, hf_eth_lg, tvb, 0, 3, ENC_BIG_ENDIAN); - proto_item_set_hidden(addr_item); - proto_tree_add_item(addr_tree, hf_eth_dst_ig, tvb, 0, 3, ENC_BIG_ENDIAN); - addr_item = proto_tree_add_item(addr_tree, hf_eth_ig, tvb, 0, 3, ENC_BIG_ENDIAN); - proto_item_set_hidden(addr_item); - - addr_item = proto_tree_add_ether(fh_tree, hf_eth_src, tvb, 6, 6, src_addr); - addr_tree = proto_item_add_subtree(addr_item, ett_addr); - addr_item=proto_tree_add_string(addr_tree, hf_eth_src_resolved, tvb, 6, 6, - src_addr_name); - proto_item_set_generated(addr_item); - proto_item_set_hidden(addr_item); - proto_tree_add_ether(addr_tree, hf_eth_addr, tvb, 6, 6, src_addr); - addr_item=proto_tree_add_string(addr_tree, hf_eth_addr_resolved, tvb, 6, 6, - src_addr_name); - proto_item_set_generated(addr_item); - proto_item_set_hidden(addr_item); - proto_tree_add_item(addr_tree, hf_eth_src_lg, tvb, 6, 3, ENC_BIG_ENDIAN); - addr_item = proto_tree_add_item(addr_tree, hf_eth_lg, tvb, 6, 3, ENC_BIG_ENDIAN); - proto_item_set_hidden(addr_item); - proto_tree_add_item(addr_tree, hf_eth_src_ig, tvb, 6, 3, ENC_BIG_ENDIAN); - addr_item = proto_tree_add_item(addr_tree, hf_eth_ig, tvb, 6, 3, ENC_BIG_ENDIAN); - proto_item_set_hidden(addr_item); + + dissect_address_data(tvb, pinfo, fh_tree, FALSE); ti = proto_tree_add_item(fh_tree, hf_eth_invalid_lentype, tvb, 12, 2, ENC_BIG_ENDIAN); expert_add_info_format(pinfo, ti, &ei_eth_invalid_lentype, @@ -444,46 +513,14 @@ dissect_eth_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, fh_tree=NULL; } - addr_item = proto_tree_add_ether(fh_tree, hf_eth_dst, tvb, 0, 6, dst_addr); - addr_tree = proto_item_add_subtree(addr_item, ett_addr); - addr_item=proto_tree_add_string(addr_tree, hf_eth_dst_resolved, tvb, 0, 6, - dst_addr_name); - proto_item_set_generated(addr_item); - proto_item_set_hidden(addr_item); - proto_tree_add_ether(addr_tree, hf_eth_addr, tvb, 0, 6, dst_addr); - addr_item=proto_tree_add_string(addr_tree, hf_eth_addr_resolved, tvb, 0, 6, - dst_addr_name); - proto_item_set_generated(addr_item); - proto_item_set_hidden(addr_item); - proto_tree_add_item(addr_tree, hf_eth_dst_lg, tvb, 0, 3, ENC_BIG_ENDIAN); - addr_item = proto_tree_add_item(addr_tree, hf_eth_lg, tvb, 0, 3, ENC_BIG_ENDIAN); - proto_item_set_hidden(addr_item); - proto_tree_add_item(addr_tree, hf_eth_dst_ig, tvb, 0, 3, ENC_BIG_ENDIAN); - addr_item = proto_tree_add_item(addr_tree, hf_eth_ig, tvb, 0, 3, ENC_BIG_ENDIAN); - proto_item_set_hidden(addr_item); - - addr_item = proto_tree_add_ether(fh_tree, hf_eth_src, tvb, 6, 6, src_addr); - addr_tree = proto_item_add_subtree(addr_item, ett_addr); - addr_item=proto_tree_add_string(addr_tree, hf_eth_src_resolved, tvb, 6, 6, - src_addr_name); - proto_item_set_generated(addr_item); - proto_item_set_hidden(addr_item); - proto_tree_add_ether(addr_tree, hf_eth_addr, tvb, 6, 6, src_addr); - addr_item=proto_tree_add_string(addr_tree, hf_eth_addr_resolved, tvb, 6, 6, - src_addr_name); - proto_item_set_generated(addr_item); - proto_item_set_hidden(addr_item); - proto_tree_add_item(addr_tree, hf_eth_src_lg, tvb, 6, 3, ENC_BIG_ENDIAN); - addr_item = proto_tree_add_item(addr_tree, hf_eth_lg, tvb, 6, 3, ENC_BIG_ENDIAN); - proto_item_set_hidden(addr_item); - proto_tree_add_item(addr_tree, hf_eth_src_ig, tvb, 6, 3, ENC_BIG_ENDIAN); - addr_item = proto_tree_add_item(addr_tree, hf_eth_ig, tvb, 6, 3, ENC_BIG_ENDIAN); - proto_item_set_hidden(addr_item); + dissect_address_data(tvb, pinfo, fh_tree, FALSE); dissect_802_3(ehdr->type, is_802_2, tvb, ETH_HEADER_SIZE, pinfo, parent_tree, fh_tree, hf_eth_len, hf_eth_trailer, &ei_eth_len, fcs_len); } else { if (eth_interpret_as_fw1_monitor) { + const guint8 *dst_addr = (const guint8*)pinfo->dst.data; + if ((dst_addr[0] == 'i') || (dst_addr[0] == 'I') || (dst_addr[0] == 'o') || (dst_addr[0] == 'O') || (dst_addr[0] == 'e') || (dst_addr[0] == 'E')) { @@ -506,44 +543,7 @@ dissect_eth_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, fh_tree = proto_item_add_subtree(ti, ett_ether2); } - addr_item = proto_tree_add_ether(fh_tree, hf_eth_dst, tvb, 0, 6, dst_addr); - addr_tree = proto_item_add_subtree(addr_item, ett_addr); - addr_item = proto_tree_add_string(addr_tree, hf_eth_dst_resolved, tvb, 0, 6, - dst_addr_name); - proto_item_set_generated(addr_item); - proto_item_set_hidden(addr_item); - proto_tree_add_ether(addr_tree, hf_eth_addr, tvb, 0, 6, dst_addr); - addr_item=proto_tree_add_string(addr_tree, hf_eth_addr_resolved, tvb, 0, 6, - dst_addr_name); - proto_item_set_generated(addr_item); - proto_item_set_hidden(addr_item); - proto_tree_add_item(addr_tree, hf_eth_dst_lg, tvb, 0, 3, ENC_BIG_ENDIAN); - addr_item = proto_tree_add_item(addr_tree, hf_eth_lg, tvb, 0, 3, ENC_BIG_ENDIAN); - proto_item_set_hidden(addr_item); - proto_tree_add_item(addr_tree, hf_eth_dst_ig, tvb, 0, 3, ENC_BIG_ENDIAN); - addr_item = proto_tree_add_item(addr_tree, hf_eth_ig, tvb, 0, 3, ENC_BIG_ENDIAN); - proto_item_set_hidden(addr_item); - - addr_item = proto_tree_add_ether(fh_tree, hf_eth_src, tvb, 6, 6, src_addr); - addr_tree = proto_item_add_subtree(addr_item, ett_addr); - if (tvb_get_guint8(tvb, 6) & 0x01) { - expert_add_info(pinfo, addr_item, &ei_eth_src_not_group); - } - addr_item=proto_tree_add_string(addr_tree, hf_eth_src_resolved, tvb, 6, 6, - src_addr_name); - proto_item_set_generated(addr_item); - proto_item_set_hidden(addr_item); - proto_tree_add_ether(addr_tree, hf_eth_addr, tvb, 6, 6, src_addr); - addr_item=proto_tree_add_string(addr_tree, hf_eth_addr_resolved, tvb, 6, 6, - src_addr_name); - proto_item_set_generated(addr_item); - proto_item_set_hidden(addr_item); - proto_tree_add_item(addr_tree, hf_eth_src_lg, tvb, 6, 3, ENC_BIG_ENDIAN); - addr_item = proto_tree_add_item(addr_tree, hf_eth_lg, tvb, 6, 3, ENC_BIG_ENDIAN); - proto_item_set_hidden(addr_item); - proto_tree_add_item(addr_tree, hf_eth_src_ig, tvb, 6, 3, ENC_BIG_ENDIAN); - addr_item = proto_tree_add_item(addr_tree, hf_eth_ig, tvb, 6, 3, ENC_BIG_ENDIAN); - proto_item_set_hidden(addr_item); + dissect_address_data(tvb, pinfo, fh_tree, TRUE); ethertype_data.etype = ehdr->type; ethertype_data.offset_after_ethertype = ETH_HEADER_SIZE; @@ -871,6 +871,14 @@ proto_register_eth(void) { "Destination (resolved)", "eth.dst_resolved", FT_STRING, BASE_NONE, NULL, 0x0, "Destination Hardware Address (resolved)", HFILL }}, + { &hf_eth_dst_oui, + { "Destination OUI", "eth.dst.oui", FT_UINT24, BASE_OUI, + NULL, 0x0, "Destination Organizationally Unique Identifier", HFILL } }, + + { &hf_eth_dst_oui_resolved, + { "Destination OUI (resolved)", "eth.dst.oui_resolved", FT_STRING, BASE_NONE, + NULL, 0x0, "Destination Organizationally Unique Identifier (resolved)", HFILL } }, + { &hf_eth_src, { "Source", "eth.src", FT_ETHER, BASE_NONE, NULL, 0x0, "Source Hardware Address", HFILL }}, @@ -879,6 +887,15 @@ proto_register_eth(void) { "Source (resolved)", "eth.src_resolved", FT_STRING, BASE_NONE, NULL, 0x0, "Source Hardware Address (resolved)", HFILL }}, + + { &hf_eth_src_oui, + { "Source OUI", "eth.src.oui", FT_UINT24, BASE_OUI, + NULL, 0x0, "Source Organizationally Unique Identifier", HFILL } }, + + { &hf_eth_src_oui_resolved, + { "Source OUI (resolved)", "eth.src.oui_resolved", FT_STRING, BASE_NONE, + NULL, 0x0, "Source Organizationally Unique Identifier (resolved)", HFILL } }, + { &hf_eth_len, { "Length", "eth.len", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }}, @@ -901,6 +918,14 @@ proto_register_eth(void) NULL, 0x0, "Source or Destination Hardware Address (resolved)", HFILL }}, + { &hf_eth_addr_oui, + { "Address OUI", "eth.addr.oui", FT_UINT24, BASE_OUI, + NULL, 0x0, "Address Organizationally Unique Identifier", HFILL } }, + + { &hf_eth_addr_oui_resolved, + { "Address OUI (resolved)", "eth.addr.oui_resolved", FT_STRING, BASE_NONE, + NULL, 0x0, "Address Organizationally Unique Identifier (resolved)", HFILL } }, + { &hf_eth_padding, { "Padding", "eth.padding", FT_BYTES, BASE_NONE, NULL, 0x0, "Ethernet Padding", HFILL }}, diff --git a/test/baseline/dhcp.ek b/test/baseline/dhcp.ek index 9b1ace5663..b41643841d 100644 --- a/test/baseline/dhcp.ek +++ b/test/baseline/dhcp.ek @@ -1,8 +1,8 @@ {"index":{"_index":"packets-2004-12-05","_type":"doc"}} -{"timestamp":"1102274184317","layers":{"frame":{"frame_frame_encap_type":"1","frame_frame_time":"Dec 5, 2004 19:16:24.317453000 UTC","frame_frame_offset_shift":"0.000000000","frame_frame_time_epoch":"1102274184.317453000","frame_frame_time_delta":"0.000000000","frame_frame_time_delta_displayed":"0.000000000","frame_frame_time_relative":"0.000000000","frame_frame_number":"1","frame_frame_len":"314","frame_frame_cap_len":"314","frame_frame_marked":false,"frame_frame_ignored":false,"frame_frame_protocols":"eth:ethertype:ip:udp:dhcp"},"eth":{"eth_eth_dst":"ff:ff:ff:ff:ff:ff","eth_eth_dst_resolved":"Broadcast","eth_eth_addr":"ff:ff:ff:ff:ff:ff","eth_eth_addr_resolved":"Broadcast","eth_eth_dst_lg":true,"eth_eth_lg":true,"eth_eth_dst_ig":true,"eth_eth_ig":true,"eth_eth_src":"00:0b:82:01:fc:42","eth_eth_src_resolved":"Grandstr_01:fc:42","eth_eth_addr":"00:0b:82:01:fc:42","eth_eth_addr_resolved":"Grandstr_01:fc:42","eth_eth_src_lg":false,"eth_eth_lg":false,"eth_eth_src_ig":false,"eth_eth_ig":false,"eth_eth_type":"0x00000800"},"ip":{"ip_ip_version":"4","ip_ip_hdr_len":"20","ip_ip_dsfield":"0x00000000","ip_ip_dsfield_dscp":"0","ip_ip_dsfield_ecn":"0","ip_ip_len":"300","ip_ip_id":"0x0000a836","ip_ip_flags":"0x00000000","ip_ip_flags_rb":false,"ip_ip_flags_df":false,"ip_ip_flags_mf":false,"ip_ip_frag_offset":"0","ip_ip_ttl":"250","ip_ip_proto":"17","ip_ip_checksum":"0x0000178b","ip_ip_checksum_status":"2","ip_ip_src":"0.0.0.0","ip_ip_addr":["0.0.0.0","255.255.255.255"],"ip_ip_src_host":"0.0.0.0","ip_ip_host":["0.0.0.0","255.255.255.255"],"ip_ip_dst":"255.255.255.255","ip_ip_dst_host":"255.255.255.255"},"udp":{"udp_udp_srcport":"68","udp_udp_dstport":"67","udp_udp_port":["68","67"],"udp_udp_length":"280","udp_udp_checksum":"0x0000591f","udp_udp_checksum_status":"2","udp_udp_stream":"0","text":"Timestamps","udp_udp_time_relative":"0.000000000","udp_udp_time_delta":"0.000000000"},"dhcp":{"dhcp_dhcp_type":"1","dhcp_dhcp_hw_type":"0x00000001","dhcp_dhcp_hw_len":"6","dhcp_dhcp_hops":"0","dhcp_dhcp_id":"0x00003d1d","dhcp_dhcp_secs":"0","dhcp_dhcp_flags":"0x00000000","dhcp_dhcp_flags_bc":false,"dhcp_dhcp_flags_reserved":"0x00000000","dhcp_dhcp_ip_client":"0.0.0.0","dhcp_dhcp_ip_your":"0.0.0.0","dhcp_dhcp_ip_server":"0.0.0.0","dhcp_dhcp_ip_relay":"0.0.0.0","dhcp_dhcp_hw_mac_addr":"00:0b:82:01:fc:42","dhcp_dhcp_hw_addr_padding":"00:00:00:00:00:00:00:00:00:00","dhcp_dhcp_server":"","dhcp_dhcp_file":"","dhcp_dhcp_cookie":"99.130.83.99","dhcp_dhcp_option_type":["53","61","50","55","0"],"dhcp_dhcp_option_length":["1","7","4","4"],"dhcp_dhcp_option_value":["01","01:00:0b:82:01:fc:42","00:00:00:00","01:03:06:2a"],"dhcp_dhcp_option_dhcp":"1","dhcp_dhcp_hw_type":"0x00000001","dhcp_dhcp_hw_mac_addr":"00:0b:82:01:fc:42","dhcp_dhcp_option_requested_ip_address":"0.0.0.0","dhcp_dhcp_option_request_list_item":["1","3","6","42"],"dhcp_dhcp_option_end":"255","dhcp_dhcp_option_padding":"00:00:00:00:00:00:00"}}} +{"timestamp":"1102274184317","layers":{"frame":{"frame_frame_encap_type":"1","frame_frame_time":"Dec 5, 2004 19:16:24.317453000 UTC","frame_frame_offset_shift":"0.000000000","frame_frame_time_epoch":"1102274184.317453000","frame_frame_time_delta":"0.000000000","frame_frame_time_delta_displayed":"0.000000000","frame_frame_time_relative":"0.000000000","frame_frame_number":"1","frame_frame_len":"314","frame_frame_cap_len":"314","frame_frame_marked":false,"frame_frame_ignored":false,"frame_frame_protocols":"eth:ethertype:ip:udp:dhcp"},"eth":{"eth_eth_dst":"ff:ff:ff:ff:ff:ff","eth_eth_dst_resolved":"Broadcast","eth_eth_dst_oui":"16777215","eth_eth_addr":"ff:ff:ff:ff:ff:ff","eth_eth_addr_resolved":"Broadcast","eth_eth_addr_oui":"16777215","eth_eth_dst_lg":true,"eth_eth_lg":true,"eth_eth_dst_ig":true,"eth_eth_ig":true,"eth_eth_src":"00:0b:82:01:fc:42","eth_eth_src_resolved":"Grandstr_01:fc:42","eth_eth_src_oui":"2946","eth_eth_src_oui_resolved":"Grandstream Networks, Inc.","eth_eth_addr":"00:0b:82:01:fc:42","eth_eth_addr_resolved":"Grandstr_01:fc:42","eth_eth_addr_oui":"2946","eth_eth_addr_oui_resolved":"Grandstream Networks, Inc.","eth_eth_src_lg":false,"eth_eth_lg":false,"eth_eth_src_ig":false,"eth_eth_ig":false,"eth_eth_type":"0x00000800"},"ip":{"ip_ip_version":"4","ip_ip_hdr_len":"20","ip_ip_dsfield":"0x00000000","ip_ip_dsfield_dscp":"0","ip_ip_dsfield_ecn":"0","ip_ip_len":"300","ip_ip_id":"0x0000a836","ip_ip_flags":"0x00000000","ip_ip_flags_rb":false,"ip_ip_flags_df":false,"ip_ip_flags_mf":false,"ip_ip_frag_offset":"0","ip_ip_ttl":"250","ip_ip_proto":"17","ip_ip_checksum":"0x0000178b","ip_ip_checksum_status":"2","ip_ip_src":"0.0.0.0","ip_ip_addr":["0.0.0.0","255.255.255.255"],"ip_ip_src_host":"0.0.0.0","ip_ip_host":["0.0.0.0","255.255.255.255"],"ip_ip_dst":"255.255.255.255","ip_ip_dst_host":"255.255.255.255"},"udp":{"udp_udp_srcport":"68","udp_udp_dstport":"67","udp_udp_port":["68","67"],"udp_udp_length":"280","udp_udp_checksum":"0x0000591f","udp_udp_checksum_status":"2","udp_udp_stream":"0","text":"Timestamps","udp_udp_time_relative":"0.000000000","udp_udp_time_delta":"0.000000000"},"dhcp":{"dhcp_dhcp_type":"1","dhcp_dhcp_hw_type":"0x00000001","dhcp_dhcp_hw_len":"6","dhcp_dhcp_hops":"0","dhcp_dhcp_id":"0x00003d1d","dhcp_dhcp_secs":"0","dhcp_dhcp_flags":"0x00000000","dhcp_dhcp_flags_bc":false,"dhcp_dhcp_flags_reserved":"0x00000000","dhcp_dhcp_ip_client":"0.0.0.0","dhcp_dhcp_ip_your":"0.0.0.0","dhcp_dhcp_ip_server":"0.0.0.0","dhcp_dhcp_ip_relay":"0.0.0.0","dhcp_dhcp_hw_mac_addr":"00:0b:82:01:fc:42","dhcp_dhcp_hw_addr_padding":"00:00:00:00:00:00:00:00:00:00","dhcp_dhcp_server":"","dhcp_dhcp_file":"","dhcp_dhcp_cookie":"99.130.83.99","dhcp_dhcp_option_type":["53","61","50","55","0"],"dhcp_dhcp_option_length":["1","7","4","4"],"dhcp_dhcp_option_value":["01","01:00:0b:82:01:fc:42","00:00:00:00","01:03:06:2a"],"dhcp_dhcp_option_dhcp":"1","dhcp_dhcp_hw_type":"0x00000001","dhcp_dhcp_hw_mac_addr":"00:0b:82:01:fc:42","dhcp_dhcp_option_requested_ip_address":"0.0.0.0","dhcp_dhcp_option_request_list_item":["1","3","6","42"],"dhcp_dhcp_option_end":"255","dhcp_dhcp_option_padding":"00:00:00:00:00:00:00"}}} {"index":{"_index":"packets-2004-12-05","_type":"doc"}} -{"timestamp":"1102274184317","layers":{"frame":{"frame_frame_encap_type":"1","frame_frame_time":"Dec 5, 2004 19:16:24.317748000 UTC","frame_frame_offset_shift":"0.000000000","frame_frame_time_epoch":"1102274184.317748000","frame_frame_time_delta":"0.000295000","frame_frame_time_delta_displayed":"0.000295000","frame_frame_time_relative":"0.000295000","frame_frame_number":"2","frame_frame_len":"342","frame_frame_cap_len":"342","frame_frame_marked":false,"frame_frame_ignored":false,"frame_frame_protocols":"eth:ethertype:ip:udp:dhcp"},"eth":{"eth_eth_dst":"00:0b:82:01:fc:42","eth_eth_dst_resolved":"Grandstr_01:fc:42","eth_eth_addr":"00:0b:82:01:fc:42","eth_eth_addr_resolved":"Grandstr_01:fc:42","eth_eth_dst_lg":false,"eth_eth_lg":false,"eth_eth_dst_ig":false,"eth_eth_ig":false,"eth_eth_src":"00:08:74:ad:f1:9b","eth_eth_src_resolved":"Dell_ad:f1:9b","eth_eth_addr":"00:08:74:ad:f1:9b","eth_eth_addr_resolved":"Dell_ad:f1:9b","eth_eth_src_lg":false,"eth_eth_lg":false,"eth_eth_src_ig":false,"eth_eth_ig":false,"eth_eth_type":"0x00000800"},"ip":{"ip_ip_version":"4","ip_ip_hdr_len":"20","ip_ip_dsfield":"0x00000000","ip_ip_dsfield_dscp":"0","ip_ip_dsfield_ecn":"0","ip_ip_len":"328","ip_ip_id":"0x00000445","ip_ip_flags":"0x00000000","ip_ip_flags_rb":false,"ip_ip_flags_df":false,"ip_ip_flags_mf":false,"ip_ip_frag_offset":"0","ip_ip_ttl":"128","ip_ip_proto":"17","ip_ip_checksum":"0x00000000","ip_ip_checksum_status":"2","ip_ip_src":"192.168.0.1","ip_ip_addr":["192.168.0.1","192.168.0.10"],"ip_ip_src_host":"192.168.0.1","ip_ip_host":["192.168.0.1","192.168.0.10"],"ip_ip_dst":"192.168.0.10","ip_ip_dst_host":"192.168.0.10"},"udp":{"udp_udp_srcport":"67","udp_udp_dstport":"68","udp_udp_port":["67","68"],"udp_udp_length":"308","udp_udp_checksum":"0x00002233","udp_udp_checksum_status":"2","udp_udp_stream":"1","text":"Timestamps","udp_udp_time_relative":"0.000000000","udp_udp_time_delta":"0.000000000"},"dhcp":{"dhcp_dhcp_type":"2","dhcp_dhcp_hw_type":"0x00000001","dhcp_dhcp_hw_len":"6","dhcp_dhcp_hops":"0","dhcp_dhcp_id":"0x00003d1d","dhcp_dhcp_secs":"0","dhcp_dhcp_flags":"0x00000000","dhcp_dhcp_flags_bc":false,"dhcp_dhcp_flags_reserved":"0x00000000","dhcp_dhcp_ip_client":"0.0.0.0","dhcp_dhcp_ip_your":"192.168.0.10","dhcp_dhcp_ip_server":"192.168.0.1","dhcp_dhcp_ip_relay":"0.0.0.0","dhcp_dhcp_hw_mac_addr":"00:0b:82:01:fc:42","dhcp_dhcp_hw_addr_padding":"00:00:00:00:00:00:00:00:00:00","dhcp_dhcp_server":"","dhcp_dhcp_file":"","dhcp_dhcp_cookie":"99.130.83.99","dhcp_dhcp_option_type":["53","1","58","59","51","54","0"],"dhcp_dhcp_option_length":["1","4","4","4","4","4"],"dhcp_dhcp_option_value":["02","ff:ff:ff:00","00:00:07:08","00:00:0c:4e","00:00:0e:10","c0:a8:00:01"],"dhcp_dhcp_option_dhcp":"2","dhcp_dhcp_option_subnet_mask":"255.255.255.0","dhcp_dhcp_option_renewal_time_value":"1800","dhcp_dhcp_option_rebinding_time_value":"3150","dhcp_dhcp_option_ip_address_lease_time":"3600","dhcp_dhcp_option_dhcp_server_id":"192.168.0.1","dhcp_dhcp_option_end":"255","dhcp_dhcp_option_padding":"00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00"}}} +{"timestamp":"1102274184317","layers":{"frame":{"frame_frame_encap_type":"1","frame_frame_time":"Dec 5, 2004 19:16:24.317748000 UTC","frame_frame_offset_shift":"0.000000000","frame_frame_time_epoch":"1102274184.317748000","frame_frame_time_delta":"0.000295000","frame_frame_time_delta_displayed":"0.000295000","frame_frame_time_relative":"0.000295000","frame_frame_number":"2","frame_frame_len":"342","frame_frame_cap_len":"342","frame_frame_marked":false,"frame_frame_ignored":false,"frame_frame_protocols":"eth:ethertype:ip:udp:dhcp"},"eth":{"eth_eth_dst":"00:0b:82:01:fc:42","eth_eth_dst_resolved":"Grandstr_01:fc:42","eth_eth_dst_oui":"2946","eth_eth_dst_oui_resolved":"Grandstream Networks, Inc.","eth_eth_addr":"00:0b:82:01:fc:42","eth_eth_addr_resolved":"Grandstr_01:fc:42","eth_eth_addr_oui":"2946","eth_eth_addr_oui_resolved":"Grandstream Networks, Inc.","eth_eth_dst_lg":false,"eth_eth_lg":false,"eth_eth_dst_ig":false,"eth_eth_ig":false,"eth_eth_src":"00:08:74:ad:f1:9b","eth_eth_src_resolved":"Dell_ad:f1:9b","eth_eth_src_oui":"2164","eth_eth_src_oui_resolved":"Dell Inc.","eth_eth_addr":"00:08:74:ad:f1:9b","eth_eth_addr_resolved":"Dell_ad:f1:9b","eth_eth_addr_oui":"2164","eth_eth_addr_oui_resolved":"Dell Inc.","eth_eth_src_lg":false,"eth_eth_lg":false,"eth_eth_src_ig":false,"eth_eth_ig":false,"eth_eth_type":"0x00000800"},"ip":{"ip_ip_version":"4","ip_ip_hdr_len":"20","ip_ip_dsfield":"0x00000000","ip_ip_dsfield_dscp":"0","ip_ip_dsfield_ecn":"0","ip_ip_len":"328","ip_ip_id":"0x00000445","ip_ip_flags":"0x00000000","ip_ip_flags_rb":false,"ip_ip_flags_df":false,"ip_ip_flags_mf":false,"ip_ip_frag_offset":"0","ip_ip_ttl":"128","ip_ip_proto":"17","ip_ip_checksum":"0x00000000","ip_ip_checksum_status":"2","ip_ip_src":"192.168.0.1","ip_ip_addr":["192.168.0.1","192.168.0.10"],"ip_ip_src_host":"192.168.0.1","ip_ip_host":["192.168.0.1","192.168.0.10"],"ip_ip_dst":"192.168.0.10","ip_ip_dst_host":"192.168.0.10"},"udp":{"udp_udp_srcport":"67","udp_udp_dstport":"68","udp_udp_port":["67","68"],"udp_udp_length":"308","udp_udp_checksum":"0x00002233","udp_udp_checksum_status":"2","udp_udp_stream":"1","text":"Timestamps","udp_udp_time_relative":"0.000000000","udp_udp_time_delta":"0.000000000"},"dhcp":{"dhcp_dhcp_type":"2","dhcp_dhcp_hw_type":"0x00000001","dhcp_dhcp_hw_len":"6","dhcp_dhcp_hops":"0","dhcp_dhcp_id":"0x00003d1d","dhcp_dhcp_secs":"0","dhcp_dhcp_flags":"0x00000000","dhcp_dhcp_flags_bc":false,"dhcp_dhcp_flags_reserved":"0x00000000","dhcp_dhcp_ip_client":"0.0.0.0","dhcp_dhcp_ip_your":"192.168.0.10","dhcp_dhcp_ip_server":"192.168.0.1","dhcp_dhcp_ip_relay":"0.0.0.0","dhcp_dhcp_hw_mac_addr":"00:0b:82:01:fc:42","dhcp_dhcp_hw_addr_padding":"00:00:00:00:00:00:00:00:00:00","dhcp_dhcp_server":"","dhcp_dhcp_file":"","dhcp_dhcp_cookie":"99.130.83.99","dhcp_dhcp_option_type":["53","1","58","59","51","54","0"],"dhcp_dhcp_option_length":["1","4","4","4","4","4"],"dhcp_dhcp_option_value":["02","ff:ff:ff:00","00:00:07:08","00:00:0c:4e","00:00:0e:10","c0:a8:00:01"],"dhcp_dhcp_option_dhcp":"2","dhcp_dhcp_option_subnet_mask":"255.255.255.0","dhcp_dhcp_option_renewal_time_value":"1800","dhcp_dhcp_option_rebinding_time_value":"3150","dhcp_dhcp_option_ip_address_lease_time":"3600","dhcp_dhcp_option_dhcp_server_id":"192.168.0.1","dhcp_dhcp_option_end":"255","dhcp_dhcp_option_padding":"00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00"}}} {"index":{"_index":"packets-2004-12-05","_type":"doc"}} -{"timestamp":"1102274184387","layers":{"frame":{"frame_frame_encap_type":"1","frame_frame_time":"Dec 5, 2004 19:16:24.387484000 UTC","frame_frame_offset_shift":"0.000000000","frame_frame_time_epoch":"1102274184.387484000","frame_frame_time_delta":"0.069736000","frame_frame_time_delta_displayed":"0.069736000","frame_frame_time_relative":"0.070031000","frame_frame_number":"3","frame_frame_len":"314","frame_frame_cap_len":"314","frame_frame_marked":false,"frame_frame_ignored":false,"frame_frame_protocols":"eth:ethertype:ip:udp:dhcp"},"eth":{"eth_eth_dst":"ff:ff:ff:ff:ff:ff","eth_eth_dst_resolved":"Broadcast","eth_eth_addr":"ff:ff:ff:ff:ff:ff","eth_eth_addr_resolved":"Broadcast","eth_eth_dst_lg":true,"eth_eth_lg":true,"eth_eth_dst_ig":true,"eth_eth_ig":true,"eth_eth_src":"00:0b:82:01:fc:42","eth_eth_src_resolved":"Grandstr_01:fc:42","eth_eth_addr":"00:0b:82:01:fc:42","eth_eth_addr_resolved":"Grandstr_01:fc:42","eth_eth_src_lg":false,"eth_eth_lg":false,"eth_eth_src_ig":false,"eth_eth_ig":false,"eth_eth_type":"0x00000800"},"ip":{"ip_ip_version":"4","ip_ip_hdr_len":"20","ip_ip_dsfield":"0x00000000","ip_ip_dsfield_dscp":"0","ip_ip_dsfield_ecn":"0","ip_ip_len":"300","ip_ip_id":"0x0000a837","ip_ip_flags":"0x00000000","ip_ip_flags_rb":false,"ip_ip_flags_df":false,"ip_ip_flags_mf":false,"ip_ip_frag_offset":"0","ip_ip_ttl":"250","ip_ip_proto":"17","ip_ip_checksum":"0x0000178a","ip_ip_checksum_status":"2","ip_ip_src":"0.0.0.0","ip_ip_addr":["0.0.0.0","255.255.255.255"],"ip_ip_src_host":"0.0.0.0","ip_ip_host":["0.0.0.0","255.255.255.255"],"ip_ip_dst":"255.255.255.255","ip_ip_dst_host":"255.255.255.255"},"udp":{"udp_udp_srcport":"68","udp_udp_dstport":"67","udp_udp_port":["68","67"],"udp_udp_length":"280","udp_udp_checksum":"0x00009fbd","udp_udp_checksum_status":"2","udp_udp_stream":"0","text":"Timestamps","udp_udp_time_relative":"0.070031000","udp_udp_time_delta":"0.070031000"},"dhcp":{"dhcp_dhcp_type":"1","dhcp_dhcp_hw_type":"0x00000001","dhcp_dhcp_hw_len":"6","dhcp_dhcp_hops":"0","dhcp_dhcp_id":"0x00003d1e","dhcp_dhcp_secs":"0","dhcp_dhcp_flags":"0x00000000","dhcp_dhcp_flags_bc":false,"dhcp_dhcp_flags_reserved":"0x00000000","dhcp_dhcp_ip_client":"0.0.0.0","dhcp_dhcp_ip_your":"0.0.0.0","dhcp_dhcp_ip_server":"0.0.0.0","dhcp_dhcp_ip_relay":"0.0.0.0","dhcp_dhcp_hw_mac_addr":"00:0b:82:01:fc:42","dhcp_dhcp_hw_addr_padding":"00:00:00:00:00:00:00:00:00:00","dhcp_dhcp_server":"","dhcp_dhcp_file":"","dhcp_dhcp_cookie":"99.130.83.99","dhcp_dhcp_option_type":["53","61","50","54","55","0"],"dhcp_dhcp_option_length":["1","7","4","4","4"],"dhcp_dhcp_option_value":["03","01:00:0b:82:01:fc:42","c0:a8:00:0a","c0:a8:00:01","01:03:06:2a"],"dhcp_dhcp_option_dhcp":"3","dhcp_dhcp_hw_type":"0x00000001","dhcp_dhcp_hw_mac_addr":"00:0b:82:01:fc:42","dhcp_dhcp_option_requested_ip_address":"192.168.0.10","dhcp_dhcp_option_dhcp_server_id":"192.168.0.1","dhcp_dhcp_option_request_list_item":["1","3","6","42"],"dhcp_dhcp_option_end":"255","dhcp_dhcp_option_padding":"00"}}} +{"timestamp":"1102274184387","layers":{"frame":{"frame_frame_encap_type":"1","frame_frame_time":"Dec 5, 2004 19:16:24.387484000 UTC","frame_frame_offset_shift":"0.000000000","frame_frame_time_epoch":"1102274184.387484000","frame_frame_time_delta":"0.069736000","frame_frame_time_delta_displayed":"0.069736000","frame_frame_time_relative":"0.070031000","frame_frame_number":"3","frame_frame_len":"314","frame_frame_cap_len":"314","frame_frame_marked":false,"frame_frame_ignored":false,"frame_frame_protocols":"eth:ethertype:ip:udp:dhcp"},"eth":{"eth_eth_dst":"ff:ff:ff:ff:ff:ff","eth_eth_dst_resolved":"Broadcast","eth_eth_dst_oui":"16777215","eth_eth_addr":"ff:ff:ff:ff:ff:ff","eth_eth_addr_resolved":"Broadcast","eth_eth_addr_oui":"16777215","eth_eth_dst_lg":true,"eth_eth_lg":true,"eth_eth_dst_ig":true,"eth_eth_ig":true,"eth_eth_src":"00:0b:82:01:fc:42","eth_eth_src_resolved":"Grandstr_01:fc:42","eth_eth_src_oui":"2946","eth_eth_src_oui_resolved":"Grandstream Networks, Inc.","eth_eth_addr":"00:0b:82:01:fc:42","eth_eth_addr_resolved":"Grandstr_01:fc:42","eth_eth_addr_oui":"2946","eth_eth_addr_oui_resolved":"Grandstream Networks, Inc.","eth_eth_src_lg":false,"eth_eth_lg":false,"eth_eth_src_ig":false,"eth_eth_ig":false,"eth_eth_type":"0x00000800"},"ip":{"ip_ip_version":"4","ip_ip_hdr_len":"20","ip_ip_dsfield":"0x00000000","ip_ip_dsfield_dscp":"0","ip_ip_dsfield_ecn":"0","ip_ip_len":"300","ip_ip_id":"0x0000a837","ip_ip_flags":"0x00000000","ip_ip_flags_rb":false,"ip_ip_flags_df":false,"ip_ip_flags_mf":false,"ip_ip_frag_offset":"0","ip_ip_ttl":"250","ip_ip_proto":"17","ip_ip_checksum":"0x0000178a","ip_ip_checksum_status":"2","ip_ip_src":"0.0.0.0","ip_ip_addr":["0.0.0.0","255.255.255.255"],"ip_ip_src_host":"0.0.0.0","ip_ip_host":["0.0.0.0","255.255.255.255"],"ip_ip_dst":"255.255.255.255","ip_ip_dst_host":"255.255.255.255"},"udp":{"udp_udp_srcport":"68","udp_udp_dstport":"67","udp_udp_port":["68","67"],"udp_udp_length":"280","udp_udp_checksum":"0x00009fbd","udp_udp_checksum_status":"2","udp_udp_stream":"0","text":"Timestamps","udp_udp_time_relative":"0.070031000","udp_udp_time_delta":"0.070031000"},"dhcp":{"dhcp_dhcp_type":"1","dhcp_dhcp_hw_type":"0x00000001","dhcp_dhcp_hw_len":"6","dhcp_dhcp_hops":"0","dhcp_dhcp_id":"0x00003d1e","dhcp_dhcp_secs":"0","dhcp_dhcp_flags":"0x00000000","dhcp_dhcp_flags_bc":false,"dhcp_dhcp_flags_reserved":"0x00000000","dhcp_dhcp_ip_client":"0.0.0.0","dhcp_dhcp_ip_your":"0.0.0.0","dhcp_dhcp_ip_server":"0.0.0.0","dhcp_dhcp_ip_relay":"0.0.0.0","dhcp_dhcp_hw_mac_addr":"00:0b:82:01:fc:42","dhcp_dhcp_hw_addr_padding":"00:00:00:00:00:00:00:00:00:00","dhcp_dhcp_server":"","dhcp_dhcp_file":"","dhcp_dhcp_cookie":"99.130.83.99","dhcp_dhcp_option_type":["53","61","50","54","55","0"],"dhcp_dhcp_option_length":["1","7","4","4","4"],"dhcp_dhcp_option_value":["03","01:00:0b:82:01:fc:42","c0:a8:00:0a","c0:a8:00:01","01:03:06:2a"],"dhcp_dhcp_option_dhcp":"3","dhcp_dhcp_hw_type":"0x00000001","dhcp_dhcp_hw_mac_addr":"00:0b:82:01:fc:42","dhcp_dhcp_option_requested_ip_address":"192.168.0.10","dhcp_dhcp_option_dhcp_server_id":"192.168.0.1","dhcp_dhcp_option_request_list_item":["1","3","6","42"],"dhcp_dhcp_option_end":"255","dhcp_dhcp_option_padding":"00"}}} {"index":{"_index":"packets-2004-12-05","_type":"doc"}} -{"timestamp":"1102274184387","layers":{"frame":{"frame_frame_encap_type":"1","frame_frame_time":"Dec 5, 2004 19:16:24.387798000 UTC","frame_frame_offset_shift":"0.000000000","frame_frame_time_epoch":"1102274184.387798000","frame_frame_time_delta":"0.000314000","frame_frame_time_delta_displayed":"0.000314000","frame_frame_time_relative":"0.070345000","frame_frame_number":"4","frame_frame_len":"342","frame_frame_cap_len":"342","frame_frame_marked":false,"frame_frame_ignored":false,"frame_frame_protocols":"eth:ethertype:ip:udp:dhcp"},"eth":{"eth_eth_dst":"00:0b:82:01:fc:42","eth_eth_dst_resolved":"Grandstr_01:fc:42","eth_eth_addr":"00:0b:82:01:fc:42","eth_eth_addr_resolved":"Grandstr_01:fc:42","eth_eth_dst_lg":false,"eth_eth_lg":false,"eth_eth_dst_ig":false,"eth_eth_ig":false,"eth_eth_src":"00:08:74:ad:f1:9b","eth_eth_src_resolved":"Dell_ad:f1:9b","eth_eth_addr":"00:08:74:ad:f1:9b","eth_eth_addr_resolved":"Dell_ad:f1:9b","eth_eth_src_lg":false,"eth_eth_lg":false,"eth_eth_src_ig":false,"eth_eth_ig":false,"eth_eth_type":"0x00000800"},"ip":{"ip_ip_version":"4","ip_ip_hdr_len":"20","ip_ip_dsfield":"0x00000000","ip_ip_dsfield_dscp":"0","ip_ip_dsfield_ecn":"0","ip_ip_len":"328","ip_ip_id":"0x00000446","ip_ip_flags":"0x00000000","ip_ip_flags_rb":false,"ip_ip_flags_df":false,"ip_ip_flags_mf":false,"ip_ip_frag_offset":"0","ip_ip_ttl":"128","ip_ip_proto":"17","ip_ip_checksum":"0x00000000","ip_ip_checksum_status":"2","ip_ip_src":"192.168.0.1","ip_ip_addr":["192.168.0.1","192.168.0.10"],"ip_ip_src_host":"192.168.0.1","ip_ip_host":["192.168.0.1","192.168.0.10"],"ip_ip_dst":"192.168.0.10","ip_ip_dst_host":"192.168.0.10"},"udp":{"udp_udp_srcport":"67","udp_udp_dstport":"68","udp_udp_port":["67","68"],"udp_udp_length":"308","udp_udp_checksum":"0x0000dfdb","udp_udp_checksum_status":"2","udp_udp_stream":"1","text":"Timestamps","udp_udp_time_relative":"0.070050000","udp_udp_time_delta":"0.070050000"},"dhcp":{"dhcp_dhcp_type":"2","dhcp_dhcp_hw_type":"0x00000001","dhcp_dhcp_hw_len":"6","dhcp_dhcp_hops":"0","dhcp_dhcp_id":"0x00003d1e","dhcp_dhcp_secs":"0","dhcp_dhcp_flags":"0x00000000","dhcp_dhcp_flags_bc":false,"dhcp_dhcp_flags_reserved":"0x00000000","dhcp_dhcp_ip_client":"0.0.0.0","dhcp_dhcp_ip_your":"192.168.0.10","dhcp_dhcp_ip_server":"0.0.0.0","dhcp_dhcp_ip_relay":"0.0.0.0","dhcp_dhcp_hw_mac_addr":"00:0b:82:01:fc:42","dhcp_dhcp_hw_addr_padding":"00:00:00:00:00:00:00:00:00:00","dhcp_dhcp_server":"","dhcp_dhcp_file":"","dhcp_dhcp_cookie":"99.130.83.99","dhcp_dhcp_option_type":["53","58","59","51","54","1","0"],"dhcp_dhcp_option_length":["1","4","4","4","4","4"],"dhcp_dhcp_option_value":["05","00:00:07:08","00:00:0c:4e","00:00:0e:10","c0:a8:00:01","ff:ff:ff:00"],"dhcp_dhcp_option_dhcp":"5","dhcp_dhcp_option_renewal_time_value":"1800","dhcp_dhcp_option_rebinding_time_value":"3150","dhcp_dhcp_option_ip_address_lease_time":"3600","dhcp_dhcp_option_dhcp_server_id":"192.168.0.1","dhcp_dhcp_option_subnet_mask":"255.255.255.0","dhcp_dhcp_option_end":"255","dhcp_dhcp_option_padding":"00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00"}}} +{"timestamp":"1102274184387","layers":{"frame":{"frame_frame_encap_type":"1","frame_frame_time":"Dec 5, 2004 19:16:24.387798000 UTC","frame_frame_offset_shift":"0.000000000","frame_frame_time_epoch":"1102274184.387798000","frame_frame_time_delta":"0.000314000","frame_frame_time_delta_displayed":"0.000314000","frame_frame_time_relative":"0.070345000","frame_frame_number":"4","frame_frame_len":"342","frame_frame_cap_len":"342","frame_frame_marked":false,"frame_frame_ignored":false,"frame_frame_protocols":"eth:ethertype:ip:udp:dhcp"},"eth":{"eth_eth_dst":"00:0b:82:01:fc:42","eth_eth_dst_resolved":"Grandstr_01:fc:42","eth_eth_dst_oui":"2946","eth_eth_dst_oui_resolved":"Grandstream Networks, Inc.","eth_eth_addr":"00:0b:82:01:fc:42","eth_eth_addr_resolved":"Grandstr_01:fc:42","eth_eth_addr_oui":"2946","eth_eth_addr_oui_resolved":"Grandstream Networks, Inc.","eth_eth_dst_lg":false,"eth_eth_lg":false,"eth_eth_dst_ig":false,"eth_eth_ig":false,"eth_eth_src":"00:08:74:ad:f1:9b","eth_eth_src_resolved":"Dell_ad:f1:9b","eth_eth_src_oui":"2164","eth_eth_src_oui_resolved":"Dell Inc.","eth_eth_addr":"00:08:74:ad:f1:9b","eth_eth_addr_resolved":"Dell_ad:f1:9b","eth_eth_addr_oui":"2164","eth_eth_addr_oui_resolved":"Dell Inc.","eth_eth_src_lg":false,"eth_eth_lg":false,"eth_eth_src_ig":false,"eth_eth_ig":false,"eth_eth_type":"0x00000800"},"ip":{"ip_ip_version":"4","ip_ip_hdr_len":"20","ip_ip_dsfield":"0x00000000","ip_ip_dsfield_dscp":"0","ip_ip_dsfield_ecn":"0","ip_ip_len":"328","ip_ip_id":"0x00000446","ip_ip_flags":"0x00000000","ip_ip_flags_rb":false,"ip_ip_flags_df":false,"ip_ip_flags_mf":false,"ip_ip_frag_offset":"0","ip_ip_ttl":"128","ip_ip_proto":"17","ip_ip_checksum":"0x00000000","ip_ip_checksum_status":"2","ip_ip_src":"192.168.0.1","ip_ip_addr":["192.168.0.1","192.168.0.10"],"ip_ip_src_host":"192.168.0.1","ip_ip_host":["192.168.0.1","192.168.0.10"],"ip_ip_dst":"192.168.0.10","ip_ip_dst_host":"192.168.0.10"},"udp":{"udp_udp_srcport":"67","udp_udp_dstport":"68","udp_udp_port":["67","68"],"udp_udp_length":"308","udp_udp_checksum":"0x0000dfdb","udp_udp_checksum_status":"2","udp_udp_stream":"1","text":"Timestamps","udp_udp_time_relative":"0.070050000","udp_udp_time_delta":"0.070050000"},"dhcp":{"dhcp_dhcp_type":"2","dhcp_dhcp_hw_type":"0x00000001","dhcp_dhcp_hw_len":"6","dhcp_dhcp_hops":"0","dhcp_dhcp_id":"0x00003d1e","dhcp_dhcp_secs":"0","dhcp_dhcp_flags":"0x00000000","dhcp_dhcp_flags_bc":false,"dhcp_dhcp_flags_reserved":"0x00000000","dhcp_dhcp_ip_client":"0.0.0.0","dhcp_dhcp_ip_your":"192.168.0.10","dhcp_dhcp_ip_server":"0.0.0.0","dhcp_dhcp_ip_relay":"0.0.0.0","dhcp_dhcp_hw_mac_addr":"00:0b:82:01:fc:42","dhcp_dhcp_hw_addr_padding":"00:00:00:00:00:00:00:00:00:00","dhcp_dhcp_server":"","dhcp_dhcp_file":"","dhcp_dhcp_cookie":"99.130.83.99","dhcp_dhcp_option_type":["53","58","59","51","54","1","0"],"dhcp_dhcp_option_length":["1","4","4","4","4","4"],"dhcp_dhcp_option_value":["05","00:00:07:08","00:00:0c:4e","00:00:0e:10","c0:a8:00:01","ff:ff:ff:00"],"dhcp_dhcp_option_dhcp":"5","dhcp_dhcp_option_renewal_time_value":"1800","dhcp_dhcp_option_rebinding_time_value":"3150","dhcp_dhcp_option_ip_address_lease_time":"3600","dhcp_dhcp_option_dhcp_server_id":"192.168.0.1","dhcp_dhcp_option_subnet_mask":"255.255.255.0","dhcp_dhcp_option_end":"255","dhcp_dhcp_option_padding":"00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00"}}} diff --git a/test/baseline/dhcp.json b/test/baseline/dhcp.json index 2a16353aa6..8df9460fb8 100644 --- a/test/baseline/dhcp.json +++ b/test/baseline/dhcp.json @@ -24,8 +24,10 @@ "eth.dst": "ff:ff:ff:ff:ff:ff", "eth.dst_tree": { "eth.dst_resolved": "Broadcast", + "eth.dst.oui": "16777215", "eth.addr": "ff:ff:ff:ff:ff:ff", "eth.addr_resolved": "Broadcast", + "eth.addr.oui": "16777215", "eth.dst.lg": "1", "eth.lg": "1", "eth.dst.ig": "1", @@ -34,8 +36,12 @@ "eth.src": "00:0b:82:01:fc:42", "eth.src_tree": { "eth.src_resolved": "Grandstr_01:fc:42", + "eth.src.oui": "2946", + "eth.src.oui_resolved": "Grandstream Networks, Inc.", "eth.addr": "00:0b:82:01:fc:42", "eth.addr_resolved": "Grandstr_01:fc:42", + "eth.addr.oui": "2946", + "eth.addr.oui_resolved": "Grandstream Networks, Inc.", "eth.src.lg": "0", "eth.lg": "0", "eth.src.ig": "0", @@ -170,8 +176,12 @@ "eth.dst": "00:0b:82:01:fc:42", "eth.dst_tree": { "eth.dst_resolved": "Grandstr_01:fc:42", + "eth.dst.oui": "2946", + "eth.dst.oui_resolved": "Grandstream Networks, Inc.", "eth.addr": "00:0b:82:01:fc:42", "eth.addr_resolved": "Grandstr_01:fc:42", + "eth.addr.oui": "2946", + "eth.addr.oui_resolved": "Grandstream Networks, Inc.", "eth.dst.lg": "0", "eth.lg": "0", "eth.dst.ig": "0", @@ -180,8 +190,12 @@ "eth.src": "00:08:74:ad:f1:9b", "eth.src_tree": { "eth.src_resolved": "Dell_ad:f1:9b", + "eth.src.oui": "2164", + "eth.src.oui_resolved": "Dell Inc.", "eth.addr": "00:08:74:ad:f1:9b", "eth.addr_resolved": "Dell_ad:f1:9b", + "eth.addr.oui": "2164", + "eth.addr.oui_resolved": "Dell Inc.", "eth.src.lg": "0", "eth.lg": "0", "eth.src.ig": "0", @@ -324,8 +338,10 @@ "eth.dst": "ff:ff:ff:ff:ff:ff", "eth.dst_tree": { "eth.dst_resolved": "Broadcast", + "eth.dst.oui": "16777215", "eth.addr": "ff:ff:ff:ff:ff:ff", "eth.addr_resolved": "Broadcast", + "eth.addr.oui": "16777215", "eth.dst.lg": "1", "eth.lg": "1", "eth.dst.ig": "1", @@ -334,8 +350,12 @@ "eth.src": "00:0b:82:01:fc:42", "eth.src_tree": { "eth.src_resolved": "Grandstr_01:fc:42", + "eth.src.oui": "2946", + "eth.src.oui_resolved": "Grandstream Networks, Inc.", "eth.addr": "00:0b:82:01:fc:42", "eth.addr_resolved": "Grandstr_01:fc:42", + "eth.addr.oui": "2946", + "eth.addr.oui_resolved": "Grandstream Networks, Inc.", "eth.src.lg": "0", "eth.lg": "0", "eth.src.ig": "0", @@ -476,8 +496,12 @@ "eth.dst": "00:0b:82:01:fc:42", "eth.dst_tree": { "eth.dst_resolved": "Grandstr_01:fc:42", + "eth.dst.oui": "2946", + "eth.dst.oui_resolved": "Grandstream Networks, Inc.", "eth.addr": "00:0b:82:01:fc:42", "eth.addr_resolved": "Grandstr_01:fc:42", + "eth.addr.oui": "2946", + "eth.addr.oui_resolved": "Grandstream Networks, Inc.", "eth.dst.lg": "0", "eth.lg": "0", "eth.dst.ig": "0", @@ -486,8 +510,12 @@ "eth.src": "00:08:74:ad:f1:9b", "eth.src_tree": { "eth.src_resolved": "Dell_ad:f1:9b", + "eth.src.oui": "2164", + "eth.src.oui_resolved": "Dell Inc.", "eth.addr": "00:08:74:ad:f1:9b", "eth.addr_resolved": "Dell_ad:f1:9b", + "eth.addr.oui": "2164", + "eth.addr.oui_resolved": "Dell Inc.", "eth.src.lg": "0", "eth.lg": "0", "eth.src.ig": "0", diff --git a/test/baseline/dhcp.jsonraw b/test/baseline/dhcp.jsonraw index 6c570e041f..76d53f38c3 100644 --- a/test/baseline/dhcp.jsonraw +++ b/test/baseline/dhcp.jsonraw @@ -128,6 +128,13 @@ 0, 26 ], + "eth.dst.oui_raw": [ + "ffffff", + 0, + 3, + 0, + 6 + ], "eth.addr_raw": [ "ffffffffffff", 0, @@ -142,6 +149,13 @@ 0, 26 ], + "eth.addr.oui_raw": [ + "ffffff", + 0, + 3, + 0, + 6 + ], "eth.dst.lg_raw": [ "1", 0, @@ -186,6 +200,20 @@ 0, 26 ], + "eth.src.oui_raw": [ + "000b82", + 6, + 3, + 0, + 6 + ], + "eth.src.oui_resolved_raw": [ + "000b8201fc42", + 6, + 6, + 0, + 26 + ], "eth.addr_raw": [ "000b8201fc42", 6, @@ -200,6 +228,20 @@ 0, 26 ], + "eth.addr.oui_raw": [ + "000b82", + 6, + 3, + 0, + 6 + ], + "eth.addr.oui_resolved_raw": [ + "000b8201fc42", + 6, + 6, + 0, + 26 + ], "eth.src.lg_raw": [ "0", 6, @@ -939,6 +981,20 @@ 0, 26 ], + "eth.dst.oui_raw": [ + "000b82", + 0, + 3, + 0, + 6 + ], + "eth.dst.oui_resolved_raw": [ + "000b8201fc42", + 0, + 6, + 0, + 26 + ], "eth.addr_raw": [ "000b8201fc42", 0, @@ -953,6 +1009,20 @@ 0, 26 ], + "eth.addr.oui_raw": [ + "000b82", + 0, + 3, + 0, + 6 + ], + "eth.addr.oui_resolved_raw": [ + "000b8201fc42", + 0, + 6, + 0, + 26 + ], "eth.dst.lg_raw": [ "0", 0, @@ -997,6 +1067,20 @@ 0, 26 ], + "eth.src.oui_raw": [ + "000874", + 6, + 3, + 0, + 6 + ], + "eth.src.oui_resolved_raw": [ + "000874adf19b", + 6, + 6, + 0, + 26 + ], "eth.addr_raw": [ "000874adf19b", 6, @@ -1011,6 +1095,20 @@ 0, 26 ], + "eth.addr.oui_raw": [ + "000874", + 6, + 3, + 0, + 6 + ], + "eth.addr.oui_resolved_raw": [ + "000874adf19b", + 6, + 6, + 0, + 26 + ], "eth.src.lg_raw": [ "0", 6, @@ -1782,6 +1880,13 @@ 0, 26 ], + "eth.dst.oui_raw": [ + "ffffff", + 0, + 3, + 0, + 6 + ], "eth.addr_raw": [ "ffffffffffff", 0, @@ -1796,6 +1901,13 @@ 0, 26 ], + "eth.addr.oui_raw": [ + "ffffff", + 0, + 3, + 0, + 6 + ], "eth.dst.lg_raw": [ "1", 0, @@ -1840,6 +1952,20 @@ 0, 26 ], + "eth.src.oui_raw": [ + "000b82", + 6, + 3, + 0, + 6 + ], + "eth.src.oui_resolved_raw": [ + "000b8201fc42", + 6, + 6, + 0, + 26 + ], "eth.addr_raw": [ "000b8201fc42", 6, @@ -1854,6 +1980,20 @@ 0, 26 ], + "eth.addr.oui_raw": [ + "000b82", + 6, + 3, + 0, + 6 + ], + "eth.addr.oui_resolved_raw": [ + "000b8201fc42", + 6, + 6, + 0, + 26 + ], "eth.src.lg_raw": [ "0", 6, @@ -2623,6 +2763,20 @@ 0, 26 ], + "eth.dst.oui_raw": [ + "000b82", + 0, + 3, + 0, + 6 + ], + "eth.dst.oui_resolved_raw": [ + "000b8201fc42", + 0, + 6, + 0, + 26 + ], "eth.addr_raw": [ "000b8201fc42", 0, @@ -2637,6 +2791,20 @@ 0, 26 ], + "eth.addr.oui_raw": [ + "000b82", + 0, + 3, + 0, + 6 + ], + "eth.addr.oui_resolved_raw": [ + "000b8201fc42", + 0, + 6, + 0, + 26 + ], "eth.dst.lg_raw": [ "0", 0, @@ -2681,6 +2849,20 @@ 0, 26 ], + "eth.src.oui_raw": [ + "000874", + 6, + 3, + 0, + 6 + ], + "eth.src.oui_resolved_raw": [ + "000874adf19b", + 6, + 6, + 0, + 26 + ], "eth.addr_raw": [ "000874adf19b", 6, @@ -2695,6 +2877,20 @@ 0, 26 ], + "eth.addr.oui_raw": [ + "000874", + 6, + 3, + 0, + 6 + ], + "eth.addr.oui_resolved_raw": [ + "000874adf19b", + 6, + 6, + 0, + 26 + ], "eth.src.lg_raw": [ "0", 6, |