mirror of
https://github.com/wader/fq.git
synced 2024-11-26 21:55:57 +03:00
102 lines
11 KiB
Plaintext
102 lines
11 KiB
Plaintext
|
# from https://wiki.wireshark.org/SampleCaptures
|
||
|
|
$ fq -d pcap verbose /ipv4frags.pcap
|
||
|
|
|00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef|.: {} /ipv4frags.pcap (pcap) 0x0-0xbad.7 (2990)
|
||
|
|
0x000|d4 c3 b2 a1 |.... | magic: "little_endian" (0xd4c3b2a1) (valid) 0x0-0x3.7 (4)
|
||
|
|
0x000| 02 00 | .. | version_major: 2 0x4-0x5.7 (2)
|
||
|
|
0x000| 04 00 | .. | version_minor: 4 0x6-0x7.7 (2)
|
||
|
|
0x000| 00 00 00 00 | .... | thiszone: 0 0x8-0xb.7 (4)
|
||
|
|
0x000| 00 00 00 00| ....| sigfigs: 0 0xc-0xf.7 (4)
|
||
|
|
0x010|d0 07 00 00 |.... | snaplen: 2000 0x10-0x13.7 (4)
|
||
|
|
0x010| 01 00 00 00 | .... | network: "ethernet" (1) (IEEE 802.3 Ethernet) 0x14-0x17.7 (4)
|
||
|
|
| | | packets: [3] 0x18-0xbad.7 (2966)
|
||
|
|
| | | [0]: packet {} 0x18-0x419.7 (1026)
|
||
|
|
0x010| 14 2b d2 59 | .+.Y | ts_sec: 1506945812 0x18-0x1b.7 (4)
|
||
|
|
0x010| 5c 2a 08 00| \*..| ts_usec: 535132 0x1c-0x1f.7 (4)
|
||
|
|
0x020|f2 03 00 00 |.... | incl_len: 1010 0x20-0x23.7 (4)
|
||
|
|
0x020| f2 03 00 00 | .... | orig_len: 1010 0x24-0x27.7 (4)
|
||
|
|
| | | packet: {} (ether8023) 0x28-0x419.7 (1010)
|
||
|
|
0x020| 08 00 27 e2 9f a6 | ..'... | destination: "08:00:27:e2:9f:a6" (0x80027e29fa6) 0x28-0x2d.7 (6)
|
||
|
|
0x020| 08 00| ..| source: "08:00:27:fc:6a:c9" (0x80027fc6ac9) 0x2e-0x33.7 (6)
|
||
|
|
0x030|27 fc 6a c9 |'.j. |
|
||
|
|
0x030| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x34-0x35.7 (2)
|
||
|
|
| | | packet: {} (ipv4) 0x36-0x419.7 (996)
|
||
|
|
0x030| 45 | E | version: 4 0x36-0x36.3 (0.4)
|
||
|
|
0x030| 45 | E | ihl: 5 0x36.4-0x36.7 (0.4)
|
||
|
|
0x030| 00 | . | dscp: 0 0x37-0x37.5 (0.6)
|
||
|
|
0x030| 00 | . | ecn: 0 0x37.6-0x37.7 (0.2)
|
||
|
|
0x030| 03 e4 | .. | total_length: 996 0x38-0x39.7 (2)
|
||
|
|
0x030| b5 d0 | .. | identification: 46544 0x3a-0x3b.7 (2)
|
||
|
|
0x030| 20 | | reserved: 0 0x3c-0x3c (0.1)
|
||
|
|
0x030| 20 | | dont_fragment: false 0x3c.1-0x3c.1 (0.1)
|
||
|
|
0x030| 20 | | more_fragments: true 0x3c.2-0x3c.2 (0.1)
|
||
|
|
0x030| 20 00 | . | fragment_offset: 0 0x3c.3-0x3d.7 (1.5)
|
||
|
|
0x030| 40 | @ | ttl: 64 0x3e-0x3e.7 (1)
|
||
|
|
0x030| 01| .| protocol: "icmp" (1) (internet control message protocol) 0x3f-0x3f.7 (1)
|
||
|
|
0x040|9b 44 |.D | header_checksum: 0x9b44 0x40-0x41.7 (2)
|
||
|
|
0x040| 02 01 01 02 | .... | source_ip: "2.1.1.2" (0x2010102) 0x42-0x45.7 (4)
|
||
|
|
0x040| 02 01 01 01 | .... | destination_ip: "2.1.1.1" (0x2010101) 0x46-0x49.7 (4)
|
||
|
|
0x040| 08 00 4d 71 13 c2| ..Mq..| data: raw bits 0x4a-0x419.7 (976)
|
||
|
|
0x050|00 01 14 2b d2 59 00 00 00 00 3d 2a 08 00 00 00|...+.Y....=*....|
|
||
|
|
* |until 0x419.7 (976) | |
|
||
|
|
| | | capture_padding: raw bits 0x41a-NA (0)
|
||
|
|
| | | [1]: packet {} 0x41a-0x5fb.7 (482)
|
||
|
|
0x410| 14 2b d2 59 | .+.Y | ts_sec: 1506945812 0x41a-0x41d.7 (4)
|
||
|
|
0x410| 9d 2a| .*| ts_usec: 535197 0x41e-0x421.7 (4)
|
||
|
|
0x420|08 00 |.. |
|
||
|
|
0x420| d2 01 00 00 | .... | incl_len: 466 0x422-0x425.7 (4)
|
||
|
|
0x420| d2 01 00 00 | .... | orig_len: 466 0x426-0x429.7 (4)
|
||
|
|
| | | packet: {} (ether8023) 0x42a-0x5fb.7 (466)
|
||
|
|
0x420| 08 00 27 e2 9f a6| ..'...| destination: "08:00:27:e2:9f:a6" (0x80027e29fa6) 0x42a-0x42f.7 (6)
|
||
|
|
0x430|08 00 27 fc 6a c9 |..'.j. | source: "08:00:27:fc:6a:c9" (0x80027fc6ac9) 0x430-0x435.7 (6)
|
||
|
|
0x430| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x436-0x437.7 (2)
|
||
|
|
| | | packet: {} (ipv4) 0x438-0x5fb.7 (452)
|
||
|
|
0x430| 45 | E | version: 4 0x438-0x438.3 (0.4)
|
||
|
|
0x430| 45 | E | ihl: 5 0x438.4-0x438.7 (0.4)
|
||
|
|
0x430| 00 | . | dscp: 0 0x439-0x439.5 (0.6)
|
||
|
|
0x430| 00 | . | ecn: 0 0x439.6-0x439.7 (0.2)
|
||
|
|
0x430| 01 c4 | .. | total_length: 452 0x43a-0x43b.7 (2)
|
||
|
|
0x430| b5 d0 | .. | identification: 46544 0x43c-0x43d.7 (2)
|
||
|
|
0x430| 00 | . | reserved: 0 0x43e-0x43e (0.1)
|
||
|
|
0x430| 00 | . | dont_fragment: false 0x43e.1-0x43e.1 (0.1)
|
||
|
|
0x430| 00 | . | more_fragments: false 0x43e.2-0x43e.2 (0.1)
|
||
|
|
0x430| 00 7a| .z| fragment_offset: 122 0x43e.3-0x43f.7 (1.5)
|
||
|
|
0x440|40 |@ | ttl: 64 0x440-0x440.7 (1)
|
||
|
|
0x440| 01 | . | protocol: "icmp" (1) (internet control message protocol) 0x441-0x441.7 (1)
|
||
|
|
0x440| bc ea | .. | header_checksum: 0xbcea 0x442-0x443.7 (2)
|
||
|
|
0x440| 02 01 01 02 | .... | source_ip: "2.1.1.2" (0x2010102) 0x444-0x447.7 (4)
|
||
|
|
0x440| 02 01 01 01 | .... | destination_ip: "2.1.1.1" (0x2010101) 0x448-0x44b.7 (4)
|
||
|
|
0x440| c8 c9 ca cb| ....| data: raw bits 0x44c-0x5fb.7 (432)
|
||
|
|
0x450|cc cd ce cf d0 d1 d2 d3 d4 d5 d6 d7 d8 d9 da db|................|
|
||
|
|
* |until 0x5fb.7 (432) | |
|
||
|
|
| | | capture_padding: raw bits 0x5fc-NA (0)
|
||
|
|
| | | [2]: packet {} 0x5fc-0xbad.7 (1458)
|
||
|
|
0x5f0| 14 2b d2 59| .+.Y| ts_sec: 1506945812 0x5fc-0x5ff.7 (4)
|
||
|
|
0x600|59 2c 08 00 |Y,.. | ts_usec: 535641 0x600-0x603.7 (4)
|
||
|
|
0x600| a2 05 00 00 | .... | incl_len: 1442 0x604-0x607.7 (4)
|
||
|
|
0x600| a2 05 00 00 | .... | orig_len: 1442 0x608-0x60b.7 (4)
|
||
|
|
| | | packet: {} (ether8023) 0x60c-0xbad.7 (1442)
|
||
|
|
0x600| 08 00 27 fc| ..'.| destination: "08:00:27:fc:6a:c9" (0x80027fc6ac9) 0x60c-0x611.7 (6)
|
||
|
|
0x610|6a c9 |j. |
|
||
|
|
0x610| 08 00 27 e2 9f a6 | ..'... | source: "08:00:27:e2:9f:a6" (0x80027e29fa6) 0x612-0x617.7 (6)
|
||
|
|
0x610| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x618-0x619.7 (2)
|
||
|
|
| | | packet: {} (ipv4) 0x61a-0xbad.7 (1428)
|
||
|
|
0x610| 45 | E | version: 4 0x61a-0x61a.3 (0.4)
|
||
|
|
0x610| 45 | E | ihl: 5 0x61a.4-0x61a.7 (0.4)
|
||
|
|
0x610| 00 | . | dscp: 0 0x61b-0x61b.5 (0.6)
|
||
|
|
0x610| 00 | . | ecn: 0 0x61b.6-0x61b.7 (0.2)
|
||
|
|
0x610| 05 94 | .. | total_length: 1428 0x61c-0x61d.7 (2)
|
||
|
|
0x610| 83 f6| ..| identification: 33782 0x61e-0x61f.7 (2)
|
||
|
|
0x620|00 |. | reserved: 0 0x620-0x620 (0.1)
|
||
|
|
0x620|00 |. | dont_fragment: false 0x620.1-0x620.1 (0.1)
|
||
|
|
0x620|00 |. | more_fragments: false 0x620.2-0x620.2 (0.1)
|
||
|
|
0x620|00 00 |.. | fragment_offset: 0 0x620.3-0x621.7 (1.5)
|
||
|
|
0x620| 40 | @ | ttl: 64 0x622-0x622.7 (1)
|
||
|
|
0x620| 01 | . | protocol: "icmp" (1) (internet control message protocol) 0x623-0x623.7 (1)
|
||
|
|
0x620| eb 6e | .n | header_checksum: 0xeb6e 0x624-0x625.7 (2)
|
||
|
|
0x620| 02 01 01 01 | .... | source_ip: "2.1.1.1" (0x2010101) 0x626-0x629.7 (4)
|
||
|
|
0x620| 02 01 01 02 | .... | destination_ip: "2.1.1.2" (0x2010102) 0x62a-0x62d.7 (4)
|
||
|
|
0x620| 00 00| ..| data: raw bits 0x62e-0xbad.7 (1408)
|
||
|
|
0x630|55 71 13 c2 00 01 14 2b d2 59 00 00 00 00 3d 2a|Uq.....+.Y....=*|
|
||
|
|
* |until 0xbad.7 (end) (1408) | |
|
||
|
|
| | | capture_padding: raw bits 0xbae-NA (0)
|