From f55b1af6ac0f47e883b1c201f82054ae0f061afd Mon Sep 17 00:00:00 2001 From: Mattias Wadman Date: Wed, 24 Nov 2021 21:20:46 +0100 Subject: [PATCH] inet: Add tcp and ipv4 reassembly Also add tcp_stream and udp_payload to decode content --- README.md | 2 +- doc/formats.md | 18 +- doc/formats.svg | 1677 ++++++++------- format/bzip2/bzip2.go | 4 +- format/dns/dns.go | 133 +- format/dns/dns_tcp.go | 19 + format/flac/flac.go | 6 +- format/flac/flac_frame.go | 6 +- format/flac/flac_metadatablocks.go | 6 +- format/flac/flac_picture.go | 2 +- format/flac/flac_streaminfo.go | 2 +- format/format.go | 35 +- format/gzip/gzip.go | 4 +- format/id3/id3v2.go | 4 +- format/inet.go | 1865 +++++++++++++++++ format/inet/ether8023.go | 113 - format/inet/ether8023_frame.go | 50 + format/inet/flowsdecoder/flowsdecoder.go | 172 ++ format/inet/icmp.go | 110 + format/inet/ipv4.go | 73 - format/inet/ipv4_packet.go | 113 + format/inet/protocols.go | 145 -- format/inet/services.go | 1377 ------------ format/inet/sll2_packet.go | 56 + format/inet/sll_packet.go | 139 ++ format/inet/tcp.go | 42 - format/inet/tcp_segment.go | 83 + .../testdata/{ether8023 => ether8023_frame} | Bin ...ther8023.fqtest => ether8023_frame.fqtest} | 14 +- format/inet/testdata/{ipv4 => ipv4_packet} | Bin .../{ipv4.fqtest => ipv4_packet.fqtest} | 10 +- format/inet/testdata/tcp.fqtest | 24 - format/inet/testdata/{tcp => tcp_segment} | Bin format/inet/testdata/tcp_segment.fqtest | 49 + format/inet/testdata/{udp => udp_datagram} | Bin .../{udp.fqtest => udp_datagram.fqtest} | 6 +- format/inet/udp.go | 49 - format/inet/udp_datagram.go | 39 + format/jpeg/ps_irids.go | 100 +- format/mp4/boxes.go | 4 +- format/mp4/brands.go | 18 +- format/mp4/desc.go | 4 +- format/mp4/testdata/dash.fqtest | 8 +- format/mpeg/mp3_frame.go | 4 +- format/ogg/ogg_page.go | 4 +- format/pcap/pcap.go | 30 +- format/pcap/pcapng.go | 44 +- format/pcap/shared.go | 348 +-- format/pcap/testdata/dhcp_big_endian.fqtest | 42 +- .../pcap/testdata/dhcp_little_endian.fqtest | 42 +- format/pcap/testdata/http_gzip.cap | Bin 0 -> 1707 bytes format/pcap/testdata/http_gzip.fqtest | 629 ++++++ format/pcap/testdata/ipv4frags.fqtest | 227 +- format/pcap/testdata/many_interfaces.fqtest | 1030 +++++---- format/pcap/testdata/sll2_tcp.fqtest | 348 +++ format/pcap/testdata/sll2_tcp.pcap | Bin 0 -> 485 bytes format/tar/tar.go | 2 +- format/zip/zip.go | 2 +- go.mod | 16 +- go.sum | 14 + pkg/{crc => checksum}/crc.go | 6 +- pkg/checksum/ipv4.go | 39 + pkg/decode/decode.go | 12 +- pkg/interp/repl.jq | 2 +- pkg/interp/testdata/args.fqtest | 12 +- 65 files changed, 5867 insertions(+), 3567 deletions(-) create mode 100644 format/dns/dns_tcp.go create mode 100644 format/inet.go delete mode 100644 format/inet/ether8023.go create mode 100644 format/inet/ether8023_frame.go create mode 100644 format/inet/flowsdecoder/flowsdecoder.go create mode 100644 format/inet/icmp.go delete mode 100644 format/inet/ipv4.go create mode 100644 format/inet/ipv4_packet.go delete mode 100644 format/inet/protocols.go delete mode 100644 format/inet/services.go create mode 100644 format/inet/sll2_packet.go create mode 100644 format/inet/sll_packet.go delete mode 100644 format/inet/tcp.go create mode 100644 format/inet/tcp_segment.go rename format/inet/testdata/{ether8023 => ether8023_frame} (100%) rename format/inet/testdata/{ether8023.fqtest => ether8023_frame.fqtest} (88%) rename format/inet/testdata/{ipv4 => ipv4_packet} (100%) rename format/inet/testdata/{ipv4.fqtest => ipv4_packet.fqtest} (88%) delete mode 100644 format/inet/testdata/tcp.fqtest rename format/inet/testdata/{tcp => tcp_segment} (100%) create mode 100644 format/inet/testdata/tcp_segment.fqtest rename format/inet/testdata/{udp => udp_datagram} (100%) rename format/inet/testdata/{udp.fqtest => udp_datagram.fqtest} (86%) delete mode 100644 format/inet/udp.go create mode 100644 format/inet/udp_datagram.go create mode 100644 format/pcap/testdata/http_gzip.cap create mode 100644 format/pcap/testdata/http_gzip.fqtest create mode 100644 format/pcap/testdata/sll2_tcp.fqtest create mode 100644 format/pcap/testdata/sll2_tcp.pcap rename pkg/{crc => checksum}/crc.go (97%) create mode 100644 pkg/checksum/ipv4.go diff --git a/README.md b/README.md index 23aad281..04b1fd43 100644 --- a/README.md +++ b/README.md @@ -64,7 +64,7 @@ cp fq /usr/local/bin [./formats_list.jq]: sh-start -aac_frame, adts, adts_frame, apev2, av1_ccr, av1_frame, av1_obu, avc_annexb, avc_au, avc_dcr, avc_nalu, avc_pps, avc_sei, avc_sps, bzip2, dns, elf, ether8023, exif, flac, flac_frame, flac_metadatablock, flac_metadatablocks, flac_picture, flac_streaminfo, gif, gzip, hevc_annexb, hevc_au, hevc_dcr, hevc_nalu, icc_profile, id3v1, id3v11, id3v2, ipv4, jpeg, json, matroska, mp3, mp3_frame, mp4, mpeg_asc, mpeg_es, mpeg_pes, mpeg_pes_packet, mpeg_spu, mpeg_ts, ogg, ogg_page, opus_packet, pcap, pcapng, png, protobuf, protobuf_widevine, pssh_playready, raw, tar, tcp, tiff, udp, vorbis_comment, vorbis_packet, vp8_frame, vp9_cfm, vp9_frame, vpx_ccr, wav, webp, xing, zip +aac_frame, adts, adts_frame, apev2, av1_ccr, av1_frame, av1_obu, avc_annexb, avc_au, avc_dcr, avc_nalu, avc_pps, avc_sei, avc_sps, bzip2, dns, dns_tcp, elf, ether8023_frame, exif, flac, flac_frame, flac_metadatablock, flac_metadatablocks, flac_picture, flac_streaminfo, gif, gzip, hevc_annexb, hevc_au, hevc_dcr, hevc_nalu, icc_profile, icmp, id3v1, id3v11, id3v2, ipv4_packet, jpeg, json, matroska, mp3, mp3_frame, mp4, mpeg_asc, mpeg_es, mpeg_pes, mpeg_pes_packet, mpeg_spu, mpeg_ts, ogg, ogg_page, opus_packet, pcap, pcapng, png, protobuf, protobuf_widevine, pssh_playready, raw, sll2_packet, sll_packet, tar, tcp_segment, tiff, udp_datagram, vorbis_comment, vorbis_packet, vp8_frame, vp9_cfm, vp9_frame, vpx_ccr, wav, webp, xing, zip [#]: sh-end diff --git a/doc/formats.md b/doc/formats.md index ff1b986b..34072aef 100644 --- a/doc/formats.md +++ b/doc/formats.md @@ -20,8 +20,9 @@ |`avc_sps` |H.264/AVC Sequence Parameter Set || |`bzip2` |bzip2 compression |`probe`| |`dns` |DNS packet || +|`dns_tcp` |DNS packet (TCP) || |`elf` |Executable and Linkable Format || -|`ether8023` |Ethernet 802.3 |`ipv4`| +|`ether8023_frame` |Ethernet 802.3 frame |`ipv4_packet`| |`exif` |Exchangeable Image File Format || |`flac` |Free Lossless Audio Codec file |`flac_metadatablocks` `flac_frame`| |`flac_frame` |FLAC frame || @@ -36,10 +37,11 @@ |`hevc_dcr` |H.265/HEVC Decoder Configuration Record |`hevc_nalu`| |`hevc_nalu` |H.265/HEVC Network Access Layer Unit || |`icc_profile` |International Color Consortium profile || +|`icmp` |Internet Control Message Protocol || |`id3v1` |ID3v1 metadata || |`id3v11` |ID3v1.1 metadata || |`id3v2` |ID3v2 metadata |`image`| -|`ipv4` |Internet protocol v4 |`udp` `tcp`| +|`ipv4_packet` |Internet protocol v4 packet |`udp_datagram` `tcp_segment` `icmp`| |`jpeg` |Joint Photographic Experts Group file |`exif` `icc_profile`| |`json` |JSON || |`matroska` |Matroska file |`aac_frame` `av1_ccr` `av1_frame` `avc_au` `avc_dcr` `flac_frame` `flac_metadatablocks` `hevc_au` `hevc_dcr` `image` `mp3_frame` `mpeg_asc` `mpeg_pes_packet` `mpeg_spu` `opus_packet` `vorbis_packet` `vp8_frame` `vp9_cfm` `vp9_frame`| @@ -55,17 +57,19 @@ |`ogg` |OGG file |`ogg_page` `vorbis_packet` `opus_packet` `flac_metadatablock` `flac_frame`| |`ogg_page` |OGG page || |`opus_packet` |Opus packet |`vorbis_comment`| -|`pcap` |PCAP packet capture |`ether8023`| -|`pcapng` |PCAPNG packet capture |`ether8023`| +|`pcap` |PCAP packet capture |`ether8023_frame` `sll_packet` `sll2_packet` `tcp_stream` `ipv4_packet`| +|`pcapng` |PCAPNG packet capture |`ether8023_frame` `sll_packet` `sll2_packet` `tcp_stream` `ipv4_packet`| |`png` |Portable Network Graphics file |`icc_profile` `exif`| |`protobuf` |Protobuf || |`protobuf_widevine` |Widevine protobuf |`protobuf`| |`pssh_playready` |PlayReady PSSH || |`raw` |Raw bits || +|`sll2_packet` |Linux cooked capture encapsulation v2 |`ether8023_frame`| +|`sll_packet` |Linux cooked capture encapsulation |`ether8023_frame`| |`tar` |Tar archive |`probe`| -|`tcp` |Transmission Control Protocol || +|`tcp_segment` |Transmission control protocol segment || |`tiff` |Tag Image File Format |`icc_profile`| -|`udp` |User datagram protocol |`dns`| +|`udp_datagram` |User datagram protocol |`udp_payload`| |`vorbis_comment` |Vorbis comment |`flac_picture`| |`vorbis_packet` |Vorbis packet |`vorbis_comment`| |`vp8_frame` |VP8 frame || @@ -78,6 +82,8 @@ |`zip` |ZIP archive |`probe`| |`image` |Group |`gif` `jpeg` `mp4` `png` `tiff` `webp`| |`probe` |Group |`adts` `bzip2` `elf` `flac` `gif` `gzip` `jpeg` `json` `matroska` `mp3` `mp4` `mpeg_ts` `ogg` `pcap` `pcapng` `png` `tar` `tiff` `wav` `webp` `zip`| +|`tcp_stream` |Group |`dns`| +|`udp_payload` |Group |`dns`| [#]: sh-end diff --git a/doc/formats.svg b/doc/formats.svg index d05094cd..683f23ce 100644 --- a/doc/formats.svg +++ b/doc/formats.svg @@ -4,1412 +4,1551 @@ - - + + formats - + adts - -adts - -adts_frame + +adts + +adts_frame adts_frame - -adts_frame - -aac_frame + +adts_frame + +aac_frame adts:adts_frame->adts_frame - - + + aac_frame - -aac_frame + +aac_frame adts_frame:aac_frame->aac_frame - - + + + apev2 - -apev2 - -image + +apev2 + +image image - -image + +image apev2:image->image - - + + - + jpeg - -jpeg - -exif - -icc_profile + +jpeg + +exif + +icc_profile - + image->jpeg:jpeg - - + + - + mp4 - -mp4 - -aac_frame - -av1_ccr - -av1_frame - -flac_frame - -flac_metadatablocks - -id3v2 - -image - -jpeg - -mp3_frame - -avc_au - -avc_dcr - -mpeg_es - -hevc_au - -hevc_dcr - -mpeg_pes_packet - -opus_packet - -protobuf_widevine - -pssh_playready - -vorbis_packet - -vp9_frame - -vpx_ccr + +mp4 + +aac_frame + +av1_ccr + +av1_frame + +flac_frame + +flac_metadatablocks + +id3v2 + +image + +jpeg + +mp3_frame + +avc_au + +avc_dcr + +mpeg_es + +hevc_au + +hevc_dcr + +mpeg_pes_packet + +opus_packet + +protobuf_widevine + +pssh_playready + +vorbis_packet + +vp9_frame + +vpx_ccr - + image->mp4:mp4 - - + + - + png - -png - -icc_profile - -exif + +png + +icc_profile + +exif - + image->png:png - - + + - + tiff - -tiff - -icc_profile + +tiff + +icc_profile - + image->tiff:tiff - - + + - + webp - -webp - -vp8_frame + +webp + +vp8_frame - + image->webp:webp - - + + - + gif - -gif + +gif - + image->gif:gif - - + + av1_frame - -av1_frame - -av1_obu + +av1_frame + +av1_obu av1_obu - -av1_obu + +av1_obu av1_frame:av1_obu->av1_obu - - + + avc_annexb - -avc_annexb - -avc_nalu + +avc_annexb + +avc_nalu avc_nalu - -avc_nalu - -avc_sps - -avc_pps - -avc_sei + +avc_nalu + +avc_sps + +avc_pps + +avc_sei avc_annexb:avc_nalu->avc_nalu - - + + avc_sps - -avc_sps + +avc_sps avc_nalu:avc_sps->avc_sps - - + + avc_pps - -avc_pps + +avc_pps avc_nalu:avc_pps->avc_pps - - + + avc_sei - -avc_sei + +avc_sei avc_nalu:avc_sei->avc_sei - - + + avc_au - -avc_au - -avc_nalu + +avc_au + +avc_nalu avc_au:avc_nalu->avc_nalu - - + + avc_dcr - -avc_dcr - -avc_nalu + +avc_dcr + +avc_nalu avc_dcr:avc_nalu->avc_nalu - - + + bzip2 - -bzip2 - -probe + +bzip2 + +probe probe - -probe + +probe bzip2:probe->probe - - + + - + probe->adts:adts - - + + - + probe->bzip2:bzip2 - - + + flac - -flac - -flac_metadatablocks - -flac_frame + +flac + +flac_metadatablocks + +flac_frame - + probe->flac:flac - - - + + + gzip - -gzip - -probe + +gzip + +probe - + probe->gzip:gzip - - + + - + probe->jpeg:jpeg - - + + + - + matroska - -matroska - -aac_frame - -av1_ccr - -av1_frame - -avc_au - -avc_dcr - -flac_frame - -flac_metadatablocks - -hevc_au - -hevc_dcr - -image - -mp3_frame - -mpeg_asc - -mpeg_pes_packet - -mpeg_spu - -opus_packet - -vorbis_packet - -vp8_frame - -vp9_cfm - -vp9_frame + +matroska + +aac_frame + +av1_ccr + +av1_frame + +avc_au + +avc_dcr + +flac_frame + +flac_metadatablocks + +hevc_au + +hevc_dcr + +image + +mp3_frame + +mpeg_asc + +mpeg_pes_packet + +mpeg_spu + +opus_packet + +vorbis_packet + +vp8_frame + +vp9_cfm + +vp9_frame - + probe->matroska:matroska - - + + - + mp3 - -mp3 - -id3v2 - -id3v1 - -id3v11 - -apev2 - -mp3_frame + +mp3 + +id3v2 + +id3v1 + +id3v11 + +apev2 + +mp3_frame - + probe->mp3:mp3 - - + + - + probe->mp4:mp4 - - + + + - + ogg - -ogg - -ogg_page - -vorbis_packet - -opus_packet - -flac_metadatablock - -flac_frame + +ogg + +ogg_page + +vorbis_packet + +opus_packet + +flac_metadatablock + +flac_frame - + probe->ogg:ogg - - + + - + pcap - -pcap - -ether8023 + +pcap + +ether8023_frame + +sll_packet + +sll2_packet + +tcp_stream + +ipv4_packet - + probe->pcap:pcap - - + + - + pcapng - -pcapng - -ether8023 + +pcapng + +ether8023_frame + +sll_packet + +sll2_packet + +tcp_stream + +ipv4_packet - + probe->pcapng:pcapng - - + + - + probe->png:png - - - + + - + tar - -tar - -probe + +tar + +probe - + probe->tar:tar - - + + - + probe->tiff:tiff - - - + + + + - + wav - -wav - -id3v2 - -id3v1 - -id3v11 + +wav + +id3v2 + +id3v1 + +id3v11 - + probe->wav:wav - - + + - + probe->webp:webp - - + + + - + zip - -zip - -probe + +zip + +probe - + probe->zip:zip - - + + - + elf - -elf + +elf - + probe->elf:elf - - + + - + probe->gif:gif - - + + - + json - -json + +json - + probe->json:json - - + + - + mpeg_ts - -mpeg_ts + +mpeg_ts - + probe->mpeg_ts:mpeg_ts - - + + - + -ether8023 - -ether8023 - -ipv4 +ether8023_frame + +ether8023_frame + +ipv4_packet - + -ipv4 - -ipv4 - -udp - -tcp +ipv4_packet + +ipv4_packet + +udp_datagram + +tcp_segment + +icmp - + -ether8023:ipv4->ipv4 - - +ether8023_frame:ipv4_packet->ipv4_packet + + - + -udp - -udp - -dns +udp_datagram + +udp_datagram + +udp_payload - + -ipv4:udp->udp - - +ipv4_packet:udp_datagram->udp_datagram + + - + -tcp - -tcp +tcp_segment + +tcp_segment - + -ipv4:tcp->tcp - - +ipv4_packet:tcp_segment->tcp_segment + + + + + +icmp + +icmp + + + +ipv4_packet:icmp->icmp + + flac_metadatablocks - -flac_metadatablocks - -flac_metadatablock + +flac_metadatablocks + +flac_metadatablock flac:flac_metadatablocks->flac_metadatablocks - - + + flac_frame - -flac_frame + +flac_frame flac:flac_frame->flac_frame - - + + flac_metadatablock - -flac_metadatablock - -flac_streaminfo - -flac_picture - -vorbis_comment + +flac_metadatablock + +flac_streaminfo + +flac_picture + +vorbis_comment flac_metadatablocks:flac_metadatablock->flac_metadatablock - - + + flac_streaminfo - -flac_streaminfo + +flac_streaminfo flac_metadatablock:flac_streaminfo->flac_streaminfo - - + + flac_picture - -flac_picture - -image + +flac_picture + +image flac_metadatablock:flac_picture->flac_picture - - + + vorbis_comment - -vorbis_comment - -flac_picture + +vorbis_comment + +flac_picture flac_metadatablock:vorbis_comment->vorbis_comment - - + + flac_picture:image->image - - + + + - + vorbis_comment:flac_picture->flac_picture - - + + gzip:probe->probe - - + + hevc_annexb - -hevc_annexb - -hevc_nalu + +hevc_annexb + +hevc_nalu hevc_nalu - -hevc_nalu + +hevc_nalu hevc_annexb:hevc_nalu->hevc_nalu - - + + hevc_au - -hevc_au - -hevc_nalu + +hevc_au + +hevc_nalu hevc_au:hevc_nalu->hevc_nalu - - + + hevc_dcr - -hevc_dcr - -hevc_nalu + +hevc_dcr + +hevc_nalu hevc_dcr:hevc_nalu->hevc_nalu - - + + id3v2 - -id3v2 - -image + +id3v2 + +image id3v2:image->image - - - + + - - -dns - -dns + + +udp_payload + +udp_payload - - -udp:dns->dns - - + + +udp_datagram:udp_payload->udp_payload + + - + exif - -exif + +exif - + jpeg:exif->exif - - + + - + icc_profile - -icc_profile + +icc_profile - + jpeg:icc_profile->icc_profile - - + + - + matroska:aac_frame->aac_frame - - + - + matroska:image->image - - + + - + matroska:av1_frame->av1_frame - - + + - + matroska:avc_au->avc_au - - + + - + matroska:avc_dcr->avc_dcr - - + + - + matroska:flac_metadatablocks->flac_metadatablocks - - + + - + matroska:flac_frame->flac_frame - - + + - + matroska:hevc_au->hevc_au - - + + - + matroska:hevc_dcr->hevc_dcr - - + + - + av1_ccr - -av1_ccr + +av1_ccr - + matroska:av1_ccr->av1_ccr - - + + - + mp3_frame - -mp3_frame - -xing + +mp3_frame + +xing - + matroska:mp3_frame->mp3_frame - - + + - + mpeg_asc - -mpeg_asc + +mpeg_asc - + matroska:mpeg_asc->mpeg_asc - - + + - + mpeg_pes_packet - -mpeg_pes_packet + +mpeg_pes_packet - + matroska:mpeg_pes_packet->mpeg_pes_packet - - + + - + mpeg_spu - -mpeg_spu + +mpeg_spu - + matroska:mpeg_spu->mpeg_spu - - + + - + opus_packet - -opus_packet - -vorbis_comment + +opus_packet + +vorbis_comment - + matroska:opus_packet->opus_packet - - + + - + vorbis_packet - -vorbis_packet - -vorbis_comment + +vorbis_packet + +vorbis_comment - + matroska:vorbis_packet->vorbis_packet - - + + - + vp8_frame - -vp8_frame + +vp8_frame - + matroska:vp8_frame->vp8_frame - - + + - + vp9_cfm - -vp9_cfm + +vp9_cfm - + matroska:vp9_cfm->vp9_cfm - - + + - + vp9_frame - -vp9_frame + +vp9_frame - + matroska:vp9_frame->vp9_frame - - + + - + xing - -xing + +xing - + mp3_frame:xing->xing - - + + - + opus_packet:vorbis_comment->vorbis_comment - - + + - + vorbis_packet:vorbis_comment->vorbis_comment - - + + - + mp3:apev2->apev2 - - + + - + mp3:id3v2->id3v2 - + + + - + mp3:mp3_frame->mp3_frame - - + + - + id3v1 - -id3v1 + +id3v1 - + mp3:id3v1->id3v1 - - + + - + id3v11 - -id3v11 + +id3v11 - + mp3:id3v11->id3v11 - - + + - + mp4:aac_frame->aac_frame - - + + - + mp4:image->image - - + + - + mp4:av1_frame->av1_frame - - + + - + mp4:avc_au->avc_au - - + + - + mp4:avc_dcr->avc_dcr - - + + - + mp4:flac_metadatablocks->flac_metadatablocks - - + + - + mp4:flac_frame->flac_frame - - + + - + mp4:hevc_au->hevc_au - - + + - + mp4:hevc_dcr->hevc_dcr - - + + - + mp4:id3v2->id3v2 - - + + - + mp4:jpeg->jpeg - - + + - + mp4:av1_ccr->av1_ccr - - + + - + mp4:mp3_frame->mp3_frame - - + + - + mp4:mpeg_pes_packet->mpeg_pes_packet - - + + - + mp4:opus_packet->opus_packet - - + + - + mp4:vorbis_packet->vorbis_packet - - + + - + mp4:vp9_frame->vp9_frame - - + + - + mpeg_es - -mpeg_es - -mpeg_asc - -vorbis_packet + +mpeg_es + +mpeg_asc + +vorbis_packet - + mp4:mpeg_es->mpeg_es - - + + - + protobuf_widevine - -protobuf_widevine - -protobuf + +protobuf_widevine + +protobuf - + mp4:protobuf_widevine->protobuf_widevine - - + + - + pssh_playready - -pssh_playready + +pssh_playready - + mp4:pssh_playready->pssh_playready - - + + - + vpx_ccr - -vpx_ccr + +vpx_ccr - + mp4:vpx_ccr->vpx_ccr - - + + - + mpeg_es:mpeg_asc->mpeg_asc - - + + - + mpeg_es:vorbis_packet->vorbis_packet - - + + - + protobuf - -protobuf + +protobuf - + protobuf_widevine:protobuf->protobuf - - + + - + mpeg_pes - -mpeg_pes - -mpeg_pes_packet - -mpeg_spu + +mpeg_pes + +mpeg_pes_packet + +mpeg_spu - + mpeg_pes:mpeg_pes_packet->mpeg_pes_packet - - + + - + mpeg_pes:mpeg_spu->mpeg_spu - - + + - + ogg:flac_frame->flac_frame - - + + - + ogg:flac_metadatablock->flac_metadatablock - - + + - + ogg:opus_packet->opus_packet - - + + - + ogg:vorbis_packet->vorbis_packet - - + + - + ogg_page - -ogg_page + +ogg_page - + ogg:ogg_page->ogg_page - - + + - - -pcap:ether8023->ether8023 - - - - + -pcapng:ether8023->ether8023 - - +pcap:ether8023_frame->ether8023_frame + + + + + +pcap:ipv4_packet->ipv4_packet + + + + + +sll_packet + +sll_packet + +ether8023_frame + + + +pcap:sll_packet->sll_packet + + + + + +sll2_packet + +sll2_packet + +ether8023_frame + + + +pcap:sll2_packet->sll2_packet + + + + + +tcp_stream + +tcp_stream + + + +pcap:tcp_stream->tcp_stream + + + + + +sll_packet:ether8023_frame->ether8023_frame + + + + + +sll2_packet:ether8023_frame->ether8023_frame + + + + + +dns + +dns + + + +tcp_stream->dns:dns + + + + + +pcapng:ether8023_frame->ether8023_frame + + + + + +pcapng:ipv4_packet->ipv4_packet + + + + + +pcapng:sll_packet->sll_packet + + + + + +pcapng:sll2_packet->sll2_packet + + + + + +pcapng:tcp_stream->tcp_stream + + - + png:exif->exif - - + + - + png:icc_profile->icc_profile - - - + - + tar:probe->probe - - + + - + tiff:icc_profile->icc_profile - + + + + + + +udp_payload->dns:dns + + - + wav:id3v2->id3v2 - - - + - + wav:id3v1->id3v1 - - + + - + wav:id3v11->id3v11 - - + + - + webp:vp8_frame->vp8_frame - - + + - + zip:probe->probe - - + + + + + +dns_tcp + +dns_tcp - + raw - -raw + +raw diff --git a/format/bzip2/bzip2.go b/format/bzip2/bzip2.go index 43023f55..bea1b363 100644 --- a/format/bzip2/bzip2.go +++ b/format/bzip2/bzip2.go @@ -114,9 +114,7 @@ func bzip2Decode(d *decode.D, in interface{}) interface{} { } blockCRC32W := crc32.NewIEEE() - if _, err := d.Copy(blockCRC32W, bitFlipReader{uncompressedBB.Clone()}); err != nil { - d.IOPanic(err) - } + d.MustCopy(blockCRC32W, bitFlipReader{uncompressedBB.Clone()}) blockCRC32N := bits.Reverse32(binary.BigEndian.Uint32(blockCRC32W.Sum(nil))) _ = blockCRCValue.TryScalarFn(d.ValidateU(uint64(blockCRC32N))) streamCRCN = blockCRC32N ^ ((streamCRCN << 1) | (streamCRCN >> 31)) diff --git a/format/dns/dns.go b/format/dns/dns.go index b4c3e332..08a7dff6 100644 --- a/format/dns/dns.go +++ b/format/dns/dns.go @@ -16,7 +16,11 @@ func init() { registry.MustRegister(decode.Format{ Name: format.DNS, Description: "DNS packet", - DecodeFn: dnsDecode, + Groups: []string{ + format.TCP_STREAM, + format.UDP_PAYLOAD, + }, + DecodeFn: dnsUDPDecode, }) } @@ -111,7 +115,7 @@ var rcodeNames = decode.UToScalar{ 9: {Sym: "NotAuth", Description: "Server Not Authoritative for zone"}, // RFC 2136 10: {Sym: "NotZone", Description: "Name not contained in zone"}, // RFC 2136 // collision in RFCs - // 16: {Sym: "BADVERS", Description: "Bad OPT Version"}, // RFC 2671 + // 16: {Sym: "BADVERS", Description: "Bad OPT Version"}, // RFC 2671 16: {Sym: "BADSIG", Description: "TSIG Signature Failure"}, // RFC 2845 17: {Sym: "BADKEY", Description: "Key not recognized"}, // RFC 2845 18: {Sym: "BADTIME", Description: "Signature out of time window"}, // RFC 2845 @@ -128,7 +132,7 @@ func decodeAAAAStr(d *decode.D) string { return net.IP(d.BytesLen(16)).String() } -func fieldDecodeLabel(d *decode.D, name string) { +func fieldDecodeLabel(d *decode.D, pointerOffset int64, name string) { var endPos int64 const maxJumps = 100 jumpCount := 0 @@ -149,7 +153,7 @@ func fieldDecodeLabel(d *decode.D, name string) { if jumpCount > maxJumps { d.Fatalf("label has more than %d jumps", maxJumps) } - d.SeekAbs(int64(pointer) * 8) + d.SeekAbs(int64(pointer)*8 + pointerOffset) } l := d.FieldU8("length") @@ -169,58 +173,64 @@ func fieldDecodeLabel(d *decode.D, name string) { } } -func dnsDecodeRR(d *decode.D, count uint64, name string, structName string) { +func dnsDecodeRR(d *decode.D, pointerOffset int64, resp bool, count uint64, name string, structName string) { d.FieldArray(name, func(d *decode.D) { for i := uint64(0); i < count; i++ { d.FieldStruct(structName, func(d *decode.D) { - fieldDecodeLabel(d, "name") + fieldDecodeLabel(d, pointerOffset, "name") typ := d.FieldU16("type", d.MapUToStrSym(typeNames)) class := d.FieldU16("class", d.MapURangeToScalar(classNames)) - d.FieldU32("ttl") - rdLength := d.FieldU16("rdlength") - - d.LenFn(int64(rdLength)*8, func(d *decode.D) { - // TODO: all only for classIN? - switch { - case class == classIN && typ == typeA: - d.FieldStrFn("address", decodeAStr) - case typ == typeNS: - fieldDecodeLabel(d, "ns") - case typ == typeCNAME: - fieldDecodeLabel(d, "cname") - case typ == typeSOA: - fieldDecodeLabel(d, "mname") - fieldDecodeLabel(d, "rname") - d.FieldU32("serial") - d.FieldU32("refresh") - d.FieldU32("retry") - d.FieldU32("expire") - d.FieldU32("minimum") - case typ == typePTR: - fieldDecodeLabel(d, "ptr") - case typ == typeTXT: - var ss []string - d.FieldStruct("txt", func(d *decode.D) { - d.FieldArray("strings", func(d *decode.D) { - for !d.End() { - ss = append(ss, d.FieldUTF8ShortString("string")) - } + if resp { + d.FieldU32("ttl") + rdLength := d.FieldU16("rdlength") + d.LenFn(int64(rdLength)*8, func(d *decode.D) { + // TODO: all only for classIN? + switch { + case class == classIN && typ == typeA: + d.FieldStrFn("address", decodeAStr) + case typ == typeNS: + fieldDecodeLabel(d, pointerOffset, "ns") + case typ == typeCNAME: + fieldDecodeLabel(d, pointerOffset, "cname") + case typ == typeSOA: + fieldDecodeLabel(d, pointerOffset, "mname") + fieldDecodeLabel(d, pointerOffset, "rname") + d.FieldU32("serial") + d.FieldU32("refresh") + d.FieldU32("retry") + d.FieldU32("expire") + d.FieldU32("minimum") + case typ == typePTR: + fieldDecodeLabel(d, pointerOffset, "ptr") + case typ == typeTXT: + var ss []string + d.FieldStruct("txt", func(d *decode.D) { + d.FieldArray("strings", func(d *decode.D) { + for !d.End() { + ss = append(ss, d.FieldUTF8ShortString("string")) + } + }) + d.FieldValueStr("value", strings.Join(ss, "")) }) - d.FieldValueStr("value", strings.Join(ss, "")) - }) - case class == classIN && typ == typeAAAA: - d.FieldStrFn("address", decodeAAAAStr) - default: - d.FieldUTF8("rdata", int(rdLength)) - } - }) + case class == classIN && typ == typeAAAA: + d.FieldStrFn("address", decodeAAAAStr) + default: + d.FieldUTF8("rdata", int(rdLength)) + } + }) + } }) } }) } -func dnsDecode(d *decode.D, in interface{}) interface{} { +func dnsDecode(d *decode.D, isTCP bool) interface{} { + pointerOffset := int64(0) d.FieldStruct("header", func(d *decode.D) { + if isTCP { + pointerOffset = 16 + d.FieldU16("length") + } d.FieldU16("id") d.FieldU1("qr", d.MapUToStrSym(decode.UToStr{ 0: "query", @@ -245,20 +255,27 @@ func dnsDecode(d *decode.D, in interface{}) interface{} { anCount := d.FieldU16("an_count") nsCount := d.FieldU16("ns_count") arCount := d.FieldU16("ar_count") - - d.FieldArray("questions", func(d *decode.D) { - for i := uint64(0); i < qdCount; i++ { - d.FieldStruct("question", func(d *decode.D) { - fieldDecodeLabel(d, "name") - d.FieldU16("type", d.MapUToStrSym(typeNames)) - d.FieldU16("class", d.MapURangeToScalar(classNames)) - }) - } - }) - - dnsDecodeRR(d, anCount, "answers", "answer") - dnsDecodeRR(d, nsCount, "nameservers", "nameserver") - dnsDecodeRR(d, arCount, "additionals", "additional") + dnsDecodeRR(d, pointerOffset, false, qdCount, "questions", "question") + dnsDecodeRR(d, pointerOffset, true, anCount, "answers", "answer") + dnsDecodeRR(d, pointerOffset, true, nsCount, "nameservers", "nameserver") + dnsDecodeRR(d, pointerOffset, true, arCount, "additionals", "additional") return nil } + +func dnsUDPDecode(d *decode.D, in interface{}) interface{} { + if tsi, ok := in.(format.TCPStreamIn); ok { + if tsi.DestinationPort == format.TCPPortDomain || tsi.SourcePort == format.TCPPortDomain { + return dnsDecode(d, true) + } + d.Fatalf("wrong port") + } + if udi, ok := in.(format.UDPDatagramIn); ok { + if udi.DestinationPort == format.UDPPortDomain || udi.SourcePort == format.UDPPortDomain || + udi.DestinationPort == format.UDPPortMDNS || udi.SourcePort == format.UDPPortMDNS { + return dnsDecode(d, false) + } + d.Fatalf("wrong port") + } + return dnsDecode(d, false) +} diff --git a/format/dns/dns_tcp.go b/format/dns/dns_tcp.go new file mode 100644 index 00000000..b80b59d9 --- /dev/null +++ b/format/dns/dns_tcp.go @@ -0,0 +1,19 @@ +package dns + +import ( + "github.com/wader/fq/format" + "github.com/wader/fq/format/registry" + "github.com/wader/fq/pkg/decode" +) + +func init() { + registry.MustRegister(decode.Format{ + Name: format.DNS_TCP, + Description: "DNS packet (TCP)", + DecodeFn: dnsTCPDecode, + }) +} + +func dnsTCPDecode(d *decode.D, in interface{}) interface{} { + return dnsDecode(d, true) +} diff --git a/format/flac/flac.go b/format/flac/flac.go index f4d5c1b1..a9f537b0 100644 --- a/format/flac/flac.go +++ b/format/flac/flac.go @@ -18,7 +18,7 @@ import ( "github.com/wader/fq/pkg/decode" ) -var flacMetadatablockFormat decode.Group +var flacMetadatablocksFormat decode.Group var flacFrameFormat decode.Group func init() { @@ -28,7 +28,7 @@ func init() { Groups: []string{format.PROBE}, DecodeFn: flacDecode, Dependencies: []decode.Dependency{ - {Names: []string{format.FLAC_METADATABLOCKS}, Group: &flacMetadatablockFormat}, + {Names: []string{format.FLAC_METADATABLOCKS}, Group: &flacMetadatablocksFormat}, {Names: []string{format.FLAC_FRAME}, Group: &flacFrameFormat}, }, }) @@ -43,7 +43,7 @@ func flacDecode(d *decode.D, in interface{}) interface{} { var streamTotalSamples uint64 var streamDecodedSamples uint64 - _, v := d.FieldFormat("metadatablocks", flacMetadatablockFormat, nil) + _, v := d.FieldFormat("metadatablocks", flacMetadatablocksFormat, nil) flacMetadatablockOut, ok := v.(format.FlacMetadatablocksOut) if !ok { panic(fmt.Sprintf("expected FlacMetadatablockOut got %#+v", v)) diff --git a/format/flac/flac_frame.go b/format/flac/flac_frame.go index d27aa5c6..ca0369ad 100644 --- a/format/flac/flac_frame.go +++ b/format/flac/flac_frame.go @@ -7,7 +7,7 @@ import ( "github.com/wader/fq/format" "github.com/wader/fq/format/registry" "github.com/wader/fq/internal/num" - "github.com/wader/fq/pkg/crc" + "github.com/wader/fq/pkg/checksum" "github.com/wader/fq/pkg/decode" ) @@ -337,7 +337,7 @@ func frameDecode(d *decode.D, in interface{}) interface{} { } }) - headerCRC := &crc.CRC{Bits: 8, Table: crc.ATM8Table} + headerCRC := &checksum.CRC{Bits: 8, Table: checksum.ATM8Table} d.MustCopy(headerCRC, d.BitBufRange(frameStart, d.Pos()-frameStart)) d.FieldU8("crc", d.ValidateUBytes(headerCRC.Sum(nil)), d.Hex) }) @@ -587,7 +587,7 @@ func frameDecode(d *decode.D, in interface{}) interface{} { // Zero-padding to byte alignment. d.FieldU("byte_align", d.ByteAlignBits(), d.AssertU(0)) // <16> CRC-16 (polynomial = x^16 + x^15 + x^2 + x^0, initialized with 0) of everything before the crc, back to and including the frame header sync code - footerCRC := &crc.CRC{Bits: 16, Table: crc.ANSI16Table} + footerCRC := &checksum.CRC{Bits: 16, Table: checksum.ANSI16Table} d.MustCopy(footerCRC, d.BitBufRange(frameStart, d.Pos()-frameStart)) d.FieldRawLen("footer_crc", 16, d.ValidateBitBuf(footerCRC.Sum(nil)), d.RawHex) diff --git a/format/flac/flac_metadatablocks.go b/format/flac/flac_metadatablocks.go index 81489842..135ad089 100644 --- a/format/flac/flac_metadatablocks.go +++ b/format/flac/flac_metadatablocks.go @@ -8,7 +8,7 @@ import ( "github.com/wader/fq/pkg/decode" ) -var flacMetadatablockForamt decode.Group +var flacMetadatablockFormat decode.Group func init() { registry.MustRegister(decode.Format{ @@ -18,7 +18,7 @@ func init() { RootArray: true, RootName: "metadatablocks", Dependencies: []decode.Dependency{ - {Names: []string{format.FLAC_METADATABLOCK}, Group: &flacMetadatablockForamt}, + {Names: []string{format.FLAC_METADATABLOCK}, Group: &flacMetadatablockFormat}, }, }) } @@ -28,7 +28,7 @@ func metadatablocksDecode(d *decode.D, in interface{}) interface{} { isLastBlock := false for !isLastBlock { - dv, v := d.FieldFormat("metadatablock", flacMetadatablockForamt, nil) + dv, v := d.FieldFormat("metadatablock", flacMetadatablockFormat, nil) flacMetadatablockOut, ok := v.(format.FlacMetadatablockOut) if dv != nil && !ok { panic(fmt.Sprintf("expected FlacMetadatablocksOut, got %#+v", flacMetadatablockOut)) diff --git a/format/flac/flac_picture.go b/format/flac/flac_picture.go index ed36ea66..57b70e95 100644 --- a/format/flac/flac_picture.go +++ b/format/flac/flac_picture.go @@ -56,7 +56,7 @@ func pictureDecode(d *decode.D, in interface{}) interface{} { d.FieldU32("color_depth") d.FieldU32("number_of_index_colors") pictureLen := d.FieldU32("picture_length") - if dv, _, _ := d.FieldTryFormatLen("picture_data", int64(pictureLen)*8, images, nil); dv == nil { + if dv, _, _ := d.TryFieldFormatLen("picture_data", int64(pictureLen)*8, images, nil); dv == nil { d.FieldRawLen("picture_data", int64(pictureLen)*8) } diff --git a/format/flac/flac_streaminfo.go b/format/flac/flac_streaminfo.go index 7b6a9734..827b3e89 100644 --- a/format/flac/flac_streaminfo.go +++ b/format/flac/flac_streaminfo.go @@ -28,7 +28,7 @@ func streaminfoDecode(d *decode.D, in interface{}) interface{} { md5BB := d.FieldRawLen("md5", 16*8, d.RawHex) md5b, err := md5BB.Bytes() if err != nil { - d.IOPanic(err) + d.IOPanic(err, "md5BB.Bytes") } return format.FlacStreaminfoOut{ diff --git a/format/format.go b/format/format.go index 6c34250e..fe124f34 100644 --- a/format/format.go +++ b/format/format.go @@ -8,14 +8,24 @@ import ( const ( ALL = "all" - PROBE = "probe" - RAW = "raw" - - // TODO: rename PROBE_* something? - IMAGE = "image" + PROBE = "probe" + IMAGE = "image" + TCP_STREAM = "tcp_stream" + UDP_PAYLOAD = "udp_payload" + RAW = "raw" JSON = "json" + DNS = "dns" + DNS_TCP = "dns_tcp" + ETHER8023_FRAME = "ether8023_frame" + SLL_PACKET = "sll_packet" + SLL2_PACKET = "sll2_packet" + IPV4_PACKET = "ipv4_packet" + UDP_DATAGRAM = "udp_datagram" + TCP_SEGMENT = "tcp_segment" + ICMP = "icmp" + AAC_FRAME = "aac_frame" ADTS = "adts" ADTS_FRAME = "adts_frame" @@ -24,12 +34,7 @@ const ( AV1_FRAME = "av1_frame" AV1_OBU = "av1_obu" BZIP2 = "bzip2" - DNS = "dns" ELF = "elf" - ETHER8023 = "ether8023" - IPV4 = "ipv4" - UDP = "udp" - TCP = "tcp" EXIF = "exif" FLAC = "flac" FLAC_FRAME = "flac_frame" @@ -185,3 +190,13 @@ type MP3FrameOut struct { ChannelsIndex int ChannelModeIndex int } + +type UDPDatagramIn struct { + SourcePort int + DestinationPort int +} + +type TCPStreamIn struct { + SourcePort int + DestinationPort int +} diff --git a/format/gzip/gzip.go b/format/gzip/gzip.go index 469b6745..866b116b 100644 --- a/format/gzip/gzip.go +++ b/format/gzip/gzip.go @@ -112,9 +112,7 @@ func gzDecode(d *decode.D, in interface{}) interface{} { } d.FieldRawLen("compressed", readCompressedSize) crc32W := crc32.NewIEEE() - if _, err := io.Copy(crc32W, uncompressedBB.Clone()); err != nil { - d.IOPanic(err) - } + d.MustCopy(crc32W, uncompressedBB.Clone()) d.FieldU32("crc32", d.ValidateUBytes(crc32W.Sum(nil)), d.Hex) d.FieldU32("isize") } diff --git a/format/id3/id3v2.go b/format/id3/id3v2.go index 57ce1c07..e2023a7b 100644 --- a/format/id3/id3v2.go +++ b/format/id3/id3v2.go @@ -426,7 +426,7 @@ func decodeFrame(d *decode.D, version int) uint64 { d.FieldStrFn("mime_type", textNullFn(encodingUTF8)) d.FieldU8("picture_type") // TODO: table d.FieldStrFn("description", textNullFn(int(encoding))) - dv, _, _ := d.FieldTryFormatLen("picture", d.BitsLeft(), imageFormat, nil) + dv, _, _ := d.TryFieldFormatLen("picture", d.BitsLeft(), imageFormat, nil) if dv == nil { d.FieldRawLen("picture", d.BitsLeft()) } @@ -443,7 +443,7 @@ func decodeFrame(d *decode.D, version int) uint64 { d.FieldStrFn("mime_type", textNullFn(encodingUTF8)) d.FieldStrFn("filename", textNullFn(int(encoding))) d.FieldStrFn("description", textNullFn(int(encoding))) - dv, _, _ := d.FieldTryFormatLen("data", d.BitsLeft(), imageFormat, nil) + dv, _, _ := d.TryFieldFormatLen("data", d.BitsLeft(), imageFormat, nil) if dv == nil { d.FieldRawLen("data", d.BitsLeft()) } diff --git a/format/inet.go b/format/inet.go new file mode 100644 index 00000000..ecb5fd55 --- /dev/null +++ b/format/inet.go @@ -0,0 +1,1865 @@ +package format + +import "github.com/wader/fq/pkg/decode" + +// from https://www.tcpdump.org/linktypes.html +// TODO cleanup +//nolint:revive +const ( + LinkTypeNULL = 0 + LinkTypeETHERNET = 1 + LinkTypeAX25 = 3 + LinkTypeIEEE802_5 = 6 + LinkTypeARCNET_BSD = 7 + LinkTypeSLIP = 8 + LinkTypePPP = 9 + LinkTypeFDDI = 10 + LinkTypePPP_HDLC = 50 + LinkTypePPP_ETHER = 51 + LinkTypeATM_RFC1483 = 100 + LinkTypeRAW = 101 + LinkTypeC_HDLC = 104 + LinkTypeIEEE802_11 = 105 + LinkTypeFRELAY = 107 + LinkTypeLOOP = 108 + LinkTypeLINUX_SLL = 113 + LinkTypeLTALK = 114 + LinkTypePFLOG = 117 + LinkTypeIEEE802_11_PRISM = 119 + LinkTypeIP_OVER_FC = 122 + LinkTypeSUNATM = 123 + LinkTypeIEEE802_11_RADIOTAP = 127 + LinkTypeARCNET_LINUX = 129 + LinkTypeAPPLE_IP_OVER_IEEE1394 = 138 + LinkTypeMTP2_WITH_PHDR = 139 + LinkTypeMTP2 = 140 + LinkTypeMTP3 = 141 + LinkTypeSCCP = 142 + LinkTypeDOCSIS = 143 + LinkTypeLINUX_IRDA = 144 + LinkTypeUSER0 = 147 + LinkTypeUSER1 = 148 + LinkTypeUSER2 = 149 + LinkTypeUSER3 = 150 + LinkTypeUSER4 = 151 + LinkTypeUSER5 = 152 + LinkTypeUSER6 = 153 + LinkTypeUSER7 = 154 + LinkTypeUSER8 = 155 + LinkTypeUSER9 = 156 + LinkTypeUSER10 = 157 + LinkTypeUSER11 = 158 + LinkTypeUSER12 = 159 + LinkTypeUSER13 = 160 + LinkTypeUSER14 = 161 + LinkTypeUSER15 = 162 + LinkTypeIEEE802_11_AVS = 163 + LinkTypeBACNET_MS_TP = 165 + LinkTypePPP_PPPD = 166 + LinkTypeGPRS_LLC = 169 + LinkTypeGPF_T = 170 + LinkTypeGPF_F = 171 + LinkTypeLINUX_LAPD = 177 + LinkTypeMFR = 182 + LinkTypeBLUETOOTH_HCI_H4 = 187 + LinkTypeUSB_LINUX = 189 + LinkTypePPI = 192 + LinkTypeIEEE802_15_4_WITHFCS = 195 + LinkTypeSITA = 196 + LinkTypeERF = 197 + LinkTypeBLUETOOTH_HCI_H4_WITH_PHDR = 201 + LinkTypeAX25_KISS = 202 + LinkTypeLAPD = 203 + LinkTypePPP_WITH_DIR = 204 + LinkTypeC_HDLC_WITH_DIR = 205 + LinkTypeFRELAY_WITH_DIR = 206 + LinkTypeLAPB_WITH_DIR = 207 + LinkTypeIPMB_LINUX = 209 + LinkTypeFLEXRAY = 210 + LinkTypeLIN = 212 + LinkTypeIEEE802_15_4_NONASK_PHY = 215 + LinkTypeUSB_LINUX_MMAPPED = 220 + LinkTypeFC_2 = 224 + LinkTypeFC_2_WITH_FRAME_DELIMS = 225 + LinkTypeIPNET = 226 + LinkTypeCAN_SOCKETCAN = 227 + LinkTypeIPV4 = 228 + LinkTypeIPV6 = 229 + LinkTypeIEEE802_15_4_NOFCS = 230 + LinkTypeDBUS = 231 + LinkTypeDVB_CI = 235 + LinkTypeMUX27010 = 236 + LinkTypeSTANAG_5066_D_PDU = 237 + LinkTypeNFLOG = 239 + LinkTypeNETANALYZER = 240 + LinkTypeNETANALYZER_TRANSPARENT = 241 + LinkTypeIPOIB = 242 + LinkTypeMPEG_2_TS = 243 + LinkTypeNG40 = 244 + LinkTypeNFC_LLCP = 245 + LinkTypeINFINIBAND = 247 + LinkTypeSCTP = 248 + LinkTypeUSBPCAP = 249 + LinkTypeRTAC_SERIAL = 250 + LinkTypeBLUETOOTH_LE_LL = 251 + LinkTypeNETLINK = 253 + LinkTypeBLUETOOTH_LINUX_MONITOR = 254 + LinkTypeBLUETOOTH_BREDR_BB = 255 + LinkTypeBLUETOOTH_LE_LL_WITH_PHDR = 256 + LinkTypePROFIBUS_DL = 257 + LinkTypePKTAP = 258 + LinkTypeEPON = 259 + LinkTypeIPMI_HPM_2 = 260 + LinkTypeZWAVE_R1_R2 = 261 + LinkTypeZWAVE_R3 = 262 + LinkTypeWATTSTOPPER_DLM = 263 + LinkTypeISO_14443 = 264 + LinkTypeRDS = 265 + LinkTypeUSB_DARWIN = 266 + LinkTypeSDLC = 268 + LinkTypeLORATAP = 270 + LinkTypeVSOCK = 271 + LinkTypeNORDIC_BLE = 272 + LinkTypeDOCSIS31_XRA31 = 273 + LinkTypeETHERNET_MPACKET = 274 + LinkTypeDISPLAYPORT_AUX = 275 + LinkTypeLINUX_SLL2 = 276 + LinkTypeOPENVIZSLA = 278 + LinkTypeEBHSCR = 279 + LinkTypeVPP_DISPATCH = 280 + LinkTypeDSA_TAG_BRCM = 281 + LinkTypeDSA_TAG_BRCM_PREPEND = 282 + LinkTypeIEEE802_15_4_TAP = 283 + LinkTypeDSA_TAG_DSA = 284 + LinkTypeDSA_TAG_EDSA = 285 + LinkTypeELEE = 286 + LinkTypeZ_WAVE_SERIAL = 287 + LinkTypeUSB_2_0 = 288 + LinkTypeATSC_ALP = 289 + LinkTypeETW = 290 +) + +var LinkTypeMap = decode.UToScalar{ + LinkTypeNULL: {Sym: "null", Description: `BSD loopback encapsulation`}, + LinkTypeETHERNET: {Sym: "ethernet", Description: `IEEE 802.3 Ethernet`}, + LinkTypeAX25: {Sym: "ax25", Description: `AX.25 packet, with nothing preceding it`}, + LinkTypeIEEE802_5: {Sym: "ieee802_5", Description: `IEEE 802.5 Token Ring`}, + LinkTypeARCNET_BSD: {Sym: "arcnet_bsd", Description: `ARCNET Data Packets`}, + LinkTypeSLIP: {Sym: "slip", Description: `SLIP, encapsulated with a LINKTYPE_SLIP header`}, + LinkTypePPP: {Sym: "ppp", Description: `PPP`}, + LinkTypeFDDI: {Sym: "fddi", Description: `FDDI`}, + LinkTypePPP_HDLC: {Sym: "ppp_hdlc", Description: `PPP in HDLC-like framing`}, + LinkTypePPP_ETHER: {Sym: "ppp_ether", Description: `PPPoE`}, + LinkTypeATM_RFC1483: {Sym: "atm_rfc1483", Description: `RFC 1483 LLC/SNAP-encapsulated ATM`}, + LinkTypeRAW: {Sym: "raw", Description: `Raw IP`}, + LinkTypeC_HDLC: {Sym: "c_hdlc", Description: `Cisco PPP with HDLC framing, as per section 4.3.1 of RFC 1547`}, + LinkTypeIEEE802_11: {Sym: "ieee802_11", Description: `IEEE 802.11 wireless LAN`}, + LinkTypeFRELAY: {Sym: "frelay", Description: `Frame Relay LAPF frames`}, + LinkTypeLOOP: {Sym: "loop", Description: `OpenBSD loopback encapsulation`}, + LinkTypeLINUX_SLL: {Sym: "linux_sll", Description: `Linux "cooked" capture encapsulation`}, + LinkTypeLTALK: {Sym: "ltalk", Description: `Apple LocalTalk`}, + LinkTypePFLOG: {Sym: "pflog", Description: `OpenBSD pflog`}, + LinkTypeIEEE802_11_PRISM: {Sym: "ieee802_11_prism", Description: `Prism monitor mode information followed by an 802.11 header`}, + LinkTypeIP_OVER_FC: {Sym: "ip_over_fc", Description: `RFC 2625 IP-over-Fibre Channel, with the link-layer header being the Network_Header as described in that RFC`}, + LinkTypeSUNATM: {Sym: "sunatm", Description: `ATM traffic, encapsulated as per the scheme used by SunATM devices`}, + LinkTypeIEEE802_11_RADIOTAP: {Sym: "ieee802_11_radiotap", Description: `Radiotap link-layer information followed by an 802.11 header`}, + LinkTypeARCNET_LINUX: {Sym: "arcnet_linux", Description: `ARCNET Data Packets`}, + LinkTypeAPPLE_IP_OVER_IEEE1394: {Sym: "apple_ip_over_ieee1394", Description: `Apple IP-over-IEEE 1394 cooked header`}, + LinkTypeMTP2_WITH_PHDR: {Sym: "mtp2_with_phdr", Description: `Signaling System 7 Message Transfer Part Level 2`}, + LinkTypeMTP2: {Sym: "mtp2", Description: `Signaling System 7 Message Transfer Part Level 2`}, + LinkTypeMTP3: {Sym: "mtp3", Description: `Signaling System 7 Message Transfer Part Level 3`}, + LinkTypeSCCP: {Sym: "sccp", Description: `Signaling System 7 Signalling Connection Control Part`}, + LinkTypeDOCSIS: {Sym: "docsis", Description: `DOCSIS MAC frames`}, + LinkTypeLINUX_IRDA: {Sym: "linux_irda", Description: `Linux-IrDA packets, with a LINKTYPE_LINUX_IRDA header`}, + LinkTypeUSER0: {Sym: "user0", Description: `Reserved for private use`}, + LinkTypeUSER1: {Sym: "user0", Description: `Reserved for private use`}, + LinkTypeUSER2: {Sym: "user0", Description: `Reserved for private use`}, + LinkTypeUSER3: {Sym: "user0", Description: `Reserved for private use`}, + LinkTypeUSER4: {Sym: "user0", Description: `Reserved for private use`}, + LinkTypeUSER5: {Sym: "user0", Description: `Reserved for private use`}, + LinkTypeUSER6: {Sym: "user0", Description: `Reserved for private use`}, + LinkTypeUSER7: {Sym: "user0", Description: `Reserved for private use`}, + LinkTypeUSER8: {Sym: "user0", Description: `Reserved for private use`}, + LinkTypeUSER9: {Sym: "user0", Description: `Reserved for private use`}, + LinkTypeUSER10: {Sym: "user0", Description: `Reserved for private use`}, + LinkTypeUSER11: {Sym: "user0", Description: `Reserved for private use`}, + LinkTypeUSER12: {Sym: "user0", Description: `Reserved for private use`}, + LinkTypeUSER13: {Sym: "user0", Description: `Reserved for private use`}, + LinkTypeUSER14: {Sym: "user0", Description: `Reserved for private use`}, + LinkTypeUSER15: {Sym: "user0", Description: `Reserved for private use`}, + LinkTypeIEEE802_11_AVS: {Sym: "ieee802_11_avs", Description: `AVS monitor mode information followed by an 802.11 header`}, + LinkTypeBACNET_MS_TP: {Sym: "bacnet_ms_tp", Description: `BACnet MS/TP frames`}, + LinkTypePPP_PPPD: {Sym: "ppp_pppd", Description: `PPP in HDLC-like encapsulation, like LINKTYPE_PPP_HDLC`}, + LinkTypeGPRS_LLC: {Sym: "gprs_llc", Description: `General Packet Radio Service Logical Link Control, as defined by 3GPP TS 04.64`}, + LinkTypeGPF_T: {Sym: "gpf_t", Description: `Transparent-mapped generic framing procedure`}, + LinkTypeGPF_F: {Sym: "gpf_f", Description: `Frame-mapped generic framing procedure`}, + LinkTypeLINUX_LAPD: {Sym: "linux_lapd", Description: `Link Access Procedures on the D Channel (LAPD) frames`}, + LinkTypeMFR: {Sym: "mfr", Description: `FRF.16.1 Multi-Link Frame Relay frames, beginning with an FRF.12 Interface fragmentation format fragmentation header`}, + LinkTypeBLUETOOTH_HCI_H4: {Sym: "bluetooth_hci_h4", Description: `Bluetooth HCI UART transport layer`}, + LinkTypeUSB_LINUX: {Sym: "usb_linux", Description: `USB packets, beginning with a Linux USB header`}, + LinkTypePPI: {Sym: "ppi", Description: `Per-Packet Information information`}, + LinkTypeIEEE802_15_4_WITHFCS: {Sym: "ieee802_15_4_withfcs", Description: `IEEE 802.15.4 Low-Rate Wireless Networks, with each packet having the FCS at the end of the frame`}, + LinkTypeSITA: {Sym: "sita", Description: `Various link-layer types, with a pseudo-header, for SITA`}, + LinkTypeERF: {Sym: "erf", Description: `Various link-layer types, with a pseudo-header, for Endace DAG cards`}, + LinkTypeBLUETOOTH_HCI_H4_WITH_PHDR: {Sym: "bluetooth_hci_h4_with_phdr", Description: `Bluetooth HCI UART transport layer`}, + LinkTypeAX25_KISS: {Sym: "ax25_kiss", Description: `AX.25 packet, with a 1-byte KISS header containing a type indicator`}, + LinkTypeLAPD: {Sym: "lapd", Description: `Link Access Procedures on the D Channel (LAPD) frames`}, + LinkTypePPP_WITH_DIR: {Sym: "ppp_with_dir", Description: `PPP, as per RFC 1661 and RFC 1662`}, + LinkTypeC_HDLC_WITH_DIR: {Sym: "c_hdlc_with_dir", Description: `Cisco PPP with HDLC framing`}, + LinkTypeFRELAY_WITH_DIR: {Sym: "frelay_with_dir", Description: `Frame Relay LAPF frames`}, + LinkTypeLAPB_WITH_DIR: {Sym: "lapb_with_dir", Description: `Link Access Procedure, Balanced (LAPB)`}, + LinkTypeIPMB_LINUX: {Sym: "ipmb_linux", Description: `IPMB over an I2C circuit, with a Linux-specific pseudo-header`}, + LinkTypeFLEXRAY: {Sym: "flexray", Description: `FlexRay automotive bus frames or symbols, preceded by a pseudo-header`}, + LinkTypeLIN: {Sym: "lin", Description: `Local Interconnect Network (LIN) automotive bus, preceded by a pseudo-header`}, + LinkTypeIEEE802_15_4_NONASK_PHY: {Sym: "ieee802_15_4_nonask_phy", Description: `IEEE 802.15.4 Low-Rate Wireless Networks`}, + LinkTypeUSB_LINUX_MMAPPED: {Sym: "usb_linux_mmapped", Description: `USB packets, beginning with a Linux USB header`}, + LinkTypeFC_2: {Sym: "fc_2", Description: `Fibre Channel FC-2 frames, beginning with a Frame_Header`}, + LinkTypeFC_2_WITH_FRAME_DELIMS: {Sym: "fc_2_with_frame_delims", Description: `Fibre Channel FC-2 frames, beginning an encoding of the SOF, followed by a Frame_Header, and ending with an encoding of the SOF`}, + LinkTypeIPNET: {Sym: "ipnet", Description: `Solaris ipnet pseudo-header, followed by an IPv4 or IPv6 datagram`}, + LinkTypeCAN_SOCKETCAN: {Sym: "can_socketcan", Description: `CAN (Controller Area Network) frames, with a pseudo-header followed by the frame payload`}, + LinkTypeIPV4: {Sym: "ipv4", Description: `Raw IPv4`}, + LinkTypeIPV6: {Sym: "ipv6", Description: `Raw IPv6`}, + LinkTypeIEEE802_15_4_NOFCS: {Sym: "ieee802_15_4_nofcs", Description: `IEEE 802.15.4 Low-Rate Wireless Network, without the FCS at the end of the frame`}, + LinkTypeDBUS: {Sym: "dbus", Description: `Raw D-Bus messages`}, + LinkTypeDVB_CI: {Sym: "dvb_ci", Description: `DVB-CI (DVB Common Interface for communication between a PC Card module and a DVB receiver)`}, + LinkTypeMUX27010: {Sym: "mux27010", Description: `Variant of 3GPP TS 27.010 multiplexing protocol (similar to, but not the same as, 27.010)`}, + LinkTypeSTANAG_5066_D_PDU: {Sym: "stanag_5066_d_pdu", Description: `D_PDUs as described by NATO standard STANAG 5066`}, + LinkTypeNFLOG: {Sym: "nflog", Description: `Linux netlink NETLINK NFLOG socket log messages`}, + LinkTypeNETANALYZER: {Sym: "netanalyzer", Description: `Pseudo-header for Hilscher Gesellschaft für Systemautomation mbH netANALYZER devices`}, + LinkTypeNETANALYZER_TRANSPARENT: {Sym: "netanalyzer_transparent", Description: `Pseudo-header for Hilscher Gesellschaft für Systemautomation mbH netANALYZER devices`}, + LinkTypeIPOIB: {Sym: "ipoib", Description: `IP-over-InfiniBand`}, + LinkTypeMPEG_2_TS: {Sym: "mpeg_2_ts", Description: `MPEG-2 Transport Stream transport packets`}, + LinkTypeNG40: {Sym: "ng40", Description: `Pseudo-header for ng4T GmbH's UMTS Iub/Iur-over-ATM and Iub/Iur-over-IP forma`}, + LinkTypeNFC_LLCP: {Sym: "nfc_llcp", Description: `Pseudo-header for NFC LLCP packet captures, followed by frame data for the LLCP Protocol as specified by NFCForum-TS-LLCP_1.1`}, + LinkTypeINFINIBAND: {Sym: "infiniband", Description: `Raw InfiniBand frames`}, + LinkTypeSCTP: {Sym: "sctp", Description: `SCTP packets, as defined by RFC 4960, with no lower-level protocols such as IPv4 or IPv6`}, + LinkTypeUSBPCAP: {Sym: "usbpcap", Description: `USB packets, beginning with a USBPcap header`}, + LinkTypeRTAC_SERIAL: {Sym: "rtac_serial", Description: `Serial-line packet header for the Schweitzer Engineering Laboratories "RTAC" product`}, + LinkTypeBLUETOOTH_LE_LL: {Sym: "bluetooth_le_ll", Description: `Bluetooth Low Energy air interface Link Layer packets`}, + LinkTypeNETLINK: {Sym: "netlink", Description: `Linux Netlink capture encapsulation`}, + LinkTypeBLUETOOTH_LINUX_MONITOR: {Sym: "bluetooth_linux_monitor", Description: `Bluetooth Linux Monitor encapsulation of traffic for the BlueZ stack`}, + LinkTypeBLUETOOTH_BREDR_BB: {Sym: "bluetooth_bredr_bb", Description: `Bluetooth Basic Rate and Enhanced Data Rate baseband packets`}, + LinkTypeBLUETOOTH_LE_LL_WITH_PHDR: {Sym: "bluetooth_le_ll_with_phdr", Description: `Bluetooth Low Energy link-layer packets`}, + LinkTypePROFIBUS_DL: {Sym: "profibus_dl", Description: `PROFIBUS data link layer packets`}, + LinkTypePKTAP: {Sym: "pktap", Description: `Apple PKTAP capture encapsulation`}, + LinkTypeEPON: {Sym: "epon", Description: `Ethernet-over-passive-optical-network packets`}, + LinkTypeIPMI_HPM_2: {Sym: "ipmi_hpm_2", Description: `IPMI trace packets`}, + LinkTypeZWAVE_R1_R2: {Sym: "zwave_r1_r2", Description: `Z-Wave RF profile R1 and R2 packets`}, + LinkTypeZWAVE_R3: {Sym: "zwave_r3", Description: `Z-Wave RF profile R3 packets`}, + LinkTypeWATTSTOPPER_DLM: {Sym: "wattstopper_dlm", Description: `Formats for WattStopper Digital Lighting Management (DLM) and Legrand Nitoo Open protocol common packet structure captures`}, + LinkTypeISO_14443: {Sym: "iso_14443", Description: `Messages between ISO 14443 contactless smartcards (Proximity Integrated Circuit Card, PICC) and card readers (Proximity Coupling Device, PCD), with the message format specified by the PCAP format for ISO14443 specification`}, + LinkTypeRDS: {Sym: "rds", Description: `Radio data system (RDS) groups, as per IEC 62106, encapsulated in this form`}, + LinkTypeUSB_DARWIN: {Sym: "usb_darwin", Description: `USB packets, beginning with a Darwin (macOS, etc.) USB header`}, + LinkTypeSDLC: {Sym: "sdlc", Description: `SDLC packets`}, + LinkTypeLORATAP: {Sym: "loratap", Description: `LoRaTap pseudo-header, followed by the payload, which is typically the PHYPayload from the LoRaWan specification`}, + LinkTypeVSOCK: {Sym: "vsock", Description: `Protocol for communication between host and guest machines in VMware and KVM hypervisors`}, + LinkTypeNORDIC_BLE: {Sym: "nordic_ble", Description: `Messages to and from a Nordic Semiconductor nRF Sniffer for Bluetooth LE packets, beginning with a pseudo-header`}, + LinkTypeDOCSIS31_XRA31: {Sym: "docsis31_xra31", Description: `DOCSIS packets and bursts, preceded by a pseudo-header giving metadata about the packet`}, + LinkTypeETHERNET_MPACKET: {Sym: "ethernet_mpacket", Description: `mPackets`}, + LinkTypeDISPLAYPORT_AUX: {Sym: "displayport_aux", Description: `DisplayPort AUX channel monitoring data as specified by VESA DisplayPort(DP) Standard preceded by a pseudo-header`}, + LinkTypeLINUX_SLL2: {Sym: "linux_sll2", Description: `Linux "cooked" capture encapsulation v2`}, + LinkTypeOPENVIZSLA: {Sym: "openvizsla", Description: `Openvizsla FPGA-based USB sniffer`}, + LinkTypeEBHSCR: {Sym: "ebhscr", Description: `Elektrobit High Speed Capture and Replay (EBHSCR) format`}, + LinkTypeVPP_DISPATCH: {Sym: "vpp_dispatch", Description: `Records in traces from the http://fd.io VPP graph dispatch tracer`}, + LinkTypeDSA_TAG_BRCM: {Sym: "dsa_tag_brcm", Description: `Ethernet frames, with a switch tag inserted between the source address field and the type/length field in the Ethernet header`}, + LinkTypeDSA_TAG_BRCM_PREPEND: {Sym: "dsa_tag_brcm_prepend", Description: `Ethernet frames, with a switch tag inserted before the destination address in the Ethernet header`}, + LinkTypeIEEE802_15_4_TAP: {Sym: "ieee802_15_4_tap", Description: `IEEE 802.15.4 Low-Rate Wireless Networks, with a pseudo-header containing TLVs with metadata preceding the 802.15.4 header`}, + LinkTypeDSA_TAG_DSA: {Sym: "dsa_tag_dsa", Description: `Ethernet frames, with a switch tag inserted between the source address field and the type/length field in the Ethernet header`}, + LinkTypeDSA_TAG_EDSA: {Sym: "dsa_tag_edsa", Description: `Ethernet frames, with a programmable Ethernet type switch tag`}, + LinkTypeELEE: {Sym: "elee", Description: `Payload of lawful intercept packets using the ELEE protocol. The packet begins with the ELEE header`}, + LinkTypeZ_WAVE_SERIAL: {Sym: "z_wave_serial", Description: `Serial frames transmitted between a host and a Z-Wave chip over an RS-232 or USB serial connection`}, + LinkTypeUSB_2_0: {Sym: "usb_2_0", Description: `USB 2.0, 1.1, or 1.0 packet, beginning with a PID`}, + LinkTypeATSC_ALP: {Sym: "atsc_alp", Description: `ATSC Link-Layer Protocol frames`}, + LinkTypeETW: {Sym: "etw", Description: `Event Tracing for Windows messages, beginning with a pseudo-header`}, +} + +const ( + EtherTypeIPv4 = 0x0800 +) + +// from https://en.wikipedia.org/wiki/EtherType +// TODO: cleanup +var EtherTypeMap = decode.UToScalar{ + EtherTypeIPv4: {Sym: "ipv4", Description: `Internet Protocol version 4`}, + 0x0806: {Sym: "arp", Description: `Address Resolution Protocol`}, + 0x0842: {Sym: "wake", Description: `Wake-on-LAN[9]`}, + 0x22f0: {Sym: "audio", Description: `Audio Video Transport Protocol`}, + 0x22f3: {Sym: "trill", Description: `IETF TRILL Protocol`}, + 0x22ea: {Sym: "srp", Description: `Stream Reservation Protocol`}, + 0x6002: {Sym: "dec", Description: `DEC MOP RC`}, + 0x6003: {Sym: "decnet", Description: `DECnet Phase IV, DNA Routing`}, + 0x6004: {Sym: "declat", Description: `DEC LAT`}, + 0x8035: {Sym: "Reverse", Description: `Reverse Address Resolution Protocol`}, + 0x809b: {Sym: "appletalk", Description: `AppleTalk`}, + 0x80f3: {Sym: "appletalk_arp", Description: `AppleTalk Address Resolution Protocol`}, + 0x8100: {Sym: "vlan", Description: `VLAN-tagged (IEEE 802.1Q)`}, + 0x8102: {Sym: "slpp", Description: `Simple Loop Prevention Protocol`}, + 0x8103: {Sym: "vlacp", Description: `Virtual Link Aggregation Control Protocol`}, + 0x8137: {Sym: "ipx", Description: `IPX`}, + 0x8204: {Sym: "qnx", Description: `QNX Qnet`}, + 0x86dd: {Sym: "ipv6", Description: `Internet Protocol Version 6`}, + 0x8808: {Sym: "flow_control", Description: `Ethernet flow control`}, + 0x8809: {Sym: "lacp", Description: `Ethernet Slow Protocols] such as the Link Aggregation Control Protocol`}, + 0x8819: {Sym: "cobranet", Description: `CobraNet`}, + 0x8847: {Sym: "mpls", Description: `MPLS unicast`}, + 0x8848: {Sym: "mpls", Description: `MPLS multicast`}, + 0x8863: {Sym: "pppoe_discovery", Description: `PPPoE Discovery Stage`}, + 0x8864: {Sym: "pppoe_session", Description: `PPPoE Session Stage`}, + 0x887b: {Sym: "homeplug", Description: `HomePlug 1.0 MME`}, + 0x888e: {Sym: "eap", Description: `EAP over LAN (IEEE 802.1X)`}, + 0x8892: {Sym: "profinet", Description: `PROFINET Protocol`}, + 0x889a: {Sym: "hyperscsi", Description: `HyperSCSI (SCSI over Ethernet)`}, + 0x88a2: {Sym: "ata", Description: `ATA over Ethernet`}, + 0x88a4: {Sym: "ethercat", Description: `EtherCAT Protocol`}, + 0x88a8: {Sym: "service", Description: `Service VLAN tag identifier (S-Tag) on Q-in-Q tunnel`}, + 0x88ab: {Sym: "ethernet", Description: `Ethernet Powerlink`}, + 0x88b8: {Sym: "goose", Description: `GOOSE (Generic Object Oriented Substation event)`}, + 0x88b9: {Sym: "gse", Description: `GSE (Generic Substation Events) Management Services`}, + 0x88ba: {Sym: "sv", Description: `SV (Sampled Value Transmission)`}, + 0x88bf: {Sym: "mikrotik", Description: `MikroTik RoMON (unofficial)`}, + 0x88cc: {Sym: "link", Description: `Link Layer Discovery Protocol (LLDP)`}, + 0x88cd: {Sym: "sercos", Description: `SERCOS III`}, + 0x88e1: {Sym: "homeplug", Description: `HomePlug Green PHY`}, + 0x88e3: {Sym: "media", Description: `Media Redundancy Protocol (IEC62439-2)`}, + 0x88e5: {Sym: "ieee", Description: `IEEE 802.1AE MAC security (MACsec)`}, + 0x88e7: {Sym: "provider", Description: `Provider Backbone Bridges (PBB) (IEEE 802.1ah)`}, + 0x88f7: {Sym: "precision", Description: `Precision Time Protocol (PTP) over IEEE 802.3 Ethernet`}, + 0x88f8: {Sym: "nc", Description: `NC-SI`}, + 0x88fb: {Sym: "parallel", Description: `Parallel Redundancy Protocol (PRP)`}, + 0x8902: {Sym: "ieee", Description: `IEEE 802.1ag Connectivity Fault Management (CFM) Protocol / ITU-T Recommendation Y.1731 (OAM)`}, + 0x8906: {Sym: "fibre", Description: `Fibre Channel over Ethernet (FCoE)`}, + 0x8914: {Sym: "fcoe", Description: `FCoE Initialization Protocol`}, + 0x8915: {Sym: "rdma", Description: `RDMA over Converged Ethernet (RoCE)`}, + 0x891d: {Sym: "ttethernet", Description: `TTEthernet Protocol Control Frame (TTE)`}, + 0x893a: {Sym: "1905", Description: `1905.1 IEEE Protocol`}, + 0x892f: {Sym: "high", Description: `High-availability Seamless Redundancy (HSR)`}, + 0x9000: {Sym: "ethernet", Description: `Ethernet Configuration Testing Protocol[12]`}, + 0xf1c1: {Sym: "redundancy", Description: `Redundancy Tag (IEEE 802.1CB Frame Replication and Elimination for Reliability)`}, +} + +// based on etc/protocols from Darwin/FreeBSD +// cat /etc/protocols | grep -v '^#' | jq -rR 'capture("(?[\\w\\d-]+)\\s+(?\\d+)\\s+.*#\\s+(?.*)") | "\(.nr): {Sym: \(.name|tojson), Description: \(.desc|tojson)},"' + +const ( + IPv4ProtocolICMP = 1 + IPv4ProtocolIGMP = 2 + IPv4ProtocolTCP = 6 + IPv4ProtocolUDP = 17 +) + +var IPv4ProtocolMap = decode.UToScalar{ + 0: {Sym: "ip", Description: "Internet protocol, pseudo protocol number"}, + IPv4ProtocolICMP: {Sym: "icmp", Description: "Internet control message protocol"}, + IPv4ProtocolIGMP: {Sym: "igmp", Description: "Internet group management protocol"}, + 3: {Sym: "ggp", Description: "Gateway-gateway protocol"}, + 4: {Sym: "ipencap", Description: "IP encapsulated in IP"}, + 5: {Sym: "st2", Description: "ST2 datagram mode"}, + IPv4ProtocolTCP: {Sym: "tcp", Description: "Transmission control protocol"}, + 7: {Sym: "cbt"}, + 8: {Sym: "egp", Description: "Exterior gateway protocol"}, + 9: {Sym: "igp", Description: "Any private interior gateway"}, + 10: {Sym: "bbn-rcc", Description: "BBN RCC Monitoring"}, + 11: {Sym: "nvp", Description: "Network Voice Protocol"}, + 12: {Sym: "pup", Description: "PARC universal packet protocol"}, + 13: {Sym: "argus", Description: "ARGUS"}, + 14: {Sym: "emcon", Description: "EMCON"}, + 15: {Sym: "xnet", Description: "Cross Net Debugger"}, + 16: {Sym: "chaos", Description: "Chaos"}, + IPv4ProtocolUDP: {Sym: "udp", Description: "User datagram protocol"}, + 18: {Sym: "mux", Description: "Multiplexing protocol"}, + 19: {Sym: "dcn", Description: "DCN Measurement Subsystems"}, + 20: {Sym: "hmp", Description: "Host monitoring protocol"}, + 21: {Sym: "prm", Description: "Packet radio measurement protocol"}, + 22: {Sym: "xns-idp", Description: "Xerox NS IDP"}, + 23: {Sym: "trunk-1", Description: "Trunk-1"}, + 24: {Sym: "trunk-2", Description: "Trunk-2"}, + 25: {Sym: "leaf-1", Description: "Leaf-1"}, + 26: {Sym: "leaf-2", Description: "Leaf-2"}, + 27: {Sym: "rdp", Description: "Reliable datagram protocol"}, + 28: {Sym: "irtp", Description: "Internet Reliable Transaction Protocol"}, + 29: {Sym: "iso-tp4", Description: "ISO Transport Protocol Class 4"}, + 30: {Sym: "netblt", Description: "Bulk Data Transfer Protocol"}, + 31: {Sym: "mfe-nsp", Description: "MFE Network Services Protocol"}, + 32: {Sym: "merit-inp", Description: "MERIT Internodal Protocol"}, + 33: {Sym: "dccp", Description: "Datagram Congestion Control Protocol"}, + 34: {Sym: "3pc", Description: "Third Party Connect Protocol"}, + 35: {Sym: "idpr", Description: "Inter-Domain Policy Routing Protocol"}, + 36: {Sym: "xtp", Description: "Xpress Tranfer Protocol"}, + 37: {Sym: "ddp", Description: "Datagram Delivery Protocol"}, + 38: {Sym: "idpr-cmtp", Description: "IDPR Control Message Transport Proto"}, + 40: {Sym: "il", Description: "IL Transport Protocol"}, + 41: {Sym: "ipv6", Description: "IPv6"}, + 42: {Sym: "sdrp", Description: "Source Demand Routing Protocol"}, + 43: {Sym: "ipv6-route", Description: "routing header for ipv6"}, + 44: {Sym: "ipv6-frag", Description: "fragment header for ipv6"}, + 45: {Sym: "idrp", Description: "Inter-Domain Routing Protocol"}, + 46: {Sym: "rsvp", Description: "Resource ReSerVation Protocol"}, + 47: {Sym: "gre", Description: "Generic Routing Encapsulation"}, + 48: {Sym: "dsr", Description: "Dynamic Source Routing Protocol"}, + 49: {Sym: "bna", Description: "BNA"}, + 50: {Sym: "esp", Description: "encapsulating security payload"}, + 51: {Sym: "ah", Description: "authentication header"}, + 52: {Sym: "i-nlsp", Description: "Integrated Net Layer Security TUBA"}, + 53: {Sym: "swipe", Description: "IP with Encryption"}, + 54: {Sym: "narp", Description: "NBMA Address Resolution Protocol"}, + 55: {Sym: "mobile", Description: "IP Mobility"}, + 56: {Sym: "tlsp", Description: "Transport Layer Security Protocol"}, + 57: {Sym: "skip", Description: "SKIP"}, + 58: {Sym: "ipv6-icmp", Description: "ICMP for IPv6"}, + 59: {Sym: "ipv6-nonxt", Description: "no next header for ipv6"}, + 60: {Sym: "ipv6-opts", Description: "destination options for ipv6"}, + 62: {Sym: "cftp", Description: "CFTP"}, + 64: {Sym: "sat-expak", Description: "SATNET and Backroom EXPAK"}, + 65: {Sym: "kryptolan", Description: "Kryptolan"}, + 66: {Sym: "rvd", Description: "MIT Remote Virtual Disk Protocol"}, + 67: {Sym: "ippc", Description: "Internet Pluribus Packet Core"}, + 69: {Sym: "sat-mon", Description: "SATNET Monitoring"}, + 70: {Sym: "visa", Description: "VISA Protocol"}, + 71: {Sym: "ipcv", Description: "Internet Packet Core Utility"}, + 72: {Sym: "cpnx", Description: "Computer Protocol Network Executive"}, + 73: {Sym: "cphb", Description: "Computer Protocol Heart Beat"}, + 74: {Sym: "wsn", Description: "Wang Span Network"}, + 75: {Sym: "pvp", Description: "Packet Video Protocol"}, + 76: {Sym: "br-sat-mon", Description: "Backroom SATNET Monitoring"}, + 77: {Sym: "sun-nd", Description: "SUN ND PROTOCOL-Temporary"}, + 78: {Sym: "wb-mon", Description: "WIDEBAND Monitoring"}, + 79: {Sym: "wb-expak", Description: "WIDEBAND EXPAK"}, + 80: {Sym: "iso-ip", Description: "ISO Internet Protocol"}, + 81: {Sym: "vmtp", Description: "Versatile Message Transport"}, + 82: {Sym: "secure-vmtp", Description: "SECURE-VMTP"}, + 83: {Sym: "vines", Description: "VINES"}, + 84: {Sym: "ttp", Description: "TTP"}, + 85: {Sym: "nsfnet-igp", Description: "NSFNET-IGP"}, + 86: {Sym: "dgp", Description: "Dissimilar Gateway Protocol"}, + 87: {Sym: "tcf", Description: "TCF"}, + 88: {Sym: "eigrp", Description: "Enhanced Interior Routing Protocol (Cisco)"}, + 89: {Sym: "ospf", Description: "Open Shortest Path First IGP"}, + 90: {Sym: "sprite-rpc", Description: "Sprite RPC Protocol"}, + 91: {Sym: "larp", Description: "Locus Address Resolution Protocol"}, + 92: {Sym: "mtp", Description: "Multicast Transport Protocol"}, + 93: {Sym: "25", Description: "AX.25 Frames"}, + 94: {Sym: "ipip", Description: "Yet Another IP encapsulation"}, + 95: {Sym: "micp", Description: "Mobile Internetworking Control Pro"}, + 96: {Sym: "scc-sp", Description: "Semaphore Communications Sec. Pro"}, + 97: {Sym: "etherip", Description: "Ethernet-within-IP Encapsulation"}, + 98: {Sym: "encap", Description: "Yet Another IP encapsulation"}, + 100: {Sym: "gmtp", Description: "GMTP"}, + 101: {Sym: "ifmp", Description: "Ipsilon Flow Management Protocol"}, + 102: {Sym: "pnni", Description: "PNNI over IP"}, + 103: {Sym: "pim", Description: "Protocol Independent Multicast"}, + 104: {Sym: "aris", Description: "ARIS"}, + 105: {Sym: "scps", Description: "SCPS"}, + 106: {Sym: "qnx", Description: "QNX"}, + 107: {Sym: "n", Description: "Active Networks"}, + 108: {Sym: "ipcomp", Description: "IP Payload Compression Protocol"}, + 109: {Sym: "snp", Description: "Sitara Networks Protocol"}, + 110: {Sym: "compaq-peer", Description: "Compaq Peer Protocol"}, + 111: {Sym: "ipx-in-ip", Description: "IPX in IP"}, + 112: {Sym: "carp", Description: "Common Address Redundancy Protocol"}, + 113: {Sym: "pgm", Description: "PGM Reliable Transport Protocol"}, + 115: {Sym: "l2tp", Description: "Layer Two Tunneling Protocol"}, + 116: {Sym: "ddx", Description: "D-II Data Exchange"}, + 117: {Sym: "iatp", Description: "Interactive Agent Transfer Protocol"}, + 118: {Sym: "stp", Description: "Schedule Transfer Protocol"}, + 119: {Sym: "srp", Description: "SpectraLink Radio Protocol"}, + 120: {Sym: "uti", Description: "UTI"}, + 121: {Sym: "smp", Description: "Simple Message Protocol"}, + 122: {Sym: "sm", Description: "SM"}, + 123: {Sym: "ptp", Description: "Performance Transparency Protocol"}, + 124: {Sym: "isis", Description: "ISIS over IPv4"}, + 126: {Sym: "crtp", Description: "Combat Radio Transport Protocol"}, + 127: {Sym: "crudp", Description: "Combat Radio User Datagram"}, + 130: {Sym: "sps", Description: "Secure Packet Shield"}, + 131: {Sym: "pipe", Description: "Private IP Encapsulation within IP"}, + 132: {Sym: "sctp", Description: "Stream Control Transmission Protocol"}, + 133: {Sym: "fc", Description: "Fibre Channel"}, + 134: {Sym: "rsvp-e2e-ignore", Description: "Aggregation of RSVP for IP reservations"}, + 135: {Sym: "mobility-header", Description: "Mobility Support in IPv6"}, + 136: {Sym: "udplite", Description: "The UDP-Lite Protocol"}, + 137: {Sym: "mpls-in-ip", Description: "Encapsulating MPLS in IP"}, + 138: {Sym: "manet", Description: "MANET Protocols (RFC5498)"}, + 139: {Sym: "hip", Description: "Host Identity Protocol (RFC5201)"}, + 140: {Sym: "shim6", Description: "Shim6 Protocol (RFC5533)"}, + 141: {Sym: "wesp", Description: "Wrapped Encapsulating Security Payload (RFC5840)"}, + 142: {Sym: "rohc", Description: "Robust Header Compression (RFC5858)"}, + 240: {Sym: "pfsync", Description: "PF Synchronization"}, + 258: {Sym: "divert", Description: "Divert pseudo-protocol [non IANA]"}, +} + +// based on etc/services from Darwin/FreeBSD +// cat /etc/services | grep -v '^#' | jq -rR 'capture("(?[\\w\\d-]+)\\s+(?\\d+)/(?\\w+)\\s+.*#\\s+(?.*)") | select(.proto=="udp") | "\(.port): {Sym: \(.name|tojson), Description: \(.desc|tojson)},"' +// current truncated to < 1024 + +const ( + UDPPortDomain = 53 + UDPPortMDNS = 5353 +) + +var UDPPortMap = decode.UToScalar{ + 1: {Sym: "tcpmux", Description: "TCP Port Service Multiplexer"}, + 2: {Sym: "compressnet", Description: "Management Utility"}, + 3: {Sym: "compressnet", Description: "Compression Process"}, + 5: {Sym: "rje", Description: "Remote Job Entry"}, + 7: {Sym: "echo", Description: "Echo"}, + 9: {Sym: "discard", Description: "Discard"}, + 11: {Sym: "systat", Description: "Active Users"}, + 13: {Sym: "daytime", Description: "Daytime (RFC 867)"}, + 17: {Sym: "qotd", Description: "Quote of the Day"}, + 18: {Sym: "msp", Description: "Message Send Protocol"}, + 19: {Sym: "chargen", Description: "Character Generator"}, + 20: {Sym: "ftp-data", Description: "File Transfer [Default Data]"}, + 21: {Sym: "ftp", Description: "File Transfer [Control]"}, + 22: {Sym: "ssh", Description: "SSH Remote Login Protocol"}, + 23: {Sym: "telnet", Description: "Telnet"}, + 25: {Sym: "smtp", Description: "Simple Mail Transfer"}, + 27: {Sym: "nsw-fe", Description: "NSW User System FE"}, + 29: {Sym: "msg-icp", Description: "MSG ICP"}, + 31: {Sym: "msg-auth", Description: "MSG Authentication"}, + 33: {Sym: "dsp", Description: "Display Support Protocol"}, + 37: {Sym: "time", Description: "Time"}, + 38: {Sym: "rap", Description: "Route Access Protocol"}, + 39: {Sym: "rlp", Description: "Resource Location Protocol"}, + 41: {Sym: "graphics", Description: "Graphics"}, + 42: {Sym: "name", Description: "Host Name Server"}, + 44: {Sym: "mpm-flags", Description: "MPM FLAGS Protocol"}, + 45: {Sym: "mpm", Description: "Message Processing Module [recv]"}, + 46: {Sym: "mpm-snd", Description: "MPM [default send]"}, + 47: {Sym: "ni-ftp", Description: "NI FTP"}, + 48: {Sym: "auditd", Description: "Digital Audit Daemon"}, + 49: {Sym: "tacacs", Description: "Login Host Protocol (TACACS)"}, + 50: {Sym: "re-mail-ck", Description: "Remote Mail Checking Protocol"}, + 51: {Sym: "la-maint", Description: "IMP Logical Address Maintenance"}, + 52: {Sym: "xns-time", Description: "XNS Time Protocol"}, + UDPPortDomain: {Sym: "domain", Description: "Domain Name Server"}, + 54: {Sym: "xns-ch", Description: "XNS Clearinghouse"}, + 55: {Sym: "isi-gl", Description: "ISI Graphics Language"}, + 56: {Sym: "xns-auth", Description: "XNS Authentication"}, + 58: {Sym: "xns-mail", Description: "XNS Mail"}, + 61: {Sym: "ni-mail", Description: "NI MAIL"}, + 62: {Sym: "acas", Description: "ACA Services"}, + 64: {Sym: "covia", Description: "Communications Integrator (CI)"}, + 65: {Sym: "tacacs-ds", Description: "TACACS-Database Service"}, + 66: {Sym: "net", Description: "Oracle SQL*NET"}, + 67: {Sym: "bootps", Description: "Bootstrap Protocol Server"}, + 68: {Sym: "bootpc", Description: "Bootstrap Protocol Client"}, + 69: {Sym: "tftp", Description: "Trivial File Transfer"}, + 70: {Sym: "gopher", Description: "Gopher"}, + 71: {Sym: "netrjs-1", Description: "Remote Job Service"}, + 72: {Sym: "netrjs-2", Description: "Remote Job Service"}, + 73: {Sym: "netrjs-3", Description: "Remote Job Service"}, + 74: {Sym: "netrjs-4", Description: "Remote Job Service"}, + 76: {Sym: "deos", Description: "Distributed External Object Store"}, + 78: {Sym: "vettcp", Description: "vettcp"}, + 79: {Sym: "finger", Description: "Finger"}, + 80: {Sym: "http", Description: "World Wide Web HTTP"}, + 81: {Sym: "hosts2-ns", Description: "HOSTS2 Name Server"}, + 82: {Sym: "xfer", Description: "XFER Utility"}, + 83: {Sym: "mit-ml-dev", Description: "MIT ML Device"}, + 84: {Sym: "ctf", Description: "Common Trace Facility"}, + 85: {Sym: "mit-ml-dev", Description: "MIT ML Device"}, + 86: {Sym: "mfcobol", Description: "Micro Focus Cobol"}, + 88: {Sym: "kerberos", Description: "Kerberos"}, + 89: {Sym: "su-mit-tg", Description: "SU/MIT Telnet Gateway"}, + 90: {Sym: "dnsix", Description: "DNSIX Securit Attribute Token Map"}, + 91: {Sym: "mit-dov", Description: "MIT Dover Spooler"}, + 92: {Sym: "npp", Description: "Network Printing Protocol"}, + 93: {Sym: "dcp", Description: "Device Control Protocol"}, + 94: {Sym: "objcall", Description: "Tivoli Object Dispatcher"}, + 95: {Sym: "supdup", Description: "SUPDUP"}, + 96: {Sym: "dixie", Description: "DIXIE Protocol Specification"}, + 97: {Sym: "swift-rvf", Description: "Swift Remote Virtural File Protocol"}, + 98: {Sym: "tacnews", Description: "TAC News"}, + 99: {Sym: "metagram", Description: "Metagram Relay"}, + 101: {Sym: "hostname", Description: "NIC Host Name Server"}, + 102: {Sym: "iso-tsap", Description: "ISO-TSAP Class 0"}, + 103: {Sym: "gppitnp", Description: "Genesis Point-to-Point Trans Net"}, + 104: {Sym: "acr-nema", Description: "ACR-NEMA Digital Imag. & Comm. 300"}, + 105: {Sym: "cso", Description: "CCSO name server protocol"}, + 106: {Sym: "3com-tsmux", Description: "3COM-TSMUX"}, + 107: {Sym: "rtelnet", Description: "Remote Telnet Service"}, + 108: {Sym: "snagas", Description: "SNA Gateway Access Server"}, + 109: {Sym: "pop2", Description: "Post Office Protocol - Version 2"}, + 110: {Sym: "pop3", Description: "Post Office Protocol - Version 3"}, + 111: {Sym: "sunrpc", Description: "SUN Remote Procedure Call"}, + 112: {Sym: "mcidas", Description: "McIDAS Data Transmission Protocol"}, + 113: {Sym: "auth", Description: "Authentication Service"}, + 114: {Sym: "audionews", Description: "Audio News Multicast"}, + 115: {Sym: "sftp", Description: "Simple File Transfer Protocol"}, + 116: {Sym: "ansanotify", Description: "ANSA REX Notify"}, + 117: {Sym: "uucp-path", Description: "UUCP Path Service"}, + 118: {Sym: "sqlserv", Description: "SQL Services"}, + 119: {Sym: "nntp", Description: "Network News Transfer Protocol"}, + 120: {Sym: "cfdptkt", Description: "CFDPTKT"}, + 121: {Sym: "erpc", Description: "Encore Expedited Remote Pro.Call"}, + 122: {Sym: "smakynet", Description: "SMAKYNET"}, + 123: {Sym: "ntp", Description: "Network Time Protocol"}, + 124: {Sym: "ansatrader", Description: "ANSA REX Trader"}, + 125: {Sym: "locus-map", Description: "Locus PC-Interface Net Map Ser"}, + 126: {Sym: "nxedit", Description: "NXEdit"}, + 127: {Sym: "locus-con", Description: "Locus PC-Interface Conn Server"}, + 128: {Sym: "gss-xlicen", Description: "GSS X License Verification"}, + 129: {Sym: "pwdgen", Description: "Password Generator Protocol"}, + 130: {Sym: "cisco-fna", Description: "cisco FNATIVE"}, + 131: {Sym: "cisco-tna", Description: "cisco TNATIVE"}, + 132: {Sym: "cisco-sys", Description: "cisco SYSMAINT"}, + 133: {Sym: "statsrv", Description: "Statistics Service"}, + 134: {Sym: "ingres-net", Description: "INGRES-NET Service"}, + 135: {Sym: "epmap", Description: "DCE endpoint resolution"}, + 136: {Sym: "profile", Description: "PROFILE Naming System"}, + 137: {Sym: "netbios-ns", Description: "NETBIOS Name Service"}, + 138: {Sym: "netbios-dgm", Description: "NETBIOS Datagram Service"}, + 139: {Sym: "netbios-ssn", Description: "NETBIOS Session Service"}, + 140: {Sym: "emfis-data", Description: "EMFIS Data Service"}, + 141: {Sym: "emfis-cntl", Description: "EMFIS Control Service"}, + 142: {Sym: "bl-idm", Description: "Britton-Lee IDM"}, + 143: {Sym: "imap", Description: "Internet Message Access Protocol"}, + 144: {Sym: "uma", Description: "Universal Management Architecture"}, + 145: {Sym: "uaac", Description: "UAAC Protocol"}, + 146: {Sym: "iso-tp0", Description: "ISO-IP0"}, + 147: {Sym: "iso-ip", Description: "ISO-IP"}, + 148: {Sym: "jargon", Description: "Jargon"}, + 149: {Sym: "aed-512", Description: "AED 512 Emulation Service"}, + 150: {Sym: "sql-net", Description: "SQL-NET"}, + 151: {Sym: "hems", Description: "HEMS"}, + 152: {Sym: "bftp", Description: "Background File Transfer Program"}, + 153: {Sym: "sgmp", Description: "SGMP"}, + 154: {Sym: "netsc-prod", Description: "NETSC"}, + 155: {Sym: "netsc-dev", Description: "NETSC"}, + 156: {Sym: "sqlsrv", Description: "SQL Service"}, + 157: {Sym: "knet-cmp", Description: "KNET/VM Command/Message Protocol"}, + 158: {Sym: "pcmail-srv", Description: "PCMail Server"}, + 159: {Sym: "nss-routing", Description: "NSS-Routing"}, + 160: {Sym: "sgmp-traps", Description: "SGMP-TRAPS"}, + 161: {Sym: "snmp", Description: "SNMP"}, + 162: {Sym: "snmptrap", Description: "SNMPTRAP"}, + 163: {Sym: "cmip-man", Description: "CMIP/TCP Manager"}, + 164: {Sym: "cmip-agent", Description: "CMIP/TCP Agent"}, + 165: {Sym: "xns-courier", Description: "Xerox"}, + 166: {Sym: "s-net", Description: "Sirius Systems"}, + 167: {Sym: "namp", Description: "NAMP"}, + 168: {Sym: "rsvd", Description: "RSVD"}, + 169: {Sym: "send", Description: "SEND"}, + 170: {Sym: "print-srv", Description: "Network PostScript"}, + 171: {Sym: "multiplex", Description: "Network Innovations Multiplex"}, + 172: {Sym: "1", Description: "Network Innovations CL/1"}, + 173: {Sym: "xyplex-mux", Description: "Xyplex"}, + 174: {Sym: "mailq", Description: "MAILQ"}, + 175: {Sym: "vmnet", Description: "VMNET"}, + 176: {Sym: "genrad-mux", Description: "GENRAD-MUX"}, + 177: {Sym: "xdmcp", Description: "X Display Manager Control Protocol"}, + 178: {Sym: "nextstep", Description: "NextStep Window Server"}, + 179: {Sym: "bgp", Description: "Border Gateway Protocol"}, + 180: {Sym: "ris", Description: "Intergraph"}, + 181: {Sym: "unify", Description: "Unify"}, + 182: {Sym: "audit", Description: "Unisys Audit SITP"}, + 183: {Sym: "ocbinder", Description: "OCBinder"}, + 184: {Sym: "ocserver", Description: "OCServer"}, + 185: {Sym: "remote-kis", Description: "Remote-KIS"}, + 186: {Sym: "kis", Description: "KIS Protocol"}, + 187: {Sym: "aci", Description: "Application Communication Interface"}, + 188: {Sym: "mumps", Description: "Plus Five's MUMPS"}, + 189: {Sym: "qft", Description: "Queued File Transport"}, + 190: {Sym: "gacp", Description: "Gateway Access Control Protocol"}, + 191: {Sym: "prospero", Description: "Prospero Directory Service"}, + 192: {Sym: "osu-nms", Description: "OSU Network Monitoring System"}, + 193: {Sym: "srmp", Description: "Spider Remote Monitoring Protocol"}, + 194: {Sym: "irc", Description: "Internet Relay Chat Protocol"}, + 195: {Sym: "dn6-nlm-aud", Description: "DNSIX Network Level Module Audit"}, + 196: {Sym: "dn6-smm-red", Description: "DNSIX Session Mgt Module Audit Redir"}, + 197: {Sym: "dls", Description: "Directory Location Service"}, + 198: {Sym: "dls-mon", Description: "Directory Location Service Monitor"}, + 199: {Sym: "smux", Description: "SMUX"}, + 200: {Sym: "src", Description: "IBM System Resource Controller"}, + 201: {Sym: "at-rtmp", Description: "AppleTalk Routing Maintenance"}, + 202: {Sym: "at-nbp", Description: "AppleTalk Name Binding"}, + 203: {Sym: "at-3", Description: "AppleTalk Unused"}, + 204: {Sym: "at-echo", Description: "AppleTalk Echo"}, + 205: {Sym: "at-5", Description: "AppleTalk Unused"}, + 206: {Sym: "at-zis", Description: "AppleTalk Zone Information"}, + 207: {Sym: "at-7", Description: "AppleTalk Unused"}, + 208: {Sym: "at-8", Description: "AppleTalk Unused"}, + 209: {Sym: "qmtp", Description: "The Quick Mail Transfer Protocol"}, + 210: {Sym: "50", Description: "ANSI Z39.50"}, + 211: {Sym: "g", Description: "Texas Instruments 914C/G Terminal"}, + 212: {Sym: "anet", Description: "ATEXSSTR"}, + 213: {Sym: "ipx", Description: "IPX"}, + 214: {Sym: "vmpwscs", Description: "VM PWSCS"}, + 215: {Sym: "softpc", Description: "Insignia Solutions"}, + 216: {Sym: "CAIlic", Description: "Computer Associates Int'l License Server"}, + 217: {Sym: "dbase", Description: "dBASE Unix"}, + 218: {Sym: "mpp", Description: "Netix Message Posting Protocol"}, + 219: {Sym: "uarps", Description: "Unisys ARPs"}, + 220: {Sym: "imap3", Description: "Interactive Mail Access Protocol v3"}, + 221: {Sym: "fln-spx", Description: "Berkeley rlogind with SPX auth"}, + 222: {Sym: "rsh-spx", Description: "Berkeley rshd with SPX auth"}, + 223: {Sym: "cdc", Description: "Certificate Distribution Center"}, + 224: {Sym: "masqdialer", Description: "masqdialer"}, + 242: {Sym: "direct", Description: "Direct"}, + 243: {Sym: "sur-meas", Description: "Survey Measurement"}, + 244: {Sym: "inbusiness", Description: "inbusiness"}, + 245: {Sym: "link", Description: "LINK"}, + 246: {Sym: "dsp3270", Description: "Display Systems Protocol"}, + 247: {Sym: "subntbcst_tftp", Description: "SUBNTBCST_TFTP"}, + 248: {Sym: "bhfhs", Description: "bhfhs"}, + 256: {Sym: "rap", Description: "RAP"}, + 257: {Sym: "set", Description: "Secure Electronic Transaction"}, + 258: {Sym: "yak-chat", Description: "Yak Winsock Personal Chat"}, + 259: {Sym: "esro-gen", Description: "Efficient Short Remote Operations"}, + 260: {Sym: "openport", Description: "Openport"}, + 261: {Sym: "nsiiops", Description: "IIOP Name Service over TLS/SSL"}, + 262: {Sym: "arcisdms", Description: "Arcisdms"}, + 263: {Sym: "hdap", Description: "HDAP"}, + 264: {Sym: "bgmp", Description: "BGMP"}, + 265: {Sym: "x-bone-ctl", Description: "X-Bone CTL"}, + 266: {Sym: "sst", Description: "SCSI on ST"}, + 267: {Sym: "td-service", Description: "Tobit David Service Layer"}, + 268: {Sym: "td-replica", Description: "Tobit David Replica"}, + 280: {Sym: "http-mgmt", Description: "http-mgmt"}, + 281: {Sym: "personal-link", Description: "Personal Link"}, + 282: {Sym: "cableport-ax", Description: "Cable Port A/X"}, + 283: {Sym: "rescap", Description: "rescap"}, + 284: {Sym: "corerjd", Description: "corerjd"}, + 286: {Sym: "fxp-1", Description: "FXP-1"}, + 287: {Sym: "k-block", Description: "K-BLOCK"}, + 308: {Sym: "novastorbakcup", Description: "Novastor Backup"}, + 309: {Sym: "entrusttime", Description: "EntrustTime"}, + 310: {Sym: "bhmds", Description: "bhmds"}, + 311: {Sym: "asip-webadmin", Description: "AppleShare IP WebAdmin"}, + 312: {Sym: "vslmp", Description: "VSLMP"}, + 313: {Sym: "magenta-logic", Description: "Magenta Logic"}, + 314: {Sym: "opalis-robot", Description: "Opalis Robot"}, + 315: {Sym: "dpsi", Description: "DPSI"}, + 316: {Sym: "decauth", Description: "decAuth"}, + 317: {Sym: "zannet", Description: "Zannet"}, + 318: {Sym: "pkix-timestamp", Description: "PKIX TimeStamp"}, + 319: {Sym: "ptp-event", Description: "PTP Event"}, + 320: {Sym: "ptp-general", Description: "PTP General"}, + 321: {Sym: "pip", Description: "PIP"}, + 322: {Sym: "rtsps", Description: "RTSPS"}, + 333: {Sym: "texar", Description: "Texar Security Port"}, + 344: {Sym: "pdap", Description: "Prospero Data Access Protocol"}, + 345: {Sym: "pawserv", Description: "Perf Analysis Workbench"}, + 346: {Sym: "zserv", Description: "Zebra server"}, + 347: {Sym: "fatserv", Description: "Fatmen Server"}, + 348: {Sym: "csi-sgwp", Description: "Cabletron Management Protocol"}, + 349: {Sym: "mftp", Description: "mftp"}, + 350: {Sym: "matip-type-a", Description: "MATIP Type A"}, + 351: {Sym: "matip-type-b", Description: "MATIP Type B"}, + 352: {Sym: "dtag-ste-sb", Description: "DTAG"}, + 353: {Sym: "ndsauth", Description: "NDSAUTH"}, + 354: {Sym: "bh611", Description: "bh611"}, + 355: {Sym: "datex-asn", Description: "DATEX-ASN"}, + 356: {Sym: "cloanto-net-1", Description: "Cloanto Net 1"}, + 357: {Sym: "bhevent", Description: "bhevent"}, + 358: {Sym: "shrinkwrap", Description: "Shrinkwrap"}, + 359: {Sym: "nsrmp", Description: "Network Security Risk Management Protocol"}, + 360: {Sym: "scoi2odialog", Description: "scoi2odialog"}, + 361: {Sym: "semantix", Description: "Semantix"}, + 362: {Sym: "srssend", Description: "SRS Send"}, + 363: {Sym: "rsvp_tunnel", Description: "RSVP Tunnel"}, + 364: {Sym: "aurora-cmgr", Description: "Aurora CMGR"}, + 365: {Sym: "dtk", Description: "DTK"}, + 366: {Sym: "odmr", Description: "ODMR"}, + 367: {Sym: "mortgageware", Description: "MortgageWare"}, + 368: {Sym: "qbikgdp", Description: "QbikGDP"}, + 369: {Sym: "rpc2portmap", Description: "rpc2portmap"}, + 370: {Sym: "codaauth2", Description: "codaauth2"}, + 371: {Sym: "clearcase", Description: "Clearcase"}, + 372: {Sym: "ulistproc", Description: "ListProcessor"}, + 373: {Sym: "legent-1", Description: "Legent Corporation"}, + 374: {Sym: "legent-2", Description: "Legent Corporation"}, + 375: {Sym: "hassle", Description: "Hassle"}, + 376: {Sym: "nip", Description: "Amiga Envoy Network Inquiry Proto"}, + 377: {Sym: "tnETOS", Description: "NEC Corporation"}, + 378: {Sym: "dsETOS", Description: "NEC Corporation"}, + 379: {Sym: "is99c", Description: "TIA/EIA/IS-99 modem client"}, + 380: {Sym: "is99s", Description: "TIA/EIA/IS-99 modem server"}, + 381: {Sym: "hp-collector", Description: "hp performance data collector"}, + 382: {Sym: "hp-managed-node", Description: "hp performance data managed node"}, + 383: {Sym: "hp-alarm-mgr", Description: "hp performance data alarm manager"}, + 384: {Sym: "arns", Description: "A Remote Network Server System"}, + 385: {Sym: "ibm-app", Description: "IBM Application"}, + 386: {Sym: "asa", Description: "ASA Message Router Object Def"}, + 387: {Sym: "aurp", Description: "Appletalk Update-Based Routing Pro"}, + 388: {Sym: "unidata-ldm", Description: "Unidata LDM"}, + 389: {Sym: "ldap", Description: "Lightweight Directory Access Protocol"}, + 390: {Sym: "uis", Description: "UIS"}, + 391: {Sym: "synotics-relay", Description: "SynOptics SNMP Relay Port"}, + 392: {Sym: "synotics-broker", Description: "SynOptics Port Broker Port"}, + 393: {Sym: "meta5", Description: "Meta5"}, + 394: {Sym: "embl-ndt", Description: "EMBL Nucleic Data Transfer"}, + 395: {Sym: "netcp", Description: "NETscout Control Protocol"}, + 396: {Sym: "netware-ip", Description: "Novell Netware over IP"}, + 397: {Sym: "mptn", Description: "Multi Protocol Trans. Net"}, + 398: {Sym: "kryptolan", Description: "Kryptolan"}, + 399: {Sym: "iso-tsap-c2", Description: "ISO Transport Class 2 Non-Control over UDP"}, + 400: {Sym: "work-sol", Description: "Workstation Solutions"}, + 401: {Sym: "ups", Description: "Uninterruptible Power Supply"}, + 402: {Sym: "genie", Description: "Genie Protocol"}, + 403: {Sym: "decap", Description: "decap"}, + 404: {Sym: "nced", Description: "nced"}, + 405: {Sym: "ncld", Description: "ncld"}, + 406: {Sym: "imsp", Description: "Interactive Mail Support Protocol"}, + 407: {Sym: "timbuktu", Description: "Timbuktu"}, + 408: {Sym: "prm-sm", Description: "Prospero Resource Manager Sys. Man"}, + 409: {Sym: "prm-nm", Description: "Prospero Resource Manager Node Man"}, + 410: {Sym: "decladebug", Description: "DECLadebug Remote Debug Protocol"}, + 411: {Sym: "rmt", Description: "Remote MT Protocol"}, + 412: {Sym: "synoptics-trap", Description: "Trap Convention Port"}, + 413: {Sym: "smsp", Description: "Storage Management Services Protocol"}, + 414: {Sym: "infoseek", Description: "InfoSeek"}, + 415: {Sym: "bnet", Description: "BNet"}, + 416: {Sym: "silverplatter", Description: "Silverplatter"}, + 417: {Sym: "onmux", Description: "Onmux"}, + 418: {Sym: "hyper-g", Description: "Hyper-G"}, + 419: {Sym: "ariel1", Description: "Ariel 1"}, + 420: {Sym: "smpte", Description: "SMPTE"}, + 421: {Sym: "ariel2", Description: "Ariel 2"}, + 422: {Sym: "ariel3", Description: "Ariel 3"}, + 423: {Sym: "opc-job-start", Description: "IBM Operations Planning and Control Start"}, + 424: {Sym: "opc-job-track", Description: "IBM Operations Planning and Control Track"}, + 425: {Sym: "icad-el", Description: "ICAD"}, + 426: {Sym: "smartsdp", Description: "smartsdp"}, + 427: {Sym: "svrloc", Description: "Server Location"}, + 428: {Sym: "ocs_cmu", Description: "OCS_CMU"}, + 429: {Sym: "ocs_amu", Description: "OCS_AMU"}, + 430: {Sym: "utmpsd", Description: "UTMPSD"}, + 431: {Sym: "utmpcd", Description: "UTMPCD"}, + 432: {Sym: "iasd", Description: "IASD"}, + 433: {Sym: "nnsp", Description: "NNSP"}, + 434: {Sym: "mobileip-agent", Description: "MobileIP-Agent"}, + 435: {Sym: "mobilip-mn", Description: "MobilIP-MN"}, + 436: {Sym: "dna-cml", Description: "DNA-CML"}, + 437: {Sym: "comscm", Description: "comscm"}, + 438: {Sym: "dsfgw", Description: "dsfgw"}, + 439: {Sym: "dasp", Description: "dasp"}, + 440: {Sym: "sgcp", Description: "sgcp"}, + 441: {Sym: "decvms-sysmgt", Description: "decvms-sysmgt"}, + 442: {Sym: "cvc_hostd", Description: "cvc_hostd"}, + 443: {Sym: "https", Description: "http protocol over TLS/SSL"}, + 444: {Sym: "snpp", Description: "Simple Network Paging Protocol"}, + 445: {Sym: "microsoft-ds", Description: "Microsoft-DS"}, + 446: {Sym: "ddm-rdb", Description: "DDM-RDB"}, + 447: {Sym: "ddm-dfm", Description: "DDM-RFM"}, + 448: {Sym: "ddm-ssl", Description: "DDM-SSL"}, + 449: {Sym: "as-servermap", Description: "AS Server Mapper"}, + 450: {Sym: "tserver", Description: "Computer Supported Telecomunication Applications"}, + 451: {Sym: "sfs-smp-net", Description: "Cray Network Semaphore server"}, + 452: {Sym: "sfs-config", Description: "Cray SFS config server"}, + 453: {Sym: "creativeserver", Description: "CreativeServer"}, + 454: {Sym: "contentserver", Description: "ContentServer"}, + 455: {Sym: "creativepartnr", Description: "CreativePartnr"}, + 456: {Sym: "macon-udp", Description: "macon-udp"}, + 457: {Sym: "scohelp", Description: "scohelp"}, + 458: {Sym: "appleqtc", Description: "apple quick time"}, + 459: {Sym: "ampr-rcmd", Description: "ampr-rcmd"}, + 460: {Sym: "skronk", Description: "skronk"}, + 461: {Sym: "datasurfsrv", Description: "DataRampSrv"}, + 462: {Sym: "datasurfsrvsec", Description: "DataRampSrvSec"}, + 463: {Sym: "alpes", Description: "alpes"}, + 464: {Sym: "kpasswd", Description: "kpasswd"}, + 465: {Sym: "igmpv3lite", Description: "IGMP over UDP for SSM"}, + 466: {Sym: "digital-vrc", Description: "digital-vrc"}, + 467: {Sym: "mylex-mapd", Description: "mylex-mapd"}, + 468: {Sym: "photuris", Description: "proturis"}, + 469: {Sym: "rcp", Description: "Radio Control Protocol"}, + 470: {Sym: "scx-proxy", Description: "scx-proxy"}, + 471: {Sym: "mondex", Description: "Mondex"}, + 472: {Sym: "ljk-login", Description: "ljk-login"}, + 473: {Sym: "hybrid-pop", Description: "hybrid-pop"}, + 474: {Sym: "tn-tl-w2", Description: "tn-tl-w2"}, + 475: {Sym: "tcpnethaspsrv", Description: "tcpnethaspsrv"}, + 476: {Sym: "tn-tl-fd1", Description: "tn-tl-fd1"}, + 477: {Sym: "ss7ns", Description: "ss7ns"}, + 478: {Sym: "spsc", Description: "spsc"}, + 479: {Sym: "iafserver", Description: "iafserver"}, + 480: {Sym: "iafdbase", Description: "iafdbase"}, + 481: {Sym: "ph", Description: "Ph service"}, + 482: {Sym: "bgs-nsi", Description: "bgs-nsi"}, + 483: {Sym: "ulpnet", Description: "ulpnet"}, + 484: {Sym: "integra-sme", Description: "Integra Software Management Environment"}, + 485: {Sym: "powerburst", Description: "Air Soft Power Burst"}, + 486: {Sym: "avian", Description: "avian"}, + 487: {Sym: "saft", Description: "saft Simple Asynchronous File Transfer"}, + 488: {Sym: "gss-http", Description: "gss-http"}, + 489: {Sym: "nest-protocol", Description: "nest-protocol"}, + 490: {Sym: "micom-pfs", Description: "micom-pfs"}, + 491: {Sym: "go-login", Description: "go-login"}, + 492: {Sym: "ticf-1", Description: "Transport Independent Convergence for FNA"}, + 493: {Sym: "ticf-2", Description: "Transport Independent Convergence for FNA"}, + 494: {Sym: "pov-ray", Description: "POV-Ray"}, + 495: {Sym: "intecourier", Description: "intecourier"}, + 496: {Sym: "pim-rp-disc", Description: "PIM-RP-DISC"}, + 497: {Sym: "dantz", Description: "dantz"}, + 498: {Sym: "siam", Description: "siam"}, + 499: {Sym: "iso-ill", Description: "ISO ILL Protocol"}, + 500: {Sym: "isakmp", Description: "isakmp"}, + 501: {Sym: "stmf", Description: "STMF"}, + 502: {Sym: "asa-appl-proto", Description: "asa-appl-proto"}, + 503: {Sym: "intrinsa", Description: "Intrinsa"}, + 504: {Sym: "citadel", Description: "citadel"}, + 505: {Sym: "mailbox-lm", Description: "mailbox-lm"}, + 506: {Sym: "ohimsrv", Description: "ohimsrv"}, + 507: {Sym: "crs", Description: "crs"}, + 508: {Sym: "xvttp", Description: "xvttp"}, + 509: {Sym: "snare", Description: "snare"}, + 510: {Sym: "fcp", Description: "FirstClass Protocol"}, + 511: {Sym: "passgo", Description: "PassGo"}, + 512: {Sym: "comsat"}, + 513: {Sym: "who", Description: "maintains data bases showing who's"}, + 514: {Sym: "syslog"}, + 515: {Sym: "printer", Description: "spooler"}, + 516: {Sym: "videotex", Description: "videotex"}, + 517: {Sym: "talk", Description: "like tenex link, but across"}, + 518: {Sym: "ntalk"}, + 519: {Sym: "utime", Description: "unixtime"}, + 520: {Sym: "router", Description: "local routing process (on site);"}, + 521: {Sym: "ripng", Description: "ripng"}, + 522: {Sym: "ulp", Description: "ULP"}, + 523: {Sym: "ibm-db2", Description: "IBM-DB2"}, + 524: {Sym: "ncp", Description: "NCP"}, + 525: {Sym: "timed", Description: "timeserver"}, + 526: {Sym: "tempo", Description: "newdate"}, + 527: {Sym: "stx", Description: "Stock IXChange"}, + 528: {Sym: "custix", Description: "Customer IXChange"}, + 529: {Sym: "irc-serv", Description: "IRC-SERV"}, + 530: {Sym: "courier", Description: "rpc"}, + 531: {Sym: "conference", Description: "chat"}, + 532: {Sym: "netnews", Description: "readnews"}, + 533: {Sym: "netwall", Description: "for emergency broadcasts"}, + 534: {Sym: "mm-admin", Description: "MegaMedia Admin"}, + 535: {Sym: "iiop", Description: "iiop"}, + 536: {Sym: "opalis-rdv", Description: "opalis-rdv"}, + 537: {Sym: "nmsp", Description: "Networked Media Streaming Protocol"}, + 538: {Sym: "gdomap", Description: "gdomap"}, + 539: {Sym: "apertus-ldp", Description: "Apertus Technologies Load Determination"}, + 540: {Sym: "uucp", Description: "uucpd\t\t"}, + 541: {Sym: "uucp-rlogin", Description: "uucp-rlogin"}, + 542: {Sym: "commerce", Description: "commerce"}, + 543: {Sym: "klogin"}, + 544: {Sym: "kshell", Description: "krcmd"}, + 545: {Sym: "appleqtcsrvr", Description: "appleqtcsrvr"}, + 546: {Sym: "dhcpv6-client", Description: "DHCPv6 Client"}, + 547: {Sym: "dhcpv6-server", Description: "DHCPv6 Server"}, + 548: {Sym: "afpovertcp", Description: "AFP over TCP"}, + 549: {Sym: "idfp", Description: "IDFP"}, + 550: {Sym: "new-rwho", Description: "new-who"}, + 551: {Sym: "cybercash", Description: "cybercash"}, + 552: {Sym: "devshr-nts", Description: "DeviceShare"}, + 553: {Sym: "pirp", Description: "pirp"}, + 554: {Sym: "rtsp", Description: "Real Time Stream Control Protocol"}, + 555: {Sym: "dsf"}, + 556: {Sym: "remotefs", Description: "rfs server"}, + 557: {Sym: "openvms-sysipc", Description: "openvms-sysipc"}, + 558: {Sym: "sdnskmp", Description: "SDNSKMP"}, + 559: {Sym: "teedtap", Description: "TEEDTAP"}, + 560: {Sym: "rmonitor", Description: "rmonitord"}, + 561: {Sym: "monitor"}, + 562: {Sym: "chshell", Description: "chcmd"}, + 563: {Sym: "nntps", Description: "nntp protocol over TLS/SSL (was snntp)"}, + 564: {Sym: "9pfs", Description: "plan 9 file service"}, + 565: {Sym: "whoami", Description: "whoami"}, + 566: {Sym: "streettalk", Description: "streettalk"}, + 567: {Sym: "banyan-rpc", Description: "banyan-rpc"}, + 568: {Sym: "ms-shuttle", Description: "microsoft shuttle"}, + 569: {Sym: "ms-rome", Description: "microsoft rome"}, + 570: {Sym: "meter", Description: "demon"}, + 571: {Sym: "meter", Description: "udemon"}, + 572: {Sym: "sonar", Description: "sonar"}, + 573: {Sym: "banyan-vip", Description: "banyan-vip"}, + 574: {Sym: "ftp-agent", Description: "FTP Software Agent System"}, + 575: {Sym: "vemmi", Description: "VEMMI"}, + 576: {Sym: "ipcd", Description: "ipcd"}, + 577: {Sym: "vnas", Description: "vnas"}, + 578: {Sym: "ipdd", Description: "ipdd"}, + 579: {Sym: "decbsrv", Description: "decbsrv"}, + 580: {Sym: "sntp-heartbeat", Description: "SNTP HEARTBEAT"}, + 581: {Sym: "bdp", Description: "Bundle Discovery Protocol"}, + 582: {Sym: "scc-security", Description: "SCC Security"}, + 583: {Sym: "philips-vc", Description: "Philips Video-Conferencing"}, + 584: {Sym: "keyserver", Description: "Key Server"}, + 585: {Sym: "imap4-ssl", Description: "IMAP4+SSL (use 993 instead)"}, + 586: {Sym: "password-chg", Description: "Password Change"}, + 587: {Sym: "submission", Description: "Submission"}, + 588: {Sym: "cal", Description: "CAL"}, + 589: {Sym: "eyelink", Description: "EyeLink"}, + 590: {Sym: "tns-cml", Description: "TNS CML"}, + 591: {Sym: "http-alt", Description: "FileMaker, Inc. - HTTP Alternate (see Port 80)"}, + 592: {Sym: "eudora-set", Description: "Eudora Set"}, + 593: {Sym: "http-rpc-epmap", Description: "HTTP RPC Ep Map"}, + 594: {Sym: "tpip", Description: "TPIP"}, + 595: {Sym: "cab-protocol", Description: "CAB Protocol"}, + 596: {Sym: "smsd", Description: "SMSD"}, + 597: {Sym: "ptcnameservice", Description: "PTC Name Service"}, + 598: {Sym: "sco-websrvrmg3", Description: "SCO Web Server Manager 3"}, + 599: {Sym: "acp", Description: "Aeolon Core Protocol"}, + 600: {Sym: "ipcserver", Description: "Sun IPC server"}, + 601: {Sym: "syslog-conn", Description: "Reliable Syslog Service"}, + 602: {Sym: "xmlrpc-beep", Description: "XML-RPC over BEEP"}, + 603: {Sym: "idxp", Description: "IDXP"}, + 604: {Sym: "tunnel", Description: "TUNNEL"}, + 605: {Sym: "soap-beep", Description: "SOAP over BEEP"}, + 606: {Sym: "urm", Description: "Cray Unified Resource Manager"}, + 607: {Sym: "nqs", Description: "nqs"}, + 608: {Sym: "sift-uft", Description: "Sender-Initiated/Unsolicited File Transfer"}, + 609: {Sym: "npmp-trap", Description: "npmp-trap"}, + 610: {Sym: "npmp-local", Description: "npmp-local"}, + 611: {Sym: "npmp-gui", Description: "npmp-gui"}, + 612: {Sym: "hmmp-ind", Description: "HMMP Indication"}, + 613: {Sym: "hmmp-op", Description: "HMMP Operation"}, + 614: {Sym: "sshell", Description: "SSLshell"}, + 615: {Sym: "sco-inetmgr", Description: "Internet Configuration Manager"}, + 616: {Sym: "sco-sysmgr", Description: "SCO System Administration Server"}, + 617: {Sym: "sco-dtmgr", Description: "SCO Desktop Administration Server"}, + 618: {Sym: "dei-icda", Description: "DEI-ICDA"}, + 619: {Sym: "compaq-evm", Description: "Compaq EVM"}, + 620: {Sym: "sco-websrvrmgr", Description: "SCO WebServer Manager"}, + 621: {Sym: "escp-ip", Description: "ESCP"}, + 622: {Sym: "collaborator", Description: "Collaborator"}, + 623: {Sym: "asf-rmcp", Description: "ASF Remote Management and Control Protocol"}, + 624: {Sym: "cryptoadmin", Description: "Crypto Admin"}, + 625: {Sym: "dec_dlm", Description: "DEC DLM"}, + 626: {Sym: "asia", Description: "ASIA"}, + 627: {Sym: "passgo-tivoli", Description: "PassGo Tivoli"}, + 628: {Sym: "qmqp", Description: "QMQP"}, + 629: {Sym: "3com-amp3", Description: "3Com AMP3"}, + 630: {Sym: "rda", Description: "RDA"}, + 631: {Sym: "ipp", Description: "IPP (Internet Printing Protocol)"}, + 632: {Sym: "bmpp", Description: "bmpp"}, + 633: {Sym: "servstat", Description: "Service Status update (Sterling Software)"}, + 634: {Sym: "ginad", Description: "ginad"}, + 635: {Sym: "rlzdbase", Description: "RLZ DBase"}, + 636: {Sym: "ldaps", Description: "ldap protocol over TLS/SSL (was sldap)"}, + 637: {Sym: "lanserver", Description: "lanserver"}, + 638: {Sym: "mcns-sec", Description: "mcns-sec"}, + 639: {Sym: "msdp", Description: "MSDP"}, + 640: {Sym: "entrust-sps", Description: "entrust-sps"}, + 641: {Sym: "repcmd", Description: "repcmd"}, + 642: {Sym: "esro-emsdp", Description: "ESRO-EMSDP V1.3"}, + 643: {Sym: "sanity", Description: "SANity"}, + 644: {Sym: "dwr", Description: "dwr"}, + 645: {Sym: "pssc", Description: "PSSC"}, + 646: {Sym: "ldp", Description: "LDP"}, + 647: {Sym: "dhcp-failover", Description: "DHCP Failover"}, + 648: {Sym: "rrp", Description: "Registry Registrar Protocol (RRP)"}, + 649: {Sym: "cadview-3d", Description: "Cadview-3d - streaming 3d models over the internet"}, + 650: {Sym: "obex", Description: "OBEX"}, + 651: {Sym: "ieee-mms", Description: "IEEE MMS"}, + 652: {Sym: "hello-port", Description: "HELLO_PORT\t"}, + 653: {Sym: "repscmd", Description: "RepCmd"}, + 654: {Sym: "aodv", Description: "AODV"}, + 655: {Sym: "tinc", Description: "TINC"}, + 656: {Sym: "spmp", Description: "SPMP"}, + 657: {Sym: "rmc", Description: "RMC"}, + 658: {Sym: "tenfold", Description: "TenFold"}, + 660: {Sym: "mac-srvr-admin", Description: "MacOS Server Admin"}, + 661: {Sym: "hap", Description: "HAP"}, + 662: {Sym: "pftp", Description: "PFTP"}, + 663: {Sym: "purenoise", Description: "PureNoise"}, + 664: {Sym: "asf-secure-rmcp", Description: "ASF Secure Remote Management and Control Protocol"}, + 665: {Sym: "sun-dr", Description: "Sun DR"}, + 666: {Sym: "mdqs"}, + 667: {Sym: "disclose", Description: "campaign contribution disclosures - SDR Technologies"}, + 668: {Sym: "mecomm", Description: "MeComm"}, + 669: {Sym: "meregister", Description: "MeRegister"}, + 670: {Sym: "vacdsm-sws", Description: "VACDSM-SWS"}, + 671: {Sym: "vacdsm-app", Description: "VACDSM-APP"}, + 672: {Sym: "vpps-qua", Description: "VPPS-QUA"}, + 673: {Sym: "cimplex", Description: "CIMPLEX"}, + 674: {Sym: "acap", Description: "ACAP"}, + 675: {Sym: "dctp", Description: "DCTP"}, + 676: {Sym: "vpps-via", Description: "VPPS Via"}, + 677: {Sym: "vpp", Description: "Virtual Presence Protocol"}, + 678: {Sym: "ggf-ncp", Description: "GNU Generation Foundation NCP"}, + 679: {Sym: "mrm", Description: "MRM"}, + 680: {Sym: "entrust-aaas", Description: "entrust-aaas"}, + 681: {Sym: "entrust-aams", Description: "entrust-aams"}, + 682: {Sym: "xfr", Description: "XFR"}, + 683: {Sym: "corba-iiop", Description: "CORBA IIOP"}, + 684: {Sym: "corba-iiop-ssl", Description: "CORBA IIOP SSL"}, + 685: {Sym: "mdc-portmapper", Description: "MDC Port Mapper"}, + 686: {Sym: "hcp-wismar", Description: "Hardware Control Protocol Wismar"}, + 687: {Sym: "asipregistry", Description: "asipregistry"}, + 688: {Sym: "realm-rusd", Description: "REALM-RUSD"}, + 689: {Sym: "nmap", Description: "NMAP"}, + 690: {Sym: "vatp", Description: "VATP"}, + 691: {Sym: "msexch-routing", Description: "MS Exchange Routing"}, + 692: {Sym: "hyperwave-isp", Description: "Hyperwave-ISP"}, + 693: {Sym: "connendp", Description: "connendp"}, + 694: {Sym: "ha-cluster", Description: "ha-cluster"}, + 695: {Sym: "ieee-mms-ssl", Description: "IEEE-MMS-SSL"}, + 696: {Sym: "rushd", Description: "RUSHD"}, + 697: {Sym: "uuidgen", Description: "UUIDGEN"}, + 698: {Sym: "olsr", Description: "OLSR"}, + 699: {Sym: "accessnetwork", Description: "Access Network"}, + 700: {Sym: "epp", Description: "Extensible Provisioning Protocol"}, + 701: {Sym: "lmp", Description: "Link Management Protocol (LMP)"}, + 702: {Sym: "iris-beep", Description: "IRIS over BEEP"}, + 704: {Sym: "elcsd", Description: "errlog copy/server daemon"}, + 705: {Sym: "agentx", Description: "AgentX"}, + 706: {Sym: "silc", Description: "SILC"}, + 707: {Sym: "borland-dsj", Description: "Borland DSJ"}, + 709: {Sym: "entrust-kmsh", Description: "Entrust Key Management Service Handler"}, + 710: {Sym: "entrust-ash", Description: "Entrust Administration Service Handler"}, + 711: {Sym: "cisco-tdp", Description: "Cisco TDP"}, + 712: {Sym: "tbrpf", Description: "TBRPF"}, + 729: {Sym: "netviewdm1", Description: "IBM NetView DM/6000 Server/Client"}, + 730: {Sym: "netviewdm2", Description: "IBM NetView DM/6000 send/tcp"}, + 731: {Sym: "netviewdm3", Description: "IBM NetView DM/6000 receive/tcp"}, + 741: {Sym: "netgw", Description: "netGW"}, + 742: {Sym: "netrcs", Description: "Network based Rev. Cont. Sys"}, + 744: {Sym: "flexlm", Description: "Flexible License Manager"}, + 747: {Sym: "fujitsu-dev", Description: "Fujitsu Device Control"}, + 748: {Sym: "ris-cm", Description: "Russell Info Sci Calendar Manager"}, + 749: {Sym: "kerberos-adm", Description: "kerberos administration"}, + 750: {Sym: "loadav"}, + 751: {Sym: "pump"}, + 752: {Sym: "qrh"}, + 753: {Sym: "rrh"}, + 754: {Sym: "tell", Description: "send"}, + 758: {Sym: "nlogin"}, + 759: {Sym: "con"}, + 760: {Sym: "ns"}, + 761: {Sym: "rxe"}, + 762: {Sym: "quotad"}, + 763: {Sym: "cycleserv"}, + 764: {Sym: "omserv"}, + 765: {Sym: "webster"}, + 767: {Sym: "phonebook", Description: "phone"}, + 769: {Sym: "vid"}, + 770: {Sym: "cadlock"}, + 771: {Sym: "rtip"}, + 772: {Sym: "cycleserv2"}, + 773: {Sym: "notify"}, + 774: {Sym: "acmaint_dbd"}, + 775: {Sym: "acmaint_transd"}, + 776: {Sym: "wpages"}, + 777: {Sym: "multiling-http", Description: "Multiling HTTP"}, + 780: {Sym: "wpgs"}, + 800: {Sym: "mdbs_daemon"}, + 801: {Sym: "device"}, + 810: {Sym: "fcp-udp", Description: "FCP Datagram"}, + 828: {Sym: "itm-mcell-s", Description: "itm-mcell-s"}, + 829: {Sym: "pkix-3-ca-ra", Description: "PKIX-3 CA/RA"}, + 830: {Sym: "netconf-ssh", Description: "NETCONF over SSH"}, + 831: {Sym: "netconf-beep", Description: "NETCONF over BEEP"}, + 832: {Sym: "netconfsoaphttp", Description: "NETCONF for SOAP over HTTPS"}, + 833: {Sym: "netconfsoapbeep", Description: "NETCONF for SOAP over BEEP"}, + 847: {Sym: "dhcp-failover2", Description: "dhcp-failover 2"}, + 848: {Sym: "gdoi", Description: "GDOI"}, + 860: {Sym: "iscsi", Description: "iSCSI"}, + 861: {Sym: "owamp-control", Description: "OWAMP-Control"}, + 873: {Sym: "rsync", Description: "rsync"}, + 886: {Sym: "iclcnet-locate", Description: "ICL coNETion locate server"}, + 887: {Sym: "iclcnet_svinfo", Description: "ICL coNETion server info"}, + 888: {Sym: "accessbuilder", Description: "AccessBuilder"}, + 900: {Sym: "omginitialrefs", Description: "OMG Initial Refs"}, + 901: {Sym: "smpnameres", Description: "SMPNAMERES"}, + 902: {Sym: "ideafarm-chat", Description: "IDEAFARM-CHAT"}, + 903: {Sym: "ideafarm-catch", Description: "IDEAFARM-CATCH"}, + 910: {Sym: "kink", Description: "Kerberized Internet Negotiation of Keys (KINK)"}, + 911: {Sym: "xact-backup", Description: "xact-backup"}, + 912: {Sym: "apex-mesh", Description: "APEX relay-relay service"}, + 913: {Sym: "apex-edge", Description: "APEX endpoint-relay service"}, + 989: {Sym: "ftps-data", Description: "ftp protocol, data, over TLS/SSL"}, + 990: {Sym: "ftps", Description: "ftp protocol, control, over TLS/SSL"}, + 991: {Sym: "nas", Description: "Netnews Administration System"}, + 992: {Sym: "telnets", Description: "telnet protocol over TLS/SSL"}, + 993: {Sym: "imaps", Description: "imap4 protocol over TLS/SSL"}, + 994: {Sym: "ircs", Description: "irc protocol over TLS/SSL"}, + 995: {Sym: "pop3s", Description: "pop3 protocol over TLS/SSL (was spop3)"}, + 996: {Sym: "vsinet", Description: "vsinet"}, + 997: {Sym: "maitrd"}, + 998: {Sym: "puparp"}, + 999: {Sym: "applix", Description: "Applix ac"}, + 1000: {Sym: "cadlock2"}, + 1010: {Sym: "surf", Description: "surf"}, + + UDPPortMDNS: {Sym: "mdns", Description: "Multicast DNS"}, +} + +const ( + TCPPortDomain = 53 +) + +var TCPPortMap = decode.UToScalar{ + 1: {Sym: "tcpmux", Description: "TCP Port Service Multiplexer"}, + 2: {Sym: "compressnet", Description: "Management Utility"}, + 3: {Sym: "compressnet", Description: "Compression Process"}, + 5: {Sym: "rje", Description: "Remote Job Entry"}, + 7: {Sym: "echo", Description: "Echo"}, + 9: {Sym: "discard", Description: "Discard"}, + 11: {Sym: "systat", Description: "Active Users"}, + 13: {Sym: "daytime", Description: "Daytime (RFC 867)"}, + 17: {Sym: "qotd", Description: "Quote of the Day"}, + 18: {Sym: "msp", Description: "Message Send Protocol"}, + 19: {Sym: "chargen", Description: "Character Generator"}, + 20: {Sym: "ftp-data", Description: "File Transfer [Default Data]"}, + 21: {Sym: "ftp", Description: "File Transfer [Control]"}, + 22: {Sym: "ssh", Description: "SSH Remote Login Protocol"}, + 23: {Sym: "telnet", Description: "Telnet"}, + 25: {Sym: "smtp", Description: "Simple Mail Transfer"}, + 27: {Sym: "nsw-fe", Description: "NSW User System FE"}, + 29: {Sym: "msg-icp", Description: "MSG ICP"}, + 31: {Sym: "msg-auth", Description: "MSG Authentication"}, + 33: {Sym: "dsp", Description: "Display Support Protocol"}, + 37: {Sym: "time", Description: "Time"}, + 38: {Sym: "rap", Description: "Route Access Protocol"}, + 39: {Sym: "rlp", Description: "Resource Location Protocol"}, + 41: {Sym: "graphics", Description: "Graphics"}, + 42: {Sym: "name", Description: "Host Name Server"}, + 44: {Sym: "mpm-flags", Description: "MPM FLAGS Protocol"}, + 45: {Sym: "mpm", Description: "Message Processing Module [recv]"}, + 46: {Sym: "mpm-snd", Description: "MPM [default send]"}, + 47: {Sym: "ni-ftp", Description: "NI FTP"}, + 48: {Sym: "auditd", Description: "Digital Audit Daemon"}, + 49: {Sym: "tacacs", Description: "Login Host Protocol (TACACS)"}, + 50: {Sym: "re-mail-ck", Description: "Remote Mail Checking Protocol"}, + 51: {Sym: "la-maint", Description: "IMP Logical Address Maintenance"}, + 52: {Sym: "xns-time", Description: "XNS Time Protocol"}, + TCPPortDomain: {Sym: "domain", Description: "Domain Name Server"}, + 54: {Sym: "xns-ch", Description: "XNS Clearinghouse"}, + 55: {Sym: "isi-gl", Description: "ISI Graphics Language"}, + 56: {Sym: "xns-auth", Description: "XNS Authentication"}, + 58: {Sym: "xns-mail", Description: "XNS Mail"}, + 61: {Sym: "ni-mail", Description: "NI MAIL"}, + 62: {Sym: "acas", Description: "ACA Services"}, + 64: {Sym: "covia", Description: "Communications Integrator (CI)"}, + 65: {Sym: "tacacs-ds", Description: "TACACS-Database Service"}, + 66: {Sym: "net", Description: "Oracle SQL*NET"}, + 67: {Sym: "bootps", Description: "Bootstrap Protocol Server"}, + 68: {Sym: "bootpc", Description: "Bootstrap Protocol Client"}, + 69: {Sym: "tftp", Description: "Trivial File Transfer"}, + 70: {Sym: "gopher", Description: "Gopher"}, + 71: {Sym: "netrjs-1", Description: "Remote Job Service"}, + 72: {Sym: "netrjs-2", Description: "Remote Job Service"}, + 73: {Sym: "netrjs-3", Description: "Remote Job Service"}, + 74: {Sym: "netrjs-4", Description: "Remote Job Service"}, + 76: {Sym: "deos", Description: "Distributed External Object Store"}, + 78: {Sym: "vettcp", Description: "vettcp"}, + 79: {Sym: "finger", Description: "Finger"}, + 80: {Sym: "http", Description: "World Wide Web HTTP"}, + 81: {Sym: "hosts2-ns", Description: "HOSTS2 Name Server"}, + 82: {Sym: "xfer", Description: "XFER Utility"}, + 83: {Sym: "mit-ml-dev", Description: "MIT ML Device"}, + 84: {Sym: "ctf", Description: "Common Trace Facility"}, + 85: {Sym: "mit-ml-dev", Description: "MIT ML Device"}, + 86: {Sym: "mfcobol", Description: "Micro Focus Cobol"}, + 88: {Sym: "kerberos", Description: "Kerberos"}, + 89: {Sym: "su-mit-tg", Description: "SU/MIT Telnet Gateway"}, + 90: {Sym: "dnsix", Description: "DNSIX Securit Attribute Token Map"}, + 91: {Sym: "mit-dov", Description: "MIT Dover Spooler"}, + 92: {Sym: "npp", Description: "Network Printing Protocol"}, + 93: {Sym: "dcp", Description: "Device Control Protocol"}, + 94: {Sym: "objcall", Description: "Tivoli Object Dispatcher"}, + 95: {Sym: "supdup", Description: "SUPDUP"}, + 96: {Sym: "dixie", Description: "DIXIE Protocol Specification"}, + 97: {Sym: "swift-rvf", Description: "Swift Remote Virtural File Protocol"}, + 98: {Sym: "tacnews", Description: "TAC News"}, + 99: {Sym: "metagram", Description: "Metagram Relay"}, + 100: {Sym: "newacct", Description: "[unauthorized use]"}, + 101: {Sym: "hostname", Description: "NIC Host Name Server"}, + 102: {Sym: "iso-tsap", Description: "ISO-TSAP Class 0"}, + 103: {Sym: "gppitnp", Description: "Genesis Point-to-Point Trans Net"}, + 104: {Sym: "acr-nema", Description: "ACR-NEMA Digital Imag. & Comm. 300"}, + 105: {Sym: "cso", Description: "CCSO name server protocol"}, + 106: {Sym: "3com-tsmux", Description: "3COM-TSMUX"}, + 107: {Sym: "rtelnet", Description: "Remote Telnet Service"}, + 108: {Sym: "snagas", Description: "SNA Gateway Access Server"}, + 109: {Sym: "pop2", Description: "Post Office Protocol - Version 2"}, + 110: {Sym: "pop3", Description: "Post Office Protocol - Version 3"}, + 111: {Sym: "sunrpc", Description: "SUN Remote Procedure Call"}, + 112: {Sym: "mcidas", Description: "McIDAS Data Transmission Protocol"}, + 113: {Sym: "auth"}, + 114: {Sym: "audionews", Description: "Audio News Multicast"}, + 115: {Sym: "sftp", Description: "Simple File Transfer Protocol"}, + 116: {Sym: "ansanotify", Description: "ANSA REX Notify"}, + 117: {Sym: "uucp-path", Description: "UUCP Path Service"}, + 118: {Sym: "sqlserv", Description: "SQL Services"}, + 119: {Sym: "nntp", Description: "Network News Transfer Protocol"}, + 120: {Sym: "cfdptkt", Description: "CFDPTKT"}, + 121: {Sym: "erpc", Description: "Encore Expedited Remote Pro.Call"}, + 122: {Sym: "smakynet", Description: "SMAKYNET"}, + 123: {Sym: "ntp", Description: "Network Time Protocol"}, + 124: {Sym: "ansatrader", Description: "ANSA REX Trader"}, + 125: {Sym: "locus-map", Description: "Locus PC-Interface Net Map Ser"}, + 126: {Sym: "nxedit", Description: "NXEdit"}, + 127: {Sym: "locus-con", Description: "Locus PC-Interface Conn Server"}, + 128: {Sym: "gss-xlicen", Description: "GSS X License Verification"}, + 129: {Sym: "pwdgen", Description: "Password Generator Protocol"}, + 130: {Sym: "cisco-fna", Description: "cisco FNATIVE"}, + 131: {Sym: "cisco-tna", Description: "cisco TNATIVE"}, + 132: {Sym: "cisco-sys", Description: "cisco SYSMAINT"}, + 133: {Sym: "statsrv", Description: "Statistics Service"}, + 134: {Sym: "ingres-net", Description: "INGRES-NET Service"}, + 135: {Sym: "epmap", Description: "DCE endpoint resolution"}, + 136: {Sym: "profile", Description: "PROFILE Naming System"}, + 137: {Sym: "netbios-ns", Description: "NETBIOS Name Service"}, + 138: {Sym: "netbios-dgm", Description: "NETBIOS Datagram Service"}, + 139: {Sym: "netbios-ssn", Description: "NETBIOS Session Service"}, + 140: {Sym: "emfis-data", Description: "EMFIS Data Service"}, + 141: {Sym: "emfis-cntl", Description: "EMFIS Control Service"}, + 142: {Sym: "bl-idm", Description: "Britton-Lee IDM"}, + 143: {Sym: "imap", Description: "Internet Message Access Protocol"}, + 144: {Sym: "uma", Description: "Universal Management Architecture"}, + 145: {Sym: "uaac", Description: "UAAC Protocol"}, + 146: {Sym: "iso-tp0", Description: "ISO-IP0"}, + 147: {Sym: "iso-ip", Description: "ISO-IP"}, + 148: {Sym: "jargon", Description: "Jargon"}, + 149: {Sym: "aed-512", Description: "AED 512 Emulation Service"}, + 150: {Sym: "sql-net", Description: "SQL-NET"}, + 151: {Sym: "hems", Description: "HEMS"}, + 152: {Sym: "bftp", Description: "Background File Transfer Program"}, + 153: {Sym: "sgmp", Description: "SGMP"}, + 154: {Sym: "netsc-prod", Description: "NETSC"}, + 155: {Sym: "netsc-dev", Description: "NETSC"}, + 156: {Sym: "sqlsrv", Description: "SQL Service"}, + 157: {Sym: "knet-cmp", Description: "KNET/VM Command/Message Protocol"}, + 158: {Sym: "pcmail-srv", Description: "PCMail Server"}, + 159: {Sym: "nss-routing", Description: "NSS-Routing"}, + 160: {Sym: "sgmp-traps", Description: "SGMP-TRAPS"}, + 161: {Sym: "snmp", Description: "SNMP"}, + 162: {Sym: "snmptrap", Description: "SNMPTRAP"}, + 163: {Sym: "cmip-man", Description: "CMIP/TCP Manager"}, + 164: {Sym: "cmip-agent", Description: "CMIP/TCP Agent"}, + 165: {Sym: "xns-courier", Description: "Xerox"}, + 166: {Sym: "s-net", Description: "Sirius Systems"}, + 167: {Sym: "namp", Description: "NAMP"}, + 168: {Sym: "rsvd", Description: "RSVD"}, + 169: {Sym: "send", Description: "SEND"}, + 170: {Sym: "print-srv", Description: "Network PostScript"}, + 171: {Sym: "multiplex", Description: "Network Innovations Multiplex"}, + 172: {Sym: "1", Description: "Network Innovations CL/1"}, + 173: {Sym: "xyplex-mux", Description: "Xyplex"}, + 174: {Sym: "mailq", Description: "MAILQ"}, + 175: {Sym: "vmnet", Description: "VMNET"}, + 176: {Sym: "genrad-mux", Description: "GENRAD-MUX"}, + 177: {Sym: "xdmcp", Description: "X Display Manager Control Protocol"}, + 178: {Sym: "nextstep", Description: "NextStep Window Server"}, + 179: {Sym: "bgp", Description: "Border Gateway Protocol"}, + 180: {Sym: "ris", Description: "Intergraph"}, + 181: {Sym: "unify", Description: "Unify"}, + 182: {Sym: "audit", Description: "Unisys Audit SITP"}, + 183: {Sym: "ocbinder", Description: "OCBinder"}, + 184: {Sym: "ocserver", Description: "OCServer"}, + 185: {Sym: "remote-kis", Description: "Remote-KIS"}, + 186: {Sym: "kis", Description: "KIS Protocol"}, + 187: {Sym: "aci", Description: "Application Communication Interface"}, + 188: {Sym: "mumps", Description: "Plus Five's MUMPS"}, + 189: {Sym: "qft", Description: "Queued File Transport"}, + 190: {Sym: "gacp", Description: "Gateway Access Control Protocol"}, + 191: {Sym: "prospero", Description: "Prospero Directory Service"}, + 192: {Sym: "osu-nms", Description: "OSU Network Monitoring System"}, + 193: {Sym: "srmp", Description: "Spider Remote Monitoring Protocol"}, + 194: {Sym: "irc", Description: "Internet Relay Chat Protocol"}, + 195: {Sym: "dn6-nlm-aud", Description: "DNSIX Network Level Module Audit"}, + 196: {Sym: "dn6-smm-red", Description: "DNSIX Session Mgt Module Audit Redir"}, + 197: {Sym: "dls", Description: "Directory Location Service"}, + 198: {Sym: "dls-mon", Description: "Directory Location Service Monitor"}, + 199: {Sym: "smux", Description: "SMUX"}, + 200: {Sym: "src", Description: "IBM System Resource Controller"}, + 201: {Sym: "at-rtmp", Description: "AppleTalk Routing Maintenance"}, + 202: {Sym: "at-nbp", Description: "AppleTalk Name Binding"}, + 203: {Sym: "at-3", Description: "AppleTalk Unused"}, + 204: {Sym: "at-echo", Description: "AppleTalk Echo"}, + 205: {Sym: "at-5", Description: "AppleTalk Unused"}, + 206: {Sym: "at-zis", Description: "AppleTalk Zone Information"}, + 207: {Sym: "at-7", Description: "AppleTalk Unused"}, + 208: {Sym: "at-8", Description: "AppleTalk Unused"}, + 209: {Sym: "qmtp", Description: "The Quick Mail Transfer Protocol"}, + 210: {Sym: "50", Description: "ANSI Z39.50"}, + 211: {Sym: "g", Description: "Texas Instruments 914C/G Terminal"}, + 212: {Sym: "anet", Description: "ATEXSSTR"}, + 213: {Sym: "ipx", Description: "IPX \t"}, + 214: {Sym: "vmpwscs", Description: "VM PWSCS"}, + 215: {Sym: "softpc", Description: "Insignia Solutions"}, + 216: {Sym: "CAIlic", Description: "Computer Associates Int'l License Server"}, + 217: {Sym: "dbase", Description: "dBASE Unix"}, + 218: {Sym: "mpp", Description: "Netix Message Posting Protocol"}, + 219: {Sym: "uarps", Description: "Unisys ARPs"}, + 220: {Sym: "imap3", Description: "Interactive Mail Access Protocol v3"}, + 221: {Sym: "fln-spx", Description: "Berkeley rlogind with SPX auth"}, + 222: {Sym: "rsh-spx", Description: "Berkeley rshd with SPX auth"}, + 223: {Sym: "cdc", Description: "Certificate Distribution Center"}, + 224: {Sym: "masqdialer", Description: "masqdialer"}, + 242: {Sym: "direct", Description: "Direct"}, + 243: {Sym: "sur-meas", Description: "Survey Measurement"}, + 244: {Sym: "inbusiness", Description: "inbusiness"}, + 245: {Sym: "link", Description: "LINK"}, + 246: {Sym: "dsp3270", Description: "Display Systems Protocol"}, + 247: {Sym: "subntbcst_tftp", Description: "SUBNTBCST_TFTP"}, + 248: {Sym: "bhfhs", Description: "bhfhs"}, + 256: {Sym: "rap", Description: "RAP"}, + 257: {Sym: "set", Description: "Secure Electronic Transaction"}, + 258: {Sym: "yak-chat", Description: "Yak Winsock Personal Chat"}, + 259: {Sym: "esro-gen", Description: "Efficient Short Remote Operations"}, + 260: {Sym: "openport", Description: "Openport"}, + 261: {Sym: "nsiiops", Description: "IIOP Name Service over TLS/SSL"}, + 262: {Sym: "arcisdms", Description: "Arcisdms"}, + 263: {Sym: "hdap", Description: "HDAP"}, + 264: {Sym: "bgmp", Description: "BGMP"}, + 265: {Sym: "x-bone-ctl", Description: "X-Bone CTL"}, + 266: {Sym: "sst", Description: "SCSI on ST"}, + 267: {Sym: "td-service", Description: "Tobit David Service Layer"}, + 268: {Sym: "td-replica", Description: "Tobit David Replica"}, + 280: {Sym: "http-mgmt", Description: "http-mgmt"}, + 281: {Sym: "personal-link", Description: "Personal Link"}, + 282: {Sym: "cableport-ax", Description: "Cable Port A/X"}, + 283: {Sym: "rescap", Description: "rescap"}, + 284: {Sym: "corerjd", Description: "corerjd"}, + 286: {Sym: "fxp-1", Description: "FXP-1"}, + 287: {Sym: "k-block", Description: "K-BLOCK"}, + 308: {Sym: "novastorbakcup", Description: "Novastor Backup"}, + 309: {Sym: "entrusttime", Description: "EntrustTime"}, + 310: {Sym: "bhmds", Description: "bhmds"}, + 311: {Sym: "asip-webadmin", Description: "AppleShare IP WebAdmin"}, + 312: {Sym: "vslmp", Description: "VSLMP"}, + 313: {Sym: "magenta-logic", Description: "Magenta Logic"}, + 314: {Sym: "opalis-robot", Description: "Opalis Robot"}, + 315: {Sym: "dpsi", Description: "DPSI"}, + 316: {Sym: "decauth", Description: "decAuth"}, + 317: {Sym: "zannet", Description: "Zannet"}, + 318: {Sym: "pkix-timestamp", Description: "PKIX TimeStamp"}, + 319: {Sym: "ptp-event", Description: "PTP Event"}, + 320: {Sym: "ptp-general", Description: "PTP General"}, + 321: {Sym: "pip", Description: "PIP"}, + 322: {Sym: "rtsps", Description: "RTSPS"}, + 333: {Sym: "texar", Description: "Texar Security Port"}, + 344: {Sym: "pdap", Description: "Prospero Data Access Protocol"}, + 345: {Sym: "pawserv", Description: "Perf Analysis Workbench"}, + 346: {Sym: "zserv", Description: "Zebra server"}, + 347: {Sym: "fatserv", Description: "Fatmen Server"}, + 348: {Sym: "csi-sgwp", Description: "Cabletron Management Protocol"}, + 349: {Sym: "mftp", Description: "mftp"}, + 350: {Sym: "matip-type-a", Description: "MATIP Type A"}, + 351: {Sym: "matip-type-b", Description: "MATIP Type B"}, + 352: {Sym: "dtag-ste-sb", Description: "DTAG (assigned long ago)"}, + 353: {Sym: "ndsauth", Description: "NDSAUTH"}, + 354: {Sym: "bh611", Description: "bh611"}, + 355: {Sym: "datex-asn", Description: "DATEX-ASN"}, + 356: {Sym: "cloanto-net-1", Description: "Cloanto Net 1"}, + 357: {Sym: "bhevent", Description: "bhevent"}, + 358: {Sym: "shrinkwrap", Description: "Shrinkwrap"}, + 359: {Sym: "nsrmp", Description: "Network Security Risk Management Protocol"}, + 360: {Sym: "scoi2odialog", Description: "scoi2odialog"}, + 361: {Sym: "semantix", Description: "Semantix"}, + 362: {Sym: "srssend", Description: "SRS Send"}, + 363: {Sym: "rsvp_tunnel", Description: "RSVP Tunnel"}, + 364: {Sym: "aurora-cmgr", Description: "Aurora CMGR"}, + 365: {Sym: "dtk", Description: "DTK"}, + 366: {Sym: "odmr", Description: "ODMR"}, + 367: {Sym: "mortgageware", Description: "MortgageWare"}, + 368: {Sym: "qbikgdp", Description: "QbikGDP"}, + 369: {Sym: "rpc2portmap", Description: "rpc2portmap"}, + 370: {Sym: "codaauth2", Description: "codaauth2"}, + 371: {Sym: "clearcase", Description: "Clearcase"}, + 372: {Sym: "ulistproc", Description: "ListProcessor"}, + 373: {Sym: "legent-1", Description: "Legent Corporation"}, + 374: {Sym: "legent-2", Description: "Legent Corporation"}, + 375: {Sym: "hassle", Description: "Hassle"}, + 376: {Sym: "nip", Description: "Amiga Envoy Network Inquiry Proto"}, + 377: {Sym: "tnETOS", Description: "NEC Corporation"}, + 378: {Sym: "dsETOS", Description: "NEC Corporation"}, + 379: {Sym: "is99c", Description: "TIA/EIA/IS-99 modem client"}, + 380: {Sym: "is99s", Description: "TIA/EIA/IS-99 modem server"}, + 381: {Sym: "hp-collector", Description: "hp performance data collector"}, + 382: {Sym: "hp-managed-node", Description: "hp performance data managed node"}, + 383: {Sym: "hp-alarm-mgr", Description: "hp performance data alarm manager"}, + 384: {Sym: "arns", Description: "A Remote Network Server System"}, + 385: {Sym: "ibm-app", Description: "IBM Application"}, + 386: {Sym: "asa", Description: "ASA Message Router Object Def"}, + 387: {Sym: "aurp", Description: "Appletalk Update-Based Routing Pro"}, + 388: {Sym: "unidata-ldm", Description: "Unidata LDM"}, + 389: {Sym: "ldap", Description: "Lightweight Directory Access Protocol"}, + 390: {Sym: "uis", Description: "UIS"}, + 391: {Sym: "synotics-relay", Description: "SynOptics SNMP Relay Port"}, + 392: {Sym: "synotics-broker", Description: "SynOptics Port Broker Port"}, + 393: {Sym: "meta5", Description: "Meta5"}, + 394: {Sym: "embl-ndt", Description: "EMBL Nucleic Data Transfer"}, + 395: {Sym: "netcp", Description: "NETscout Control Protocol"}, + 396: {Sym: "netware-ip", Description: "Novell Netware over IP"}, + 397: {Sym: "mptn", Description: "Multi Protocol Trans. Net"}, + 398: {Sym: "kryptolan", Description: "Kryptolan"}, + 399: {Sym: "iso-tsap-c2", Description: "ISO Transport Class 2 Non-Control over TCP"}, + 400: {Sym: "work-sol", Description: "Workstation Solutions"}, + 401: {Sym: "ups", Description: "Uninterruptible Power Supply"}, + 402: {Sym: "genie", Description: "Genie Protocol"}, + 403: {Sym: "decap", Description: "decap"}, + 404: {Sym: "nced", Description: "nced"}, + 405: {Sym: "ncld", Description: "ncld"}, + 406: {Sym: "imsp", Description: "Interactive Mail Support Protocol"}, + 407: {Sym: "timbuktu", Description: "Timbuktu"}, + 408: {Sym: "prm-sm", Description: "Prospero Resource Manager Sys. Man"}, + 409: {Sym: "prm-nm", Description: "Prospero Resource Manager Node Man"}, + 410: {Sym: "decladebug", Description: "DECLadebug Remote Debug Protocol"}, + 411: {Sym: "rmt", Description: "Remote MT Protocol"}, + 412: {Sym: "synoptics-trap", Description: "Trap Convention Port"}, + 413: {Sym: "smsp", Description: "Storage Management Services Protocol"}, + 414: {Sym: "infoseek", Description: "InfoSeek"}, + 415: {Sym: "bnet", Description: "BNet"}, + 416: {Sym: "silverplatter", Description: "Silverplatter"}, + 417: {Sym: "onmux", Description: "Onmux"}, + 418: {Sym: "hyper-g", Description: "Hyper-G"}, + 419: {Sym: "ariel1", Description: "Ariel 1"}, + 420: {Sym: "smpte", Description: "SMPTE"}, + 421: {Sym: "ariel2", Description: "Ariel 2"}, + 422: {Sym: "ariel3", Description: "Ariel 3"}, + 423: {Sym: "opc-job-start", Description: "IBM Operations Planning and Control Start"}, + 424: {Sym: "opc-job-track", Description: "IBM Operations Planning and Control Track"}, + 425: {Sym: "icad-el", Description: "ICAD"}, + 426: {Sym: "smartsdp", Description: "smartsdp"}, + 427: {Sym: "svrloc", Description: "Server Location"}, + 428: {Sym: "ocs_cmu", Description: "OCS_CMU"}, + 429: {Sym: "ocs_amu", Description: "OCS_AMU"}, + 430: {Sym: "utmpsd", Description: "UTMPSD"}, + 431: {Sym: "utmpcd", Description: "UTMPCD"}, + 432: {Sym: "iasd", Description: "IASD"}, + 433: {Sym: "nnsp", Description: "NNSP"}, + 434: {Sym: "mobileip-agent", Description: "MobileIP-Agent"}, + 435: {Sym: "mobilip-mn", Description: "MobilIP-MN"}, + 436: {Sym: "dna-cml", Description: "DNA-CML"}, + 437: {Sym: "comscm", Description: "comscm"}, + 438: {Sym: "dsfgw", Description: "dsfgw"}, + 439: {Sym: "dasp", Description: "dasp Thomas Obermair"}, + 440: {Sym: "sgcp", Description: "sgcp"}, + 441: {Sym: "decvms-sysmgt", Description: "decvms-sysmgt"}, + 442: {Sym: "cvc_hostd", Description: "cvc_hostd"}, + 443: {Sym: "https", Description: "http protocol over TLS/SSL"}, + 444: {Sym: "snpp", Description: "Simple Network Paging Protocol"}, + 445: {Sym: "microsoft-ds", Description: "Microsoft-DS"}, + 446: {Sym: "ddm-rdb", Description: "DDM-RDB"}, + 447: {Sym: "ddm-dfm", Description: "DDM-RFM"}, + 448: {Sym: "ddm-ssl", Description: "DDM-SSL"}, + 449: {Sym: "as-servermap", Description: "AS Server Mapper"}, + 450: {Sym: "tserver", Description: "Computer Supported Telecomunication Applications"}, + 451: {Sym: "sfs-smp-net", Description: "Cray Network Semaphore server"}, + 452: {Sym: "sfs-config", Description: "Cray SFS config server"}, + 453: {Sym: "creativeserver", Description: "CreativeServer"}, + 454: {Sym: "contentserver", Description: "ContentServer"}, + 455: {Sym: "creativepartnr", Description: "CreativePartnr"}, + 456: {Sym: "macon-tcp", Description: "macon-tcp"}, + 457: {Sym: "scohelp", Description: "scohelp"}, + 458: {Sym: "appleqtc", Description: "apple quick time"}, + 459: {Sym: "ampr-rcmd", Description: "ampr-rcmd"}, + 460: {Sym: "skronk", Description: "skronk"}, + 461: {Sym: "datasurfsrv", Description: "DataRampSrv"}, + 462: {Sym: "datasurfsrvsec", Description: "DataRampSrvSec"}, + 463: {Sym: "alpes", Description: "alpes"}, + 464: {Sym: "kpasswd", Description: "kpasswd"}, + 465: {Sym: "urd", Description: "URL Rendesvous Directory for SSM"}, + 466: {Sym: "digital-vrc", Description: "digital-vrc"}, + 467: {Sym: "mylex-mapd", Description: "mylex-mapd"}, + 468: {Sym: "photuris", Description: "proturis"}, + 469: {Sym: "rcp", Description: "Radio Control Protocol"}, + 470: {Sym: "scx-proxy", Description: "scx-proxy"}, + 471: {Sym: "mondex", Description: "Mondex"}, + 472: {Sym: "ljk-login", Description: "ljk-login"}, + 473: {Sym: "hybrid-pop", Description: "hybrid-pop"}, + 474: {Sym: "tn-tl-w1", Description: "tn-tl-w1"}, + 475: {Sym: "tcpnethaspsrv", Description: "tcpnethaspsrv"}, + 476: {Sym: "tn-tl-fd1", Description: "tn-tl-fd1"}, + 477: {Sym: "ss7ns", Description: "ss7ns"}, + 478: {Sym: "spsc", Description: "spsc"}, + 479: {Sym: "iafserver", Description: "iafserver"}, + 480: {Sym: "iafdbase", Description: "iafdbase"}, + 481: {Sym: "ph", Description: "Ph service"}, + 482: {Sym: "bgs-nsi", Description: "bgs-nsi"}, + 483: {Sym: "ulpnet", Description: "ulpnet"}, + 484: {Sym: "integra-sme", Description: "Integra Software Management Environment"}, + 485: {Sym: "powerburst", Description: "Air Soft Power Burst"}, + 486: {Sym: "avian", Description: "avian"}, + 487: {Sym: "saft", Description: "saft Simple Asynchronous File Transfer"}, + 488: {Sym: "gss-http", Description: "gss-http"}, + 489: {Sym: "nest-protocol", Description: "nest-protocol"}, + 490: {Sym: "micom-pfs", Description: "micom-pfs"}, + 491: {Sym: "go-login", Description: "go-login"}, + 492: {Sym: "ticf-1", Description: "Transport Independent Convergence for FNA"}, + 493: {Sym: "ticf-2", Description: "Transport Independent Convergence for FNA"}, + 494: {Sym: "pov-ray", Description: "POV-Ray"}, + 495: {Sym: "intecourier", Description: "intecourier"}, + 496: {Sym: "pim-rp-disc", Description: "PIM-RP-DISC"}, + 497: {Sym: "dantz", Description: "dantz"}, + 498: {Sym: "siam", Description: "siam"}, + 499: {Sym: "iso-ill", Description: "ISO ILL Protocol"}, + 500: {Sym: "isakmp", Description: "isakmp"}, + 501: {Sym: "stmf", Description: "STMF"}, + 502: {Sym: "asa-appl-proto", Description: "asa-appl-proto"}, + 503: {Sym: "intrinsa", Description: "Intrinsa"}, + 504: {Sym: "citadel", Description: "citadel"}, + 505: {Sym: "mailbox-lm", Description: "mailbox-lm"}, + 506: {Sym: "ohimsrv", Description: "ohimsrv"}, + 507: {Sym: "crs", Description: "crs"}, + 508: {Sym: "xvttp", Description: "xvttp"}, + 509: {Sym: "snare", Description: "snare"}, + 510: {Sym: "fcp", Description: "FirstClass Protocol"}, + 511: {Sym: "passgo", Description: "PassGo"}, + 512: {Sym: "exec", Description: "remote process execution;"}, + 513: {Sym: "login", Description: "remote login a la telnet;"}, + 514: {Sym: "shell", Description: "cmd"}, + 515: {Sym: "printer", Description: "spooler"}, + 516: {Sym: "videotex", Description: "videotex"}, + 517: {Sym: "talk", Description: "like tenex link, but across"}, + 518: {Sym: "ntalk"}, + 519: {Sym: "utime", Description: "unixtime"}, + 520: {Sym: "efs", Description: "extended file name server"}, + 521: {Sym: "ripng", Description: "ripng"}, + 522: {Sym: "ulp", Description: "ULP"}, + 523: {Sym: "ibm-db2", Description: "IBM-DB2"}, + 524: {Sym: "ncp", Description: "NCP"}, + 525: {Sym: "timed", Description: "timeserver"}, + 526: {Sym: "tempo", Description: "newdate"}, + 527: {Sym: "stx", Description: "Stock IXChange"}, + 528: {Sym: "custix", Description: "Customer IXChange"}, + 529: {Sym: "irc-serv", Description: "IRC-SERV"}, + 530: {Sym: "courier", Description: "rpc"}, + 531: {Sym: "conference", Description: "chat"}, + 532: {Sym: "netnews", Description: "readnews"}, + 533: {Sym: "netwall", Description: "for emergency broadcasts"}, + 534: {Sym: "mm-admin", Description: "MegaMedia Admin"}, + 535: {Sym: "iiop", Description: "iiop"}, + 536: {Sym: "opalis-rdv", Description: "opalis-rdv"}, + 537: {Sym: "nmsp", Description: "Networked Media Streaming Protocol"}, + 538: {Sym: "gdomap", Description: "gdomap"}, + 539: {Sym: "apertus-ldp", Description: "Apertus Technologies Load Determination"}, + 540: {Sym: "uucp", Description: "uucpd\t\t"}, + 541: {Sym: "uucp-rlogin", Description: "uucp-rlogin"}, + 542: {Sym: "commerce", Description: "commerce"}, + 543: {Sym: "klogin"}, + 544: {Sym: "kshell", Description: "krcmd"}, + 545: {Sym: "appleqtcsrvr", Description: "appleqtcsrvr"}, + 546: {Sym: "dhcpv6-client", Description: "DHCPv6 Client"}, + 547: {Sym: "dhcpv6-server", Description: "DHCPv6 Server"}, + 548: {Sym: "afpovertcp", Description: "AFP over TCP"}, + 549: {Sym: "idfp", Description: "IDFP"}, + 550: {Sym: "new-rwho", Description: "new-who"}, + 551: {Sym: "cybercash", Description: "cybercash"}, + 552: {Sym: "devshr-nts", Description: "DeviceShare"}, + 553: {Sym: "pirp", Description: "pirp"}, + 554: {Sym: "rtsp", Description: "Real Time Stream Control Protocol"}, + 555: {Sym: "dsf"}, + 556: {Sym: "remotefs", Description: "rfs server"}, + 557: {Sym: "openvms-sysipc", Description: "openvms-sysipc"}, + 558: {Sym: "sdnskmp", Description: "SDNSKMP"}, + 559: {Sym: "teedtap", Description: "TEEDTAP"}, + 560: {Sym: "rmonitor", Description: "rmonitord"}, + 561: {Sym: "monitor"}, + 562: {Sym: "chshell", Description: "chcmd"}, + 563: {Sym: "nntps", Description: "nntp protocol over TLS/SSL (was snntp)"}, + 564: {Sym: "9pfs", Description: "plan 9 file service"}, + 565: {Sym: "whoami", Description: "whoami"}, + 566: {Sym: "streettalk", Description: "streettalk"}, + 567: {Sym: "banyan-rpc", Description: "banyan-rpc"}, + 568: {Sym: "ms-shuttle", Description: "microsoft shuttle"}, + 569: {Sym: "ms-rome", Description: "microsoft rome"}, + 570: {Sym: "meter", Description: "demon"}, + 571: {Sym: "meter", Description: "udemon"}, + 572: {Sym: "sonar", Description: "sonar"}, + 573: {Sym: "banyan-vip", Description: "banyan-vip"}, + 574: {Sym: "ftp-agent", Description: "FTP Software Agent System"}, + 575: {Sym: "vemmi", Description: "VEMMI"}, + 576: {Sym: "ipcd", Description: "ipcd"}, + 577: {Sym: "vnas", Description: "vnas"}, + 578: {Sym: "ipdd", Description: "ipdd"}, + 579: {Sym: "decbsrv", Description: "decbsrv"}, + 580: {Sym: "sntp-heartbeat", Description: "SNTP HEARTBEAT"}, + 581: {Sym: "bdp", Description: "Bundle Discovery Protocol"}, + 582: {Sym: "scc-security", Description: "SCC Security"}, + 583: {Sym: "philips-vc", Description: "Philips Video-Conferencing"}, + 584: {Sym: "keyserver", Description: "Key Server"}, + 585: {Sym: "imap4-ssl", Description: "IMAP4+SSL (use 993 instead)"}, + 586: {Sym: "password-chg", Description: "Password Change"}, + 587: {Sym: "submission", Description: "Submission"}, + 588: {Sym: "cal", Description: "CAL"}, + 589: {Sym: "eyelink", Description: "EyeLink"}, + 590: {Sym: "tns-cml", Description: "TNS CML"}, + 591: {Sym: "http-alt", Description: "FileMaker, Inc. - HTTP Alternate (see Port 80)"}, + 592: {Sym: "eudora-set", Description: "Eudora Set"}, + 593: {Sym: "http-rpc-epmap", Description: "HTTP RPC Ep Map"}, + 594: {Sym: "tpip", Description: "TPIP"}, + 595: {Sym: "cab-protocol", Description: "CAB Protocol"}, + 596: {Sym: "smsd", Description: "SMSD"}, + 597: {Sym: "ptcnameservice", Description: "PTC Name Service"}, + 598: {Sym: "sco-websrvrmg3", Description: "SCO Web Server Manager 3"}, + 599: {Sym: "acp", Description: "Aeolon Core Protocol"}, + 600: {Sym: "ipcserver", Description: "Sun IPC server"}, + 601: {Sym: "syslog-conn", Description: "Reliable Syslog Service"}, + 602: {Sym: "xmlrpc-beep", Description: "XML-RPC over BEEP"}, + 603: {Sym: "idxp", Description: "IDXP"}, + 604: {Sym: "tunnel", Description: "TUNNEL"}, + 605: {Sym: "soap-beep", Description: "SOAP over BEEP"}, + 606: {Sym: "urm", Description: "Cray Unified Resource Manager"}, + 607: {Sym: "nqs", Description: "nqs"}, + 608: {Sym: "sift-uft", Description: "Sender-Initiated/Unsolicited File Transfer"}, + 609: {Sym: "npmp-trap", Description: "npmp-trap"}, + 610: {Sym: "npmp-local", Description: "npmp-local"}, + 611: {Sym: "npmp-gui", Description: "npmp-gui"}, + 612: {Sym: "hmmp-ind", Description: "HMMP Indication"}, + 613: {Sym: "hmmp-op", Description: "HMMP Operation"}, + 614: {Sym: "sshell", Description: "SSLshell"}, + 615: {Sym: "sco-inetmgr", Description: "Internet Configuration Manager"}, + 616: {Sym: "sco-sysmgr", Description: "SCO System Administration Server"}, + 617: {Sym: "sco-dtmgr", Description: "SCO Desktop Administration Server"}, + 618: {Sym: "dei-icda", Description: "DEI-ICDA"}, + 619: {Sym: "compaq-evm", Description: "Compaq EVM"}, + 620: {Sym: "sco-websrvrmgr", Description: "SCO WebServer Manager"}, + 621: {Sym: "escp-ip", Description: "ESCP"}, + 622: {Sym: "collaborator", Description: "Collaborator"}, + 623: {Sym: "asf-rmcp", Description: "ASF Remote Management and Control Protocol"}, + 624: {Sym: "cryptoadmin", Description: "Crypto Admin"}, + 625: {Sym: "dec_dlm", Description: "DEC DLM"}, + 626: {Sym: "asia", Description: "ASIA"}, + 627: {Sym: "passgo-tivoli", Description: "PassGo Tivoli"}, + 628: {Sym: "qmqp", Description: "QMQP"}, + 629: {Sym: "3com-amp3", Description: "3Com AMP3"}, + 630: {Sym: "rda", Description: "RDA"}, + 631: {Sym: "ipp", Description: "IPP (Internet Printing Protocol)"}, + 632: {Sym: "bmpp", Description: "bmpp"}, + 633: {Sym: "servstat", Description: "Service Status update (Sterling Software)"}, + 634: {Sym: "ginad", Description: "ginad"}, + 635: {Sym: "rlzdbase", Description: "RLZ DBase"}, + 636: {Sym: "ldaps", Description: "ldap protocol over TLS/SSL (was sldap)"}, + 637: {Sym: "lanserver", Description: "lanserver"}, + 638: {Sym: "mcns-sec", Description: "mcns-sec"}, + 639: {Sym: "msdp", Description: "MSDP"}, + 640: {Sym: "entrust-sps", Description: "entrust-sps"}, + 641: {Sym: "repcmd", Description: "repcmd"}, + 642: {Sym: "esro-emsdp", Description: "ESRO-EMSDP V1.3"}, + 643: {Sym: "sanity", Description: "SANity"}, + 644: {Sym: "dwr", Description: "dwr"}, + 645: {Sym: "pssc", Description: "PSSC"}, + 646: {Sym: "ldp", Description: "LDP"}, + 647: {Sym: "dhcp-failover", Description: "DHCP Failover"}, + 648: {Sym: "rrp", Description: "Registry Registrar Protocol (RRP)"}, + 649: {Sym: "cadview-3d", Description: "Cadview-3d - streaming 3d models over the internet"}, + 650: {Sym: "obex", Description: "OBEX"}, + 651: {Sym: "ieee-mms", Description: "IEEE MMS"}, + 652: {Sym: "hello-port", Description: "HELLO_PORT"}, + 653: {Sym: "repscmd", Description: "RepCmd"}, + 654: {Sym: "aodv", Description: "AODV"}, + 655: {Sym: "tinc", Description: "TINC"}, + 656: {Sym: "spmp", Description: "SPMP"}, + 657: {Sym: "rmc", Description: "RMC"}, + 658: {Sym: "tenfold", Description: "TenFold"}, + 660: {Sym: "mac-srvr-admin", Description: "MacOS Server Admin"}, + 661: {Sym: "hap", Description: "HAP"}, + 662: {Sym: "pftp", Description: "PFTP"}, + 663: {Sym: "purenoise", Description: "PureNoise"}, + 664: {Sym: "asf-secure-rmcp", Description: "ASF Secure Remote Management and Control Protocol"}, + 665: {Sym: "sun-dr", Description: "Sun DR"}, + 666: {Sym: "mdqs"}, + 667: {Sym: "disclose", Description: "campaign contribution disclosures - SDR Technologies"}, + 668: {Sym: "mecomm", Description: "MeComm"}, + 669: {Sym: "meregister", Description: "MeRegister"}, + 670: {Sym: "vacdsm-sws", Description: "VACDSM-SWS"}, + 671: {Sym: "vacdsm-app", Description: "VACDSM-APP"}, + 672: {Sym: "vpps-qua", Description: "VPPS-QUA"}, + 673: {Sym: "cimplex", Description: "CIMPLEX"}, + 674: {Sym: "acap", Description: "ACAP"}, + 675: {Sym: "dctp", Description: "DCTP"}, + 676: {Sym: "vpps-via", Description: "VPPS Via"}, + 677: {Sym: "vpp", Description: "Virtual Presence Protocol"}, + 678: {Sym: "ggf-ncp", Description: "GNU Generation Foundation NCP"}, + 679: {Sym: "mrm", Description: "MRM"}, + 680: {Sym: "entrust-aaas", Description: "entrust-aaas"}, + 681: {Sym: "entrust-aams", Description: "entrust-aams"}, + 682: {Sym: "xfr", Description: "XFR"}, + 683: {Sym: "corba-iiop", Description: "CORBA IIOP"}, + 684: {Sym: "corba-iiop-ssl", Description: "CORBA IIOP SSL"}, + 685: {Sym: "mdc-portmapper", Description: "MDC Port Mapper"}, + 686: {Sym: "hcp-wismar", Description: "Hardware Control Protocol Wismar"}, + 687: {Sym: "asipregistry", Description: "asipregistry"}, + 688: {Sym: "realm-rusd", Description: "REALM-RUSD"}, + 689: {Sym: "nmap", Description: "NMAP"}, + 690: {Sym: "vatp", Description: "VATP"}, + 691: {Sym: "msexch-routing", Description: "MS Exchange Routing"}, + 692: {Sym: "hyperwave-isp", Description: "Hyperwave-ISP"}, + 693: {Sym: "connendp", Description: "connendp"}, + 694: {Sym: "ha-cluster", Description: "ha-cluster"}, + 695: {Sym: "ieee-mms-ssl", Description: "IEEE-MMS-SSL"}, + 696: {Sym: "rushd", Description: "RUSHD"}, + 697: {Sym: "uuidgen", Description: "UUIDGEN"}, + 698: {Sym: "olsr", Description: "OLSR"}, + 699: {Sym: "accessnetwork", Description: "Access Network"}, + 700: {Sym: "epp", Description: "Extensible Provisioning Protocol"}, + 701: {Sym: "lmp", Description: "Link Management Protocol (LMP)"}, + 702: {Sym: "iris-beep", Description: "IRIS over BEEP"}, + 704: {Sym: "elcsd", Description: "errlog copy/server daemon"}, + 705: {Sym: "agentx", Description: "AgentX"}, + 706: {Sym: "silc", Description: "SILC"}, + 707: {Sym: "borland-dsj", Description: "Borland DSJ"}, + 709: {Sym: "entrust-kmsh", Description: "Entrust Key Management Service Handler"}, + 710: {Sym: "entrust-ash", Description: "Entrust Administration Service Handler"}, + 711: {Sym: "cisco-tdp", Description: "Cisco TDP"}, + 712: {Sym: "tbrpf", Description: "TBRPF"}, + 729: {Sym: "netviewdm1", Description: "IBM NetView DM/6000 Server/Client"}, + 730: {Sym: "netviewdm2", Description: "IBM NetView DM/6000 send/tcp"}, + 731: {Sym: "netviewdm3", Description: "IBM NetView DM/6000 receive/tcp"}, + 741: {Sym: "netgw", Description: "netGW"}, + 742: {Sym: "netrcs", Description: "Network based Rev. Cont. Sys"}, + 744: {Sym: "flexlm", Description: "Flexible License Manager"}, + 747: {Sym: "fujitsu-dev", Description: "Fujitsu Device Control"}, + 748: {Sym: "ris-cm", Description: "Russell Info Sci Calendar Manager"}, + 749: {Sym: "kerberos-adm", Description: "kerberos administration"}, + 750: {Sym: "rfile"}, + 751: {Sym: "pump"}, + 752: {Sym: "qrh"}, + 753: {Sym: "rrh"}, + 754: {Sym: "tell", Description: "send"}, + 758: {Sym: "nlogin"}, + 759: {Sym: "con"}, + 760: {Sym: "ns"}, + 761: {Sym: "rxe"}, + 762: {Sym: "quotad"}, + 763: {Sym: "cycleserv"}, + 764: {Sym: "omserv"}, + 765: {Sym: "webster"}, + 767: {Sym: "phonebook", Description: "phone"}, + 769: {Sym: "vid"}, + 770: {Sym: "cadlock"}, + 771: {Sym: "rtip"}, + 772: {Sym: "cycleserv2"}, + 773: {Sym: "submit"}, + 774: {Sym: "rpasswd"}, + 775: {Sym: "entomb"}, + 776: {Sym: "wpages"}, + 777: {Sym: "multiling-http", Description: "Multiling HTTP"}, + 780: {Sym: "wpgs"}, + 800: {Sym: "mdbs_daemon"}, + 801: {Sym: "device"}, + 810: {Sym: "fcp-udp", Description: "FCP"}, + 828: {Sym: "itm-mcell-s", Description: "itm-mcell-s"}, + 829: {Sym: "pkix-3-ca-ra", Description: "PKIX-3 CA/RA"}, + 830: {Sym: "netconf-ssh", Description: "NETCONF over SSH"}, + 831: {Sym: "netconf-beep", Description: "NETCONF over BEEP"}, + 832: {Sym: "netconfsoaphttp", Description: "NETCONF for SOAP over HTTPS"}, + 833: {Sym: "netconfsoapbeep", Description: "NETCONF for SOAP over BEEP"}, + 847: {Sym: "dhcp-failover2", Description: "dhcp-failover 2"}, + 848: {Sym: "gdoi", Description: "GDOI"}, + 860: {Sym: "iscsi", Description: "iSCSI"}, + 861: {Sym: "owamp-control", Description: "OWAMP-Control"}, + 873: {Sym: "rsync", Description: "rsync"}, + 886: {Sym: "iclcnet-locate", Description: "ICL coNETion locate server"}, + 887: {Sym: "iclcnet_svinfo", Description: "ICL coNETion server info"}, + 888: {Sym: "accessbuilder", Description: "AccessBuilder"}, + 900: {Sym: "omginitialrefs", Description: "OMG Initial Refs"}, + 901: {Sym: "smpnameres", Description: "SMPNAMERES"}, + 902: {Sym: "ideafarm-chat", Description: "IDEAFARM-CHAT"}, + 903: {Sym: "ideafarm-catch", Description: "IDEAFARM-CATCH"}, + 910: {Sym: "kink", Description: "Kerberized Internet Negotiation of Keys (KINK)"}, + 911: {Sym: "xact-backup", Description: "xact-backup"}, + 912: {Sym: "apex-mesh", Description: "APEX relay-relay service"}, + 913: {Sym: "apex-edge", Description: "APEX endpoint-relay service"}, + 989: {Sym: "ftps-data", Description: "ftp protocol, data, over TLS/SSL"}, + 990: {Sym: "ftps", Description: "ftp protocol, control, over TLS/SSL"}, + 991: {Sym: "nas", Description: "Netnews Administration System"}, + 992: {Sym: "telnets", Description: "telnet protocol over TLS/SSL"}, + 993: {Sym: "imaps", Description: "imap4 protocol over TLS/SSL"}, + 994: {Sym: "ircs", Description: "irc protocol over TLS/SSL"}, + 995: {Sym: "pop3s", Description: "pop3 protocol over TLS/SSL (was spop3)"}, + 996: {Sym: "vsinet", Description: "vsinet"}, + 997: {Sym: "maitrd"}, + 998: {Sym: "busboy"}, + 999: {Sym: "garcon"}, + 1000: {Sym: "cadlock2"}, + 1010: {Sym: "surf", Description: "surf"}, +} diff --git a/format/inet/ether8023.go b/format/inet/ether8023.go deleted file mode 100644 index 05cd8c41..00000000 --- a/format/inet/ether8023.go +++ /dev/null @@ -1,113 +0,0 @@ -package inet - -// TODO: move to own package? - -import ( - "encoding/binary" - "fmt" - - "github.com/wader/fq/format" - "github.com/wader/fq/format/registry" - "github.com/wader/fq/pkg/decode" -) - -var ipv4Format decode.Group - -func init() { - registry.MustRegister(decode.Format{ - Name: format.ETHER8023, - Description: "Ethernet 802.3", - Dependencies: []decode.Dependency{ - {Names: []string{format.IPV4}, Group: &ipv4Format}, - }, - DecodeFn: decodeEthernet, - }) -} - -const ( - etherTypeIPv4 = 0x0800 -) - -// from https://en.wikipedia.org/wiki/EtherType -// TODO: cleanup -var etherTypeMap = decode.UToScalar{ - etherTypeIPv4: {Sym: "ipv4", Description: `Internet Protocol version 4`}, - 0x0806: {Sym: "arp", Description: `Address Resolution Protocol`}, - 0x0842: {Sym: "wake", Description: `Wake-on-LAN[9]`}, - 0x22f0: {Sym: "audio", Description: `Audio Video Transport Protocol`}, - 0x22f3: {Sym: "trill", Description: `IETF TRILL Protocol`}, - 0x22ea: {Sym: "srp", Description: `Stream Reservation Protocol`}, - 0x6002: {Sym: "dec", Description: `DEC MOP RC`}, - 0x6003: {Sym: "decnet", Description: `DECnet Phase IV, DNA Routing`}, - 0x6004: {Sym: "declat", Description: `DEC LAT`}, - 0x8035: {Sym: "Reverse", Description: `Reverse Address Resolution Protocol`}, - 0x809b: {Sym: "appletalk", Description: `AppleTalk`}, - 0x80f3: {Sym: "appletalk_arp", Description: `AppleTalk Address Resolution Protocol`}, - 0x8100: {Sym: "vlan", Description: `VLAN-tagged (IEEE 802.1Q)`}, - 0x8102: {Sym: "slpp", Description: `Simple Loop Prevention Protocol`}, - 0x8103: {Sym: "vlacp", Description: `Virtual Link Aggregation Control Protocol`}, - 0x8137: {Sym: "ipx", Description: `IPX`}, - 0x8204: {Sym: "qnx", Description: `QNX Qnet`}, - 0x86dd: {Sym: "ipv6", Description: `Internet Protocol Version 6`}, - 0x8808: {Sym: "flow_control", Description: `Ethernet flow control`}, - 0x8809: {Sym: "lacp", Description: `Ethernet Slow Protocols] such as the Link Aggregation Control Protocol`}, - 0x8819: {Sym: "cobranet", Description: `CobraNet`}, - 0x8847: {Sym: "mpls", Description: `MPLS unicast`}, - 0x8848: {Sym: "mpls", Description: `MPLS multicast`}, - 0x8863: {Sym: "pppoe_discovery", Description: `PPPoE Discovery Stage`}, - 0x8864: {Sym: "pppoe_session", Description: `PPPoE Session Stage`}, - 0x887b: {Sym: "homeplug", Description: `HomePlug 1.0 MME`}, - 0x888e: {Sym: "eap", Description: `EAP over LAN (IEEE 802.1X)`}, - 0x8892: {Sym: "profinet", Description: `PROFINET Protocol`}, - 0x889a: {Sym: "hyperscsi", Description: `HyperSCSI (SCSI over Ethernet)`}, - 0x88a2: {Sym: "ata", Description: `ATA over Ethernet`}, - 0x88a4: {Sym: "ethercat", Description: `EtherCAT Protocol`}, - 0x88a8: {Sym: "service", Description: `Service VLAN tag identifier (S-Tag) on Q-in-Q tunnel.`}, - 0x88ab: {Sym: "ethernet", Description: `Ethernet Powerlink`}, - 0x88b8: {Sym: "goose", Description: `GOOSE (Generic Object Oriented Substation event)`}, - 0x88b9: {Sym: "gse", Description: `GSE (Generic Substation Events) Management Services`}, - 0x88ba: {Sym: "sv", Description: `SV (Sampled Value Transmission)`}, - 0x88bf: {Sym: "mikrotik", Description: `MikroTik RoMON (unofficial)`}, - 0x88cc: {Sym: "link", Description: `Link Layer Discovery Protocol (LLDP)`}, - 0x88cd: {Sym: "sercos", Description: `SERCOS III`}, - 0x88e1: {Sym: "homeplug", Description: `HomePlug Green PHY`}, - 0x88e3: {Sym: "media", Description: `Media Redundancy Protocol (IEC62439-2)`}, - 0x88e5: {Sym: "ieee", Description: `IEEE 802.1AE MAC security (MACsec)`}, - 0x88e7: {Sym: "provider", Description: `Provider Backbone Bridges (PBB) (IEEE 802.1ah)`}, - 0x88f7: {Sym: "precision", Description: `Precision Time Protocol (PTP) over IEEE 802.3 Ethernet`}, - 0x88f8: {Sym: "nc", Description: `NC-SI`}, - 0x88fb: {Sym: "parallel", Description: `Parallel Redundancy Protocol (PRP)`}, - 0x8902: {Sym: "ieee", Description: `IEEE 802.1ag Connectivity Fault Management (CFM) Protocol / ITU-T Recommendation Y.1731 (OAM)`}, - 0x8906: {Sym: "fibre", Description: `Fibre Channel over Ethernet (FCoE)`}, - 0x8914: {Sym: "fcoe", Description: `FCoE Initialization Protocol`}, - 0x8915: {Sym: "rdma", Description: `RDMA over Converged Ethernet (RoCE)`}, - 0x891d: {Sym: "ttethernet", Description: `TTEthernet Protocol Control Frame (TTE)`}, - 0x893a: {Sym: "1905", Description: `1905.1 IEEE Protocol`}, - 0x892f: {Sym: "high", Description: `High-availability Seamless Redundancy (HSR)`}, - 0x9000: {Sym: "ethernet", Description: `Ethernet Configuration Testing Protocol[12]`}, - 0xf1c1: {Sym: "redundancy", Description: `Redundancy Tag (IEEE 802.1CB Frame Replication and Elimination for Reliability)`}, -} - -var etherTypeFormat = map[uint64]*decode.Group{ - etherTypeIPv4: &ipv4Format, -} - -func mapUToEtherSym(s decode.Scalar) (decode.Scalar, error) { - var b [8]byte - binary.BigEndian.PutUint64(b[:], s.ActualU()) - s.Sym = fmt.Sprintf("%.2x:%.2x:%.2x:%.2x:%.2x:%.2x", b[2], b[3], b[4], b[5], b[6], b[7]) - return s, nil -} - -func decodeEthernet(d *decode.D, in interface{}) interface{} { - d.FieldU("destination", 48, mapUToEtherSym, d.Hex) - d.FieldU("source", 48, mapUToEtherSym, d.Hex) - etherType := d.FieldU16("ether_type", d.MapUToScalar(etherTypeMap), d.Hex) - if g, ok := etherTypeFormat[etherType]; ok { - d.FieldFormatLen("packet", d.BitsLeft(), *g, nil) - } else { - d.FieldRawLen("data", d.BitsLeft()) - } - - return nil -} diff --git a/format/inet/ether8023_frame.go b/format/inet/ether8023_frame.go new file mode 100644 index 00000000..7f603317 --- /dev/null +++ b/format/inet/ether8023_frame.go @@ -0,0 +1,50 @@ +package inet + +// TODO: move to own package? + +import ( + "encoding/binary" + "fmt" + + "github.com/wader/fq/format" + "github.com/wader/fq/format/registry" + "github.com/wader/fq/pkg/decode" +) + +var ether8023FrameIPv4Format decode.Group + +func init() { + registry.MustRegister(decode.Format{ + Name: format.ETHER8023_FRAME, + Description: "Ethernet 802.3 frame", + Dependencies: []decode.Dependency{ + {Names: []string{format.IPV4_PACKET}, Group: ðer8023FrameIPv4Format}, + }, + DecodeFn: decodeEthernet, + }) +} + +var ether8023FrameTypeFormat = map[uint64]*decode.Group{ + format.EtherTypeIPv4: ðer8023FrameIPv4Format, +} + +// TODO: move to shared? +func mapUToEtherSym(s decode.Scalar) (decode.Scalar, error) { + var b [8]byte + binary.BigEndian.PutUint64(b[:], s.ActualU()) + s.Sym = fmt.Sprintf("%.2x:%.2x:%.2x:%.2x:%.2x:%.2x", b[2], b[3], b[4], b[5], b[6], b[7]) + return s, nil +} + +func decodeEthernet(d *decode.D, in interface{}) interface{} { + d.FieldU("destination", 48, mapUToEtherSym, d.Hex) + d.FieldU("source", 48, mapUToEtherSym, d.Hex) + etherType := d.FieldU16("ether_type", d.MapUToScalar(format.EtherTypeMap), d.Hex) + if g, ok := ether8023FrameTypeFormat[etherType]; ok { + d.FieldFormatLen("packet", d.BitsLeft(), *g, nil) + } else { + d.FieldRawLen("data", d.BitsLeft()) + } + + return nil +} diff --git a/format/inet/flowsdecoder/flowsdecoder.go b/format/inet/flowsdecoder/flowsdecoder.go new file mode 100644 index 00000000..b05e83d3 --- /dev/null +++ b/format/inet/flowsdecoder/flowsdecoder.go @@ -0,0 +1,172 @@ +package flowsdecoder + +import ( + "bytes" + "encoding/binary" + "net" + + "github.com/google/gopacket" + "github.com/google/gopacket/ip4defrag" + "github.com/google/gopacket/layers" + "github.com/google/gopacket/reassembly" +) + +type IPEndpoint struct { + IP net.IP + Port int +} + +type TCPConnection struct { + ClientEndpoint IPEndpoint + ServerEnpoint IPEndpoint + ClientStream *bytes.Buffer + ServerStream *bytes.Buffer + + tcpstate *reassembly.TCPSimpleFSM + optchecker reassembly.TCPOptionCheck + net, transport gopacket.Flow +} + +func (t *TCPConnection) Accept(tcp *layers.TCP, ci gopacket.CaptureInfo, dir reassembly.TCPFlowDirection, nextSeq reassembly.Sequence, start *bool, ac reassembly.AssemblerContext) bool { + // has ok state? + if !t.tcpstate.CheckState(tcp, dir) { + // TODO: handle err? + return false + } + // has ok options? + if err := t.optchecker.Accept(tcp, ci, dir, nextSeq, start); err != nil { + // TODO: handle err? + return false + } + // TODO: checksum? + + // accept + return true +} + +func (t *TCPConnection) ReassembledSG(sg reassembly.ScatterGather, ac reassembly.AssemblerContext) { + dir, _, _, _ := sg.Info() + length, _ := sg.Lengths() + + data := sg.Fetch(length) + + switch dir { + case reassembly.TCPDirClientToServer: + t.ClientStream.Write(data) + case reassembly.TCPDirServerToClient: + t.ServerStream.Write(data) + } +} + +func (t *TCPConnection) ReassemblyComplete(ac reassembly.AssemblerContext) bool { + // do not remove the connection to allow last ACK + return false +} + +type IPV4Reassembled struct { + SourceIP net.IP + DestinationIP net.IP + Datagram []byte +} + +func (fd *Decoder) New(net, transport gopacket.Flow, tcp *layers.TCP, ac reassembly.AssemblerContext) reassembly.Stream { + fsmOptions := reassembly.TCPSimpleFSMOptions{ + SupportMissingEstablishment: true, + } + // TODO: get ip layer somehow? + stream := &TCPConnection{ + ClientEndpoint: IPEndpoint{ + IP: append([]byte(nil), net.Src().Raw()...), + Port: int(binary.BigEndian.Uint16(transport.Src().Raw())), + }, + ServerEnpoint: IPEndpoint{ + IP: append([]byte(nil), net.Dst().Raw()...), + Port: int(binary.BigEndian.Uint16(transport.Dst().Raw())), + }, + ClientStream: &bytes.Buffer{}, + ServerStream: &bytes.Buffer{}, + + net: net, + transport: transport, + tcpstate: reassembly.NewTCPSimpleFSM(fsmOptions), + optchecker: reassembly.NewTCPOptionCheck(), + } + + fd.TCPConnections = append(fd.TCPConnections, stream) + + return stream +} + +type Decoder struct { + TCPConnections []*TCPConnection + IPV4Reassbled []IPV4Reassembled + + ipv4Defrag *ip4defrag.IPv4Defragmenter + tcpAssembler *reassembly.Assembler +} + +func New() *Decoder { + flowDecoder := &Decoder{} + streamPool := reassembly.NewStreamPool(flowDecoder) + tcpAssembler := reassembly.NewAssembler(streamPool) + flowDecoder.tcpAssembler = tcpAssembler + flowDecoder.ipv4Defrag = ip4defrag.NewIPv4Defragmenter() + + return flowDecoder +} + +func (fd *Decoder) SLLPacket(bs []byte) { + fd.packet(gopacket.NewPacket(bs, layers.LayerTypeLinuxSLL, gopacket.Lazy)) +} + +func (fd *Decoder) EthernetFrame(bs []byte) { + fd.packet(gopacket.NewPacket(bs, layers.LayerTypeEthernet, gopacket.Lazy)) +} + +func (fd *Decoder) packet(p gopacket.Packet) { + // TODO: linkType + ip4Layer := p.Layer(layers.LayerTypeIPv4) + if ip4Layer != nil { + ip4, _ := ip4Layer.(*layers.IPv4) + l := ip4.Length + newip4, err := fd.ipv4Defrag.DefragIPv4(ip4) + if err != nil { + panic(err) + } else if newip4 != nil { + // TODO: correct way to detect finished reassemble? + if newip4.Length != l { + // TODO: better way to reconstruct package? + sb := gopacket.NewSerializeBuffer() + b, _ := sb.PrependBytes(len(newip4.Payload)) + copy(b, newip4.Payload) + _ = newip4.SerializeTo(sb, gopacket.SerializeOptions{ + FixLengths: true, + ComputeChecksums: true, + }) + + fd.IPV4Reassbled = append(fd.IPV4Reassbled, IPV4Reassembled{ + SourceIP: ip4.SrcIP, + DestinationIP: ip4.DstIP, + Datagram: sb.Bytes(), + }) + + pb, ok := p.(gopacket.PacketBuilder) + if !ok { + panic("not a PacketBuilder") + } + nextDecoder := newip4.NextLayerType() + _ = nextDecoder.Decode(newip4.Payload, pb) + } + } + } + + tcp := p.Layer(layers.LayerTypeTCP) + if tcp != nil { + tcp, _ := tcp.(*layers.TCP) + fd.tcpAssembler.Assemble(p.NetworkLayer().NetworkFlow(), tcp) + } +} + +func (fd *Decoder) Flush() { + fd.tcpAssembler.FlushAll() +} diff --git a/format/inet/icmp.go b/format/inet/icmp.go new file mode 100644 index 00000000..b35255e4 --- /dev/null +++ b/format/inet/icmp.go @@ -0,0 +1,110 @@ +package inet + +import ( + "github.com/wader/fq/format" + "github.com/wader/fq/format/registry" + "github.com/wader/fq/pkg/decode" +) + +func init() { + registry.MustRegister(decode.Format{ + Name: format.ICMP, + Description: "Internet Control Message Protocol", + DecodeFn: decodeICMP, + }) +} + +// based on https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol +var icmpTypeMap = decode.UToScalar{ + 0: {Sym: "echo_reply", Description: "Echo reply"}, + 3: {Sym: "unreachable", Description: "Destination network unreachable"}, + 4: {Sym: "source_quench", Description: "Source quench (congestion control)"}, + 5: {Sym: "redirect", Description: "Redirect Datagram for the Network"}, + 6: {Description: "Alternate Host Address"}, + 8: {Sym: "echo_request", Description: "Echo request"}, + 9: {Sym: "router_advertisement", Description: "Router Advertisement"}, + 10: {Sym: "router_solicitation", Description: "Router discovery/selection/solicitation"}, + 11: {Sym: "time_exceeded", Description: "TTL expired in transit"}, + 12: {Sym: "parameter_problem", Description: "Pointer indicates the error"}, + 13: {Sym: "timestamp", Description: "Timestamp"}, + 14: {Sym: "timestamp_reply", Description: "Timestamp reply"}, + 15: {Sym: "information_request", Description: "Information Request"}, + 16: {Sym: "information_reply", Description: "Information Reply"}, + 17: {Sym: "address_mask_request", Description: "Address Mask Request"}, + 18: {Sym: "address_mask_reply", Description: "Address Mask Reply"}, + 30: {Sym: "traceroute", Description: "Information Request"}, + 31: {Description: "Datagram Conversion Error"}, + 32: {Description: "Mobile Host Redirect"}, + 33: {Description: "Where-Are-You (originally meant for IPv6)"}, + 34: {Description: "Here-I-Am (originally meant for IPv6)"}, + 35: {Description: "Mobile Registration Request"}, + 36: {Description: "Mobile Registration Reply"}, + 37: {Description: "Domain Name Request"}, + 38: {Description: "Domain Name Reply"}, + 39: {Description: "Simple Key-Management for Internet Protocol"}, + 40: {Sym: "photuris"}, + 41: {Description: "Experimental icmp for experimental mobility protocols"}, + 42: {Sym: "extended_echo_request", Description: "Request Extended Echo"}, + 43: {Sym: "extended_echo_reply", Description: "No Error"}, +} + +var icmpCodeMapMap = map[uint64]decode.UToScalar{ + 3: { + 1: {Description: "Destination host unreachable"}, + 2: {Description: "Destination protocol unreachable"}, + 3: {Description: "Destination port unreachable"}, + 4: {Description: "Fragmentation required, and DF flag set"}, + 5: {Description: "Source route failed"}, + 6: {Description: "Destination network unknown"}, + 7: {Description: "Destination host unknown"}, + 8: {Description: "Source host isolated"}, + 9: {Description: "Network administratively prohibited"}, + 10: {Description: "Host administratively prohibited"}, + 11: {Description: "Network unreachable for ToS"}, + 12: {Description: "Host unreachable for ToS"}, + 13: {Description: "Communication administratively prohibited"}, + 14: {Description: "Host Precedence Violation"}, + 15: {Description: "Precedence cutoff in effect"}, + }, + 5: { + 0: {Description: "Redirect Datagram for the Network"}, + 1: {Description: "Redirect Datagram for the Host"}, + 2: {Description: "Redirect Datagram for the ToS & network"}, + 3: {Description: "Redirect Datagram for the ToS & host"}, + }, + 11: { + 0: {Description: "TTL expired in transit"}, + 1: {Description: "Fragment reassembly time exceeded"}, + }, + 12: { + 0: {Description: "Pointer indicates the error"}, + 1: {Description: "Missing a required option"}, + 2: {Description: "Bad length"}, + }, + 43: { + 0: {Description: "No Error"}, + 1: {Description: "Malformed Query"}, + 2: {Description: "No Such Interface"}, + 3: {Description: "No Such Table Entry"}, + 4: {Description: "Multiple Interfaces Satisfy Query"}, + }, +} + +func mapUMapUToScalar(u uint64, mm map[uint64]decode.UToScalar, fn func(m decode.UToScalar) func(s decode.Scalar) (decode.Scalar, error)) func(s decode.Scalar) (decode.Scalar, error) { + return func(s decode.Scalar) (decode.Scalar, error) { + m, ok := mm[u] + if !ok { + return s, nil + } + return fn(m)(s) + } +} + +func decodeICMP(d *decode.D, in interface{}) interface{} { + typ := d.FieldU8("type", d.MapUToScalar(icmpTypeMap)) + d.FieldU8("code", mapUMapUToScalar(typ, icmpCodeMapMap, d.MapUToScalar)) + d.FieldU16("checksum") + d.FieldRawLen("content", d.BitsLeft()) + + return nil +} diff --git a/format/inet/ipv4.go b/format/inet/ipv4.go deleted file mode 100644 index 4754e140..00000000 --- a/format/inet/ipv4.go +++ /dev/null @@ -1,73 +0,0 @@ -package inet - -import ( - "encoding/binary" - "net" - - "github.com/wader/fq/format" - "github.com/wader/fq/format/registry" - "github.com/wader/fq/pkg/decode" -) - -var udpFormat decode.Group -var tcpFormat decode.Group - -func init() { - registry.MustRegister(decode.Format{ - Name: format.IPV4, - Description: "Internet protocol v4", - Dependencies: []decode.Dependency{ - {Names: []string{format.UDP}, Group: &udpFormat}, - {Names: []string{format.TCP}, Group: &tcpFormat}, - }, - DecodeFn: decodeIPv4, - }) -} - -const ( - ipv4ProtocolTCP = 6 - ipv4ProtocolUDP = 17 -) - -var ipv4ProtocolFormat = map[uint64]*decode.Group{ - ipv4ProtocolUDP: &udpFormat, - ipv4ProtocolTCP: &tcpFormat, -} - -func mapUToIPv4Sym(s decode.Scalar) (decode.Scalar, error) { - var b [4]byte - binary.BigEndian.PutUint32(b[:], uint32(s.ActualU())) - s.Sym = net.IP(b[:]).String() - return s, nil -} - -func decodeIPv4(d *decode.D, in interface{}) interface{} { - d.FieldU4("version") - ihl := d.FieldU4("ihl") - d.FieldU6("dscp") - d.FieldU2("ecn") - totalLength := d.FieldU16("total_length") - d.FieldU16("identification") - d.FieldU1("reserved") - d.FieldBool("dont_fragment") - moreFragments := d.FieldBool("more_fragments") - fragmentOffset := d.FieldU13("fragment_offset") - d.FieldU8("ttl") - protocol := d.FieldU8("protocol", d.MapUToScalar(ipv4ProtocolMap)) - d.FieldU16("header_checksum", d.Hex) - d.FieldU32("source_ip", mapUToIPv4Sym, d.Hex) - d.FieldU32("destination_ip", mapUToIPv4Sym, d.Hex) - if ihl > 5 { - d.FieldRawLen("options", (int64(ihl)-5)*8*4) - } - - dataLen := int64(totalLength-(ihl*4)) * 8 - g, ok := ipv4ProtocolFormat[protocol] - if !ok || moreFragments || fragmentOffset > 0 { - d.FieldRawLen("data", dataLen) - } else { - d.FieldFormatLen("data", dataLen, *g, nil) - } - - return nil -} diff --git a/format/inet/ipv4_packet.go b/format/inet/ipv4_packet.go new file mode 100644 index 00000000..e893b98a --- /dev/null +++ b/format/inet/ipv4_packet.go @@ -0,0 +1,113 @@ +package inet + +import ( + "encoding/binary" + "net" + + "github.com/wader/fq/format" + "github.com/wader/fq/format/registry" + "github.com/wader/fq/pkg/checksum" + "github.com/wader/fq/pkg/decode" +) + +var udpPacketFormat decode.Group +var tcpPacketFormat decode.Group +var icmpFormat decode.Group + +func init() { + registry.MustRegister(decode.Format{ + Name: format.IPV4_PACKET, + Description: "Internet protocol v4 packet", + Dependencies: []decode.Dependency{ + {Names: []string{format.UDP_DATAGRAM}, Group: &udpPacketFormat}, + {Names: []string{format.TCP_SEGMENT}, Group: &tcpPacketFormat}, + {Names: []string{format.ICMP}, Group: &icmpFormat}, + }, + DecodeFn: decodeIPv4, + }) +} + +const ( + ipv4OptionEnd = 0 + ipv4OptionNop = 1 +) + +var ipv4OptionsMap = decode.UToScalar{ + ipv4OptionEnd: {Sym: "end", Description: "End of options list"}, + ipv4OptionNop: {Sym: "nop", Description: "No operation"}, + 2: {Description: "Security"}, + 3: {Description: "Loose Source Routing"}, + 9: {Description: "Strict Source Routing"}, + 7: {Description: "Record Route"}, + 8: {Description: "Stream ID"}, + 4: {Description: "Internet Timestamp"}, +} + +var ipv4ProtocolFormat = map[uint64]*decode.Group{ + format.IPv4ProtocolUDP: &udpPacketFormat, + format.IPv4ProtocolTCP: &tcpPacketFormat, + format.IPv4ProtocolICMP: &icmpFormat, +} + +func mapUToIPv4Sym(s decode.Scalar) (decode.Scalar, error) { + var b [4]byte + binary.BigEndian.PutUint32(b[:], uint32(s.ActualU())) + s.Sym = net.IP(b[:]).String() + return s, nil +} + +func decodeIPv4(d *decode.D, in interface{}) interface{} { + d.FieldU4("version") + ihl := d.FieldU4("ihl") + d.FieldU6("dscp") + d.FieldU2("ecn") + totalLength := d.FieldU16("total_length") + d.FieldU16("identification") + d.FieldU1("reserved") + d.FieldBool("dont_fragment") + moreFragments := d.FieldBool("more_fragments") + fragmentOffset := d.FieldU13("fragment_offset") + d.FieldU8("ttl") + protocol := d.FieldU8("protocol", d.MapUToScalar(format.IPv4ProtocolMap)) + checksumStart := d.Pos() + d.FieldU16("header_checksum", d.Hex) + checksumEnd := d.Pos() + d.FieldU32("source_ip", mapUToIPv4Sym, d.Hex) + d.FieldU32("destination_ip", mapUToIPv4Sym, d.Hex) + optionsLen := (int64(ihl) - 5) * 8 * 4 + if optionsLen > 0 { + d.LenFn(optionsLen, func(d *decode.D) { + d.FieldArray("options", func(d *decode.D) { + for !d.End() { + d.FieldStruct("option", func(d *decode.D) { + d.FieldBool("copied") + d.FieldU2("class") + kind := d.FieldU5("number", d.MapUToScalar(ipv4OptionsMap)) + switch kind { + case ipv4OptionEnd, ipv4OptionNop: + default: + l := d.FieldU8("length") + d.FieldRawLen("data", (int64(l-2))*8) + } + }) + } + }) + }) + } + headerEnd := d.Pos() + + ipv4Checksum := &checksum.IPv4{} + d.MustCopy(ipv4Checksum, d.BitBufRange(0, checksumStart)) + d.MustCopy(ipv4Checksum, d.BitBufRange(checksumEnd, headerEnd-checksumEnd)) + _ = d.FieldMustGet("header_checksum").TryScalarFn(d.ValidateUBytes(ipv4Checksum.Sum(nil)), d.Hex) + + dataLen := int64(totalLength-(ihl*4)) * 8 + g, ok := ipv4ProtocolFormat[protocol] + if !ok || moreFragments || fragmentOffset > 0 { + d.FieldRawLen("data", dataLen) + } else { + d.FieldFormatLen("data", dataLen, *g, nil) + } + + return nil +} diff --git a/format/inet/protocols.go b/format/inet/protocols.go deleted file mode 100644 index 197c02de..00000000 --- a/format/inet/protocols.go +++ /dev/null @@ -1,145 +0,0 @@ -package inet - -import "github.com/wader/fq/pkg/decode" - -// based on etc/services from Darwin/FreeBSD -// cat /etc/protocols | grep -v '^#' | jq -rR 'capture("(?[\\w\\d-]+)\\s+(?\\d+)\\s+.*#\\s+(?.*)") | "\(.nr): {Sym: \(.name|tojson), Description: \(.desc|tojson)},"' - -var ipv4ProtocolMap = decode.UToScalar{ - 0: {Sym: "ip", Description: "internet protocol, pseudo protocol number"}, - 1: {Sym: "icmp", Description: "internet control message protocol"}, - 2: {Sym: "igmp", Description: "internet group management protocol"}, - 3: {Sym: "ggp", Description: "gateway-gateway protocol"}, - 4: {Sym: "ipencap", Description: "IP encapsulated in IP"}, - 5: {Sym: "st2", Description: "ST2 datagram mode"}, - 6: {Sym: "tcp", Description: "transmission control protocol"}, - 7: {Sym: "cbt"}, - 8: {Sym: "egp", Description: "exterior gateway protocol"}, - 9: {Sym: "igp", Description: "any private interior gateway"}, - 10: {Sym: "bbn-rcc", Description: "BBN RCC Monitoring"}, - 11: {Sym: "nvp", Description: "Network Voice Protocol"}, - 12: {Sym: "pup", Description: "PARC universal packet protocol"}, - 13: {Sym: "argus", Description: "ARGUS"}, - 14: {Sym: "emcon", Description: "EMCON"}, - 15: {Sym: "xnet", Description: "Cross Net Debugger"}, - 16: {Sym: "chaos", Description: "Chaos"}, - 17: {Sym: "udp", Description: "user datagram protocol"}, - 18: {Sym: "mux", Description: "Multiplexing protocol"}, - 19: {Sym: "dcn", Description: "DCN Measurement Subsystems"}, - 20: {Sym: "hmp", Description: "host monitoring protocol"}, - 21: {Sym: "prm", Description: "packet radio measurement protocol"}, - 22: {Sym: "xns-idp", Description: "Xerox NS IDP"}, - 23: {Sym: "trunk-1", Description: "Trunk-1"}, - 24: {Sym: "trunk-2", Description: "Trunk-2"}, - 25: {Sym: "leaf-1", Description: "Leaf-1"}, - 26: {Sym: "leaf-2", Description: "Leaf-2"}, - 27: {Sym: "rdp", Description: "reliable datagram protocol"}, - 28: {Sym: "irtp", Description: "Internet Reliable Transaction Protocol"}, - 29: {Sym: "iso-tp4", Description: "ISO Transport Protocol Class 4"}, - 30: {Sym: "netblt", Description: "Bulk Data Transfer Protocol"}, - 31: {Sym: "mfe-nsp", Description: "MFE Network Services Protocol"}, - 32: {Sym: "merit-inp", Description: "MERIT Internodal Protocol"}, - 33: {Sym: "dccp", Description: "Datagram Congestion Control Protocol"}, - 34: {Sym: "3pc", Description: "Third Party Connect Protocol"}, - 35: {Sym: "idpr", Description: "Inter-Domain Policy Routing Protocol"}, - 36: {Sym: "xtp", Description: "Xpress Tranfer Protocol"}, - 37: {Sym: "ddp", Description: "Datagram Delivery Protocol"}, - 38: {Sym: "idpr-cmtp", Description: "IDPR Control Message Transport Proto"}, - 40: {Sym: "il", Description: "IL Transport Protocol"}, - 41: {Sym: "ipv6", Description: "ipv6"}, - 42: {Sym: "sdrp", Description: "Source Demand Routing Protocol"}, - 43: {Sym: "ipv6-route", Description: "routing header for ipv6"}, - 44: {Sym: "ipv6-frag", Description: "fragment header for ipv6"}, - 45: {Sym: "idrp", Description: "Inter-Domain Routing Protocol"}, - 46: {Sym: "rsvp", Description: "Resource ReSerVation Protocol"}, - 47: {Sym: "gre", Description: "Generic Routing Encapsulation"}, - 48: {Sym: "dsr", Description: "Dynamic Source Routing Protocol"}, - 49: {Sym: "bna", Description: "BNA"}, - 50: {Sym: "esp", Description: "encapsulating security payload"}, - 51: {Sym: "ah", Description: "authentication header"}, - 52: {Sym: "i-nlsp", Description: "Integrated Net Layer Security TUBA"}, - 53: {Sym: "swipe", Description: "IP with Encryption"}, - 54: {Sym: "narp", Description: "NBMA Address Resolution Protocol"}, - 55: {Sym: "mobile", Description: "IP Mobility"}, - 56: {Sym: "tlsp", Description: "Transport Layer Security Protocol"}, - 57: {Sym: "skip", Description: "SKIP"}, - 58: {Sym: "ipv6-icmp", Description: "ICMP for IPv6"}, - 59: {Sym: "ipv6-nonxt", Description: "no next header for ipv6"}, - 60: {Sym: "ipv6-opts", Description: "destination options for ipv6"}, - 62: {Sym: "cftp", Description: "CFTP"}, - 64: {Sym: "sat-expak", Description: "SATNET and Backroom EXPAK"}, - 65: {Sym: "kryptolan", Description: "Kryptolan"}, - 66: {Sym: "rvd", Description: "MIT Remote Virtual Disk Protocol"}, - 67: {Sym: "ippc", Description: "Internet Pluribus Packet Core"}, - 69: {Sym: "sat-mon", Description: "SATNET Monitoring"}, - 70: {Sym: "visa", Description: "VISA Protocol"}, - 71: {Sym: "ipcv", Description: "Internet Packet Core Utility"}, - 72: {Sym: "cpnx", Description: "Computer Protocol Network Executive"}, - 73: {Sym: "cphb", Description: "Computer Protocol Heart Beat"}, - 74: {Sym: "wsn", Description: "Wang Span Network"}, - 75: {Sym: "pvp", Description: "Packet Video Protocol"}, - 76: {Sym: "br-sat-mon", Description: "Backroom SATNET Monitoring"}, - 77: {Sym: "sun-nd", Description: "SUN ND PROTOCOL-Temporary"}, - 78: {Sym: "wb-mon", Description: "WIDEBAND Monitoring"}, - 79: {Sym: "wb-expak", Description: "WIDEBAND EXPAK"}, - 80: {Sym: "iso-ip", Description: "ISO Internet Protocol"}, - 81: {Sym: "vmtp", Description: "Versatile Message Transport"}, - 82: {Sym: "secure-vmtp", Description: "SECURE-VMTP"}, - 83: {Sym: "vines", Description: "VINES"}, - 84: {Sym: "ttp", Description: "TTP"}, - 85: {Sym: "nsfnet-igp", Description: "NSFNET-IGP"}, - 86: {Sym: "dgp", Description: "Dissimilar Gateway Protocol"}, - 87: {Sym: "tcf", Description: "TCF"}, - 88: {Sym: "eigrp", Description: "Enhanced Interior Routing Protocol (Cisco)"}, - 89: {Sym: "ospf", Description: "Open Shortest Path First IGP"}, - 90: {Sym: "sprite-rpc", Description: "Sprite RPC Protocol"}, - 91: {Sym: "larp", Description: "Locus Address Resolution Protocol"}, - 92: {Sym: "mtp", Description: "Multicast Transport Protocol"}, - 93: {Sym: "25", Description: "AX.25 Frames"}, - 94: {Sym: "ipip", Description: "Yet Another IP encapsulation"}, - 95: {Sym: "micp", Description: "Mobile Internetworking Control Pro."}, - 96: {Sym: "scc-sp", Description: "Semaphore Communications Sec. Pro."}, - 97: {Sym: "etherip", Description: "Ethernet-within-IP Encapsulation"}, - 98: {Sym: "encap", Description: "Yet Another IP encapsulation"}, - 100: {Sym: "gmtp", Description: "GMTP"}, - 101: {Sym: "ifmp", Description: "Ipsilon Flow Management Protocol"}, - 102: {Sym: "pnni", Description: "PNNI over IP"}, - 103: {Sym: "pim", Description: "Protocol Independent Multicast"}, - 104: {Sym: "aris", Description: "ARIS"}, - 105: {Sym: "scps", Description: "SCPS"}, - 106: {Sym: "qnx", Description: "QNX"}, - 107: {Sym: "n", Description: "Active Networks"}, - 108: {Sym: "ipcomp", Description: "IP Payload Compression Protocol"}, - 109: {Sym: "snp", Description: "Sitara Networks Protocol"}, - 110: {Sym: "compaq-peer", Description: "Compaq Peer Protocol"}, - 111: {Sym: "ipx-in-ip", Description: "IPX in IP"}, - 112: {Sym: "carp", Description: "Common Address Redundancy Protocol"}, - 113: {Sym: "pgm", Description: "PGM Reliable Transport Protocol"}, - 115: {Sym: "l2tp", Description: "Layer Two Tunneling Protocol"}, - 116: {Sym: "ddx", Description: "D-II Data Exchange"}, - 117: {Sym: "iatp", Description: "Interactive Agent Transfer Protocol"}, - 118: {Sym: "stp", Description: "Schedule Transfer Protocol"}, - 119: {Sym: "srp", Description: "SpectraLink Radio Protocol"}, - 120: {Sym: "uti", Description: "UTI"}, - 121: {Sym: "smp", Description: "Simple Message Protocol"}, - 122: {Sym: "sm", Description: "SM"}, - 123: {Sym: "ptp", Description: "Performance Transparency Protocol"}, - 124: {Sym: "isis", Description: "ISIS over IPv4"}, - 126: {Sym: "crtp", Description: "Combat Radio Transport Protocol"}, - 127: {Sym: "crudp", Description: "Combat Radio User Datagram"}, - 130: {Sym: "sps", Description: "Secure Packet Shield"}, - 131: {Sym: "pipe", Description: "Private IP Encapsulation within IP"}, - 132: {Sym: "sctp", Description: "Stream Control Transmission Protocol"}, - 133: {Sym: "fc", Description: "Fibre Channel"}, - 134: {Sym: "rsvp-e2e-ignore", Description: "Aggregation of RSVP for IP reservations"}, - 135: {Sym: "mobility-header", Description: "Mobility Support in IPv6"}, - 136: {Sym: "udplite", Description: "The UDP-Lite Protocol"}, - 137: {Sym: "mpls-in-ip", Description: "Encapsulating MPLS in IP"}, - 138: {Sym: "manet", Description: "MANET Protocols (RFC5498)"}, - 139: {Sym: "hip", Description: "Host Identity Protocol (RFC5201)"}, - 140: {Sym: "shim6", Description: "Shim6 Protocol (RFC5533)"}, - 141: {Sym: "wesp", Description: "Wrapped Encapsulating Security Payload (RFC5840)"}, - 142: {Sym: "rohc", Description: "Robust Header Compression (RFC5858)"}, - 240: {Sym: "pfsync", Description: "PF Synchronization"}, - 258: {Sym: "divert", Description: "Divert pseudo-protocol [non IANA]"}, -} diff --git a/format/inet/services.go b/format/inet/services.go deleted file mode 100644 index baaf4e49..00000000 --- a/format/inet/services.go +++ /dev/null @@ -1,1377 +0,0 @@ -package inet - -import "github.com/wader/fq/pkg/decode" - -// based on etc/services from Darwin/FreeBSD -// cat /etc/services | grep -v '^#' | jq -rR 'capture("(?[\\w\\d-]+)\\s+(?\\d+)/(?\\w+)\\s+.*#\\s+(?.*)") | select(.proto=="udp") | "\(.port): {Sym: \(.name|tojson), Description: \(.desc|tojson)},"' -// current truncated to < 1024 - -var udpPortMap = decode.UToScalar{ - 1: {Sym: "tcpmux", Description: "TCP Port Service Multiplexer"}, - 2: {Sym: "compressnet", Description: "Management Utility"}, - 3: {Sym: "compressnet", Description: "Compression Process"}, - 5: {Sym: "rje", Description: "Remote Job Entry"}, - 7: {Sym: "echo", Description: "Echo"}, - 9: {Sym: "discard", Description: "Discard"}, - 11: {Sym: "systat", Description: "Active Users"}, - 13: {Sym: "daytime", Description: "Daytime (RFC 867)"}, - 17: {Sym: "qotd", Description: "Quote of the Day"}, - 18: {Sym: "msp", Description: "Message Send Protocol"}, - 19: {Sym: "chargen", Description: "Character Generator"}, - 20: {Sym: "ftp-data", Description: "File Transfer [Default Data]"}, - 21: {Sym: "ftp", Description: "File Transfer [Control]"}, - 22: {Sym: "ssh", Description: "SSH Remote Login Protocol"}, - 23: {Sym: "telnet", Description: "Telnet"}, - 25: {Sym: "smtp", Description: "Simple Mail Transfer"}, - 27: {Sym: "nsw-fe", Description: "NSW User System FE"}, - 29: {Sym: "msg-icp", Description: "MSG ICP"}, - 31: {Sym: "msg-auth", Description: "MSG Authentication"}, - 33: {Sym: "dsp", Description: "Display Support Protocol"}, - 37: {Sym: "time", Description: "Time"}, - 38: {Sym: "rap", Description: "Route Access Protocol"}, - 39: {Sym: "rlp", Description: "Resource Location Protocol"}, - 41: {Sym: "graphics", Description: "Graphics"}, - 42: {Sym: "name", Description: "Host Name Server"}, - 44: {Sym: "mpm-flags", Description: "MPM FLAGS Protocol"}, - 45: {Sym: "mpm", Description: "Message Processing Module [recv]"}, - 46: {Sym: "mpm-snd", Description: "MPM [default send]"}, - 47: {Sym: "ni-ftp", Description: "NI FTP"}, - 48: {Sym: "auditd", Description: "Digital Audit Daemon"}, - 49: {Sym: "tacacs", Description: "Login Host Protocol (TACACS)"}, - 50: {Sym: "re-mail-ck", Description: "Remote Mail Checking Protocol"}, - 51: {Sym: "la-maint", Description: "IMP Logical Address Maintenance"}, - 52: {Sym: "xns-time", Description: "XNS Time Protocol"}, - 53: {Sym: "domain", Description: "Domain Name Server"}, - 54: {Sym: "xns-ch", Description: "XNS Clearinghouse"}, - 55: {Sym: "isi-gl", Description: "ISI Graphics Language"}, - 56: {Sym: "xns-auth", Description: "XNS Authentication"}, - 58: {Sym: "xns-mail", Description: "XNS Mail"}, - 61: {Sym: "ni-mail", Description: "NI MAIL"}, - 62: {Sym: "acas", Description: "ACA Services"}, - 64: {Sym: "covia", Description: "Communications Integrator (CI)"}, - 65: {Sym: "tacacs-ds", Description: "TACACS-Database Service"}, - 66: {Sym: "net", Description: "Oracle SQL*NET"}, - 67: {Sym: "bootps", Description: "Bootstrap Protocol Server"}, - 68: {Sym: "bootpc", Description: "Bootstrap Protocol Client"}, - 69: {Sym: "tftp", Description: "Trivial File Transfer"}, - 70: {Sym: "gopher", Description: "Gopher"}, - 71: {Sym: "netrjs-1", Description: "Remote Job Service"}, - 72: {Sym: "netrjs-2", Description: "Remote Job Service"}, - 73: {Sym: "netrjs-3", Description: "Remote Job Service"}, - 74: {Sym: "netrjs-4", Description: "Remote Job Service"}, - 76: {Sym: "deos", Description: "Distributed External Object Store"}, - 78: {Sym: "vettcp", Description: "vettcp"}, - 79: {Sym: "finger", Description: "Finger"}, - 80: {Sym: "http", Description: "World Wide Web HTTP"}, - 81: {Sym: "hosts2-ns", Description: "HOSTS2 Name Server"}, - 82: {Sym: "xfer", Description: "XFER Utility"}, - 83: {Sym: "mit-ml-dev", Description: "MIT ML Device"}, - 84: {Sym: "ctf", Description: "Common Trace Facility"}, - 85: {Sym: "mit-ml-dev", Description: "MIT ML Device"}, - 86: {Sym: "mfcobol", Description: "Micro Focus Cobol"}, - 88: {Sym: "kerberos", Description: "Kerberos"}, - 89: {Sym: "su-mit-tg", Description: "SU/MIT Telnet Gateway"}, - 90: {Sym: "dnsix", Description: "DNSIX Securit Attribute Token Map"}, - 91: {Sym: "mit-dov", Description: "MIT Dover Spooler"}, - 92: {Sym: "npp", Description: "Network Printing Protocol"}, - 93: {Sym: "dcp", Description: "Device Control Protocol"}, - 94: {Sym: "objcall", Description: "Tivoli Object Dispatcher"}, - 95: {Sym: "supdup", Description: "SUPDUP"}, - 96: {Sym: "dixie", Description: "DIXIE Protocol Specification"}, - 97: {Sym: "swift-rvf", Description: "Swift Remote Virtural File Protocol"}, - 98: {Sym: "tacnews", Description: "TAC News"}, - 99: {Sym: "metagram", Description: "Metagram Relay"}, - 101: {Sym: "hostname", Description: "NIC Host Name Server"}, - 102: {Sym: "iso-tsap", Description: "ISO-TSAP Class 0"}, - 103: {Sym: "gppitnp", Description: "Genesis Point-to-Point Trans Net"}, - 104: {Sym: "acr-nema", Description: "ACR-NEMA Digital Imag. & Comm. 300"}, - 105: {Sym: "cso", Description: "CCSO name server protocol"}, - // 105: {Sym: "csnet-ns", Description: "Mailbox Name Nameserver"}, - 106: {Sym: "3com-tsmux", Description: "3COM-TSMUX"}, - 107: {Sym: "rtelnet", Description: "Remote Telnet Service"}, - 108: {Sym: "snagas", Description: "SNA Gateway Access Server"}, - 109: {Sym: "pop2", Description: "Post Office Protocol - Version 2"}, - 110: {Sym: "pop3", Description: "Post Office Protocol - Version 3"}, - 111: {Sym: "sunrpc", Description: "SUN Remote Procedure Call"}, - 112: {Sym: "mcidas", Description: "McIDAS Data Transmission Protocol"}, - 113: {Sym: "auth", Description: "Authentication Service"}, - 114: {Sym: "audionews", Description: "Audio News Multicast"}, - 115: {Sym: "sftp", Description: "Simple File Transfer Protocol"}, - 116: {Sym: "ansanotify", Description: "ANSA REX Notify"}, - 117: {Sym: "uucp-path", Description: "UUCP Path Service"}, - 118: {Sym: "sqlserv", Description: "SQL Services"}, - 119: {Sym: "nntp", Description: "Network News Transfer Protocol"}, - 120: {Sym: "cfdptkt", Description: "CFDPTKT"}, - 121: {Sym: "erpc", Description: "Encore Expedited Remote Pro.Call"}, - 122: {Sym: "smakynet", Description: "SMAKYNET"}, - 123: {Sym: "ntp", Description: "Network Time Protocol"}, - 124: {Sym: "ansatrader", Description: "ANSA REX Trader"}, - 125: {Sym: "locus-map", Description: "Locus PC-Interface Net Map Ser"}, - 126: {Sym: "nxedit", Description: "NXEdit"}, - 127: {Sym: "locus-con", Description: "Locus PC-Interface Conn Server"}, - 128: {Sym: "gss-xlicen", Description: "GSS X License Verification"}, - 129: {Sym: "pwdgen", Description: "Password Generator Protocol"}, - 130: {Sym: "cisco-fna", Description: "cisco FNATIVE"}, - 131: {Sym: "cisco-tna", Description: "cisco TNATIVE"}, - 132: {Sym: "cisco-sys", Description: "cisco SYSMAINT"}, - 133: {Sym: "statsrv", Description: "Statistics Service"}, - 134: {Sym: "ingres-net", Description: "INGRES-NET Service"}, - 135: {Sym: "epmap", Description: "DCE endpoint resolution"}, - 136: {Sym: "profile", Description: "PROFILE Naming System"}, - 137: {Sym: "netbios-ns", Description: "NETBIOS Name Service"}, - 138: {Sym: "netbios-dgm", Description: "NETBIOS Datagram Service"}, - 139: {Sym: "netbios-ssn", Description: "NETBIOS Session Service"}, - 140: {Sym: "emfis-data", Description: "EMFIS Data Service"}, - 141: {Sym: "emfis-cntl", Description: "EMFIS Control Service"}, - 142: {Sym: "bl-idm", Description: "Britton-Lee IDM"}, - 143: {Sym: "imap", Description: "Internet Message Access Protocol"}, - 144: {Sym: "uma", Description: "Universal Management Architecture"}, - 145: {Sym: "uaac", Description: "UAAC Protocol"}, - 146: {Sym: "iso-tp0", Description: "ISO-IP0"}, - 147: {Sym: "iso-ip", Description: "ISO-IP"}, - 148: {Sym: "jargon", Description: "Jargon"}, - 149: {Sym: "aed-512", Description: "AED 512 Emulation Service"}, - 150: {Sym: "sql-net", Description: "SQL-NET"}, - 151: {Sym: "hems", Description: "HEMS"}, - 152: {Sym: "bftp", Description: "Background File Transfer Program"}, - 153: {Sym: "sgmp", Description: "SGMP"}, - 154: {Sym: "netsc-prod", Description: "NETSC"}, - 155: {Sym: "netsc-dev", Description: "NETSC"}, - 156: {Sym: "sqlsrv", Description: "SQL Service"}, - 157: {Sym: "knet-cmp", Description: "KNET/VM Command/Message Protocol"}, - 158: {Sym: "pcmail-srv", Description: "PCMail Server"}, - 159: {Sym: "nss-routing", Description: "NSS-Routing"}, - 160: {Sym: "sgmp-traps", Description: "SGMP-TRAPS"}, - 161: {Sym: "snmp", Description: "SNMP"}, - 162: {Sym: "snmptrap", Description: "SNMPTRAP"}, - 163: {Sym: "cmip-man", Description: "CMIP/TCP Manager"}, - 164: {Sym: "cmip-agent", Description: "CMIP/TCP Agent"}, - 165: {Sym: "xns-courier", Description: "Xerox"}, - 166: {Sym: "s-net", Description: "Sirius Systems"}, - 167: {Sym: "namp", Description: "NAMP"}, - 168: {Sym: "rsvd", Description: "RSVD"}, - 169: {Sym: "send", Description: "SEND"}, - 170: {Sym: "print-srv", Description: "Network PostScript"}, - 171: {Sym: "multiplex", Description: "Network Innovations Multiplex"}, - 172: {Sym: "1", Description: "Network Innovations CL/1"}, - 173: {Sym: "xyplex-mux", Description: "Xyplex"}, - 174: {Sym: "mailq", Description: "MAILQ"}, - 175: {Sym: "vmnet", Description: "VMNET"}, - 176: {Sym: "genrad-mux", Description: "GENRAD-MUX"}, - 177: {Sym: "xdmcp", Description: "X Display Manager Control Protocol"}, - 178: {Sym: "nextstep", Description: "NextStep Window Server"}, - 179: {Sym: "bgp", Description: "Border Gateway Protocol"}, - 180: {Sym: "ris", Description: "Intergraph"}, - 181: {Sym: "unify", Description: "Unify"}, - 182: {Sym: "audit", Description: "Unisys Audit SITP"}, - 183: {Sym: "ocbinder", Description: "OCBinder"}, - 184: {Sym: "ocserver", Description: "OCServer"}, - 185: {Sym: "remote-kis", Description: "Remote-KIS"}, - 186: {Sym: "kis", Description: "KIS Protocol"}, - 187: {Sym: "aci", Description: "Application Communication Interface"}, - 188: {Sym: "mumps", Description: "Plus Five's MUMPS"}, - 189: {Sym: "qft", Description: "Queued File Transport"}, - 190: {Sym: "gacp", Description: "Gateway Access Control Protocol"}, - 191: {Sym: "prospero", Description: "Prospero Directory Service"}, - 192: {Sym: "osu-nms", Description: "OSU Network Monitoring System"}, - 193: {Sym: "srmp", Description: "Spider Remote Monitoring Protocol"}, - 194: {Sym: "irc", Description: "Internet Relay Chat Protocol"}, - 195: {Sym: "dn6-nlm-aud", Description: "DNSIX Network Level Module Audit"}, - 196: {Sym: "dn6-smm-red", Description: "DNSIX Session Mgt Module Audit Redir"}, - 197: {Sym: "dls", Description: "Directory Location Service"}, - 198: {Sym: "dls-mon", Description: "Directory Location Service Monitor"}, - 199: {Sym: "smux", Description: "SMUX"}, - 200: {Sym: "src", Description: "IBM System Resource Controller"}, - 201: {Sym: "at-rtmp", Description: "AppleTalk Routing Maintenance"}, - 202: {Sym: "at-nbp", Description: "AppleTalk Name Binding"}, - 203: {Sym: "at-3", Description: "AppleTalk Unused"}, - 204: {Sym: "at-echo", Description: "AppleTalk Echo"}, - 205: {Sym: "at-5", Description: "AppleTalk Unused"}, - 206: {Sym: "at-zis", Description: "AppleTalk Zone Information"}, - 207: {Sym: "at-7", Description: "AppleTalk Unused"}, - 208: {Sym: "at-8", Description: "AppleTalk Unused"}, - 209: {Sym: "qmtp", Description: "The Quick Mail Transfer Protocol"}, - 210: {Sym: "50", Description: "ANSI Z39.50"}, - 211: {Sym: "g", Description: "Texas Instruments 914C/G Terminal"}, - 212: {Sym: "anet", Description: "ATEXSSTR"}, - 213: {Sym: "ipx", Description: "IPX"}, - 214: {Sym: "vmpwscs", Description: "VM PWSCS"}, - 215: {Sym: "softpc", Description: "Insignia Solutions"}, - 216: {Sym: "CAIlic", Description: "Computer Associates Int'l License Server"}, - 217: {Sym: "dbase", Description: "dBASE Unix"}, - 218: {Sym: "mpp", Description: "Netix Message Posting Protocol"}, - 219: {Sym: "uarps", Description: "Unisys ARPs"}, - 220: {Sym: "imap3", Description: "Interactive Mail Access Protocol v3"}, - 221: {Sym: "fln-spx", Description: "Berkeley rlogind with SPX auth"}, - 222: {Sym: "rsh-spx", Description: "Berkeley rshd with SPX auth"}, - 223: {Sym: "cdc", Description: "Certificate Distribution Center"}, - 224: {Sym: "masqdialer", Description: "masqdialer"}, - 242: {Sym: "direct", Description: "Direct"}, - 243: {Sym: "sur-meas", Description: "Survey Measurement"}, - 244: {Sym: "inbusiness", Description: "inbusiness"}, - 245: {Sym: "link", Description: "LINK"}, - 246: {Sym: "dsp3270", Description: "Display Systems Protocol"}, - 247: {Sym: "subntbcst_tftp", Description: "SUBNTBCST_TFTP"}, - 248: {Sym: "bhfhs", Description: "bhfhs"}, - 256: {Sym: "rap", Description: "RAP"}, - 257: {Sym: "set", Description: "Secure Electronic Transaction"}, - 258: {Sym: "yak-chat", Description: "Yak Winsock Personal Chat"}, - 259: {Sym: "esro-gen", Description: "Efficient Short Remote Operations"}, - 260: {Sym: "openport", Description: "Openport"}, - 261: {Sym: "nsiiops", Description: "IIOP Name Service over TLS/SSL"}, - 262: {Sym: "arcisdms", Description: "Arcisdms"}, - 263: {Sym: "hdap", Description: "HDAP"}, - 264: {Sym: "bgmp", Description: "BGMP"}, - 265: {Sym: "x-bone-ctl", Description: "X-Bone CTL"}, - 266: {Sym: "sst", Description: "SCSI on ST"}, - 267: {Sym: "td-service", Description: "Tobit David Service Layer"}, - 268: {Sym: "td-replica", Description: "Tobit David Replica"}, - 280: {Sym: "http-mgmt", Description: "http-mgmt"}, - 281: {Sym: "personal-link", Description: "Personal Link"}, - 282: {Sym: "cableport-ax", Description: "Cable Port A/X"}, - 283: {Sym: "rescap", Description: "rescap"}, - 284: {Sym: "corerjd", Description: "corerjd"}, - 286: {Sym: "fxp-1", Description: "FXP-1"}, - 287: {Sym: "k-block", Description: "K-BLOCK"}, - 308: {Sym: "novastorbakcup", Description: "Novastor Backup"}, - 309: {Sym: "entrusttime", Description: "EntrustTime"}, - 310: {Sym: "bhmds", Description: "bhmds"}, - 311: {Sym: "asip-webadmin", Description: "AppleShare IP WebAdmin"}, - 312: {Sym: "vslmp", Description: "VSLMP"}, - 313: {Sym: "magenta-logic", Description: "Magenta Logic"}, - 314: {Sym: "opalis-robot", Description: "Opalis Robot"}, - 315: {Sym: "dpsi", Description: "DPSI"}, - 316: {Sym: "decauth", Description: "decAuth"}, - 317: {Sym: "zannet", Description: "Zannet"}, - 318: {Sym: "pkix-timestamp", Description: "PKIX TimeStamp"}, - 319: {Sym: "ptp-event", Description: "PTP Event"}, - 320: {Sym: "ptp-general", Description: "PTP General"}, - 321: {Sym: "pip", Description: "PIP"}, - 322: {Sym: "rtsps", Description: "RTSPS"}, - 333: {Sym: "texar", Description: "Texar Security Port"}, - 344: {Sym: "pdap", Description: "Prospero Data Access Protocol"}, - 345: {Sym: "pawserv", Description: "Perf Analysis Workbench"}, - 346: {Sym: "zserv", Description: "Zebra server"}, - 347: {Sym: "fatserv", Description: "Fatmen Server"}, - 348: {Sym: "csi-sgwp", Description: "Cabletron Management Protocol"}, - 349: {Sym: "mftp", Description: "mftp"}, - 350: {Sym: "matip-type-a", Description: "MATIP Type A"}, - 351: {Sym: "matip-type-b", Description: "MATIP Type B"}, - // 351: {Sym: "bhoetty", Description: "bhoetty"}, - 352: {Sym: "dtag-ste-sb", Description: "DTAG"}, - // 352: {Sym: "bhoedap4", Description: "bhoedap4"}, - 353: {Sym: "ndsauth", Description: "NDSAUTH"}, - 354: {Sym: "bh611", Description: "bh611"}, - 355: {Sym: "datex-asn", Description: "DATEX-ASN"}, - 356: {Sym: "cloanto-net-1", Description: "Cloanto Net 1"}, - 357: {Sym: "bhevent", Description: "bhevent"}, - 358: {Sym: "shrinkwrap", Description: "Shrinkwrap"}, - 359: {Sym: "nsrmp", Description: "Network Security Risk Management Protocol"}, - 360: {Sym: "scoi2odialog", Description: "scoi2odialog"}, - 361: {Sym: "semantix", Description: "Semantix"}, - 362: {Sym: "srssend", Description: "SRS Send"}, - 363: {Sym: "rsvp_tunnel", Description: "RSVP Tunnel"}, - 364: {Sym: "aurora-cmgr", Description: "Aurora CMGR"}, - 365: {Sym: "dtk", Description: "DTK"}, - 366: {Sym: "odmr", Description: "ODMR"}, - 367: {Sym: "mortgageware", Description: "MortgageWare"}, - 368: {Sym: "qbikgdp", Description: "QbikGDP"}, - 369: {Sym: "rpc2portmap", Description: "rpc2portmap"}, - 370: {Sym: "codaauth2", Description: "codaauth2"}, - 371: {Sym: "clearcase", Description: "Clearcase"}, - 372: {Sym: "ulistproc", Description: "ListProcessor"}, - 373: {Sym: "legent-1", Description: "Legent Corporation"}, - 374: {Sym: "legent-2", Description: "Legent Corporation"}, - 375: {Sym: "hassle", Description: "Hassle"}, - 376: {Sym: "nip", Description: "Amiga Envoy Network Inquiry Proto"}, - 377: {Sym: "tnETOS", Description: "NEC Corporation"}, - 378: {Sym: "dsETOS", Description: "NEC Corporation"}, - 379: {Sym: "is99c", Description: "TIA/EIA/IS-99 modem client"}, - 380: {Sym: "is99s", Description: "TIA/EIA/IS-99 modem server"}, - 381: {Sym: "hp-collector", Description: "hp performance data collector"}, - 382: {Sym: "hp-managed-node", Description: "hp performance data managed node"}, - 383: {Sym: "hp-alarm-mgr", Description: "hp performance data alarm manager"}, - 384: {Sym: "arns", Description: "A Remote Network Server System"}, - 385: {Sym: "ibm-app", Description: "IBM Application"}, - 386: {Sym: "asa", Description: "ASA Message Router Object Def."}, - 387: {Sym: "aurp", Description: "Appletalk Update-Based Routing Pro."}, - 388: {Sym: "unidata-ldm", Description: "Unidata LDM"}, - 389: {Sym: "ldap", Description: "Lightweight Directory Access Protocol"}, - 390: {Sym: "uis", Description: "UIS"}, - 391: {Sym: "synotics-relay", Description: "SynOptics SNMP Relay Port"}, - 392: {Sym: "synotics-broker", Description: "SynOptics Port Broker Port"}, - 393: {Sym: "meta5", Description: "Meta5"}, - 394: {Sym: "embl-ndt", Description: "EMBL Nucleic Data Transfer"}, - 395: {Sym: "netcp", Description: "NETscout Control Protocol"}, - 396: {Sym: "netware-ip", Description: "Novell Netware over IP"}, - 397: {Sym: "mptn", Description: "Multi Protocol Trans. Net."}, - 398: {Sym: "kryptolan", Description: "Kryptolan"}, - 399: {Sym: "iso-tsap-c2", Description: "ISO Transport Class 2 Non-Control over UDP"}, - 400: {Sym: "work-sol", Description: "Workstation Solutions"}, - 401: {Sym: "ups", Description: "Uninterruptible Power Supply"}, - 402: {Sym: "genie", Description: "Genie Protocol"}, - 403: {Sym: "decap", Description: "decap"}, - 404: {Sym: "nced", Description: "nced"}, - 405: {Sym: "ncld", Description: "ncld"}, - 406: {Sym: "imsp", Description: "Interactive Mail Support Protocol"}, - 407: {Sym: "timbuktu", Description: "Timbuktu"}, - 408: {Sym: "prm-sm", Description: "Prospero Resource Manager Sys. Man."}, - 409: {Sym: "prm-nm", Description: "Prospero Resource Manager Node Man."}, - 410: {Sym: "decladebug", Description: "DECLadebug Remote Debug Protocol"}, - 411: {Sym: "rmt", Description: "Remote MT Protocol"}, - 412: {Sym: "synoptics-trap", Description: "Trap Convention Port"}, - 413: {Sym: "smsp", Description: "Storage Management Services Protocol"}, - 414: {Sym: "infoseek", Description: "InfoSeek"}, - 415: {Sym: "bnet", Description: "BNet"}, - 416: {Sym: "silverplatter", Description: "Silverplatter"}, - 417: {Sym: "onmux", Description: "Onmux"}, - 418: {Sym: "hyper-g", Description: "Hyper-G"}, - 419: {Sym: "ariel1", Description: "Ariel 1"}, - 420: {Sym: "smpte", Description: "SMPTE"}, - 421: {Sym: "ariel2", Description: "Ariel 2"}, - 422: {Sym: "ariel3", Description: "Ariel 3"}, - 423: {Sym: "opc-job-start", Description: "IBM Operations Planning and Control Start"}, - 424: {Sym: "opc-job-track", Description: "IBM Operations Planning and Control Track"}, - 425: {Sym: "icad-el", Description: "ICAD"}, - 426: {Sym: "smartsdp", Description: "smartsdp"}, - 427: {Sym: "svrloc", Description: "Server Location"}, - 428: {Sym: "ocs_cmu", Description: "OCS_CMU"}, - 429: {Sym: "ocs_amu", Description: "OCS_AMU"}, - 430: {Sym: "utmpsd", Description: "UTMPSD"}, - 431: {Sym: "utmpcd", Description: "UTMPCD"}, - 432: {Sym: "iasd", Description: "IASD"}, - 433: {Sym: "nnsp", Description: "NNSP"}, - 434: {Sym: "mobileip-agent", Description: "MobileIP-Agent"}, - 435: {Sym: "mobilip-mn", Description: "MobilIP-MN"}, - 436: {Sym: "dna-cml", Description: "DNA-CML"}, - 437: {Sym: "comscm", Description: "comscm"}, - 438: {Sym: "dsfgw", Description: "dsfgw"}, - 439: {Sym: "dasp", Description: "dasp"}, - 440: {Sym: "sgcp", Description: "sgcp"}, - 441: {Sym: "decvms-sysmgt", Description: "decvms-sysmgt"}, - 442: {Sym: "cvc_hostd", Description: "cvc_hostd"}, - 443: {Sym: "https", Description: "http protocol over TLS/SSL"}, - 444: {Sym: "snpp", Description: "Simple Network Paging Protocol"}, - 445: {Sym: "microsoft-ds", Description: "Microsoft-DS"}, - 446: {Sym: "ddm-rdb", Description: "DDM-RDB"}, - 447: {Sym: "ddm-dfm", Description: "DDM-RFM"}, - 448: {Sym: "ddm-ssl", Description: "DDM-SSL"}, - 449: {Sym: "as-servermap", Description: "AS Server Mapper"}, - 450: {Sym: "tserver", Description: "Computer Supported Telecomunication Applications"}, - 451: {Sym: "sfs-smp-net", Description: "Cray Network Semaphore server"}, - 452: {Sym: "sfs-config", Description: "Cray SFS config server"}, - 453: {Sym: "creativeserver", Description: "CreativeServer"}, - 454: {Sym: "contentserver", Description: "ContentServer"}, - 455: {Sym: "creativepartnr", Description: "CreativePartnr"}, - 456: {Sym: "macon-udp", Description: "macon-udp"}, - 457: {Sym: "scohelp", Description: "scohelp"}, - 458: {Sym: "appleqtc", Description: "apple quick time"}, - 459: {Sym: "ampr-rcmd", Description: "ampr-rcmd"}, - 460: {Sym: "skronk", Description: "skronk"}, - 461: {Sym: "datasurfsrv", Description: "DataRampSrv"}, - 462: {Sym: "datasurfsrvsec", Description: "DataRampSrvSec"}, - 463: {Sym: "alpes", Description: "alpes"}, - 464: {Sym: "kpasswd", Description: "kpasswd"}, - 465: {Sym: "igmpv3lite", Description: "IGMP over UDP for SSM"}, - 466: {Sym: "digital-vrc", Description: "digital-vrc"}, - 467: {Sym: "mylex-mapd", Description: "mylex-mapd"}, - 468: {Sym: "photuris", Description: "proturis"}, - 469: {Sym: "rcp", Description: "Radio Control Protocol"}, - 470: {Sym: "scx-proxy", Description: "scx-proxy"}, - 471: {Sym: "mondex", Description: "Mondex"}, - 472: {Sym: "ljk-login", Description: "ljk-login"}, - 473: {Sym: "hybrid-pop", Description: "hybrid-pop"}, - 474: {Sym: "tn-tl-w2", Description: "tn-tl-w2"}, - 475: {Sym: "tcpnethaspsrv", Description: "tcpnethaspsrv"}, - 476: {Sym: "tn-tl-fd1", Description: "tn-tl-fd1"}, - 477: {Sym: "ss7ns", Description: "ss7ns"}, - 478: {Sym: "spsc", Description: "spsc"}, - 479: {Sym: "iafserver", Description: "iafserver"}, - 480: {Sym: "iafdbase", Description: "iafdbase"}, - 481: {Sym: "ph", Description: "Ph service"}, - 482: {Sym: "bgs-nsi", Description: "bgs-nsi"}, - 483: {Sym: "ulpnet", Description: "ulpnet"}, - 484: {Sym: "integra-sme", Description: "Integra Software Management Environment"}, - 485: {Sym: "powerburst", Description: "Air Soft Power Burst"}, - 486: {Sym: "avian", Description: "avian"}, - 487: {Sym: "saft", Description: "saft Simple Asynchronous File Transfer"}, - 488: {Sym: "gss-http", Description: "gss-http"}, - 489: {Sym: "nest-protocol", Description: "nest-protocol"}, - 490: {Sym: "micom-pfs", Description: "micom-pfs"}, - 491: {Sym: "go-login", Description: "go-login"}, - 492: {Sym: "ticf-1", Description: "Transport Independent Convergence for FNA"}, - 493: {Sym: "ticf-2", Description: "Transport Independent Convergence for FNA"}, - 494: {Sym: "pov-ray", Description: "POV-Ray"}, - 495: {Sym: "intecourier", Description: "intecourier"}, - 496: {Sym: "pim-rp-disc", Description: "PIM-RP-DISC"}, - 497: {Sym: "dantz", Description: "dantz"}, - 498: {Sym: "siam", Description: "siam"}, - 499: {Sym: "iso-ill", Description: "ISO ILL Protocol"}, - 500: {Sym: "isakmp", Description: "isakmp"}, - 501: {Sym: "stmf", Description: "STMF"}, - 502: {Sym: "asa-appl-proto", Description: "asa-appl-proto"}, - 503: {Sym: "intrinsa", Description: "Intrinsa"}, - 504: {Sym: "citadel", Description: "citadel"}, - 505: {Sym: "mailbox-lm", Description: "mailbox-lm"}, - 506: {Sym: "ohimsrv", Description: "ohimsrv"}, - 507: {Sym: "crs", Description: "crs"}, - 508: {Sym: "xvttp", Description: "xvttp"}, - 509: {Sym: "snare", Description: "snare"}, - 510: {Sym: "fcp", Description: "FirstClass Protocol"}, - 511: {Sym: "passgo", Description: "PassGo"}, - 512: {Sym: "comsat"}, - 513: {Sym: "who", Description: "maintains data bases showing who's"}, - 514: {Sym: "syslog"}, - 515: {Sym: "printer", Description: "spooler"}, - 516: {Sym: "videotex", Description: "videotex"}, - 517: {Sym: "talk", Description: "like tenex link, but across"}, - 518: {Sym: "ntalk"}, - 519: {Sym: "utime", Description: "unixtime"}, - 520: {Sym: "router", Description: "local routing process (on site);"}, - 521: {Sym: "ripng", Description: "ripng"}, - 522: {Sym: "ulp", Description: "ULP"}, - 523: {Sym: "ibm-db2", Description: "IBM-DB2"}, - 524: {Sym: "ncp", Description: "NCP"}, - 525: {Sym: "timed", Description: "timeserver"}, - 526: {Sym: "tempo", Description: "newdate"}, - 527: {Sym: "stx", Description: "Stock IXChange"}, - 528: {Sym: "custix", Description: "Customer IXChange"}, - 529: {Sym: "irc-serv", Description: "IRC-SERV"}, - 530: {Sym: "courier", Description: "rpc"}, - 531: {Sym: "conference", Description: "chat"}, - 532: {Sym: "netnews", Description: "readnews"}, - 533: {Sym: "netwall", Description: "for emergency broadcasts"}, - 534: {Sym: "mm-admin", Description: "MegaMedia Admin"}, - 535: {Sym: "iiop", Description: "iiop"}, - 536: {Sym: "opalis-rdv", Description: "opalis-rdv"}, - 537: {Sym: "nmsp", Description: "Networked Media Streaming Protocol"}, - 538: {Sym: "gdomap", Description: "gdomap"}, - 539: {Sym: "apertus-ldp", Description: "Apertus Technologies Load Determination"}, - 540: {Sym: "uucp", Description: "uucpd\t\t"}, - 541: {Sym: "uucp-rlogin", Description: "uucp-rlogin"}, - 542: {Sym: "commerce", Description: "commerce"}, - 543: {Sym: "klogin"}, - 544: {Sym: "kshell", Description: "krcmd"}, - 545: {Sym: "appleqtcsrvr", Description: "appleqtcsrvr"}, - 546: {Sym: "dhcpv6-client", Description: "DHCPv6 Client"}, - 547: {Sym: "dhcpv6-server", Description: "DHCPv6 Server"}, - 548: {Sym: "afpovertcp", Description: "AFP over TCP"}, - 549: {Sym: "idfp", Description: "IDFP"}, - 550: {Sym: "new-rwho", Description: "new-who"}, - 551: {Sym: "cybercash", Description: "cybercash"}, - 552: {Sym: "devshr-nts", Description: "DeviceShare"}, - 553: {Sym: "pirp", Description: "pirp"}, - 554: {Sym: "rtsp", Description: "Real Time Stream Control Protocol"}, - 555: {Sym: "dsf"}, - 556: {Sym: "remotefs", Description: "rfs server"}, - 557: {Sym: "openvms-sysipc", Description: "openvms-sysipc"}, - 558: {Sym: "sdnskmp", Description: "SDNSKMP"}, - 559: {Sym: "teedtap", Description: "TEEDTAP"}, - 560: {Sym: "rmonitor", Description: "rmonitord"}, - 561: {Sym: "monitor"}, - 562: {Sym: "chshell", Description: "chcmd"}, - 563: {Sym: "nntps", Description: "nntp protocol over TLS/SSL (was snntp)"}, - 564: {Sym: "9pfs", Description: "plan 9 file service"}, - 565: {Sym: "whoami", Description: "whoami"}, - 566: {Sym: "streettalk", Description: "streettalk"}, - 567: {Sym: "banyan-rpc", Description: "banyan-rpc"}, - 568: {Sym: "ms-shuttle", Description: "microsoft shuttle"}, - 569: {Sym: "ms-rome", Description: "microsoft rome"}, - 570: {Sym: "meter", Description: "demon"}, - 571: {Sym: "meter", Description: "udemon"}, - 572: {Sym: "sonar", Description: "sonar"}, - 573: {Sym: "banyan-vip", Description: "banyan-vip"}, - 574: {Sym: "ftp-agent", Description: "FTP Software Agent System"}, - 575: {Sym: "vemmi", Description: "VEMMI"}, - 576: {Sym: "ipcd", Description: "ipcd"}, - 577: {Sym: "vnas", Description: "vnas"}, - 578: {Sym: "ipdd", Description: "ipdd"}, - 579: {Sym: "decbsrv", Description: "decbsrv"}, - 580: {Sym: "sntp-heartbeat", Description: "SNTP HEARTBEAT"}, - 581: {Sym: "bdp", Description: "Bundle Discovery Protocol"}, - 582: {Sym: "scc-security", Description: "SCC Security"}, - 583: {Sym: "philips-vc", Description: "Philips Video-Conferencing"}, - 584: {Sym: "keyserver", Description: "Key Server"}, - 585: {Sym: "imap4-ssl", Description: "IMAP4+SSL (use 993 instead)"}, - 586: {Sym: "password-chg", Description: "Password Change"}, - 587: {Sym: "submission", Description: "Submission"}, - 588: {Sym: "cal", Description: "CAL"}, - 589: {Sym: "eyelink", Description: "EyeLink"}, - 590: {Sym: "tns-cml", Description: "TNS CML"}, - 591: {Sym: "http-alt", Description: "FileMaker, Inc. - HTTP Alternate (see Port 80)"}, - 592: {Sym: "eudora-set", Description: "Eudora Set"}, - 593: {Sym: "http-rpc-epmap", Description: "HTTP RPC Ep Map"}, - 594: {Sym: "tpip", Description: "TPIP"}, - 595: {Sym: "cab-protocol", Description: "CAB Protocol"}, - 596: {Sym: "smsd", Description: "SMSD"}, - 597: {Sym: "ptcnameservice", Description: "PTC Name Service"}, - 598: {Sym: "sco-websrvrmg3", Description: "SCO Web Server Manager 3"}, - 599: {Sym: "acp", Description: "Aeolon Core Protocol"}, - 600: {Sym: "ipcserver", Description: "Sun IPC server"}, - 601: {Sym: "syslog-conn", Description: "Reliable Syslog Service"}, - 602: {Sym: "xmlrpc-beep", Description: "XML-RPC over BEEP"}, - 603: {Sym: "idxp", Description: "IDXP"}, - 604: {Sym: "tunnel", Description: "TUNNEL"}, - 605: {Sym: "soap-beep", Description: "SOAP over BEEP"}, - 606: {Sym: "urm", Description: "Cray Unified Resource Manager"}, - 607: {Sym: "nqs", Description: "nqs"}, - 608: {Sym: "sift-uft", Description: "Sender-Initiated/Unsolicited File Transfer"}, - 609: {Sym: "npmp-trap", Description: "npmp-trap"}, - 610: {Sym: "npmp-local", Description: "npmp-local"}, - 611: {Sym: "npmp-gui", Description: "npmp-gui"}, - 612: {Sym: "hmmp-ind", Description: "HMMP Indication"}, - 613: {Sym: "hmmp-op", Description: "HMMP Operation"}, - 614: {Sym: "sshell", Description: "SSLshell"}, - 615: {Sym: "sco-inetmgr", Description: "Internet Configuration Manager"}, - 616: {Sym: "sco-sysmgr", Description: "SCO System Administration Server"}, - 617: {Sym: "sco-dtmgr", Description: "SCO Desktop Administration Server"}, - 618: {Sym: "dei-icda", Description: "DEI-ICDA"}, - 619: {Sym: "compaq-evm", Description: "Compaq EVM"}, - 620: {Sym: "sco-websrvrmgr", Description: "SCO WebServer Manager"}, - 621: {Sym: "escp-ip", Description: "ESCP"}, - 622: {Sym: "collaborator", Description: "Collaborator"}, - 623: {Sym: "asf-rmcp", Description: "ASF Remote Management and Control Protocol"}, - 624: {Sym: "cryptoadmin", Description: "Crypto Admin"}, - 625: {Sym: "dec_dlm", Description: "DEC DLM"}, - 626: {Sym: "asia", Description: "ASIA"}, - 627: {Sym: "passgo-tivoli", Description: "PassGo Tivoli"}, - 628: {Sym: "qmqp", Description: "QMQP"}, - 629: {Sym: "3com-amp3", Description: "3Com AMP3"}, - 630: {Sym: "rda", Description: "RDA"}, - 631: {Sym: "ipp", Description: "IPP (Internet Printing Protocol)"}, - 632: {Sym: "bmpp", Description: "bmpp"}, - 633: {Sym: "servstat", Description: "Service Status update (Sterling Software)"}, - 634: {Sym: "ginad", Description: "ginad"}, - 635: {Sym: "rlzdbase", Description: "RLZ DBase"}, - 636: {Sym: "ldaps", Description: "ldap protocol over TLS/SSL (was sldap)"}, - 637: {Sym: "lanserver", Description: "lanserver"}, - 638: {Sym: "mcns-sec", Description: "mcns-sec"}, - 639: {Sym: "msdp", Description: "MSDP"}, - 640: {Sym: "entrust-sps", Description: "entrust-sps"}, - 641: {Sym: "repcmd", Description: "repcmd"}, - 642: {Sym: "esro-emsdp", Description: "ESRO-EMSDP V1.3"}, - 643: {Sym: "sanity", Description: "SANity"}, - 644: {Sym: "dwr", Description: "dwr"}, - 645: {Sym: "pssc", Description: "PSSC"}, - 646: {Sym: "ldp", Description: "LDP"}, - 647: {Sym: "dhcp-failover", Description: "DHCP Failover"}, - 648: {Sym: "rrp", Description: "Registry Registrar Protocol (RRP)"}, - 649: {Sym: "cadview-3d", Description: "Cadview-3d - streaming 3d models over the internet"}, - 650: {Sym: "obex", Description: "OBEX"}, - 651: {Sym: "ieee-mms", Description: "IEEE MMS"}, - 652: {Sym: "hello-port", Description: "HELLO_PORT\t"}, - 653: {Sym: "repscmd", Description: "RepCmd"}, - 654: {Sym: "aodv", Description: "AODV"}, - 655: {Sym: "tinc", Description: "TINC"}, - 656: {Sym: "spmp", Description: "SPMP"}, - 657: {Sym: "rmc", Description: "RMC"}, - 658: {Sym: "tenfold", Description: "TenFold"}, - 660: {Sym: "mac-srvr-admin", Description: "MacOS Server Admin"}, - 661: {Sym: "hap", Description: "HAP"}, - 662: {Sym: "pftp", Description: "PFTP"}, - 663: {Sym: "purenoise", Description: "PureNoise"}, - 664: {Sym: "asf-secure-rmcp", Description: "ASF Secure Remote Management and Control Protocol"}, - 665: {Sym: "sun-dr", Description: "Sun DR"}, - 666: {Sym: "mdqs"}, - 667: {Sym: "disclose", Description: "campaign contribution disclosures - SDR Technologies"}, - 668: {Sym: "mecomm", Description: "MeComm"}, - 669: {Sym: "meregister", Description: "MeRegister"}, - 670: {Sym: "vacdsm-sws", Description: "VACDSM-SWS"}, - 671: {Sym: "vacdsm-app", Description: "VACDSM-APP"}, - 672: {Sym: "vpps-qua", Description: "VPPS-QUA"}, - 673: {Sym: "cimplex", Description: "CIMPLEX"}, - 674: {Sym: "acap", Description: "ACAP"}, - 675: {Sym: "dctp", Description: "DCTP"}, - 676: {Sym: "vpps-via", Description: "VPPS Via"}, - 677: {Sym: "vpp", Description: "Virtual Presence Protocol"}, - 678: {Sym: "ggf-ncp", Description: "GNU Generation Foundation NCP"}, - 679: {Sym: "mrm", Description: "MRM"}, - 680: {Sym: "entrust-aaas", Description: "entrust-aaas"}, - 681: {Sym: "entrust-aams", Description: "entrust-aams"}, - 682: {Sym: "xfr", Description: "XFR"}, - 683: {Sym: "corba-iiop", Description: "CORBA IIOP"}, - 684: {Sym: "corba-iiop-ssl", Description: "CORBA IIOP SSL"}, - 685: {Sym: "mdc-portmapper", Description: "MDC Port Mapper"}, - 686: {Sym: "hcp-wismar", Description: "Hardware Control Protocol Wismar"}, - 687: {Sym: "asipregistry", Description: "asipregistry"}, - 688: {Sym: "realm-rusd", Description: "REALM-RUSD"}, - 689: {Sym: "nmap", Description: "NMAP"}, - 690: {Sym: "vatp", Description: "VATP"}, - 691: {Sym: "msexch-routing", Description: "MS Exchange Routing"}, - 692: {Sym: "hyperwave-isp", Description: "Hyperwave-ISP"}, - 693: {Sym: "connendp", Description: "connendp"}, - 694: {Sym: "ha-cluster", Description: "ha-cluster"}, - 695: {Sym: "ieee-mms-ssl", Description: "IEEE-MMS-SSL"}, - 696: {Sym: "rushd", Description: "RUSHD"}, - 697: {Sym: "uuidgen", Description: "UUIDGEN"}, - 698: {Sym: "olsr", Description: "OLSR"}, - 699: {Sym: "accessnetwork", Description: "Access Network"}, - 700: {Sym: "epp", Description: "Extensible Provisioning Protocol"}, - 701: {Sym: "lmp", Description: "Link Management Protocol (LMP)"}, - 702: {Sym: "iris-beep", Description: "IRIS over BEEP"}, - 704: {Sym: "elcsd", Description: "errlog copy/server daemon"}, - 705: {Sym: "agentx", Description: "AgentX"}, - 706: {Sym: "silc", Description: "SILC"}, - 707: {Sym: "borland-dsj", Description: "Borland DSJ"}, - 709: {Sym: "entrust-kmsh", Description: "Entrust Key Management Service Handler"}, - 710: {Sym: "entrust-ash", Description: "Entrust Administration Service Handler"}, - 711: {Sym: "cisco-tdp", Description: "Cisco TDP"}, - 712: {Sym: "tbrpf", Description: "TBRPF"}, - 729: {Sym: "netviewdm1", Description: "IBM NetView DM/6000 Server/Client"}, - 730: {Sym: "netviewdm2", Description: "IBM NetView DM/6000 send/tcp"}, - 731: {Sym: "netviewdm3", Description: "IBM NetView DM/6000 receive/tcp"}, - 741: {Sym: "netgw", Description: "netGW"}, - 742: {Sym: "netrcs", Description: "Network based Rev. Cont. Sys."}, - 744: {Sym: "flexlm", Description: "Flexible License Manager"}, - 747: {Sym: "fujitsu-dev", Description: "Fujitsu Device Control"}, - 748: {Sym: "ris-cm", Description: "Russell Info Sci Calendar Manager"}, - 749: {Sym: "kerberos-adm", Description: "kerberos administration"}, - 750: {Sym: "loadav"}, - 751: {Sym: "pump"}, - 752: {Sym: "qrh"}, - 753: {Sym: "rrh"}, - 754: {Sym: "tell", Description: "send"}, - 758: {Sym: "nlogin"}, - 759: {Sym: "con"}, - 760: {Sym: "ns"}, - 761: {Sym: "rxe"}, - 762: {Sym: "quotad"}, - 763: {Sym: "cycleserv"}, - 764: {Sym: "omserv"}, - 765: {Sym: "webster"}, - 767: {Sym: "phonebook", Description: "phone"}, - 769: {Sym: "vid"}, - 770: {Sym: "cadlock"}, - 771: {Sym: "rtip"}, - 772: {Sym: "cycleserv2"}, - 773: {Sym: "notify"}, - 774: {Sym: "acmaint_dbd"}, - 775: {Sym: "acmaint_transd"}, - 776: {Sym: "wpages"}, - 777: {Sym: "multiling-http", Description: "Multiling HTTP"}, - 780: {Sym: "wpgs"}, - 800: {Sym: "mdbs_daemon"}, - 801: {Sym: "device"}, - 810: {Sym: "fcp-udp", Description: "FCP Datagram"}, - 828: {Sym: "itm-mcell-s", Description: "itm-mcell-s"}, - 829: {Sym: "pkix-3-ca-ra", Description: "PKIX-3 CA/RA"}, - 830: {Sym: "netconf-ssh", Description: "NETCONF over SSH"}, - 831: {Sym: "netconf-beep", Description: "NETCONF over BEEP"}, - 832: {Sym: "netconfsoaphttp", Description: "NETCONF for SOAP over HTTPS"}, - 833: {Sym: "netconfsoapbeep", Description: "NETCONF for SOAP over BEEP"}, - 847: {Sym: "dhcp-failover2", Description: "dhcp-failover 2"}, - 848: {Sym: "gdoi", Description: "GDOI"}, - 860: {Sym: "iscsi", Description: "iSCSI"}, - 861: {Sym: "owamp-control", Description: "OWAMP-Control"}, - 873: {Sym: "rsync", Description: "rsync"}, - 886: {Sym: "iclcnet-locate", Description: "ICL coNETion locate server"}, - 887: {Sym: "iclcnet_svinfo", Description: "ICL coNETion server info"}, - 888: {Sym: "accessbuilder", Description: "AccessBuilder"}, - 900: {Sym: "omginitialrefs", Description: "OMG Initial Refs"}, - 901: {Sym: "smpnameres", Description: "SMPNAMERES"}, - 902: {Sym: "ideafarm-chat", Description: "IDEAFARM-CHAT"}, - 903: {Sym: "ideafarm-catch", Description: "IDEAFARM-CATCH"}, - 910: {Sym: "kink", Description: "Kerberized Internet Negotiation of Keys (KINK)"}, - 911: {Sym: "xact-backup", Description: "xact-backup"}, - 912: {Sym: "apex-mesh", Description: "APEX relay-relay service"}, - 913: {Sym: "apex-edge", Description: "APEX endpoint-relay service"}, - 989: {Sym: "ftps-data", Description: "ftp protocol, data, over TLS/SSL"}, - 990: {Sym: "ftps", Description: "ftp protocol, control, over TLS/SSL"}, - 991: {Sym: "nas", Description: "Netnews Administration System"}, - 992: {Sym: "telnets", Description: "telnet protocol over TLS/SSL"}, - 993: {Sym: "imaps", Description: "imap4 protocol over TLS/SSL"}, - 994: {Sym: "ircs", Description: "irc protocol over TLS/SSL"}, - 995: {Sym: "pop3s", Description: "pop3 protocol over TLS/SSL (was spop3)"}, - 996: {Sym: "vsinet", Description: "vsinet"}, - 997: {Sym: "maitrd"}, - 998: {Sym: "puparp"}, - 999: {Sym: "applix", Description: "Applix ac"}, - 1000: {Sym: "cadlock2"}, - 1010: {Sym: "surf", Description: "surf"}, -} - -var tcpPortMap = decode.UToScalar{ - 1: {Sym: "tcpmux", Description: "TCP Port Service Multiplexer"}, - 2: {Sym: "compressnet", Description: "Management Utility"}, - 3: {Sym: "compressnet", Description: "Compression Process"}, - 5: {Sym: "rje", Description: "Remote Job Entry"}, - 7: {Sym: "echo", Description: "Echo"}, - 9: {Sym: "discard", Description: "Discard"}, - 11: {Sym: "systat", Description: "Active Users"}, - 13: {Sym: "daytime", Description: "Daytime (RFC 867)"}, - 17: {Sym: "qotd", Description: "Quote of the Day"}, - 18: {Sym: "msp", Description: "Message Send Protocol"}, - 19: {Sym: "chargen", Description: "Character Generator"}, - 20: {Sym: "ftp-data", Description: "File Transfer [Default Data]"}, - 21: {Sym: "ftp", Description: "File Transfer [Control]"}, - 22: {Sym: "ssh", Description: "SSH Remote Login Protocol"}, - 23: {Sym: "telnet", Description: "Telnet"}, - 25: {Sym: "smtp", Description: "Simple Mail Transfer"}, - 27: {Sym: "nsw-fe", Description: "NSW User System FE"}, - 29: {Sym: "msg-icp", Description: "MSG ICP"}, - 31: {Sym: "msg-auth", Description: "MSG Authentication"}, - 33: {Sym: "dsp", Description: "Display Support Protocol"}, - 37: {Sym: "time", Description: "Time"}, - 38: {Sym: "rap", Description: "Route Access Protocol"}, - 39: {Sym: "rlp", Description: "Resource Location Protocol"}, - 41: {Sym: "graphics", Description: "Graphics"}, - 42: {Sym: "name", Description: "Host Name Server"}, - 44: {Sym: "mpm-flags", Description: "MPM FLAGS Protocol"}, - 45: {Sym: "mpm", Description: "Message Processing Module [recv]"}, - 46: {Sym: "mpm-snd", Description: "MPM [default send]"}, - 47: {Sym: "ni-ftp", Description: "NI FTP"}, - 48: {Sym: "auditd", Description: "Digital Audit Daemon"}, - 49: {Sym: "tacacs", Description: "Login Host Protocol (TACACS)"}, - 50: {Sym: "re-mail-ck", Description: "Remote Mail Checking Protocol"}, - 51: {Sym: "la-maint", Description: "IMP Logical Address Maintenance"}, - 52: {Sym: "xns-time", Description: "XNS Time Protocol"}, - 53: {Sym: "domain", Description: "Domain Name Server"}, - 54: {Sym: "xns-ch", Description: "XNS Clearinghouse"}, - 55: {Sym: "isi-gl", Description: "ISI Graphics Language"}, - 56: {Sym: "xns-auth", Description: "XNS Authentication"}, - 58: {Sym: "xns-mail", Description: "XNS Mail"}, - 61: {Sym: "ni-mail", Description: "NI MAIL"}, - 62: {Sym: "acas", Description: "ACA Services"}, - 64: {Sym: "covia", Description: "Communications Integrator (CI)"}, - 65: {Sym: "tacacs-ds", Description: "TACACS-Database Service"}, - 66: {Sym: "net", Description: "Oracle SQL*NET"}, - 67: {Sym: "bootps", Description: "Bootstrap Protocol Server"}, - 68: {Sym: "bootpc", Description: "Bootstrap Protocol Client"}, - 69: {Sym: "tftp", Description: "Trivial File Transfer"}, - 70: {Sym: "gopher", Description: "Gopher"}, - 71: {Sym: "netrjs-1", Description: "Remote Job Service"}, - 72: {Sym: "netrjs-2", Description: "Remote Job Service"}, - 73: {Sym: "netrjs-3", Description: "Remote Job Service"}, - 74: {Sym: "netrjs-4", Description: "Remote Job Service"}, - 76: {Sym: "deos", Description: "Distributed External Object Store"}, - 78: {Sym: "vettcp", Description: "vettcp"}, - 79: {Sym: "finger", Description: "Finger"}, - 80: {Sym: "http", Description: "World Wide Web HTTP"}, - 81: {Sym: "hosts2-ns", Description: "HOSTS2 Name Server"}, - 82: {Sym: "xfer", Description: "XFER Utility"}, - 83: {Sym: "mit-ml-dev", Description: "MIT ML Device"}, - 84: {Sym: "ctf", Description: "Common Trace Facility"}, - 85: {Sym: "mit-ml-dev", Description: "MIT ML Device"}, - 86: {Sym: "mfcobol", Description: "Micro Focus Cobol"}, - 88: {Sym: "kerberos", Description: "Kerberos"}, - 89: {Sym: "su-mit-tg", Description: "SU/MIT Telnet Gateway"}, - 90: {Sym: "dnsix", Description: "DNSIX Securit Attribute Token Map"}, - 91: {Sym: "mit-dov", Description: "MIT Dover Spooler"}, - 92: {Sym: "npp", Description: "Network Printing Protocol"}, - 93: {Sym: "dcp", Description: "Device Control Protocol"}, - 94: {Sym: "objcall", Description: "Tivoli Object Dispatcher"}, - 95: {Sym: "supdup", Description: "SUPDUP"}, - 96: {Sym: "dixie", Description: "DIXIE Protocol Specification"}, - 97: {Sym: "swift-rvf", Description: "Swift Remote Virtural File Protocol"}, - 98: {Sym: "tacnews", Description: "TAC News"}, - 99: {Sym: "metagram", Description: "Metagram Relay"}, - 100: {Sym: "newacct", Description: "[unauthorized use]"}, - 101: {Sym: "hostname", Description: "NIC Host Name Server"}, - 102: {Sym: "iso-tsap", Description: "ISO-TSAP Class 0"}, - 103: {Sym: "gppitnp", Description: "Genesis Point-to-Point Trans Net"}, - 104: {Sym: "acr-nema", Description: "ACR-NEMA Digital Imag. & Comm. 300"}, - 105: {Sym: "cso", Description: "CCSO name server protocol"}, - // 105: {Sym: "csnet-ns", Description: "Mailbox Name Nameserver"}, - 106: {Sym: "3com-tsmux", Description: "3COM-TSMUX"}, - 107: {Sym: "rtelnet", Description: "Remote Telnet Service"}, - 108: {Sym: "snagas", Description: "SNA Gateway Access Server"}, - 109: {Sym: "pop2", Description: "Post Office Protocol - Version 2"}, - 110: {Sym: "pop3", Description: "Post Office Protocol - Version 3"}, - 111: {Sym: "sunrpc", Description: "SUN Remote Procedure Call"}, - 112: {Sym: "mcidas", Description: "McIDAS Data Transmission Protocol"}, - 113: {Sym: "auth"}, - 114: {Sym: "audionews", Description: "Audio News Multicast"}, - 115: {Sym: "sftp", Description: "Simple File Transfer Protocol"}, - 116: {Sym: "ansanotify", Description: "ANSA REX Notify"}, - 117: {Sym: "uucp-path", Description: "UUCP Path Service"}, - 118: {Sym: "sqlserv", Description: "SQL Services"}, - 119: {Sym: "nntp", Description: "Network News Transfer Protocol"}, - 120: {Sym: "cfdptkt", Description: "CFDPTKT"}, - 121: {Sym: "erpc", Description: "Encore Expedited Remote Pro.Call"}, - 122: {Sym: "smakynet", Description: "SMAKYNET"}, - 123: {Sym: "ntp", Description: "Network Time Protocol"}, - 124: {Sym: "ansatrader", Description: "ANSA REX Trader"}, - 125: {Sym: "locus-map", Description: "Locus PC-Interface Net Map Ser"}, - 126: {Sym: "nxedit", Description: "NXEdit"}, - 127: {Sym: "locus-con", Description: "Locus PC-Interface Conn Server"}, - 128: {Sym: "gss-xlicen", Description: "GSS X License Verification"}, - 129: {Sym: "pwdgen", Description: "Password Generator Protocol"}, - 130: {Sym: "cisco-fna", Description: "cisco FNATIVE"}, - 131: {Sym: "cisco-tna", Description: "cisco TNATIVE"}, - 132: {Sym: "cisco-sys", Description: "cisco SYSMAINT"}, - 133: {Sym: "statsrv", Description: "Statistics Service"}, - 134: {Sym: "ingres-net", Description: "INGRES-NET Service"}, - 135: {Sym: "epmap", Description: "DCE endpoint resolution"}, - 136: {Sym: "profile", Description: "PROFILE Naming System"}, - 137: {Sym: "netbios-ns", Description: "NETBIOS Name Service"}, - 138: {Sym: "netbios-dgm", Description: "NETBIOS Datagram Service"}, - 139: {Sym: "netbios-ssn", Description: "NETBIOS Session Service"}, - 140: {Sym: "emfis-data", Description: "EMFIS Data Service"}, - 141: {Sym: "emfis-cntl", Description: "EMFIS Control Service"}, - 142: {Sym: "bl-idm", Description: "Britton-Lee IDM"}, - 143: {Sym: "imap", Description: "Internet Message Access Protocol"}, - 144: {Sym: "uma", Description: "Universal Management Architecture"}, - 145: {Sym: "uaac", Description: "UAAC Protocol"}, - 146: {Sym: "iso-tp0", Description: "ISO-IP0"}, - 147: {Sym: "iso-ip", Description: "ISO-IP"}, - 148: {Sym: "jargon", Description: "Jargon"}, - 149: {Sym: "aed-512", Description: "AED 512 Emulation Service"}, - 150: {Sym: "sql-net", Description: "SQL-NET"}, - 151: {Sym: "hems", Description: "HEMS"}, - 152: {Sym: "bftp", Description: "Background File Transfer Program"}, - 153: {Sym: "sgmp", Description: "SGMP"}, - 154: {Sym: "netsc-prod", Description: "NETSC"}, - 155: {Sym: "netsc-dev", Description: "NETSC"}, - 156: {Sym: "sqlsrv", Description: "SQL Service"}, - 157: {Sym: "knet-cmp", Description: "KNET/VM Command/Message Protocol"}, - 158: {Sym: "pcmail-srv", Description: "PCMail Server"}, - 159: {Sym: "nss-routing", Description: "NSS-Routing"}, - 160: {Sym: "sgmp-traps", Description: "SGMP-TRAPS"}, - 161: {Sym: "snmp", Description: "SNMP"}, - 162: {Sym: "snmptrap", Description: "SNMPTRAP"}, - 163: {Sym: "cmip-man", Description: "CMIP/TCP Manager"}, - 164: {Sym: "cmip-agent", Description: "CMIP/TCP Agent"}, - 165: {Sym: "xns-courier", Description: "Xerox"}, - 166: {Sym: "s-net", Description: "Sirius Systems"}, - 167: {Sym: "namp", Description: "NAMP"}, - 168: {Sym: "rsvd", Description: "RSVD"}, - 169: {Sym: "send", Description: "SEND"}, - 170: {Sym: "print-srv", Description: "Network PostScript"}, - 171: {Sym: "multiplex", Description: "Network Innovations Multiplex"}, - 172: {Sym: "1", Description: "Network Innovations CL/1"}, - 173: {Sym: "xyplex-mux", Description: "Xyplex"}, - 174: {Sym: "mailq", Description: "MAILQ"}, - 175: {Sym: "vmnet", Description: "VMNET"}, - 176: {Sym: "genrad-mux", Description: "GENRAD-MUX"}, - 177: {Sym: "xdmcp", Description: "X Display Manager Control Protocol"}, - 178: {Sym: "nextstep", Description: "NextStep Window Server"}, - 179: {Sym: "bgp", Description: "Border Gateway Protocol"}, - 180: {Sym: "ris", Description: "Intergraph"}, - 181: {Sym: "unify", Description: "Unify"}, - 182: {Sym: "audit", Description: "Unisys Audit SITP"}, - 183: {Sym: "ocbinder", Description: "OCBinder"}, - 184: {Sym: "ocserver", Description: "OCServer"}, - 185: {Sym: "remote-kis", Description: "Remote-KIS"}, - 186: {Sym: "kis", Description: "KIS Protocol"}, - 187: {Sym: "aci", Description: "Application Communication Interface"}, - 188: {Sym: "mumps", Description: "Plus Five's MUMPS"}, - 189: {Sym: "qft", Description: "Queued File Transport"}, - 190: {Sym: "gacp", Description: "Gateway Access Control Protocol"}, - 191: {Sym: "prospero", Description: "Prospero Directory Service"}, - 192: {Sym: "osu-nms", Description: "OSU Network Monitoring System"}, - 193: {Sym: "srmp", Description: "Spider Remote Monitoring Protocol"}, - 194: {Sym: "irc", Description: "Internet Relay Chat Protocol"}, - 195: {Sym: "dn6-nlm-aud", Description: "DNSIX Network Level Module Audit"}, - 196: {Sym: "dn6-smm-red", Description: "DNSIX Session Mgt Module Audit Redir"}, - 197: {Sym: "dls", Description: "Directory Location Service"}, - 198: {Sym: "dls-mon", Description: "Directory Location Service Monitor"}, - 199: {Sym: "smux", Description: "SMUX"}, - 200: {Sym: "src", Description: "IBM System Resource Controller"}, - 201: {Sym: "at-rtmp", Description: "AppleTalk Routing Maintenance"}, - 202: {Sym: "at-nbp", Description: "AppleTalk Name Binding"}, - 203: {Sym: "at-3", Description: "AppleTalk Unused"}, - 204: {Sym: "at-echo", Description: "AppleTalk Echo"}, - 205: {Sym: "at-5", Description: "AppleTalk Unused"}, - 206: {Sym: "at-zis", Description: "AppleTalk Zone Information"}, - 207: {Sym: "at-7", Description: "AppleTalk Unused"}, - 208: {Sym: "at-8", Description: "AppleTalk Unused"}, - 209: {Sym: "qmtp", Description: "The Quick Mail Transfer Protocol"}, - 210: {Sym: "50", Description: "ANSI Z39.50"}, - 211: {Sym: "g", Description: "Texas Instruments 914C/G Terminal"}, - 212: {Sym: "anet", Description: "ATEXSSTR"}, - 213: {Sym: "ipx", Description: "IPX \t"}, - 214: {Sym: "vmpwscs", Description: "VM PWSCS"}, - 215: {Sym: "softpc", Description: "Insignia Solutions"}, - 216: {Sym: "CAIlic", Description: "Computer Associates Int'l License Server"}, - 217: {Sym: "dbase", Description: "dBASE Unix"}, - 218: {Sym: "mpp", Description: "Netix Message Posting Protocol"}, - 219: {Sym: "uarps", Description: "Unisys ARPs"}, - 220: {Sym: "imap3", Description: "Interactive Mail Access Protocol v3"}, - 221: {Sym: "fln-spx", Description: "Berkeley rlogind with SPX auth"}, - 222: {Sym: "rsh-spx", Description: "Berkeley rshd with SPX auth"}, - 223: {Sym: "cdc", Description: "Certificate Distribution Center"}, - 224: {Sym: "masqdialer", Description: "masqdialer"}, - 242: {Sym: "direct", Description: "Direct"}, - 243: {Sym: "sur-meas", Description: "Survey Measurement"}, - 244: {Sym: "inbusiness", Description: "inbusiness"}, - 245: {Sym: "link", Description: "LINK"}, - 246: {Sym: "dsp3270", Description: "Display Systems Protocol"}, - 247: {Sym: "subntbcst_tftp", Description: "SUBNTBCST_TFTP"}, - 248: {Sym: "bhfhs", Description: "bhfhs"}, - 256: {Sym: "rap", Description: "RAP"}, - 257: {Sym: "set", Description: "Secure Electronic Transaction"}, - 258: {Sym: "yak-chat", Description: "Yak Winsock Personal Chat"}, - 259: {Sym: "esro-gen", Description: "Efficient Short Remote Operations"}, - 260: {Sym: "openport", Description: "Openport"}, - 261: {Sym: "nsiiops", Description: "IIOP Name Service over TLS/SSL"}, - 262: {Sym: "arcisdms", Description: "Arcisdms"}, - 263: {Sym: "hdap", Description: "HDAP"}, - 264: {Sym: "bgmp", Description: "BGMP"}, - 265: {Sym: "x-bone-ctl", Description: "X-Bone CTL"}, - 266: {Sym: "sst", Description: "SCSI on ST"}, - 267: {Sym: "td-service", Description: "Tobit David Service Layer"}, - 268: {Sym: "td-replica", Description: "Tobit David Replica"}, - 280: {Sym: "http-mgmt", Description: "http-mgmt"}, - 281: {Sym: "personal-link", Description: "Personal Link"}, - 282: {Sym: "cableport-ax", Description: "Cable Port A/X"}, - 283: {Sym: "rescap", Description: "rescap"}, - 284: {Sym: "corerjd", Description: "corerjd"}, - 286: {Sym: "fxp-1", Description: "FXP-1"}, - 287: {Sym: "k-block", Description: "K-BLOCK"}, - 308: {Sym: "novastorbakcup", Description: "Novastor Backup"}, - 309: {Sym: "entrusttime", Description: "EntrustTime"}, - 310: {Sym: "bhmds", Description: "bhmds"}, - 311: {Sym: "asip-webadmin", Description: "AppleShare IP WebAdmin"}, - 312: {Sym: "vslmp", Description: "VSLMP"}, - 313: {Sym: "magenta-logic", Description: "Magenta Logic"}, - 314: {Sym: "opalis-robot", Description: "Opalis Robot"}, - 315: {Sym: "dpsi", Description: "DPSI"}, - 316: {Sym: "decauth", Description: "decAuth"}, - 317: {Sym: "zannet", Description: "Zannet"}, - 318: {Sym: "pkix-timestamp", Description: "PKIX TimeStamp"}, - 319: {Sym: "ptp-event", Description: "PTP Event"}, - 320: {Sym: "ptp-general", Description: "PTP General"}, - 321: {Sym: "pip", Description: "PIP"}, - 322: {Sym: "rtsps", Description: "RTSPS"}, - 333: {Sym: "texar", Description: "Texar Security Port"}, - 344: {Sym: "pdap", Description: "Prospero Data Access Protocol"}, - 345: {Sym: "pawserv", Description: "Perf Analysis Workbench"}, - 346: {Sym: "zserv", Description: "Zebra server"}, - 347: {Sym: "fatserv", Description: "Fatmen Server"}, - 348: {Sym: "csi-sgwp", Description: "Cabletron Management Protocol"}, - 349: {Sym: "mftp", Description: "mftp"}, - 350: {Sym: "matip-type-a", Description: "MATIP Type A"}, - 351: {Sym: "matip-type-b", Description: "MATIP Type B"}, - // 351: {Sym: "bhoetty", Description: "bhoetty (added 5/21/97)"}, - 352: {Sym: "dtag-ste-sb", Description: "DTAG (assigned long ago)"}, - // 352: {Sym: "bhoedap4", Description: "bhoedap4 (added 5/21/97)"}, - 353: {Sym: "ndsauth", Description: "NDSAUTH"}, - 354: {Sym: "bh611", Description: "bh611"}, - 355: {Sym: "datex-asn", Description: "DATEX-ASN"}, - 356: {Sym: "cloanto-net-1", Description: "Cloanto Net 1"}, - 357: {Sym: "bhevent", Description: "bhevent"}, - 358: {Sym: "shrinkwrap", Description: "Shrinkwrap"}, - 359: {Sym: "nsrmp", Description: "Network Security Risk Management Protocol"}, - 360: {Sym: "scoi2odialog", Description: "scoi2odialog"}, - 361: {Sym: "semantix", Description: "Semantix"}, - 362: {Sym: "srssend", Description: "SRS Send"}, - 363: {Sym: "rsvp_tunnel", Description: "RSVP Tunnel"}, - 364: {Sym: "aurora-cmgr", Description: "Aurora CMGR"}, - 365: {Sym: "dtk", Description: "DTK"}, - 366: {Sym: "odmr", Description: "ODMR"}, - 367: {Sym: "mortgageware", Description: "MortgageWare"}, - 368: {Sym: "qbikgdp", Description: "QbikGDP"}, - 369: {Sym: "rpc2portmap", Description: "rpc2portmap"}, - 370: {Sym: "codaauth2", Description: "codaauth2"}, - 371: {Sym: "clearcase", Description: "Clearcase"}, - 372: {Sym: "ulistproc", Description: "ListProcessor"}, - 373: {Sym: "legent-1", Description: "Legent Corporation"}, - 374: {Sym: "legent-2", Description: "Legent Corporation"}, - 375: {Sym: "hassle", Description: "Hassle"}, - 376: {Sym: "nip", Description: "Amiga Envoy Network Inquiry Proto"}, - 377: {Sym: "tnETOS", Description: "NEC Corporation"}, - 378: {Sym: "dsETOS", Description: "NEC Corporation"}, - 379: {Sym: "is99c", Description: "TIA/EIA/IS-99 modem client"}, - 380: {Sym: "is99s", Description: "TIA/EIA/IS-99 modem server"}, - 381: {Sym: "hp-collector", Description: "hp performance data collector"}, - 382: {Sym: "hp-managed-node", Description: "hp performance data managed node"}, - 383: {Sym: "hp-alarm-mgr", Description: "hp performance data alarm manager"}, - 384: {Sym: "arns", Description: "A Remote Network Server System"}, - 385: {Sym: "ibm-app", Description: "IBM Application"}, - 386: {Sym: "asa", Description: "ASA Message Router Object Def."}, - 387: {Sym: "aurp", Description: "Appletalk Update-Based Routing Pro."}, - 388: {Sym: "unidata-ldm", Description: "Unidata LDM"}, - 389: {Sym: "ldap", Description: "Lightweight Directory Access Protocol"}, - 390: {Sym: "uis", Description: "UIS"}, - 391: {Sym: "synotics-relay", Description: "SynOptics SNMP Relay Port"}, - 392: {Sym: "synotics-broker", Description: "SynOptics Port Broker Port"}, - 393: {Sym: "meta5", Description: "Meta5"}, - 394: {Sym: "embl-ndt", Description: "EMBL Nucleic Data Transfer"}, - 395: {Sym: "netcp", Description: "NETscout Control Protocol"}, - 396: {Sym: "netware-ip", Description: "Novell Netware over IP"}, - 397: {Sym: "mptn", Description: "Multi Protocol Trans. Net."}, - 398: {Sym: "kryptolan", Description: "Kryptolan"}, - 399: {Sym: "iso-tsap-c2", Description: "ISO Transport Class 2 Non-Control over TCP"}, - 400: {Sym: "work-sol", Description: "Workstation Solutions"}, - 401: {Sym: "ups", Description: "Uninterruptible Power Supply"}, - 402: {Sym: "genie", Description: "Genie Protocol"}, - 403: {Sym: "decap", Description: "decap"}, - 404: {Sym: "nced", Description: "nced"}, - 405: {Sym: "ncld", Description: "ncld"}, - 406: {Sym: "imsp", Description: "Interactive Mail Support Protocol"}, - 407: {Sym: "timbuktu", Description: "Timbuktu"}, - 408: {Sym: "prm-sm", Description: "Prospero Resource Manager Sys. Man."}, - 409: {Sym: "prm-nm", Description: "Prospero Resource Manager Node Man."}, - 410: {Sym: "decladebug", Description: "DECLadebug Remote Debug Protocol"}, - 411: {Sym: "rmt", Description: "Remote MT Protocol"}, - 412: {Sym: "synoptics-trap", Description: "Trap Convention Port"}, - 413: {Sym: "smsp", Description: "Storage Management Services Protocol"}, - 414: {Sym: "infoseek", Description: "InfoSeek"}, - 415: {Sym: "bnet", Description: "BNet"}, - 416: {Sym: "silverplatter", Description: "Silverplatter"}, - 417: {Sym: "onmux", Description: "Onmux"}, - 418: {Sym: "hyper-g", Description: "Hyper-G"}, - 419: {Sym: "ariel1", Description: "Ariel 1"}, - 420: {Sym: "smpte", Description: "SMPTE"}, - 421: {Sym: "ariel2", Description: "Ariel 2"}, - 422: {Sym: "ariel3", Description: "Ariel 3"}, - 423: {Sym: "opc-job-start", Description: "IBM Operations Planning and Control Start"}, - 424: {Sym: "opc-job-track", Description: "IBM Operations Planning and Control Track"}, - 425: {Sym: "icad-el", Description: "ICAD"}, - 426: {Sym: "smartsdp", Description: "smartsdp"}, - 427: {Sym: "svrloc", Description: "Server Location"}, - 428: {Sym: "ocs_cmu", Description: "OCS_CMU"}, - 429: {Sym: "ocs_amu", Description: "OCS_AMU"}, - 430: {Sym: "utmpsd", Description: "UTMPSD"}, - 431: {Sym: "utmpcd", Description: "UTMPCD"}, - 432: {Sym: "iasd", Description: "IASD"}, - 433: {Sym: "nnsp", Description: "NNSP"}, - 434: {Sym: "mobileip-agent", Description: "MobileIP-Agent"}, - 435: {Sym: "mobilip-mn", Description: "MobilIP-MN"}, - 436: {Sym: "dna-cml", Description: "DNA-CML"}, - 437: {Sym: "comscm", Description: "comscm"}, - 438: {Sym: "dsfgw", Description: "dsfgw"}, - 439: {Sym: "dasp", Description: "dasp Thomas Obermair"}, - 440: {Sym: "sgcp", Description: "sgcp"}, - 441: {Sym: "decvms-sysmgt", Description: "decvms-sysmgt"}, - 442: {Sym: "cvc_hostd", Description: "cvc_hostd"}, - 443: {Sym: "https", Description: "http protocol over TLS/SSL"}, - 444: {Sym: "snpp", Description: "Simple Network Paging Protocol"}, - 445: {Sym: "microsoft-ds", Description: "Microsoft-DS"}, - 446: {Sym: "ddm-rdb", Description: "DDM-RDB"}, - 447: {Sym: "ddm-dfm", Description: "DDM-RFM"}, - 448: {Sym: "ddm-ssl", Description: "DDM-SSL"}, - 449: {Sym: "as-servermap", Description: "AS Server Mapper"}, - 450: {Sym: "tserver", Description: "Computer Supported Telecomunication Applications"}, - 451: {Sym: "sfs-smp-net", Description: "Cray Network Semaphore server"}, - 452: {Sym: "sfs-config", Description: "Cray SFS config server"}, - 453: {Sym: "creativeserver", Description: "CreativeServer"}, - 454: {Sym: "contentserver", Description: "ContentServer"}, - 455: {Sym: "creativepartnr", Description: "CreativePartnr"}, - 456: {Sym: "macon-tcp", Description: "macon-tcp"}, - 457: {Sym: "scohelp", Description: "scohelp"}, - 458: {Sym: "appleqtc", Description: "apple quick time"}, - 459: {Sym: "ampr-rcmd", Description: "ampr-rcmd"}, - 460: {Sym: "skronk", Description: "skronk"}, - 461: {Sym: "datasurfsrv", Description: "DataRampSrv"}, - 462: {Sym: "datasurfsrvsec", Description: "DataRampSrvSec"}, - 463: {Sym: "alpes", Description: "alpes"}, - 464: {Sym: "kpasswd", Description: "kpasswd"}, - 465: {Sym: "urd", Description: "URL Rendesvous Directory for SSM"}, - 466: {Sym: "digital-vrc", Description: "digital-vrc"}, - 467: {Sym: "mylex-mapd", Description: "mylex-mapd"}, - 468: {Sym: "photuris", Description: "proturis"}, - 469: {Sym: "rcp", Description: "Radio Control Protocol"}, - 470: {Sym: "scx-proxy", Description: "scx-proxy"}, - 471: {Sym: "mondex", Description: "Mondex"}, - 472: {Sym: "ljk-login", Description: "ljk-login"}, - 473: {Sym: "hybrid-pop", Description: "hybrid-pop"}, - 474: {Sym: "tn-tl-w1", Description: "tn-tl-w1"}, - 475: {Sym: "tcpnethaspsrv", Description: "tcpnethaspsrv"}, - 476: {Sym: "tn-tl-fd1", Description: "tn-tl-fd1"}, - 477: {Sym: "ss7ns", Description: "ss7ns"}, - 478: {Sym: "spsc", Description: "spsc"}, - 479: {Sym: "iafserver", Description: "iafserver"}, - 480: {Sym: "iafdbase", Description: "iafdbase"}, - 481: {Sym: "ph", Description: "Ph service"}, - 482: {Sym: "bgs-nsi", Description: "bgs-nsi"}, - 483: {Sym: "ulpnet", Description: "ulpnet"}, - 484: {Sym: "integra-sme", Description: "Integra Software Management Environment"}, - 485: {Sym: "powerburst", Description: "Air Soft Power Burst"}, - 486: {Sym: "avian", Description: "avian"}, - 487: {Sym: "saft", Description: "saft Simple Asynchronous File Transfer"}, - 488: {Sym: "gss-http", Description: "gss-http"}, - 489: {Sym: "nest-protocol", Description: "nest-protocol"}, - 490: {Sym: "micom-pfs", Description: "micom-pfs"}, - 491: {Sym: "go-login", Description: "go-login"}, - 492: {Sym: "ticf-1", Description: "Transport Independent Convergence for FNA"}, - 493: {Sym: "ticf-2", Description: "Transport Independent Convergence for FNA"}, - 494: {Sym: "pov-ray", Description: "POV-Ray"}, - 495: {Sym: "intecourier", Description: "intecourier"}, - 496: {Sym: "pim-rp-disc", Description: "PIM-RP-DISC"}, - 497: {Sym: "dantz", Description: "dantz"}, - 498: {Sym: "siam", Description: "siam"}, - 499: {Sym: "iso-ill", Description: "ISO ILL Protocol"}, - 500: {Sym: "isakmp", Description: "isakmp"}, - 501: {Sym: "stmf", Description: "STMF"}, - 502: {Sym: "asa-appl-proto", Description: "asa-appl-proto"}, - 503: {Sym: "intrinsa", Description: "Intrinsa"}, - 504: {Sym: "citadel", Description: "citadel"}, - 505: {Sym: "mailbox-lm", Description: "mailbox-lm"}, - 506: {Sym: "ohimsrv", Description: "ohimsrv"}, - 507: {Sym: "crs", Description: "crs"}, - 508: {Sym: "xvttp", Description: "xvttp"}, - 509: {Sym: "snare", Description: "snare"}, - 510: {Sym: "fcp", Description: "FirstClass Protocol"}, - 511: {Sym: "passgo", Description: "PassGo"}, - 512: {Sym: "exec", Description: "remote process execution;"}, - 513: {Sym: "login", Description: "remote login a la telnet;"}, - 514: {Sym: "shell", Description: "cmd"}, - 515: {Sym: "printer", Description: "spooler"}, - 516: {Sym: "videotex", Description: "videotex"}, - 517: {Sym: "talk", Description: "like tenex link, but across"}, - 518: {Sym: "ntalk"}, - 519: {Sym: "utime", Description: "unixtime"}, - 520: {Sym: "efs", Description: "extended file name server"}, - 521: {Sym: "ripng", Description: "ripng"}, - 522: {Sym: "ulp", Description: "ULP"}, - 523: {Sym: "ibm-db2", Description: "IBM-DB2"}, - 524: {Sym: "ncp", Description: "NCP"}, - 525: {Sym: "timed", Description: "timeserver"}, - 526: {Sym: "tempo", Description: "newdate"}, - 527: {Sym: "stx", Description: "Stock IXChange"}, - 528: {Sym: "custix", Description: "Customer IXChange"}, - 529: {Sym: "irc-serv", Description: "IRC-SERV"}, - 530: {Sym: "courier", Description: "rpc"}, - 531: {Sym: "conference", Description: "chat"}, - 532: {Sym: "netnews", Description: "readnews"}, - 533: {Sym: "netwall", Description: "for emergency broadcasts"}, - 534: {Sym: "mm-admin", Description: "MegaMedia Admin"}, - 535: {Sym: "iiop", Description: "iiop"}, - 536: {Sym: "opalis-rdv", Description: "opalis-rdv"}, - 537: {Sym: "nmsp", Description: "Networked Media Streaming Protocol"}, - 538: {Sym: "gdomap", Description: "gdomap"}, - 539: {Sym: "apertus-ldp", Description: "Apertus Technologies Load Determination"}, - 540: {Sym: "uucp", Description: "uucpd\t\t"}, - 541: {Sym: "uucp-rlogin", Description: "uucp-rlogin"}, - 542: {Sym: "commerce", Description: "commerce"}, - 543: {Sym: "klogin"}, - 544: {Sym: "kshell", Description: "krcmd"}, - 545: {Sym: "appleqtcsrvr", Description: "appleqtcsrvr"}, - 546: {Sym: "dhcpv6-client", Description: "DHCPv6 Client"}, - 547: {Sym: "dhcpv6-server", Description: "DHCPv6 Server"}, - 548: {Sym: "afpovertcp", Description: "AFP over TCP"}, - 549: {Sym: "idfp", Description: "IDFP"}, - 550: {Sym: "new-rwho", Description: "new-who"}, - 551: {Sym: "cybercash", Description: "cybercash"}, - 552: {Sym: "devshr-nts", Description: "DeviceShare"}, - 553: {Sym: "pirp", Description: "pirp"}, - 554: {Sym: "rtsp", Description: "Real Time Stream Control Protocol"}, - 555: {Sym: "dsf"}, - 556: {Sym: "remotefs", Description: "rfs server"}, - 557: {Sym: "openvms-sysipc", Description: "openvms-sysipc"}, - 558: {Sym: "sdnskmp", Description: "SDNSKMP"}, - 559: {Sym: "teedtap", Description: "TEEDTAP"}, - 560: {Sym: "rmonitor", Description: "rmonitord"}, - 561: {Sym: "monitor"}, - 562: {Sym: "chshell", Description: "chcmd"}, - 563: {Sym: "nntps", Description: "nntp protocol over TLS/SSL (was snntp)"}, - 564: {Sym: "9pfs", Description: "plan 9 file service"}, - 565: {Sym: "whoami", Description: "whoami"}, - 566: {Sym: "streettalk", Description: "streettalk"}, - 567: {Sym: "banyan-rpc", Description: "banyan-rpc"}, - 568: {Sym: "ms-shuttle", Description: "microsoft shuttle"}, - 569: {Sym: "ms-rome", Description: "microsoft rome"}, - 570: {Sym: "meter", Description: "demon"}, - 571: {Sym: "meter", Description: "udemon"}, - 572: {Sym: "sonar", Description: "sonar"}, - 573: {Sym: "banyan-vip", Description: "banyan-vip"}, - 574: {Sym: "ftp-agent", Description: "FTP Software Agent System"}, - 575: {Sym: "vemmi", Description: "VEMMI"}, - 576: {Sym: "ipcd", Description: "ipcd"}, - 577: {Sym: "vnas", Description: "vnas"}, - 578: {Sym: "ipdd", Description: "ipdd"}, - 579: {Sym: "decbsrv", Description: "decbsrv"}, - 580: {Sym: "sntp-heartbeat", Description: "SNTP HEARTBEAT"}, - 581: {Sym: "bdp", Description: "Bundle Discovery Protocol"}, - 582: {Sym: "scc-security", Description: "SCC Security"}, - 583: {Sym: "philips-vc", Description: "Philips Video-Conferencing"}, - 584: {Sym: "keyserver", Description: "Key Server"}, - 585: {Sym: "imap4-ssl", Description: "IMAP4+SSL (use 993 instead)"}, - 586: {Sym: "password-chg", Description: "Password Change"}, - 587: {Sym: "submission", Description: "Submission"}, - 588: {Sym: "cal", Description: "CAL"}, - 589: {Sym: "eyelink", Description: "EyeLink"}, - 590: {Sym: "tns-cml", Description: "TNS CML"}, - 591: {Sym: "http-alt", Description: "FileMaker, Inc. - HTTP Alternate (see Port 80)"}, - 592: {Sym: "eudora-set", Description: "Eudora Set"}, - 593: {Sym: "http-rpc-epmap", Description: "HTTP RPC Ep Map"}, - 594: {Sym: "tpip", Description: "TPIP"}, - 595: {Sym: "cab-protocol", Description: "CAB Protocol"}, - 596: {Sym: "smsd", Description: "SMSD"}, - 597: {Sym: "ptcnameservice", Description: "PTC Name Service"}, - 598: {Sym: "sco-websrvrmg3", Description: "SCO Web Server Manager 3"}, - 599: {Sym: "acp", Description: "Aeolon Core Protocol"}, - 600: {Sym: "ipcserver", Description: "Sun IPC server"}, - 601: {Sym: "syslog-conn", Description: "Reliable Syslog Service"}, - 602: {Sym: "xmlrpc-beep", Description: "XML-RPC over BEEP"}, - 603: {Sym: "idxp", Description: "IDXP"}, - 604: {Sym: "tunnel", Description: "TUNNEL"}, - 605: {Sym: "soap-beep", Description: "SOAP over BEEP"}, - 606: {Sym: "urm", Description: "Cray Unified Resource Manager"}, - 607: {Sym: "nqs", Description: "nqs"}, - 608: {Sym: "sift-uft", Description: "Sender-Initiated/Unsolicited File Transfer"}, - 609: {Sym: "npmp-trap", Description: "npmp-trap"}, - 610: {Sym: "npmp-local", Description: "npmp-local"}, - 611: {Sym: "npmp-gui", Description: "npmp-gui"}, - 612: {Sym: "hmmp-ind", Description: "HMMP Indication"}, - 613: {Sym: "hmmp-op", Description: "HMMP Operation"}, - 614: {Sym: "sshell", Description: "SSLshell"}, - 615: {Sym: "sco-inetmgr", Description: "Internet Configuration Manager"}, - 616: {Sym: "sco-sysmgr", Description: "SCO System Administration Server"}, - 617: {Sym: "sco-dtmgr", Description: "SCO Desktop Administration Server"}, - 618: {Sym: "dei-icda", Description: "DEI-ICDA"}, - 619: {Sym: "compaq-evm", Description: "Compaq EVM"}, - 620: {Sym: "sco-websrvrmgr", Description: "SCO WebServer Manager"}, - 621: {Sym: "escp-ip", Description: "ESCP"}, - 622: {Sym: "collaborator", Description: "Collaborator"}, - 623: {Sym: "asf-rmcp", Description: "ASF Remote Management and Control Protocol"}, - 624: {Sym: "cryptoadmin", Description: "Crypto Admin"}, - 625: {Sym: "dec_dlm", Description: "DEC DLM"}, - 626: {Sym: "asia", Description: "ASIA"}, - 627: {Sym: "passgo-tivoli", Description: "PassGo Tivoli"}, - 628: {Sym: "qmqp", Description: "QMQP"}, - 629: {Sym: "3com-amp3", Description: "3Com AMP3"}, - 630: {Sym: "rda", Description: "RDA"}, - 631: {Sym: "ipp", Description: "IPP (Internet Printing Protocol)"}, - 632: {Sym: "bmpp", Description: "bmpp"}, - 633: {Sym: "servstat", Description: "Service Status update (Sterling Software)"}, - 634: {Sym: "ginad", Description: "ginad"}, - 635: {Sym: "rlzdbase", Description: "RLZ DBase"}, - 636: {Sym: "ldaps", Description: "ldap protocol over TLS/SSL (was sldap)"}, - 637: {Sym: "lanserver", Description: "lanserver"}, - 638: {Sym: "mcns-sec", Description: "mcns-sec"}, - 639: {Sym: "msdp", Description: "MSDP"}, - 640: {Sym: "entrust-sps", Description: "entrust-sps"}, - 641: {Sym: "repcmd", Description: "repcmd"}, - 642: {Sym: "esro-emsdp", Description: "ESRO-EMSDP V1.3"}, - 643: {Sym: "sanity", Description: "SANity"}, - 644: {Sym: "dwr", Description: "dwr"}, - 645: {Sym: "pssc", Description: "PSSC"}, - 646: {Sym: "ldp", Description: "LDP"}, - 647: {Sym: "dhcp-failover", Description: "DHCP Failover"}, - 648: {Sym: "rrp", Description: "Registry Registrar Protocol (RRP)"}, - 649: {Sym: "cadview-3d", Description: "Cadview-3d - streaming 3d models over the internet"}, - 650: {Sym: "obex", Description: "OBEX"}, - 651: {Sym: "ieee-mms", Description: "IEEE MMS"}, - 652: {Sym: "hello-port", Description: "HELLO_PORT"}, - 653: {Sym: "repscmd", Description: "RepCmd"}, - 654: {Sym: "aodv", Description: "AODV"}, - 655: {Sym: "tinc", Description: "TINC"}, - 656: {Sym: "spmp", Description: "SPMP"}, - 657: {Sym: "rmc", Description: "RMC"}, - 658: {Sym: "tenfold", Description: "TenFold"}, - 660: {Sym: "mac-srvr-admin", Description: "MacOS Server Admin"}, - 661: {Sym: "hap", Description: "HAP"}, - 662: {Sym: "pftp", Description: "PFTP"}, - 663: {Sym: "purenoise", Description: "PureNoise"}, - 664: {Sym: "asf-secure-rmcp", Description: "ASF Secure Remote Management and Control Protocol"}, - 665: {Sym: "sun-dr", Description: "Sun DR"}, - 666: {Sym: "mdqs"}, - 667: {Sym: "disclose", Description: "campaign contribution disclosures - SDR Technologies"}, - 668: {Sym: "mecomm", Description: "MeComm"}, - 669: {Sym: "meregister", Description: "MeRegister"}, - 670: {Sym: "vacdsm-sws", Description: "VACDSM-SWS"}, - 671: {Sym: "vacdsm-app", Description: "VACDSM-APP"}, - 672: {Sym: "vpps-qua", Description: "VPPS-QUA"}, - 673: {Sym: "cimplex", Description: "CIMPLEX"}, - 674: {Sym: "acap", Description: "ACAP"}, - 675: {Sym: "dctp", Description: "DCTP"}, - 676: {Sym: "vpps-via", Description: "VPPS Via"}, - 677: {Sym: "vpp", Description: "Virtual Presence Protocol"}, - 678: {Sym: "ggf-ncp", Description: "GNU Generation Foundation NCP"}, - 679: {Sym: "mrm", Description: "MRM"}, - 680: {Sym: "entrust-aaas", Description: "entrust-aaas"}, - 681: {Sym: "entrust-aams", Description: "entrust-aams"}, - 682: {Sym: "xfr", Description: "XFR"}, - 683: {Sym: "corba-iiop", Description: "CORBA IIOP"}, - 684: {Sym: "corba-iiop-ssl", Description: "CORBA IIOP SSL"}, - 685: {Sym: "mdc-portmapper", Description: "MDC Port Mapper"}, - 686: {Sym: "hcp-wismar", Description: "Hardware Control Protocol Wismar"}, - 687: {Sym: "asipregistry", Description: "asipregistry"}, - 688: {Sym: "realm-rusd", Description: "REALM-RUSD"}, - 689: {Sym: "nmap", Description: "NMAP"}, - 690: {Sym: "vatp", Description: "VATP"}, - 691: {Sym: "msexch-routing", Description: "MS Exchange Routing"}, - 692: {Sym: "hyperwave-isp", Description: "Hyperwave-ISP"}, - 693: {Sym: "connendp", Description: "connendp"}, - 694: {Sym: "ha-cluster", Description: "ha-cluster"}, - 695: {Sym: "ieee-mms-ssl", Description: "IEEE-MMS-SSL"}, - 696: {Sym: "rushd", Description: "RUSHD"}, - 697: {Sym: "uuidgen", Description: "UUIDGEN"}, - 698: {Sym: "olsr", Description: "OLSR"}, - 699: {Sym: "accessnetwork", Description: "Access Network"}, - 700: {Sym: "epp", Description: "Extensible Provisioning Protocol"}, - 701: {Sym: "lmp", Description: "Link Management Protocol (LMP)"}, - 702: {Sym: "iris-beep", Description: "IRIS over BEEP"}, - 704: {Sym: "elcsd", Description: "errlog copy/server daemon"}, - 705: {Sym: "agentx", Description: "AgentX"}, - 706: {Sym: "silc", Description: "SILC"}, - 707: {Sym: "borland-dsj", Description: "Borland DSJ"}, - 709: {Sym: "entrust-kmsh", Description: "Entrust Key Management Service Handler"}, - 710: {Sym: "entrust-ash", Description: "Entrust Administration Service Handler"}, - 711: {Sym: "cisco-tdp", Description: "Cisco TDP"}, - 712: {Sym: "tbrpf", Description: "TBRPF"}, - 729: {Sym: "netviewdm1", Description: "IBM NetView DM/6000 Server/Client"}, - 730: {Sym: "netviewdm2", Description: "IBM NetView DM/6000 send/tcp"}, - 731: {Sym: "netviewdm3", Description: "IBM NetView DM/6000 receive/tcp"}, - 741: {Sym: "netgw", Description: "netGW"}, - 742: {Sym: "netrcs", Description: "Network based Rev. Cont. Sys."}, - 744: {Sym: "flexlm", Description: "Flexible License Manager"}, - 747: {Sym: "fujitsu-dev", Description: "Fujitsu Device Control"}, - 748: {Sym: "ris-cm", Description: "Russell Info Sci Calendar Manager"}, - 749: {Sym: "kerberos-adm", Description: "kerberos administration"}, - 750: {Sym: "rfile"}, - 751: {Sym: "pump"}, - 752: {Sym: "qrh"}, - 753: {Sym: "rrh"}, - 754: {Sym: "tell", Description: "send"}, - 758: {Sym: "nlogin"}, - 759: {Sym: "con"}, - 760: {Sym: "ns"}, - 761: {Sym: "rxe"}, - 762: {Sym: "quotad"}, - 763: {Sym: "cycleserv"}, - 764: {Sym: "omserv"}, - 765: {Sym: "webster"}, - 767: {Sym: "phonebook", Description: "phone"}, - 769: {Sym: "vid"}, - 770: {Sym: "cadlock"}, - 771: {Sym: "rtip"}, - 772: {Sym: "cycleserv2"}, - 773: {Sym: "submit"}, - 774: {Sym: "rpasswd"}, - 775: {Sym: "entomb"}, - 776: {Sym: "wpages"}, - 777: {Sym: "multiling-http", Description: "Multiling HTTP"}, - 780: {Sym: "wpgs"}, - 800: {Sym: "mdbs_daemon"}, - 801: {Sym: "device"}, - 810: {Sym: "fcp-udp", Description: "FCP"}, - 828: {Sym: "itm-mcell-s", Description: "itm-mcell-s"}, - 829: {Sym: "pkix-3-ca-ra", Description: "PKIX-3 CA/RA"}, - 830: {Sym: "netconf-ssh", Description: "NETCONF over SSH"}, - 831: {Sym: "netconf-beep", Description: "NETCONF over BEEP"}, - 832: {Sym: "netconfsoaphttp", Description: "NETCONF for SOAP over HTTPS"}, - 833: {Sym: "netconfsoapbeep", Description: "NETCONF for SOAP over BEEP"}, - 847: {Sym: "dhcp-failover2", Description: "dhcp-failover 2"}, - 848: {Sym: "gdoi", Description: "GDOI"}, - 860: {Sym: "iscsi", Description: "iSCSI"}, - 861: {Sym: "owamp-control", Description: "OWAMP-Control"}, - 873: {Sym: "rsync", Description: "rsync"}, - 886: {Sym: "iclcnet-locate", Description: "ICL coNETion locate server"}, - 887: {Sym: "iclcnet_svinfo", Description: "ICL coNETion server info"}, - 888: {Sym: "accessbuilder", Description: "AccessBuilder"}, - // 888: {Sym: "cddbp", Description: "CD Database Protocol"}, - 900: {Sym: "omginitialrefs", Description: "OMG Initial Refs"}, - 901: {Sym: "smpnameres", Description: "SMPNAMERES"}, - 902: {Sym: "ideafarm-chat", Description: "IDEAFARM-CHAT"}, - 903: {Sym: "ideafarm-catch", Description: "IDEAFARM-CATCH"}, - 910: {Sym: "kink", Description: "Kerberized Internet Negotiation of Keys (KINK)"}, - 911: {Sym: "xact-backup", Description: "xact-backup"}, - 912: {Sym: "apex-mesh", Description: "APEX relay-relay service"}, - 913: {Sym: "apex-edge", Description: "APEX endpoint-relay service"}, - 989: {Sym: "ftps-data", Description: "ftp protocol, data, over TLS/SSL"}, - 990: {Sym: "ftps", Description: "ftp protocol, control, over TLS/SSL"}, - 991: {Sym: "nas", Description: "Netnews Administration System"}, - 992: {Sym: "telnets", Description: "telnet protocol over TLS/SSL"}, - 993: {Sym: "imaps", Description: "imap4 protocol over TLS/SSL"}, - 994: {Sym: "ircs", Description: "irc protocol over TLS/SSL"}, - 995: {Sym: "pop3s", Description: "pop3 protocol over TLS/SSL (was spop3)"}, - 996: {Sym: "vsinet", Description: "vsinet"}, - 997: {Sym: "maitrd"}, - 998: {Sym: "busboy"}, - 999: {Sym: "garcon"}, - 1000: {Sym: "cadlock2"}, - 1010: {Sym: "surf", Description: "surf"}, -} diff --git a/format/inet/sll2_packet.go b/format/inet/sll2_packet.go new file mode 100644 index 00000000..fca711b7 --- /dev/null +++ b/format/inet/sll2_packet.go @@ -0,0 +1,56 @@ +package inet + +// SLL stands for sockaddr_ll +// https://www.tcpdump.org/linktypes/LINKTYPE_LINUX_SLL2.html + +import ( + "github.com/wader/fq/format" + "github.com/wader/fq/format/registry" + "github.com/wader/fq/pkg/decode" +) + +var sllPacket2Ether8023Format decode.Group + +func init() { + registry.MustRegister(decode.Format{ + Name: format.SLL2_PACKET, + Description: "Linux cooked capture encapsulation v2", + Dependencies: []decode.Dependency{ + {Names: []string{format.ETHER8023_FRAME}, Group: &sllPacket2Ether8023Format}, + }, + DecodeFn: decodeSLL2, + }) +} + +var sllPacket2FrameTypeFormat = map[uint64]*decode.Group{ + format.EtherTypeIPv4: ðer8023FrameIPv4Format, +} + +func decodeSLL2(d *decode.D, in interface{}) interface{} { + protcolType := d.FieldU16("protocol_type", d.MapUToScalar(format.EtherTypeMap), d.Hex) + d.FieldU16("reserved") + d.FieldU32("interface_index") + arpHdrType := d.FieldU16("arphdr_type", d.MapUToScalar(arpHdrTypeMAp)) + d.FieldU8("packet_type", d.MapUToScalar(sllPacketTypeMap)) + addressLength := d.FieldU8("link_address_length") + d.FieldU("link_address", int(addressLength)*8) + addressDiff := 8 - addressLength + if addressDiff > 0 { + d.FieldRawLen("padding", int64(addressDiff)*8) + } + + // TODO: handle other arphdr types + switch arpHdrType { + case arpHdrTypeLoopback, arpHdrTypeEther: + _ = d.FieldMustGet("link_address").TryScalarFn(mapUToEtherSym, d.Hex) + if g, ok := sllPacket2FrameTypeFormat[protcolType]; ok { + d.FieldFormatLen("data", d.BitsLeft(), *g, nil) + } else { + d.FieldRawLen("data", d.BitsLeft()) + } + default: + d.FieldRawLen("data", d.BitsLeft()) + } + + return nil +} diff --git a/format/inet/sll_packet.go b/format/inet/sll_packet.go new file mode 100644 index 00000000..68a58cee --- /dev/null +++ b/format/inet/sll_packet.go @@ -0,0 +1,139 @@ +package inet + +// SLL stands for sockaddr_ll +// https://www.tcpdump.org/linktypes/LINKTYPE_LINUX_SLL.html + +import ( + "github.com/wader/fq/format" + "github.com/wader/fq/format/registry" + "github.com/wader/fq/pkg/decode" +) + +var sllPacketEther8023Format decode.Group + +func init() { + registry.MustRegister(decode.Format{ + Name: format.SLL_PACKET, + Description: "Linux cooked capture encapsulation", + Dependencies: []decode.Dependency{ + {Names: []string{format.ETHER8023_FRAME}, Group: &sllPacketEther8023Format}, + }, + DecodeFn: decodeSLL, + }) +} + +var sllPacketFrameTypeFormat = map[uint64]*decode.Group{ + format.EtherTypeIPv4: ðer8023FrameIPv4Format, +} + +var sllPacketTypeMap = decode.UToScalar{ + 0: {Sym: "to_us", Description: "Sent to us"}, + 1: {Sym: "broadcast", Description: "Broadcast by somebody else"}, + 2: {Sym: "multicast", Description: "Multicast by somebody else"}, + 3: {Sym: "to_other", Description: "Sent to somebody else by somebody else"}, + 4: {Sym: "from_us", Description: "Sent by us"}, +} + +const ( + arpHdrTypeEther = 1 + arpHdrTypeLoopback = 772 +) + +// based on https://github.com/torvalds/linux/blob/master/include/uapi/linux/if_arp.h +var arpHdrTypeMAp = decode.UToScalar{ + 0: {Sym: "netrom", Description: `from KA9Q: NET/ROM pseudo`}, + arpHdrTypeEther: {Sym: "ether", Description: `Ethernet 10Mbps`}, + 2: {Sym: "eether", Description: `Experimental Ethernet`}, + 3: {Sym: "ax25", Description: `AX.25 Level 2`}, + 4: {Sym: "pronet", Description: `PROnet token ring`}, + 5: {Sym: "chaos", Description: `Chaosnet`}, + 6: {Sym: "ieee802", Description: `IEEE 802.2 Ethernet/TR/TB`}, + 7: {Sym: "arcnet", Description: `ARCnet`}, + 8: {Sym: "appletlk", Description: `APPLEtalk`}, + 15: {Sym: "dlci", Description: `Frame Relay DLCI`}, + 19: {Sym: "atm", Description: `ATM`}, + 23: {Sym: "metricom", Description: `Metricom STRIP (new IANA id`}, + 24: {Sym: "ieee1394", Description: `IEEE 1394 IPv4 - RFC 2734`}, + 27: {Sym: "eui64", Description: `EUI-64`}, + 32: {Sym: "infiniband", Description: `InfiniBand`}, + 256: {Sym: "slip"}, + 257: {Sym: "cslip"}, + 258: {Sym: "slip6"}, + 259: {Sym: "cslip6"}, + 260: {Sym: "rsrvd", Description: `Notional KISS type`}, + 264: {Sym: "adapt"}, + 270: {Sym: "rose"}, + 271: {Sym: "x25", Description: `CCITT X.25`}, + 272: {Sym: "hwx25", Description: `Boards with X.25 in firmware`}, + 280: {Sym: "can", Description: `Controller Area Network`}, + 290: {Sym: "mctp"}, + 512: {Sym: "ppp"}, + 513: {Sym: "cisco", Description: `Cisco HDLC`}, + 516: {Sym: "lapb", Description: `LAPB`}, + 517: {Sym: "ddcmp", Description: `Digital's DDCMP protocol`}, + 518: {Sym: "rawhdlc", Description: `Raw HDLC`}, + 519: {Sym: "rawip", Description: `Raw IP`}, + 768: {Sym: "tunnel", Description: `IPIP tunnel`}, + 769: {Sym: "tunnel6", Description: `IP6IP6 tunnel`}, + 770: {Sym: "frad", Description: `Frame Relay Access Device`}, + 771: {Sym: "skip", Description: `SKIP vif`}, + arpHdrTypeLoopback: {Sym: "loopback", Description: `Loopback device`}, + 773: {Sym: "localtlk", Description: `Localtalk device`}, + 774: {Sym: "fddi", Description: `Fiber Distributed Data Interface`}, + 775: {Sym: "bif", Description: `AP1000 BIF`}, + 776: {Sym: "sit", Description: `sit0 device - IPv6-in-IPv4`}, + 777: {Sym: "ipddp", Description: `IP over DDP tunneller`}, + 778: {Sym: "ipgre", Description: `GRE over IP`}, + 779: {Sym: "pimreg", Description: `PIMSM register interface`}, + 780: {Sym: "hippi", Description: `High Performance Parallel Interface`}, + 781: {Sym: "ash", Description: `Nexus 64Mbps Ash`}, + 782: {Sym: "econet", Description: `Acorn Econet`}, + 783: {Sym: "irda", Description: `Linux-IrDA`}, + 784: {Sym: "fcpp", Description: `Point to point fibrechannel`}, + 785: {Sym: "fcal", Description: `Fibrechannel arbitrated loop`}, + 786: {Sym: "fcpl", Description: `Fibrechannel public loop`}, + 787: {Sym: "fcfabric", Description: `Fibrechannel fabric`}, + 800: {Sym: "ieee802_tr", Description: `Magic type ident for TR`}, + 801: {Sym: "ieee80211", Description: `IEEE 802.11`}, + 802: {Sym: "ieee80211_prism", Description: `IEEE 802.11 + Prism2 header`}, + 803: {Sym: "ieee80211_radiotap", Description: `IEEE 802.11 + radiotap header`}, + 804: {Sym: "ieee802154"}, + 805: {Sym: "ieee802154_monitor", Description: `IEEE 802.15.4 network monitor`}, + 820: {Sym: "phonet", Description: `PhoNet media type`}, + 821: {Sym: "phonet_pipe", Description: `PhoNet pipe header`}, + 822: {Sym: "caif", Description: `CAIF media type`}, + 823: {Sym: "ip6gre", Description: `GRE over IPv6`}, + 824: {Sym: "netlink", Description: `Netlink header`}, + 825: {Sym: "6lowpan", Description: `IPv6 over LoWPAN`}, + 826: {Sym: "vsockmon", Description: `Vsock monitor header`}, + 0xffff: {Sym: "void", Description: `Void type, nothing is known`}, + 0xfffe: {Sym: "none", Description: `zero header length`}, +} + +func decodeSLL(d *decode.D, in interface{}) interface{} { + d.FieldU16("packet_type", d.MapUToScalar(sllPacketTypeMap)) + arpHdrType := d.FieldU16("arphdr_type", d.MapUToScalar(arpHdrTypeMAp)) + addressLength := d.FieldU16("link_address_length") + d.FieldU("link_address", int(addressLength)*8) + addressDiff := 8 - addressLength + if addressDiff > 0 { + d.FieldRawLen("padding", int64(addressDiff)*8) + } + + // TODO: handle other arphdr types + switch arpHdrType { + case arpHdrTypeLoopback, arpHdrTypeEther: + _ = d.FieldMustGet("link_address").TryScalarFn(mapUToEtherSym, d.Hex) + protcolType := d.FieldU16("protocol_type", d.MapUToScalar(format.EtherTypeMap), d.Hex) + if g, ok := sllPacketFrameTypeFormat[protcolType]; ok { + d.FieldFormatLen("data", d.BitsLeft(), *g, nil) + } else { + d.FieldRawLen("data", d.BitsLeft()) + } + default: + d.FieldU16LE("protocol_type") + d.FieldRawLen("data", d.BitsLeft()) + } + + return nil +} diff --git a/format/inet/tcp.go b/format/inet/tcp.go deleted file mode 100644 index 8327d1b4..00000000 --- a/format/inet/tcp.go +++ /dev/null @@ -1,42 +0,0 @@ -package inet - -import ( - "github.com/wader/fq/format" - "github.com/wader/fq/format/registry" - "github.com/wader/fq/pkg/decode" -) - -func init() { - registry.MustRegister(decode.Format{ - Name: format.TCP, - Description: "Transmission Control Protocol", - DecodeFn: decodeTCP, - }) -} - -func decodeTCP(d *decode.D, in interface{}) interface{} { - d.FieldU16("source_port", d.MapUToScalar(tcpPortMap)) - d.FieldU16("destination_port", d.MapUToScalar(tcpPortMap)) - d.FieldU32("sequence_number") - d.FieldU32("acknowledgment_number") - dataOffset := d.FieldU4("data_offset") - d.FieldU3("reserved") - d.FieldBool("ns") - d.FieldBool("cwr") - d.FieldBool("ece") - d.FieldBool("urg") - d.FieldBool("ack") - d.FieldBool("psh") - d.FieldBool("rst") - d.FieldBool("syn") - d.FieldBool("fin") - d.FieldU16("window_size") - d.FieldU16("checksum", d.Hex) - d.FieldU16("urgent_pointer") - if dataOffset > 5 { - d.FieldRawLen("options", (int64(dataOffset)-5)*8*4) - } - d.FieldRawLen("data", d.BitsLeft()) - - return nil -} diff --git a/format/inet/tcp_segment.go b/format/inet/tcp_segment.go new file mode 100644 index 00000000..7ffd0312 --- /dev/null +++ b/format/inet/tcp_segment.go @@ -0,0 +1,83 @@ +package inet + +// https://en.wikipedia.org/wiki/Transmission_Control_Protocol + +import ( + "github.com/wader/fq/format" + "github.com/wader/fq/format/registry" + "github.com/wader/fq/pkg/decode" +) + +func init() { + registry.MustRegister(decode.Format{ + Name: format.TCP_SEGMENT, + Description: "Transmission control protocol segment", + DecodeFn: decodeTCP, + }) +} + +const ( + tcpOptionEnd = 0 + tcpOptionNop = 1 +) + +var tcpOptionsMap = decode.UToScalar{ + tcpOptionEnd: {Sym: "end", Description: "End of options list"}, + tcpOptionNop: {Sym: "nop", Description: "No operation"}, + 2: {Sym: "maxseg", Description: "Maximum segment size"}, + 3: {Sym: "winscale", Description: "Window scale"}, + 4: {Sym: "sack_permitted", Description: "Selective Acknowledgement permitted"}, + 5: {Sym: "sack", Description: "Selective ACKnowledgement"}, + 8: {Sym: "timestamp", Description: "Timestamp and echo of previous timestamp"}, +} + +func decodeTCP(d *decode.D, in interface{}) interface{} { + d.FieldU16("source_port", d.MapUToScalar(format.TCPPortMap)) + d.FieldU16("destination_port", d.MapUToScalar(format.TCPPortMap)) + d.FieldU32("sequence_number") + d.FieldU32("acknowledgment_number") + dataOffset := d.FieldU4("data_offset") + d.FieldU3("reserved") + d.FieldBool("ns") + d.FieldBool("cwr") + d.FieldBool("ece") + d.FieldBool("urg") + d.FieldBool("ack") + d.FieldBool("psh") + d.FieldBool("rst") + d.FieldBool("syn") + d.FieldBool("fin") + d.FieldU16("window_size") + // checksumStart := d.Pos() + d.FieldU16("checksum", d.Hex) + // checksumEnd := d.Pos() + d.FieldU16("urgent_pointer") + optionsLen := (int64(dataOffset) - 5) * 8 * 4 + if optionsLen > 0 { + d.LenFn(optionsLen, func(d *decode.D) { + d.FieldArray("options", func(d *decode.D) { + for !d.End() { + d.FieldStruct("option", func(d *decode.D) { + kind := d.FieldU8("kind", d.MapUToScalar(tcpOptionsMap)) + switch kind { + case tcpOptionEnd, tcpOptionNop: + default: + l := d.FieldU8("length") + d.FieldRawLen("data", (int64(l-2))*8) + } + }) + } + }) + }) + } + + // TODO: need to pass ipv4 pseudo header somehow + // tcpChecksum := &checksum.IPv4{} + // d.MustCopy(tcpChecksum, d.BitBufRange(0, checksumStart)) + // d.MustCopy(tcpChecksum, d.BitBufRange(checksumEnd, d.Len()-checksumEnd)) + // _ = d.FieldMustGet("checksum").TryScalarFn(d.ValidateUBytes(tcpChecksum.Sum(nil)), d.Hex) + + d.FieldRawLen("data", d.BitsLeft()) + + return nil +} diff --git a/format/inet/testdata/ether8023 b/format/inet/testdata/ether8023_frame similarity index 100% rename from format/inet/testdata/ether8023 rename to format/inet/testdata/ether8023_frame diff --git a/format/inet/testdata/ether8023.fqtest b/format/inet/testdata/ether8023_frame.fqtest similarity index 88% rename from format/inet/testdata/ether8023.fqtest rename to format/inet/testdata/ether8023_frame.fqtest index c8599afd..7490547d 100644 --- a/format/inet/testdata/ether8023.fqtest +++ b/format/inet/testdata/ether8023_frame.fqtest @@ -1,10 +1,10 @@ -# fq 'first(.. | select(format=="ether8023")) | tobytes' many_interfaces.pcapng > ether8023 -$ fq -d ether8023 verbose /ether8023 - |00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef|.: {} /ether8023 (ether8023) 0x0-0xb1.7 (178) +# fq 'first(.. | select(format=="ether8023")) | tobytes' many_interfaces.pcapng > ether8023_frame +$ fq -d ether8023_frame verbose /ether8023_frame + |00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef|.: {} /ether8023_frame (ether8023_frame) 0x0-0xb1.7 (178) 0x00|ff ff ff ff ff ff |...... | destination: "ff:ff:ff:ff:ff:ff" (0xffffffffffff) 0x0-0x5.7 (6) 0x00| a4 5e 60 f1 7d 93 | .^`.}. | source: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0x6-0xb.7 (6) 0x00| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0xc-0xd.7 (2) - | | | packet: {} (ipv4) 0xe-0xb1.7 (164) + | | | packet: {} (ipv4_packet) 0xe-0xb1.7 (164) 0x00| 45 | E | version: 4 0xe-0xe.3 (0.4) 0x00| 45 | E | ihl: 5 0xe.4-0xe.7 (0.4) 0x00| 00| .| dscp: 0 0xf-0xf.5 (0.6) @@ -16,12 +16,12 @@ $ fq -d ether8023 verbose /ether8023 0x10| 00 | . | more_fragments: false 0x14.2-0x14.2 (0.1) 0x10| 00 00 | .. | fragment_offset: 0 0x14.3-0x15.7 (1.5) 0x10| 40 | @ | ttl: 64 0x16-0x16.7 (1) -0x10| 11 | . | protocol: "udp" (17) (user datagram protocol) 0x17-0x17.7 (1) -0x10| f1 47 | .G | header_checksum: 0xf147 0x18-0x19.7 (2) +0x10| 11 | . | protocol: "udp" (17) (User datagram protocol) 0x17-0x17.7 (1) +0x10| f1 47 | .G | header_checksum: 0xf147 (valid) 0x18-0x19.7 (2) 0x10| c0 a8 01 8b | .... | source_ip: "192.168.1.139" (0xc0a8018b) 0x1a-0x1d.7 (4) 0x10| ff ff| ..| destination_ip: "255.255.255.255" (0xffffffff) 0x1e-0x21.7 (4) 0x20|ff ff |.. | - | | | data: {} (udp) 0x22-0xb1.7 (144) + | | | data: {} (udp_datagram) 0x22-0xb1.7 (144) 0x20| 44 5c | D\ | source_port: 17500 0x22-0x23.7 (2) 0x20| 44 5c | D\ | destination_port: 17500 0x24-0x25.7 (2) 0x20| 00 90 | .. | length: 144 0x26-0x27.7 (2) diff --git a/format/inet/testdata/ipv4 b/format/inet/testdata/ipv4_packet similarity index 100% rename from format/inet/testdata/ipv4 rename to format/inet/testdata/ipv4_packet diff --git a/format/inet/testdata/ipv4.fqtest b/format/inet/testdata/ipv4_packet.fqtest similarity index 88% rename from format/inet/testdata/ipv4.fqtest rename to format/inet/testdata/ipv4_packet.fqtest index 07974020..ea84be9a 100644 --- a/format/inet/testdata/ipv4.fqtest +++ b/format/inet/testdata/ipv4_packet.fqtest @@ -1,6 +1,6 @@ -# fq 'first(.. | select(format=="ipv4")) | tobytes' many_interfaces.pcapng > ipv4 -$ fq -d ipv4 verbose /ipv4 - |00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef|.: {} /ipv4 (ipv4) 0x0-0x3e3.7 (996) +# fq 'first(.. | select(format=="ipv4")) | tobytes' many_interfaces.pcapng > ipv4_packet +$ fq -d ipv4_packet verbose /ipv4_packet + |00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef|.: {} /ipv4_packet (ipv4_packet) 0x0-0x3e3.7 (996) 0x000|45 |E | version: 4 0x0-0x0.3 (0.4) 0x000|45 |E | ihl: 5 0x0.4-0x0.7 (0.4) 0x000| 00 | . | dscp: 0 0x1-0x1.5 (0.6) @@ -12,8 +12,8 @@ $ fq -d ipv4 verbose /ipv4 0x000| 20 | | more_fragments: true 0x6.2-0x6.2 (0.1) 0x000| 20 00 | . | fragment_offset: 0 0x6.3-0x7.7 (1.5) 0x000| 40 | @ | ttl: 64 0x8-0x8.7 (1) -0x000| 01 | . | protocol: "icmp" (1) (internet control message protocol) 0x9-0x9.7 (1) -0x000| 9b 44 | .D | header_checksum: 0x9b44 0xa-0xb.7 (2) +0x000| 01 | . | protocol: "icmp" (1) (Internet control message protocol) 0x9-0x9.7 (1) +0x000| 9b 44 | .D | header_checksum: 0x9b44 (valid) 0xa-0xb.7 (2) 0x000| 02 01 01 02| ....| source_ip: "2.1.1.2" (0x2010102) 0xc-0xf.7 (4) 0x010|02 01 01 01 |.... | destination_ip: "2.1.1.1" (0x2010101) 0x10-0x13.7 (4) 0x010| 08 00 4d 71 13 c2 00 01 14 2b d2 59| ..Mq.....+.Y| data: raw bits 0x14-0x3e3.7 (976) diff --git a/format/inet/testdata/tcp.fqtest b/format/inet/testdata/tcp.fqtest deleted file mode 100644 index 6e486219..00000000 --- a/format/inet/testdata/tcp.fqtest +++ /dev/null @@ -1,24 +0,0 @@ -# fq 'first(.. | select(format=="tcp")) | tobytes' many_interfaces.pcapng > tcp -$ fq -d tcp verbose /tcp - |00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef|.: {} /tcp (tcp) 0x0-0x2b.7 (44) -0x00|c7 25 |.% | source_port: 50981 0x0-0x1.7 (2) -0x00| 01 bb | .. | destination_port: "https" (443) (http protocol over TLS/SSL) 0x2-0x3.7 (2) -0x00| 2b ce 2e 8a | +... | sequence_number: 734932618 0x4-0x7.7 (4) -0x00| 00 00 00 00 | .... | acknowledgment_number: 0 0x8-0xb.7 (4) -0x00| b0 | . | data_offset: 11 0xc-0xc.3 (0.4) -0x00| b0 | . | reserved: 0 0xc.4-0xc.6 (0.3) -0x00| b0 | . | ns: false 0xc.7-0xc.7 (0.1) -0x00| 02 | . | cwr: false 0xd-0xd (0.1) -0x00| 02 | . | ece: false 0xd.1-0xd.1 (0.1) -0x00| 02 | . | urg: false 0xd.2-0xd.2 (0.1) -0x00| 02 | . | ack: false 0xd.3-0xd.3 (0.1) -0x00| 02 | . | psh: false 0xd.4-0xd.4 (0.1) -0x00| 02 | . | rst: false 0xd.5-0xd.5 (0.1) -0x00| 02 | . | syn: true 0xd.6-0xd.6 (0.1) -0x00| 02 | . | fin: false 0xd.7-0xd.7 (0.1) -0x00| ff ff| ..| window_size: 65535 0xe-0xf.7 (2) -0x10|45 e4 |E. | checksum: 0x45e4 0x10-0x11.7 (2) -0x10| 00 00 | .. | urgent_pointer: 0 0x12-0x13.7 (2) -0x10| 02 04 05 b4 01 03 03 05 01 01 08 0a| ............| options: raw bits 0x14-0x2b.7 (24) -0x20|4b 2a 91 21 00 00 00 00 04 02 00 00| |K*.!........| | - | | | data: raw bits 0x2c-NA (0) diff --git a/format/inet/testdata/tcp b/format/inet/testdata/tcp_segment similarity index 100% rename from format/inet/testdata/tcp rename to format/inet/testdata/tcp_segment diff --git a/format/inet/testdata/tcp_segment.fqtest b/format/inet/testdata/tcp_segment.fqtest new file mode 100644 index 00000000..68d4703c --- /dev/null +++ b/format/inet/testdata/tcp_segment.fqtest @@ -0,0 +1,49 @@ +# fq 'first(.. | select(format=="tcp")) | tobytes' many_interfaces.pcapng > tcp_segment +$ fq -d tcp_segment verbose /tcp_segment + |00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef|.: {} /tcp_segment (tcp_segment) 0x0-0x2b.7 (44) +0x00|c7 25 |.% | source_port: 50981 0x0-0x1.7 (2) +0x00| 01 bb | .. | destination_port: "https" (443) (http protocol over TLS/SSL) 0x2-0x3.7 (2) +0x00| 2b ce 2e 8a | +... | sequence_number: 734932618 0x4-0x7.7 (4) +0x00| 00 00 00 00 | .... | acknowledgment_number: 0 0x8-0xb.7 (4) +0x00| b0 | . | data_offset: 11 0xc-0xc.3 (0.4) +0x00| b0 | . | reserved: 0 0xc.4-0xc.6 (0.3) +0x00| b0 | . | ns: false 0xc.7-0xc.7 (0.1) +0x00| 02 | . | cwr: false 0xd-0xd (0.1) +0x00| 02 | . | ece: false 0xd.1-0xd.1 (0.1) +0x00| 02 | . | urg: false 0xd.2-0xd.2 (0.1) +0x00| 02 | . | ack: false 0xd.3-0xd.3 (0.1) +0x00| 02 | . | psh: false 0xd.4-0xd.4 (0.1) +0x00| 02 | . | rst: false 0xd.5-0xd.5 (0.1) +0x00| 02 | . | syn: true 0xd.6-0xd.6 (0.1) +0x00| 02 | . | fin: false 0xd.7-0xd.7 (0.1) +0x00| ff ff| ..| window_size: 65535 0xe-0xf.7 (2) +0x10|45 e4 |E. | checksum: 0x45e4 0x10-0x11.7 (2) +0x10| 00 00 | .. | urgent_pointer: 0 0x12-0x13.7 (2) + | | | options: [9] 0x14-0x2b.7 (24) + | | | [0]: option {} 0x14-0x17.7 (4) +0x10| 02 | . | kind: "maxseg" (2) (Maximum segment size) 0x14-0x14.7 (1) +0x10| 04 | . | length: 4 0x15-0x15.7 (1) +0x10| 05 b4 | .. | data: raw bits 0x16-0x17.7 (2) + | | | [1]: option {} 0x18-0x18.7 (1) +0x10| 01 | . | kind: "nop" (1) (No operation) 0x18-0x18.7 (1) + | | | [2]: option {} 0x19-0x1b.7 (3) +0x10| 03 | . | kind: "winscale" (3) (Window scale) 0x19-0x19.7 (1) +0x10| 03 | . | length: 3 0x1a-0x1a.7 (1) +0x10| 05 | . | data: raw bits 0x1b-0x1b.7 (1) + | | | [3]: option {} 0x1c-0x1c.7 (1) +0x10| 01 | . | kind: "nop" (1) (No operation) 0x1c-0x1c.7 (1) + | | | [4]: option {} 0x1d-0x1d.7 (1) +0x10| 01 | . | kind: "nop" (1) (No operation) 0x1d-0x1d.7 (1) + | | | [5]: option {} 0x1e-0x27.7 (10) +0x10| 08 | . | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x1e-0x1e.7 (1) +0x10| 0a| .| length: 10 0x1f-0x1f.7 (1) +0x20|4b 2a 91 21 00 00 00 00 |K*.!.... | data: raw bits 0x20-0x27.7 (8) + | | | [6]: option {} 0x28-0x29.7 (2) +0x20| 04 | . | kind: "sack_permitted" (4) (Selective Acknowledgement permitted) 0x28-0x28.7 (1) +0x20| 02 | . | length: 2 0x29-0x29.7 (1) + | | | data: raw bits 0x2a-NA (0) + | | | [7]: option {} 0x2a-0x2a.7 (1) +0x20| 00 | . | kind: "end" (0) (End of options list) 0x2a-0x2a.7 (1) + | | | [8]: option {} 0x2b-0x2b.7 (1) +0x20| 00| | .| | kind: "end" (0) (End of options list) 0x2b-0x2b.7 (1) + | | | data: raw bits 0x2c-NA (0) diff --git a/format/inet/testdata/udp b/format/inet/testdata/udp_datagram similarity index 100% rename from format/inet/testdata/udp rename to format/inet/testdata/udp_datagram diff --git a/format/inet/testdata/udp.fqtest b/format/inet/testdata/udp_datagram.fqtest similarity index 86% rename from format/inet/testdata/udp.fqtest rename to format/inet/testdata/udp_datagram.fqtest index 53e2111d..a5d47456 100644 --- a/format/inet/testdata/udp.fqtest +++ b/format/inet/testdata/udp_datagram.fqtest @@ -1,6 +1,6 @@ -# fq 'first(.. | select(format=="udp")) | tobytes' many_interfaces.pcapng > udp -$ fq -d udp verbose /udp - |00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef|.: {} /udp (udp) 0x0-0x8f.7 (144) +# fq 'first(.. | select(format=="udp")) | tobytes' many_interfaces.pcapng > udp_datagram +$ fq -d udp_datagram verbose /udp_datagram + |00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef|.: {} /udp_datagram (udp_datagram) 0x0-0x8f.7 (144) 0x00|44 5c |D\ | source_port: 17500 0x0-0x1.7 (2) 0x00| 44 5c | D\ | destination_port: 17500 0x2-0x3.7 (2) 0x00| 00 90 | .. | length: 144 0x4-0x5.7 (2) diff --git a/format/inet/udp.go b/format/inet/udp.go deleted file mode 100644 index e87b7ea7..00000000 --- a/format/inet/udp.go +++ /dev/null @@ -1,49 +0,0 @@ -package inet - -import ( - "github.com/wader/fq/format" - "github.com/wader/fq/format/registry" - "github.com/wader/fq/pkg/decode" -) - -var udpDNSFormat decode.Group - -func init() { - registry.MustRegister(decode.Format{ - Name: format.UDP, - Description: "User datagram protocol", - Dependencies: []decode.Dependency{ - {Names: []string{format.DNS}, Group: &udpDNSFormat}, - }, - DecodeFn: decodeUDP, - }) -} - -const ( - udpPortDNS = 53 -) - -var udpPortFormat = map[uint64]*decode.Group{ - udpPortDNS: &udpDNSFormat, -} - -func decodeUDP(d *decode.D, in interface{}) interface{} { - soucePort := d.FieldU16("source_port", d.MapUToScalar(udpPortMap)) - destPort := d.FieldU16("destination_port", d.MapUToScalar(udpPortMap)) - length := d.FieldU16("length") - d.FieldU16("checksum", d.Hex) - - // TODO: prio? src/dst map? - g := udpPortFormat[soucePort] - if g == nil { - g = udpPortFormat[destPort] - } - dataLen := int64(length-8) * 8 - if g != nil { - d.FieldFormatLen("data", dataLen, *g, nil) - } else { - d.FieldRawLen("data", dataLen) - } - - return nil -} diff --git a/format/inet/udp_datagram.go b/format/inet/udp_datagram.go new file mode 100644 index 00000000..18aa7d80 --- /dev/null +++ b/format/inet/udp_datagram.go @@ -0,0 +1,39 @@ +package inet + +import ( + "github.com/wader/fq/format" + "github.com/wader/fq/format/registry" + "github.com/wader/fq/pkg/decode" +) + +var udpDatagramFormat decode.Group + +func init() { + registry.MustRegister(decode.Format{ + Name: format.UDP_DATAGRAM, + Description: "User datagram protocol", + Dependencies: []decode.Dependency{ + {Names: []string{format.UDP_PAYLOAD}, Group: &udpDatagramFormat}, + }, + DecodeFn: decodeUDP, + }) +} + +func decodeUDP(d *decode.D, in interface{}) interface{} { + soucePort := d.FieldU16("source_port", d.MapUToScalar(format.UDPPortMap)) + destPort := d.FieldU16("destination_port", d.MapUToScalar(format.UDPPortMap)) + length := d.FieldU16("length") + d.FieldU16("checksum", d.Hex) + + dataLen := int64(length-8) * 8 + if dv, _, _ := d.TryFieldFormatLen("data", dataLen, udpDatagramFormat, format.UDPDatagramIn{ + SourcePort: int(soucePort), + DestinationPort: int(destPort), + }); dv == nil { + d.FieldRawLen("data", dataLen) + } + + // TODO: for checksum need to pass ipv4 pseudo header somehow + + return nil +} diff --git a/format/jpeg/ps_irids.go b/format/jpeg/ps_irids.go index aa2f410b..d0ee6d61 100644 --- a/format/jpeg/ps_irids.go +++ b/format/jpeg/ps_irids.go @@ -8,13 +8,13 @@ var psImageResourceBlockNames = decode.UToScalar{ 0x03E9: {Description: `Macintosh print manager print info record`}, 0x03EA: {Description: `Macintosh page format information. No longer read by Photoshop. (Obsolete)`}, 0x03EB: {Description: `Indexed color table`}, - 0x03ED: {Description: `ResolutionInfo structure. See Appendix A in Photoshop API Guide.pdf.`}, - 0x03EE: {Description: `Names of the alpha channels as a series of Pascal strings.`}, - 0x03EF: {Description: `(Obsolete) See ID 1077DisplayInfo structure. See Appendix A in Photoshop API Guide.pdf.`}, - 0x03F0: {Description: `The caption as a Pascal string.`}, - 0x03F1: {Description: `Border information. Contains a fixed number (2 bytes real, 2 bytes fraction) for the border width, and 2 bytes for border units (1 = inches, 2 = cm, 3 = points, 4 = picas, 5 = columns).`}, - 0x03F2: {Description: `Background color. See See Color structure.`}, - 0x03F3: {Description: `Print flags. A series of one-byte boolean values (see Page Setup dialog): labels, crop marks, color bars, registration marks, negative, flip, interpolate, caption, print flags.`}, + 0x03ED: {Description: `ResolutionInfo structure. See Appendix A in Photoshop API Guide.pdf`}, + 0x03EE: {Description: `Names of the alpha channels as a series of Pascal strings`}, + 0x03EF: {Description: `(Obsolete) See ID 1077DisplayInfo structure. See Appendix A in Photoshop API Guide.pdf`}, + 0x03F0: {Description: `The caption as a Pascal string`}, + 0x03F1: {Description: `Border information. Contains a fixed number (2 bytes real, 2 bytes fraction) for the border width, and 2 bytes for border units (1 = inches, 2 = cm, 3 = points, 4 = picas, 5 = columns)`}, + 0x03F2: {Description: `Background color. See See Color structure`}, + 0x03F3: {Description: `Print flags. A series of one-byte boolean values (see Page Setup dialog): labels, crop marks, color bars, registration marks, negative, flip, interpolate, caption, print flags`}, 0x03F4: {Description: `Grayscale and multichannel halftoning information`}, 0x03F5: {Description: `Color halftoning information`}, 0x03F6: {Description: `Duotone halftoning information`}, @@ -25,68 +25,68 @@ var psImageResourceBlockNames = decode.UToScalar{ 0x03FB: {Description: `Two bytes for the effective black and white values for the dot range`}, 0x03FC: {Description: `(Obsolete)`}, 0x03FD: {Description: `EPS options`}, - 0x03FE: {Description: `Quick Mask information. 2 bytes containing Quick Mask channel ID; 1- byte boolean indicating whether the mask was initially empty.`}, + 0x03FE: {Description: `Quick Mask information. 2 bytes containing Quick Mask channel ID; 1- byte boolean indicating whether the mask was initially empty`}, 0x03FF: {Description: `(Obsolete)`}, - 0x0400: {Description: `Layer state information. 2 bytes containing the index of target layer (0 = bottom layer).`}, - 0x0401: {Description: `Working path (not saved). See See Path resource format.`}, - 0x0402: {Description: `Layers group information. 2 bytes per layer containing a group ID for the dragging groups. Layers in a group have the same group ID.`}, + 0x0400: {Description: `Layer state information. 2 bytes containing the index of target layer (0 = bottom layer)`}, + 0x0401: {Description: `Working path (not saved). See See Path resource format`}, + 0x0402: {Description: `Layers group information. 2 bytes per layer containing a group ID for the dragging groups. Layers in a group have the same group ID`}, 0x0403: {Description: `(Obsolete)`}, - 0x0404: {Description: `IPTC-NAA record. Contains the File Info... information. See the documentation in the IPTC folder of the Documentation folder.`}, + 0x0404: {Description: `IPTC-NAA record. Contains the File Info... information. See the documentation in the IPTC folder of the Documentation folder`}, 0x0405: {Description: `Image mode for raw format files`}, - 0x0406: {Description: `JPEG quality. Private.`}, - 0x0408: {Description: `(Photoshop 4.0) Grid and guides information. See See Grid and guides resource format.`}, - 0x0409: {Description: `(Photoshop 4.0) Thumbnail resource for Photoshop 4.0 only. See See Thumbnail resource format.`}, - 0x040A: {Description: `(Photoshop 4.0) Copyright flag. Boolean indicating whether image is copyrighted. Can be set via Property suite or by user in File Info...`}, - 0x040B: {Description: `(Photoshop 4.0) URL. Handle of a text string with uniform resource locator. Can be set via Property suite or by user in File Info...`}, - 0x040C: {Description: `(Photoshop 5.0) Thumbnail resource (supersedes resource 1033). See See Thumbnail resource format.`}, - 0x040D: {Description: `(Photoshop 5.0) Global Angle. 4 bytes that contain an integer between 0 and 359, which is the global lighting angle for effects layer. If not present, assumed to be 30.`}, - 0x040E: {Description: `(Obsolete) See ID 1073 below. (Photoshop 5.0) Color samplers resource. See See Color samplers resource format.`}, - 0x040F: {Description: `(Photoshop 5.0) ICC Profile. The raw bytes of an ICC (International Color Consortium) format profile. See ICC1v42_2006-05.pdf in the Documentation folder and icProfileHeader.h in Sample Code\Common\Includes .`}, - 0x0410: {Description: `(Photoshop 5.0) Watermark. One byte.`}, - 0x0411: {Description: `(Photoshop 5.0) ICC Untagged Profile. 1 byte that disables any assumed profile handling when opening the file. 1 = intentionally untagged.`}, - 0x0412: {Description: `(Photoshop 5.0) Effects visible. 1-byte global flag to show/hide all the effects layer. Only present when they are hidden.`}, - 0x0413: {Description: `(Photoshop 5.0) Spot Halftone. 4 bytes for version, 4 bytes for length, and the variable length data.`}, - 0x0414: {Description: `(Photoshop 5.0) Document-specific IDs seed number. 4 bytes: Base value, starting at which layer IDs will be generated (or a greater value if existing IDs already exceed it). Its purpose is to avoid the case where we add layers, flatten, save, open, and then add more layers that end up with the same IDs as the first set.`}, + 0x0406: {Description: `JPEG quality. Private`}, + 0x0408: {Description: `(Photoshop 4.0) Grid and guides information. See See Grid and guides resource format`}, + 0x0409: {Description: `(Photoshop 4.0) Thumbnail resource for Photoshop 4.0 only. See See Thumbnail resource format`}, + 0x040A: {Description: `(Photoshop 4.0) Copyright flag. Boolean indicating whether image is copyrighted. Can be set via Property suite or by user in File Info`}, + 0x040B: {Description: `(Photoshop 4.0) URL. Handle of a text string with uniform resource locator. Can be set via Property suite or by user in File Info`}, + 0x040C: {Description: `(Photoshop 5.0) Thumbnail resource (supersedes resource 1033). See See Thumbnail resource format`}, + 0x040D: {Description: `(Photoshop 5.0) Global Angle. 4 bytes that contain an integer between 0 and 359, which is the global lighting angle for effects layer. If not present, assumed to be 30`}, + 0x040E: {Description: `(Obsolete) See ID 1073 below. (Photoshop 5.0) Color samplers resource. See See Color samplers resource format`}, + 0x040F: {Description: `(Photoshop 5.0) ICC Profile. The raw bytes of an ICC (International Color Consortium) format profile. See ICC1v42_2006-05.pdf in the Documentation folder and icProfileHeader.h in Sample Code\Common\Includes `}, + 0x0410: {Description: `(Photoshop 5.0) Watermark. One byte`}, + 0x0411: {Description: `(Photoshop 5.0) ICC Untagged Profile. 1 byte that disables any assumed profile handling when opening the file. 1 = intentionally untagged`}, + 0x0412: {Description: `(Photoshop 5.0) Effects visible. 1-byte global flag to show/hide all the effects layer. Only present when they are hidden`}, + 0x0413: {Description: `(Photoshop 5.0) Spot Halftone. 4 bytes for version, 4 bytes for length, and the variable length data`}, + 0x0414: {Description: `(Photoshop 5.0) Document-specific IDs seed number. 4 bytes: Base value, starting at which layer IDs will be generated (or a greater value if existing IDs already exceed it). Its purpose is to avoid the case where we add layers, flatten, save, open, and then add more layers that end up with the same IDs as the first set`}, 0x0415: {Description: `(Photoshop 5.0) Unicode Alpha Names. Unicode string`}, 0x0416: {Description: `(Photoshop 6.0) Indexed Color Table Count. 2 bytes for the number of colors in table that are actually defined`}, - 0x0417: {Description: `(Photoshop 6.0) Transparency Index. 2 bytes for the index of transparent color, if any.`}, + 0x0417: {Description: `(Photoshop 6.0) Transparency Index. 2 bytes for the index of transparent color, if any`}, 0x0419: {Description: `(Photoshop 6.0) Global Altitude. 4 byte entry for altitude`}, - 0x041A: {Description: `(Photoshop 6.0) Slices. See See Slices resource format.`}, + 0x041A: {Description: `(Photoshop 6.0) Slices. See See Slices resource format`}, 0x041B: {Description: `(Photoshop 6.0) Workflow URL. Unicode string`}, - 0x041C: {Description: `(Photoshop 6.0) Jump To XPEP. 2 bytes major version, 2 bytes minor version, 4 bytes count. Following is repeated for count: 4 bytes block size, 4 bytes key, if key = 'jtDd' , then next is a Boolean for the dirty flag; otherwise it's a 4 byte entry for the mod date.`}, - 0x041D: {Description: `(Photoshop 6.0) Alpha Identifiers. 4 bytes of length, followed by 4 bytes each for every alpha identifier.`}, - 0x041E: {Description: `(Photoshop 6.0) URL List. 4 byte count of URLs, followed by 4 byte long, 4 byte ID, and Unicode string for each count.`}, - 0x0421: {Description: `(Photoshop 6.0) Version Info. 4 bytes version, 1 byte hasRealMergedData , Unicode string: writer name, Unicode string: reader name, 4 bytes file version.`}, + 0x041C: {Description: `(Photoshop 6.0) Jump To XPEP. 2 bytes major version, 2 bytes minor version, 4 bytes count. Following is repeated for count: 4 bytes block size, 4 bytes key, if key = 'jtDd' , then next is a Boolean for the dirty flag; otherwise it's a 4 byte entry for the mod date`}, + 0x041D: {Description: `(Photoshop 6.0) Alpha Identifiers. 4 bytes of length, followed by 4 bytes each for every alpha identifier`}, + 0x041E: {Description: `(Photoshop 6.0) URL List. 4 byte count of URLs, followed by 4 byte long, 4 byte ID, and Unicode string for each count`}, + 0x0421: {Description: `(Photoshop 6.0) Version Info. 4 bytes version, 1 byte hasRealMergedData , Unicode string: writer name, Unicode string: reader name, 4 bytes file version`}, 0x0422: {Description: `(Photoshop 7.0) EXIF data 1. See http://www.kodak.com/global/plugins/acrobat/en/service/digCam/exifStandard2.pdf`}, 0x0423: {Description: `(Photoshop 7.0) EXIF data 3. See http://www.kodak.com/global/plugins/acrobat/en/service/digCam/exifStandard2.pdf`}, 0x0424: {Description: `(Photoshop 7.0) XMP metadata. File info as XML description. See http://www.adobe.com/devnet/xmp/`}, 0x0425: {Description: `(Photoshop 7.0) Caption digest. 16 bytes: RSA Data Security, MD5 message-digest algorithm`}, 0x0426: {Description: `(Photoshop 7.0) Print scale. 2 bytes style (0 = centered, 1 = size to fit, 2 = user defined). 4 bytes x location (floating point). 4 bytes y location (floating point). 4 bytes scale (floating point)`}, - 0x0428: {Description: `(Photoshop CS) Pixel Aspect Ratio. 4 bytes (version = 1 or 2), 8 bytes double, x / y of a pixel. Version 2, attempting to correct values for NTSC and PAL, previously off by a factor of approx. 5%.`}, + 0x0428: {Description: `(Photoshop CS) Pixel Aspect Ratio. 4 bytes (version = 1 or 2), 8 bytes double, x / y of a pixel. Version 2, attempting to correct values for NTSC and PAL, previously off by a factor of approx. 5%`}, 0x0429: {Description: `(Photoshop CS) Layer Comps. 4 bytes (descriptor version = 16), Descriptor (see See Descriptor structure)`}, - 0x042A: {Description: `(Photoshop CS) Alternate Duotone Colors. 2 bytes (version = 1), 2 bytes count, following is repeated for each count: [ Color: 2 bytes for space followed by 4 * 2 byte color component ], following this is another 2 byte count, usually 256, followed by Lab colors one byte each for L, a, b. This resource is not read or used by Photoshop.`}, - 0x042B: {Description: `(Photoshop CS)Alternate Spot Colors. 2 bytes (version = 1), 2 bytes channel count, following is repeated for each count: 4 bytes channel ID, Color: 2 bytes for space followed by 4 * 2 byte color component. This resource is not read or used by Photoshop.`}, + 0x042A: {Description: `(Photoshop CS) Alternate Duotone Colors. 2 bytes (version = 1), 2 bytes count, following is repeated for each count: [ Color: 2 bytes for space followed by 4 * 2 byte color component ], following this is another 2 byte count, usually 256, followed by Lab colors one byte each for L, a, b. This resource is not read or used by Photoshop`}, + 0x042B: {Description: `(Photoshop CS)Alternate Spot Colors. 2 bytes (version = 1), 2 bytes channel count, following is repeated for each count: 4 bytes channel ID, Color: 2 bytes for space followed by 4 * 2 byte color component. This resource is not read or used by Photoshop`}, 0x042D: {Description: `(Photoshop CS2) Layer Selection ID(s). 2 bytes count, following is repeated for each count: 4 bytes layer ID`}, 0x042E: {Description: `(Photoshop CS2) HDR Toning information`}, 0x042F: {Description: `(Photoshop CS2) Print info`}, 0x0430: {Description: `(Photoshop CS2) Layer Group(s) Enabled ID. 1 byte for each layer in the document, repeated by length of the resource. NOTE: Layer groups have start and end markers`}, - 0x0431: {Description: `(Photoshop CS3) Color samplers resource. Also see ID 1038 for old format. See See Color samplers resource format.`}, + 0x0431: {Description: `(Photoshop CS3) Color samplers resource. Also see ID 1038 for old format. See See Color samplers resource format`}, 0x0432: {Description: `(Photoshop CS3) Measurement Scale. 4 bytes (descriptor version = 16), Descriptor (see See Descriptor structure)`}, 0x0433: {Description: `(Photoshop CS3) Timeline Information. 4 bytes (descriptor version = 16), Descriptor (see See Descriptor structure)`}, 0x0434: {Description: `(Photoshop CS3) Sheet Disclosure. 4 bytes (descriptor version = 16), Descriptor (see See Descriptor structure)`}, - 0x0435: {Description: `(Photoshop CS3) DisplayInfo structure to support floating point clors. Also see ID 1007. See Appendix A in Photoshop API Guide.pdf .`}, + 0x0435: {Description: `(Photoshop CS3) DisplayInfo structure to support floating point clors. Also see ID 1007. See Appendix A in Photoshop API Guide.pdf `}, 0x0436: {Description: `(Photoshop CS3) Onion Skins. 4 bytes (descriptor version = 16), Descriptor (see See Descriptor structure)`}, - 0x0438: {Description: `(Photoshop CS4) Count Information. 4 bytes (descriptor version = 16), Descriptor (see See Descriptor structure) Information about the count in the document. See the Count Tool.`}, - 0x043A: {Description: `(Photoshop CS5) Print Information. 4 bytes (descriptor version = 16), Descriptor (see See Descriptor structure) Information about the current print settings in the document. The color management options.`}, - 0x043B: {Description: `(Photoshop CS5) Print Style. 4 bytes (descriptor version = 16), Descriptor (see See Descriptor structure) Information about the current print style in the document. The printing marks, labels, ornaments, etc.`}, - 0x043C: {Description: `(Photoshop CS5) Macintosh NSPrintInfo. Variable OS specific info for Macintosh. NSPrintInfo. It is recommended that you do not interpret or use this data.`}, - 0x043D: {Description: `(Photoshop CS5) Windows DEVMODE. Variable OS specific info for Windows. DEVMODE. It is recommended that you do not interpret or use this data.`}, - 0x043E: {Description: `(Photoshop CS6) Auto Save File Path. Unicode string. It is recommended that you do not interpret or use this data.`}, - 0x043F: {Description: `(Photoshop CS6) Auto Save Format. Unicode string. It is recommended that you do not interpret or use this data.`}, - 0x0440: {Description: `(Photoshop CC) Path Selection State. 4 bytes (descriptor version = 16), Descriptor (see See Descriptor structure) Information about the current path selection state.`}, - // 0x07D0 - 0x0BB6: `Path Information (saved paths). See See Path resource format.`}, - 0x0BB7: {Description: `Name of clipping path. See See Path resource format.`}, - 0x0BB8: {Description: `(Photoshop CC) Origin Path Info. 4 bytes (descriptor version = 16), Descriptor (see See Descriptor structure) Information about the origin path data.`}, + 0x0438: {Description: `(Photoshop CS4) Count Information. 4 bytes (descriptor version = 16), Descriptor (see See Descriptor structure) Information about the count in the document. See the Count Tool`}, + 0x043A: {Description: `(Photoshop CS5) Print Information. 4 bytes (descriptor version = 16), Descriptor (see See Descriptor structure) Information about the current print settings in the document. The color management options`}, + 0x043B: {Description: `(Photoshop CS5) Print Style. 4 bytes (descriptor version = 16), Descriptor (see See Descriptor structure) Information about the current print style in the document. The printing marks, labels, ornaments, etc`}, + 0x043C: {Description: `(Photoshop CS5) Macintosh NSPrintInfo. Variable OS specific info for Macintosh. NSPrintInfo. It is recommended that you do not interpret or use this data`}, + 0x043D: {Description: `(Photoshop CS5) Windows DEVMODE. Variable OS specific info for Windows. DEVMODE. It is recommended that you do not interpret or use this data`}, + 0x043E: {Description: `(Photoshop CS6) Auto Save File Path. Unicode string. It is recommended that you do not interpret or use this data`}, + 0x043F: {Description: `(Photoshop CS6) Auto Save Format. Unicode string. It is recommended that you do not interpret or use this data`}, + 0x0440: {Description: `(Photoshop CC) Path Selection State. 4 bytes (descriptor version = 16), Descriptor (see See Descriptor structure) Information about the current path selection state`}, + // 0x07D0 - 0x0BB6: `Path Information (saved paths). See See Path resource format`}, + 0x0BB7: {Description: `Name of clipping path. See See Path resource format`}, + 0x0BB8: {Description: `(Photoshop CC) Origin Path Info. 4 bytes (descriptor version = 16), Descriptor (see See Descriptor structure) Information about the origin path data`}, // 0x0FA0 - 0x1387: `Plug-In resource(s). Resources added by a plug-in. See the plug-in API found in the SDK documentation`}, 0x1B58: {Description: `Image Ready variables. XML representation of variables definition`}, 0x1B59: {Description: `Image Ready data sets`}, @@ -95,6 +95,6 @@ var psImageResourceBlockNames = decode.UToScalar{ 0x1B5C: {Description: `Image Ready rollover expanded state`}, 0x1B5D: {Description: `Image Ready save layer settings`}, 0x1B5E: {Description: `Image Ready version`}, - 0x1F40: {Description: `(Photoshop CS3) Lightroom workflow, if present the document is in the middle of a Lightroom workflow.`}, - 0x2710: {Description: `Print flags information. 2 bytes version ( = 1), 1 byte center crop marks, 1 byte ( = 0), 4 bytes bleed width value, 2 bytes bleed width scale.`}, + 0x1F40: {Description: `(Photoshop CS3) Lightroom workflow, if present the document is in the middle of a Lightroom workflow`}, + 0x2710: {Description: `Print flags information. 2 bytes version ( = 1), 1 byte center crop marks, 1 byte ( = 0), 4 bytes bleed width value, 2 bytes bleed width scale`}, } diff --git a/format/mp4/boxes.go b/format/mp4/boxes.go index d563ef25..66462c07 100644 --- a/format/mp4/boxes.go +++ b/format/mp4/boxes.go @@ -660,7 +660,7 @@ func init() { d.FieldU24("flags") d.FieldU32("reserved") if isParent(ctx, "covr") { - dv, _, _ := d.FieldTryFormatLen("data", d.BitsLeft(), imageFormat, nil) + dv, _, _ := d.TryFieldFormatLen("data", d.BitsLeft(), imageFormat, nil) if dv == nil { d.FieldRawLen("data", d.BitsLeft()) } @@ -956,7 +956,7 @@ func init() { // TODO: make nicer systemID, err := systemIDBB.Bytes() if err != nil { - d.IOPanic(err) + d.IOPanic(err, "systemIDBB.Bytes") } switch version { case 0: diff --git a/format/mp4/brands.go b/format/mp4/brands.go index 869ad6b4..cd6b0c92 100644 --- a/format/mp4/brands.go +++ b/format/mp4/brands.go @@ -68,7 +68,7 @@ var brandDescriptions = decode.StrToScalar{ "da2b": {Description: "DMB AF extending da2a, with 3GPP timed text, DID, TVA, REL, IPMP"}, "da3a": {Description: "DMB AF audio with HE-AAC, JPG/PNG/MNG images"}, "da3b": {Description: "DMB AF extending da3a with BIFS, 3GPP timed text, DID, TVA, REL, IPMP"}, - "dash": {Description: "ISO base media file format file specifically designed for DASH including movie fragments and Segment Index."}, + "dash": {Description: "ISO base media file format file specifically designed for DASH including movie fragments and Segment Index"}, "dby1": {Description: "MP4 files with Dolby content (e.g. Dolby AC-4, Dolby Digital Plus, Dolby TrueHD (Dolby MLP))"}, "dmb1": {Description: "DMB AF supporting all the components defined in the specification"}, "dmpf": {Description: "Digital Media Project"}, @@ -118,7 +118,7 @@ var brandDescriptions = decode.StrToScalar{ "jpxb": {Description: "JPEG XR"}, "KDDI": {Description: "3GPP2 EZmovie for KDDI 3G cellphones"}, "LCAG": {Description: "Leica digital camera"}, - "lmsg": {Description: "last Media Segment indicator for ISO base media file format."}, + "lmsg": {Description: "last Media Segment indicator for ISO base media file format"}, "M4A": {Description: "iTunes MPEG-4 audio protected or not"}, "M4B": {Description: "iTunes AudioBook protected or not"}, "M4P": {Description: "MPEG-4 protected audio"}, @@ -138,9 +138,9 @@ var brandDescriptions = decode.StrToScalar{ "MPPI": {Description: "Photo Player Multimedia Application Format"}, "mpuf": {Description: "Compliance with the MMT Processing Unit format"}, "mqt": {Description: "Sony / Mobile QuickTime (.MQV) US Patent 7,477,830 (Sony Corp)"}, - "msdh": {Description: "Media Segment conforming to the general format type for ISO base media file format."}, + "msdh": {Description: "Media Segment conforming to the general format type for ISO base media file format"}, "msf1": {Description: "High Efficiency Image Format sequence (.HEIFS)"}, - "msix": {Description: "Media Segment conforming to the Indexed Media Segment format type for ISO base media file format."}, + "msix": {Description: "Media Segment conforming to the Indexed Media Segment format type for ISO base media file format"}, "MSNV": {Description: "Portable multimedia CE products using MP4 file format with AVC video codec and AAC audio codec"}, "NDAS": {Description: "MP4 v2 [ISO 14496-14] Nero Digital AAC Audio"}, "NDSC": {Description: "MPEG-4 (.MP4) Nero Cinema Profile"}, @@ -161,17 +161,17 @@ var brandDescriptions = decode.StrToScalar{ "piff": {Description: "Protected Interoperable File Format"}, "pnvi": {Description: "Panasonic Video Intercom Video Intercom"}, "qt ": {Description: "QuickTime"}, - "risx": {Description: "Representation Index Segment used to index MPEG-2 TS based Media Segments."}, + "risx": {Description: "Representation Index Segment used to index MPEG-2 TS based Media Segments"}, "ROSS": {Description: "Ross Video Ross"}, "sdv": {Description: "SD Video"}, "SEAU": {Description: "Home and Mobile Multimedia Platform (HMMP)"}, "SEBK": {Description: "Home and Mobile Multimedia Platform (HMMP)"}, "senv": {Description: "Video contents Sony Entertainment Network provides by using MP4 file format"}, - "sims": {Description: "Media Segment conforming to the Sub-Indexed Media Segment format type for ISO base media file format."}, - "sisx": {Description: "Single Index Segment used to index MPEG-2 TS based Media Segments."}, + "sims": {Description: "Media Segment conforming to the Sub-Indexed Media Segment format type for ISO base media file format"}, + "sisx": {Description: "Single Index Segment used to index MPEG-2 TS based Media Segments"}, "ssc1": {Description: "Samsung stereoscopic, single stream"}, "ssc2": {Description: "Samsung stereoscopic, dual stream"}, - "ssss": {Description: "Subsegment Index Segment used to index MPEG-2 TS based Media Segments."}, - "uvvu": {Description: "UltraViolet file brand – conforming to the DECE Common File Format spec, Annex E."}, + "ssss": {Description: "Subsegment Index Segment used to index MPEG-2 TS based Media Segments"}, + "uvvu": {Description: "UltraViolet file brand – conforming to the DECE Common File Format spec, Annex E"}, "XAVC": {Description: "XAVC File Format"}, } diff --git a/format/mp4/desc.go b/format/mp4/desc.go index d6d5359a..453caeb6 100644 --- a/format/mp4/desc.go +++ b/format/mp4/desc.go @@ -32,7 +32,7 @@ var boxDescriptions = decode.StrToScalar{ "coin": {Description: "Content Information Box"}, "coll": {Description: "Name of the collection from which the media comes"}, "colr": {Description: "Specifies the colourspace of the image"}, - "cprt": {Description: "Copyright etc."}, + "cprt": {Description: "Copyright etc"}, "crgn": {Description: "Visual clipping region definition"}, "crhd": {Description: "Reserved for ClockReferenceStream header"}, "csgp": {Description: "Compact sample to group"}, @@ -41,7 +41,7 @@ var boxDescriptions = decode.StrToScalar{ "ctts": {Description: "Composition time to sample"}, "cvru": {Description: "OMA DRM Cover URI"}, "dac4": {Description: "Dolby AC-4 stream descriptor"}, - "date": {Description: "Date and time, formatted according to ISO 8601, when the content was created. For clips captured by recording devices, this is typically the date and time when the clip’s recording started."}, + "date": {Description: "Date and time, formatted according to ISO 8601, when the content was created. For clips captured by recording devices, this is typically the date and time when the clip’s recording started"}, "dcfD": {Description: "Marlin DCF Duration, user-data atom type"}, "dec3": {Description: "E-AC-3 (Dolby Digital Plus) stream descriptor"}, "dihd": {Description: "Data Integrity Hash"}, diff --git a/format/mp4/testdata/dash.fqtest b/format/mp4/testdata/dash.fqtest index d122e48a..667ce4fc 100644 --- a/format/mp4/testdata/dash.fqtest +++ b/format/mp4/testdata/dash.fqtest @@ -12,7 +12,7 @@ $ fq -d mp4 verbose /dash_audio_init.mp4 | | | brands: [4] 0x10-0x1f.7 (16) 0x010|69 73 6f 38 |iso8 | [0]: brand "iso8" (MP4 Base Media v8) 0x10-0x13.7 (4) 0x010| 6d 70 34 31 | mp41 | [1]: brand "mp41" (MP4 version 1) 0x14-0x17.7 (4) -0x010| 64 61 73 68 | dash | [2]: brand "dash" (ISO base media file format file specifically designed for DASH including movie fragments and Segment Index.) 0x18-0x1b.7 (4) +0x010| 64 61 73 68 | dash | [2]: brand "dash" (ISO base media file format file specifically designed for DASH including movie fragments and Segment Index) 0x18-0x1b.7 (4) 0x010| 63 6d 66 63| cmfc| [3]: brand "cmfc" (CMAF Track Format) 0x1c-0x1f.7 (4) | | | [1]: box {} 0x20-0x32f.7 (784) 0x020|00 00 03 10 |.... | size: 784 0x20-0x23.7 (4) @@ -359,7 +359,7 @@ $ fq -d mp4 verbose /dash_audio_1.m4s | | | brands: [4] 0x10-0x1f.7 (16) 0x010|69 73 6f 38 |iso8 | [0]: brand "iso8" (MP4 Base Media v8) 0x10-0x13.7 (4) 0x010| 6d 70 34 31 | mp41 | [1]: brand "mp41" (MP4 version 1) 0x14-0x17.7 (4) -0x010| 64 61 73 68 | dash | [2]: brand "dash" (ISO base media file format file specifically designed for DASH including movie fragments and Segment Index.) 0x18-0x1b.7 (4) +0x010| 64 61 73 68 | dash | [2]: brand "dash" (ISO base media file format file specifically designed for DASH including movie fragments and Segment Index) 0x18-0x1b.7 (4) 0x010| 63 6d 66 73| cmfs| [3]: brand "cmfs" (CMAF Segment Format) 0x1c-0x1f.7 (4) | | | [1]: box {} 0x20-0x4b.7 (44) 0x020|00 00 00 2c |..., | size: 44 0x20-0x23.7 (4) @@ -481,7 +481,7 @@ $ fq -d mp4 verbose /dash_video_init.mp4 | | | brands: [5] 0x10-0x23.7 (20) 0x010|69 73 6f 38 |iso8 | [0]: brand "iso8" (MP4 Base Media v8) 0x10-0x13.7 (4) 0x010| 6d 70 34 31 | mp41 | [1]: brand "mp41" (MP4 version 1) 0x14-0x17.7 (4) -0x010| 64 61 73 68 | dash | [2]: brand "dash" (ISO base media file format file specifically designed for DASH including movie fragments and Segment Index.) 0x18-0x1b.7 (4) +0x010| 64 61 73 68 | dash | [2]: brand "dash" (ISO base media file format file specifically designed for DASH including movie fragments and Segment Index) 0x18-0x1b.7 (4) 0x010| 61 76 63 31| avc1| [3]: brand "avc1" (Advanced Video Coding extensions) 0x1c-0x1f.7 (4) 0x020|63 6d 66 63 |cmfc | [4]: brand "cmfc" (CMAF Track Format) 0x20-0x23.7 (4) | | | [1]: box {} 0x24-0x332.7 (783) @@ -875,7 +875,7 @@ $ fq -d mp4 verbose /dash_video_1.m4s | | | brands: [5] 0x10-0x23.7 (20) 0x0010|69 73 6f 38 |iso8 | [0]: brand "iso8" (MP4 Base Media v8) 0x10-0x13.7 (4) 0x0010| 6d 70 34 31 | mp41 | [1]: brand "mp41" (MP4 version 1) 0x14-0x17.7 (4) -0x0010| 64 61 73 68 | dash | [2]: brand "dash" (ISO base media file format file specifically designed for DASH including movie fragments and Segment Index.) 0x18-0x1b.7 (4) +0x0010| 64 61 73 68 | dash | [2]: brand "dash" (ISO base media file format file specifically designed for DASH including movie fragments and Segment Index) 0x18-0x1b.7 (4) 0x0010| 61 76 63 31| avc1| [3]: brand "avc1" (Advanced Video Coding extensions) 0x1c-0x1f.7 (4) 0x0020|63 6d 66 73 |cmfs | [4]: brand "cmfs" (CMAF Segment Format) 0x20-0x23.7 (4) | | | [1]: box {} 0x24-0x4f.7 (44) diff --git a/format/mpeg/mp3_frame.go b/format/mpeg/mp3_frame.go index ef635843..479a7ac9 100644 --- a/format/mpeg/mp3_frame.go +++ b/format/mpeg/mp3_frame.go @@ -15,7 +15,7 @@ package mpeg import ( "github.com/wader/fq/format" "github.com/wader/fq/format/registry" - "github.com/wader/fq/pkg/crc" + "github.com/wader/fq/pkg/checksum" "github.com/wader/fq/pkg/decode" ) @@ -386,7 +386,7 @@ func frameDecode(d *decode.D, in interface{}) interface{} { d.FieldRawLen("other_data", followingFrameMainDataPartsBytes*8) } - crcHash := &crc.CRC{Bits: 16, Current: 0xffff, Table: crc.ANSI16Table} + crcHash := &checksum.CRC{Bits: 16, Current: 0xffff, Table: checksum.ANSI16Table} // 2 bytes after sync and some other fields + all of side info d.MustCopy(crcHash, d.BitBufRange(2*8, 2*8)) d.MustCopy(crcHash, d.BitBufRange(6*8, sideInfoBytes*8)) diff --git a/format/ogg/ogg_page.go b/format/ogg/ogg_page.go index 79d1016e..fd1a12e4 100644 --- a/format/ogg/ogg_page.go +++ b/format/ogg/ogg_page.go @@ -5,7 +5,7 @@ import ( "github.com/wader/fq/format" "github.com/wader/fq/format/registry" - "github.com/wader/fq/pkg/crc" + "github.com/wader/fq/pkg/checksum" "github.com/wader/fq/pkg/decode" ) @@ -48,7 +48,7 @@ func pageDecode(d *decode.D, in interface{}) interface{} { endPos := d.Pos() pageChecksumValue := d.FieldGet("crc") - pageCRC := &crc.CRC{Bits: 32, Table: crc.Poly04c11db7Table} + pageCRC := &checksum.CRC{Bits: 32, Table: checksum.Poly04c11db7Table} d.MustCopy(pageCRC, d.BitBufRange(startPos, pageChecksumValue.Range.Start-startPos)) // header before checksum d.MustCopy(pageCRC, bytes.NewReader([]byte{0, 0, 0, 0})) // zero checksum bits d.MustCopy(pageCRC, d.BitBufRange(pageChecksumValue.Range.Stop(), endPos-pageChecksumValue.Range.Stop())) // rest of page diff --git a/format/pcap/pcap.go b/format/pcap/pcap.go index c57dd79c..c559c6fa 100644 --- a/format/pcap/pcap.go +++ b/format/pcap/pcap.go @@ -4,11 +4,16 @@ package pcap import ( "github.com/wader/fq/format" + "github.com/wader/fq/format/inet/flowsdecoder" "github.com/wader/fq/format/registry" "github.com/wader/fq/pkg/decode" ) var pcapEther8023Format decode.Group +var pcapSLLPacket decode.Group +var pcapSLL2Packet decode.Group +var pcapTCPStreamFormat decode.Group +var pcapIPv4PacketFormat decode.Group const ( bigEndian = 0xa1b2c3d4 @@ -26,7 +31,11 @@ func init() { Description: "PCAP packet capture", Groups: []string{format.PROBE}, Dependencies: []decode.Dependency{ - {Names: []string{format.ETHER8023}, Group: &pcapEther8023Format}, + {Names: []string{format.ETHER8023_FRAME}, Group: &pcapEther8023Format}, + {Names: []string{format.SLL_PACKET}, Group: &pcapSLLPacket}, + {Names: []string{format.SLL2_PACKET}, Group: &pcapSLL2Packet}, + {Names: []string{format.TCP_STREAM}, Group: &pcapTCPStreamFormat}, + {Names: []string{format.IPV4_PACKET}, Group: &pcapIPv4PacketFormat}, }, DecodeFn: decodePcap, }) @@ -47,7 +56,9 @@ func decodePcap(d *decode.D, in interface{}) interface{} { d.FieldS32("thiszone") d.FieldU32("sigfigs") d.FieldU32("snaplen") - linkType := int(d.FieldU32("network", d.MapUToScalar(linkTypeMap))) + linkType := int(d.FieldU32("network", d.MapUToScalar(format.LinkTypeMap))) + + fd := flowsdecoder.New() d.FieldArray("packets", func(d *decode.D) { for !d.End() { @@ -56,6 +67,18 @@ func decodePcap(d *decode.D, in interface{}) interface{} { d.FieldU32("ts_usec") inclLen := d.FieldU32("incl_len") origLen := d.FieldU32("orig_len") + + bb := d.BitBufRange(d.Pos(), int64(origLen)*8) + bs, err := bb.Bytes() + if err != nil { + // TODO: + panic(err) + } + + if fn, ok := linkToDecodeFn[linkType]; ok { + fn(fd, bs) + } + if g, ok := linkToFormat[linkType]; ok { d.FieldFormatLen("packet", int64(origLen)*8, *g, nil) } else { @@ -65,6 +88,9 @@ func decodePcap(d *decode.D, in interface{}) interface{} { }) } }) + fd.Flush() + + fieldFlows(d, fd, pcapTCPStreamFormat, pcapIPv4PacketFormat) return nil } diff --git a/format/pcap/pcapng.go b/format/pcap/pcapng.go index a5b16436..276d8c1f 100644 --- a/format/pcap/pcapng.go +++ b/format/pcap/pcapng.go @@ -7,11 +7,16 @@ import ( "net" "github.com/wader/fq/format" + "github.com/wader/fq/format/inet/flowsdecoder" "github.com/wader/fq/format/registry" "github.com/wader/fq/pkg/decode" ) var pcapngEther8023Format decode.Group +var pcapngSLLPacketFormat decode.Group +var pcapngSLL2PacketFormat decode.Group +var pcapngTCPStreamFormat decode.Group +var pcapngIPvPacket4Format decode.Group func init() { registry.MustRegister(decode.Format{ @@ -20,7 +25,11 @@ func init() { RootArray: true, Groups: []string{format.PROBE}, Dependencies: []decode.Dependency{ - {Names: []string{format.ETHER8023}, Group: &pcapngEther8023Format}, + {Names: []string{format.ETHER8023_FRAME}, Group: &pcapngEther8023Format}, + {Names: []string{format.SLL_PACKET}, Group: &pcapngSLLPacketFormat}, + {Names: []string{format.SLL2_PACKET}, Group: &pcapngSLL2PacketFormat}, + {Names: []string{format.TCP_STREAM}, Group: &pcapngTCPStreamFormat}, + {Names: []string{format.IPV4_PACKET}, Group: &pcapngIPvPacket4Format}, }, DecodeFn: decodePcapng, }) @@ -179,11 +188,6 @@ var nameResolutionRecordMap = decode.UToStr{ nameResolutionRecordIpv6: "ipv6", } -type decodeContext struct { - sectionHeaderFound bool - interfaceTypes map[int]int -} - func decoodeOptions(d *decode.D, opts decode.UToScalar) { if d.BitsLeft() < 32 { return @@ -213,7 +217,7 @@ func mapUToIPv4Sym(s decode.Scalar) (decode.Scalar, error) { var blockFns = map[uint64]func(d *decode.D, dc *decodeContext){ blockTypeInterfaceDescription: func(d *decode.D, dc *decodeContext) { - typ := d.FieldU16("link_type", d.MapUToScalar(linkTypeMap)) + typ := d.FieldU16("link_type", d.MapUToScalar(format.LinkTypeMap)) d.FieldU16("reserved") d.FieldU32("snap_len") d.FieldArray("options", func(d *decode.D) { decoodeOptions(d, interfaceDescriptionOptionsMap) }) @@ -227,7 +231,18 @@ var blockFns = map[uint64]func(d *decode.D, dc *decodeContext){ capturedLength := d.FieldU32("capture_packet_length") originalLength := d.FieldU32("original_packet_length") - if g, ok := linkToFormat[dc.interfaceTypes[int(interfaceID)]]; ok { + bs, err := d.BitBufRange(d.Pos(), int64(originalLength)*8).Bytes() + if err != nil { + d.IOPanic(err, "d.BitBufRange") + } + + linkType := dc.interfaceTypes[int(interfaceID)] + + if fn, ok := linkToDecodeFn[linkType]; ok { + fn(dc.flowDecoder, bs) + } + + if g, ok := linkToFormat[linkType]; ok { d.FieldFormatLen("packet", int64(originalLength)*8, *g, nil) } else { d.FieldRawLen("packet", int64(originalLength)*8) @@ -335,17 +350,30 @@ func decodeSection(d *decode.D, dc *decodeContext) { }) } +type decodeContext struct { + sectionHeaderFound bool + interfaceTypes map[int]int + flowDecoder *flowsdecoder.Decoder +} + func decodePcapng(d *decode.D, in interface{}) interface{} { sectionHeaders := 0 for !d.End() { + + fd := flowsdecoder.New() dc := decodeContext{ interfaceTypes: map[int]int{}, + flowDecoder: fd, } + d.FieldStruct("section", func(d *decode.D) { decodeSection(d, &dc) + fd.Flush() + fieldFlows(d, dc.flowDecoder, pcapngTCPStreamFormat, pcapngIPvPacket4Format) }) if dc.sectionHeaderFound { sectionHeaders++ + } } diff --git a/format/pcap/shared.go b/format/pcap/shared.go index a1038519..eed85d6f 100644 --- a/format/pcap/shared.go +++ b/format/pcap/shared.go @@ -1,278 +1,84 @@ package pcap -import "github.com/wader/fq/pkg/decode" - -//nolint:revive -const ( - LINKTYPE_NULL = 0 - LINKTYPE_ETHERNET = 1 - LINKTYPE_AX25 = 3 - LINKTYPE_IEEE802_5 = 6 - LINKTYPE_ARCNET_BSD = 7 - LINKTYPE_SLIP = 8 - LINKTYPE_PPP = 9 - LINKTYPE_FDDI = 10 - LINKTYPE_PPP_HDLC = 50 - LINKTYPE_PPP_ETHER = 51 - LINKTYPE_ATM_RFC1483 = 100 - LINKTYPE_RAW = 101 - LINKTYPE_C_HDLC = 104 - LINKTYPE_IEEE802_11 = 105 - LINKTYPE_FRELAY = 107 - LINKTYPE_LOOP = 108 - LINKTYPE_LINUX_SLL = 113 - LINKTYPE_LTALK = 114 - LINKTYPE_PFLOG = 117 - LINKTYPE_IEEE802_11_PRISM = 119 - LINKTYPE_IP_OVER_FC = 122 - LINKTYPE_SUNATM = 123 - LINKTYPE_IEEE802_11_RADIOTAP = 127 - LINKTYPE_ARCNET_LINUX = 129 - LINKTYPE_APPLE_IP_OVER_IEEE1394 = 138 - LINKTYPE_MTP2_WITH_PHDR = 139 - LINKTYPE_MTP2 = 140 - LINKTYPE_MTP3 = 141 - LINKTYPE_SCCP = 142 - LINKTYPE_DOCSIS = 143 - LINKTYPE_LINUX_IRDA = 144 - LINKTYPE_USER0 = 147 - LINKTYPE_USER1 = 148 - LINKTYPE_USER2 = 149 - LINKTYPE_USER3 = 150 - LINKTYPE_USER4 = 151 - LINKTYPE_USER5 = 152 - LINKTYPE_USER6 = 153 - LINKTYPE_USER7 = 154 - LINKTYPE_USER8 = 155 - LINKTYPE_USER9 = 156 - LINKTYPE_USER10 = 157 - LINKTYPE_USER11 = 158 - LINKTYPE_USER12 = 159 - LINKTYPE_USER13 = 160 - LINKTYPE_USER14 = 161 - LINKTYPE_USER15 = 162 - LINKTYPE_IEEE802_11_AVS = 163 - LINKTYPE_BACNET_MS_TP = 165 - LINKTYPE_PPP_PPPD = 166 - LINKTYPE_GPRS_LLC = 169 - LINKTYPE_GPF_T = 170 - LINKTYPE_GPF_F = 171 - LINKTYPE_LINUX_LAPD = 177 - LINKTYPE_MFR = 182 - LINKTYPE_BLUETOOTH_HCI_H4 = 187 - LINKTYPE_USB_LINUX = 189 - LINKTYPE_PPI = 192 - LINKTYPE_IEEE802_15_4_WITHFCS = 195 - LINKTYPE_SITA = 196 - LINKTYPE_ERF = 197 - LINKTYPE_BLUETOOTH_HCI_H4_WITH_PHDR = 201 - LINKTYPE_AX25_KISS = 202 - LINKTYPE_LAPD = 203 - LINKTYPE_PPP_WITH_DIR = 204 - LINKTYPE_C_HDLC_WITH_DIR = 205 - LINKTYPE_FRELAY_WITH_DIR = 206 - LINKTYPE_LAPB_WITH_DIR = 207 - LINKTYPE_IPMB_LINUX = 209 - LINKTYPE_FLEXRAY = 210 - LINKTYPE_LIN = 212 - LINKTYPE_IEEE802_15_4_NONASK_PHY = 215 - LINKTYPE_USB_LINUX_MMAPPED = 220 - LINKTYPE_FC_2 = 224 - LINKTYPE_FC_2_WITH_FRAME_DELIMS = 225 - LINKTYPE_IPNET = 226 - LINKTYPE_CAN_SOCKETCAN = 227 - LINKTYPE_IPV4 = 228 - LINKTYPE_IPV6 = 229 - LINKTYPE_IEEE802_15_4_NOFCS = 230 - LINKTYPE_DBUS = 231 - LINKTYPE_DVB_CI = 235 - LINKTYPE_MUX27010 = 236 - LINKTYPE_STANAG_5066_D_PDU = 237 - LINKTYPE_NFLOG = 239 - LINKTYPE_NETANALYZER = 240 - LINKTYPE_NETANALYZER_TRANSPARENT = 241 - LINKTYPE_IPOIB = 242 - LINKTYPE_MPEG_2_TS = 243 - LINKTYPE_NG40 = 244 - LINKTYPE_NFC_LLCP = 245 - LINKTYPE_INFINIBAND = 247 - LINKTYPE_SCTP = 248 - LINKTYPE_USBPCAP = 249 - LINKTYPE_RTAC_SERIAL = 250 - LINKTYPE_BLUETOOTH_LE_LL = 251 - LINKTYPE_NETLINK = 253 - LINKTYPE_BLUETOOTH_LINUX_MONITOR = 254 - LINKTYPE_BLUETOOTH_BREDR_BB = 255 - LINKTYPE_BLUETOOTH_LE_LL_WITH_PHDR = 256 - LINKTYPE_PROFIBUS_DL = 257 - LINKTYPE_PKTAP = 258 - LINKTYPE_EPON = 259 - LINKTYPE_IPMI_HPM_2 = 260 - LINKTYPE_ZWAVE_R1_R2 = 261 - LINKTYPE_ZWAVE_R3 = 262 - LINKTYPE_WATTSTOPPER_DLM = 263 - LINKTYPE_ISO_14443 = 264 - LINKTYPE_RDS = 265 - LINKTYPE_USB_DARWIN = 266 - LINKTYPE_SDLC = 268 - LINKTYPE_LORATAP = 270 - LINKTYPE_VSOCK = 271 - LINKTYPE_NORDIC_BLE = 272 - LINKTYPE_DOCSIS31_XRA31 = 273 - LINKTYPE_ETHERNET_MPACKET = 274 - LINKTYPE_DISPLAYPORT_AUX = 275 - LINKTYPE_LINUX_SLL2 = 276 - LINKTYPE_OPENVIZSLA = 278 - LINKTYPE_EBHSCR = 279 - LINKTYPE_VPP_DISPATCH = 280 - LINKTYPE_DSA_TAG_BRCM = 281 - LINKTYPE_DSA_TAG_BRCM_PREPEND = 282 - LINKTYPE_IEEE802_15_4_TAP = 283 - LINKTYPE_DSA_TAG_DSA = 284 - LINKTYPE_DSA_TAG_EDSA = 285 - LINKTYPE_ELEE = 286 - LINKTYPE_Z_WAVE_SERIAL = 287 - LINKTYPE_USB_2_0 = 288 - LINKTYPE_ATSC_ALP = 289 - LINKTYPE_ETW = 290 +import ( + "github.com/wader/fq/format" + "github.com/wader/fq/format/inet/flowsdecoder" + "github.com/wader/fq/pkg/bitio" + "github.com/wader/fq/pkg/decode" ) -// from https://www.tcpdump.org/linktypes.html -// TODO cleanup -var linkTypeMap = decode.UToScalar{ - LINKTYPE_NULL: {Sym: "null", Description: `BSD loopback encapsulation`}, - LINKTYPE_ETHERNET: {Sym: "ethernet", Description: `IEEE 802.3 Ethernet`}, - LINKTYPE_AX25: {Sym: "ax25", Description: `AX.25 packet, with nothing preceding it.`}, - LINKTYPE_IEEE802_5: {Sym: "ieee802_5", Description: `IEEE 802.5 Token Ring`}, - LINKTYPE_ARCNET_BSD: {Sym: "arcnet_bsd", Description: `ARCNET Data Packets`}, - LINKTYPE_SLIP: {Sym: "slip", Description: `SLIP, encapsulated with a LINKTYPE_SLIP header.`}, - LINKTYPE_PPP: {Sym: "ppp", Description: `PPP`}, - LINKTYPE_FDDI: {Sym: "fddi", Description: `FDDI`}, - LINKTYPE_PPP_HDLC: {Sym: "ppp_hdlc", Description: `PPP in HDLC-like framing`}, - LINKTYPE_PPP_ETHER: {Sym: "ppp_ether", Description: `PPPoE`}, - LINKTYPE_ATM_RFC1483: {Sym: "atm_rfc1483", Description: `RFC 1483 LLC/SNAP-encapsulated ATM; the packet begins with an ISO 8802-2 (formerly known as IEEE 802.2) LLC header.`}, - LINKTYPE_RAW: {Sym: "raw", Description: `Raw IP; the packet begins with an IPv4 or IPv6 header, with the "version" field of the header indicating whether it's an IPv4 or IPv6 header.`}, - LINKTYPE_C_HDLC: {Sym: "c_hdlc", Description: `Cisco PPP with HDLC framing, as per section 4.3.1 of RFC 1547.`}, - LINKTYPE_IEEE802_11: {Sym: "ieee802_11", Description: `IEEE 802.11 wireless LAN.`}, - LINKTYPE_FRELAY: {Sym: "frelay", Description: `Frame Relay LAPF frames, beginning with a ITU-T Recommendation Q.922 LAPF header starting with the address field, and without an FCS at the end of the frame.`}, - LINKTYPE_LOOP: {Sym: "loop", Description: `OpenBSD loopback encapsulation; the link-layer header is a 4-byte field, in network byte order, containing a value of 2 for IPv4 packets, a value of either 24, 28, or 30 for IPv6 packets, a value of 7 for OSI packets, or a value of 23 for IPX packets. All of the IPv6 values correspond to IPv6 packets; code reading files should check for all of them.`}, - LINKTYPE_LINUX_SLL: {Sym: "linux_sll", Description: `Linux "cooked" capture encapsulation.`}, - LINKTYPE_LTALK: {Sym: "ltalk", Description: `Apple LocalTalk; the packet begins with an AppleTalk LocalTalk Link Access Protocol header, as described in chapter 1 of Inside AppleTalk, Second Edition.`}, - LINKTYPE_PFLOG: {Sym: "pflog", Description: `OpenBSD pflog; the link-layer header contains a "struct pfloghdr" structure, as defined by the host on which the file was saved. (This differs from operating system to operating system and release to release; there is nothing in the file to indicate what the layout of that structure is.)`}, - LINKTYPE_IEEE802_11_PRISM: {Sym: "ieee802_11_prism", Description: `Prism monitor mode information followed by an 802.11 header.`}, - LINKTYPE_IP_OVER_FC: {Sym: "ip_over_fc", Description: `RFC 2625 IP-over-Fibre Channel, with the link-layer header being the Network_Header as described in that RFC.`}, - LINKTYPE_SUNATM: {Sym: "sunatm", Description: `ATM traffic, encapsulated as per the scheme used by SunATM devices.`}, - LINKTYPE_IEEE802_11_RADIOTAP: {Sym: "ieee802_11_radiotap", Description: `Radiotap link-layer information followed by an 802.11 header.`}, - LINKTYPE_ARCNET_LINUX: {Sym: "arcnet_linux", Description: `ARCNET Data Packets, as described by the ARCNET Trade Association standard ATA 878.1-1999, but without the Starting Delimiter, Information Length, or Frame Check Sequence fields, with only the first ISU of the Destination Identifier, and with an extra two-ISU "offset" field following the Destination Identifier. For most packet types, ARCNET Trade Association draft standard ATA 878.2 is also used; however, no exception frames are supplied, and reassembled frames, rather than fragments, are supplied. See also RFC 1051 and RFC 1201; for RFC 1051 frames, ATA 878.2 is not used.`}, - LINKTYPE_APPLE_IP_OVER_IEEE1394: {Sym: "apple_ip_over_ieee1394", Description: `Apple IP-over-IEEE 1394 cooked header.`}, - LINKTYPE_MTP2_WITH_PHDR: {Sym: "mtp2_with_phdr", Description: `Signaling System 7 Message Transfer Part Level 2, as specified by ITU-T Recommendation Q.703, preceded by a pseudo-header.`}, - LINKTYPE_MTP2: {Sym: "mtp2", Description: `Signaling System 7 Message Transfer Part Level 2, as specified by ITU-T Recommendation Q.703.`}, - LINKTYPE_MTP3: {Sym: "mtp3", Description: `Signaling System 7 Message Transfer Part Level 3, as specified by ITU-T Recommendation Q.704, with no MTP2 header preceding the MTP3 packet.`}, - LINKTYPE_SCCP: {Sym: "sccp", Description: `Signaling System 7 Signalling Connection Control Part, as specified by ITU-T Recommendation Q.711, ITU-T Recommendation Q.712, ITU-T Recommendation Q.713, and ITU-T Recommendation Q.714, with no MTP3 or MTP2 headers preceding the SCCP packet.`}, - LINKTYPE_DOCSIS: {Sym: "docsis", Description: `DOCSIS MAC frames, as described by the DOCSIS 3.1 MAC and Upper Layer Protocols Interface Specification or earlier specifications for MAC frames.`}, - LINKTYPE_LINUX_IRDA: {Sym: "linux_irda", Description: `Linux-IrDA packets, with a LINKTYPE_LINUX_IRDA header, with the payload for IrDA frames beginning with by the IrLAP header as defined by IrDA Data Specifications, including the IrDA Link Access Protocol specification.`}, - LINKTYPE_USER0: {Sym: "user0", Description: `Reserved for private use`}, - LINKTYPE_USER1: {Sym: "user0", Description: `Reserved for private use`}, - LINKTYPE_USER2: {Sym: "user0", Description: `Reserved for private use`}, - LINKTYPE_USER3: {Sym: "user0", Description: `Reserved for private use`}, - LINKTYPE_USER4: {Sym: "user0", Description: `Reserved for private use`}, - LINKTYPE_USER5: {Sym: "user0", Description: `Reserved for private use`}, - LINKTYPE_USER6: {Sym: "user0", Description: `Reserved for private use`}, - LINKTYPE_USER7: {Sym: "user0", Description: `Reserved for private use`}, - LINKTYPE_USER8: {Sym: "user0", Description: `Reserved for private use`}, - LINKTYPE_USER9: {Sym: "user0", Description: `Reserved for private use`}, - LINKTYPE_USER10: {Sym: "user0", Description: `Reserved for private use`}, - LINKTYPE_USER11: {Sym: "user0", Description: `Reserved for private use`}, - LINKTYPE_USER12: {Sym: "user0", Description: `Reserved for private use`}, - LINKTYPE_USER13: {Sym: "user0", Description: `Reserved for private use`}, - LINKTYPE_USER14: {Sym: "user0", Description: `Reserved for private use`}, - LINKTYPE_USER15: {Sym: "user0", Description: `Reserved for private use`}, - LINKTYPE_IEEE802_11_AVS: {Sym: "ieee802_11_avs", Description: `AVS monitor mode information followed by an 802.11 header.`}, - LINKTYPE_BACNET_MS_TP: {Sym: "bacnet_ms_tp", Description: `BACnet MS/TP frames, as specified by section 9.3 MS/TP Frame Format of ANSI/ASHRAE Standard 135, BACnet® - A Data Communication Protocol for Building Automation and Control Networks, including the preamble and, if present, the Data CRC.`}, - LINKTYPE_PPP_PPPD: {Sym: "ppp_pppd", Description: `PPP in HDLC-like encapsulation, like LINKTYPE_PPP_HDLC, but with the 0xff address byte replaced by a direction indication - 0x00 for incoming and 0x01 for outgoing.`}, - LINKTYPE_GPRS_LLC: {Sym: "gprs_llc", Description: `General Packet Radio Service Logical Link Control, as defined by 3GPP TS 04.64.`}, - LINKTYPE_GPF_T: {Sym: "gpf_t", Description: `Transparent-mapped generic framing procedure, as specified by ITU-T Recommendation G.7041/Y.1303.`}, - LINKTYPE_GPF_F: {Sym: "gpf_f", Description: `Frame-mapped generic framing procedure, as specified by ITU-T Recommendation G.7041/Y.1303.`}, - LINKTYPE_LINUX_LAPD: {Sym: "linux_lapd", Description: `Link Access Procedures on the D Channel (LAPD) frames, as specified by ITU-T Recommendation Q.920 and ITU-T Recommendation Q.921, captured via vISDN, with a LINKTYPE_LINUX_LAPD header, followed by the Q.921 frame, starting with the address field.`}, - LINKTYPE_MFR: {Sym: "mfr", Description: `FRF.16.1 Multi-Link Frame Relay frames, beginning with an FRF.12 Interface fragmentation format fragmentation header.`}, - LINKTYPE_BLUETOOTH_HCI_H4: {Sym: "bluetooth_hci_h4", Description: `Bluetooth HCI UART transport layer; the frame contains an HCI packet indicator byte, as specified by the UART Transport Layer portion of the most recent Bluetooth Core specification, followed by an HCI packet of the specified packet type, as specified by the Host Controller Interface Functional Specification portion of the most recent Bluetooth Core Specification.`}, - LINKTYPE_USB_LINUX: {Sym: "usb_linux", Description: `USB packets, beginning with a Linux USB header, as specified by the struct usbmon_packet in the Documentation/usb/usbmon.txt file in the Linux source tree. Only the first 48 bytes of that header are present. All fields in the header are in host byte order. When performing a live capture, the host byte order is the byte order of the machine on which the packets are captured. When reading a pcap file, the byte order is the byte order for the file, as specified by the file's magic number; when reading a pcapng file, the byte order is the byte order for the section of the pcapng file, as specified by the Section Header Block.`}, - LINKTYPE_PPI: {Sym: "ppi", Description: `Per-Packet Information information, as specified by the Per-Packet Information Header Specification, followed by a packet with the LINKTYPE_ value specified by the pph_dlt field of that header.`}, - LINKTYPE_IEEE802_15_4_WITHFCS: {Sym: "ieee802_15_4_withfcs", Description: `IEEE 802.15.4 Low-Rate Wireless Networks, with each packet having the FCS at the end of the frame.`}, - LINKTYPE_SITA: {Sym: "sita", Description: `Various link-layer types, with a pseudo-header, for SITA.`}, - LINKTYPE_ERF: {Sym: "erf", Description: `Various link-layer types, with a pseudo-header, for Endace DAG cards; encapsulates Endace ERF records.`}, - LINKTYPE_BLUETOOTH_HCI_H4_WITH_PHDR: {Sym: "bluetooth_hci_h4_with_phdr", Description: `Bluetooth HCI UART transport layer; the frame contains a 4-byte direction field, in network byte order (big-endian), the low-order bit of which is set if the frame was sent from the host to the controller and clear if the frame was received by the host from the controller, followed by an HCI packet indicator byte, as specified by the UART Transport Layer portion of the most recent Bluetooth Core specification, followed by an HCI packet of the specified packet type, as specified by the Host Controller Interface Functional Specification portion of the most recent Bluetooth Core Specification.`}, - LINKTYPE_AX25_KISS: {Sym: "ax25_kiss", Description: `AX.25 packet, with a 1-byte KISS header containing a type indicator.`}, - LINKTYPE_LAPD: {Sym: "lapd", Description: `Link Access Procedures on the D Channel (LAPD) frames, as specified by ITU-T Recommendation Q.920 and ITU-T Recommendation Q.921, starting with the address field, with no pseudo-header.`}, - LINKTYPE_PPP_WITH_DIR: {Sym: "ppp_with_dir", Description: `PPP, as per RFC 1661 and RFC 1662, preceded with a one-byte pseudo-header with a zero value meaning "received by this host" and a non-zero value meaning "sent by this host"; if the first 2 bytes are 0xff and 0x03, it's PPP in HDLC-like framing, with the PPP header following those two bytes, otherwise it's PPP without framing, and the packet begins with the PPP header. The data in the frame is not octet-stuffed or bit-stuffed.`}, - LINKTYPE_C_HDLC_WITH_DIR: {Sym: "c_hdlc_with_dir", Description: `Cisco PPP with HDLC framing, as per section 4.3.1 of RFC 1547, preceded with a one-byte pseudo-header with a zero value meaning "received by this host" and a non-zero value meaning "sent by this host".`}, - LINKTYPE_FRELAY_WITH_DIR: {Sym: "frelay_with_dir", Description: `Frame Relay LAPF frames, beginning with a one-byte pseudo-header with a zero value meaning "received by this host" (DCE->DTE) and a non-zero value meaning "sent by this host" (DTE->DCE), followed by an ITU-T Recommendation Q.922 LAPF header starting with the address field, and without an FCS at the end of the frame.`}, - LINKTYPE_LAPB_WITH_DIR: {Sym: "lapb_with_dir", Description: `Link Access Procedure, Balanced (LAPB), as specified by ITU-T Recommendation X.25, preceded with a one-byte pseudo-header with a zero value meaning "received by this host" (DCE->DTE) and a non-zero value meaning "sent by this host" (DTE->DCE).`}, - LINKTYPE_IPMB_LINUX: {Sym: "ipmb_linux", Description: `IPMB over an I2C circuit, with a Linux-specific pseudo-header.`}, - LINKTYPE_FLEXRAY: {Sym: "flexray", Description: `FlexRay automotive bus frames or symbols, preceded by a pseudo-header.`}, - LINKTYPE_LIN: {Sym: "lin", Description: `Local Interconnect Network (LIN) automotive bus, preceded by a pseudo-header.`}, - LINKTYPE_IEEE802_15_4_NONASK_PHY: {Sym: "ieee802_15_4_nonask_phy", Description: `IEEE 802.15.4 Low-Rate Wireless Networks, with each packet having the FCS at the end of the frame, and with the PHY-level data for the O-QPSK, BPSK, GFSK, MSK, and RCC DSS BPSK PHYs (4 octets of 0 as preamble, one octet of SFD, one octet of frame length + reserved bit) preceding the MAC-layer data (starting with the frame control field).`}, - LINKTYPE_USB_LINUX_MMAPPED: {Sym: "usb_linux_mmapped", Description: `USB packets, beginning with a Linux USB header, as specified by the struct usbmon_packet in the Documentation/usb/usbmon.txt file in the Linux source tree. All 64 bytes of the header are present. All fields in the header are in host byte order. When performing a live capture, the host byte order is the byte order of the machine on which the packets are captured. When reading a pcap file, the byte order is the byte order for the file, as specified by the file's magic number; when reading a pcapng file, the byte order is the byte order for the section of the pcapng file, as specified by the Section Header Block. For isochronous transfers, the ndesc field specifies the number of isochronous descriptors that follow.`}, - LINKTYPE_FC_2: {Sym: "fc_2", Description: `Fibre Channel FC-2 frames, beginning with a Frame_Header.`}, - LINKTYPE_FC_2_WITH_FRAME_DELIMS: {Sym: "fc_2_with_frame_delims", Description: `Fibre Channel FC-2 frames, beginning an encoding of the SOF, followed by a Frame_Header, and ending with an encoding of the SOF.`}, - LINKTYPE_IPNET: {Sym: "ipnet", Description: `Solaris ipnet pseudo-header, followed by an IPv4 or IPv6 datagram.`}, - LINKTYPE_CAN_SOCKETCAN: {Sym: "can_socketcan", Description: `CAN (Controller Area Network) frames, with a pseudo-header followed by the frame payload.`}, - LINKTYPE_IPV4: {Sym: "ipv4", Description: `Raw IPv4; the packet begins with an IPv4 header.`}, - LINKTYPE_IPV6: {Sym: "ipv6", Description: `Raw IPv6; the packet begins with an IPv6 header.`}, - LINKTYPE_IEEE802_15_4_NOFCS: {Sym: "ieee802_15_4_nofcs", Description: `IEEE 802.15.4 Low-Rate Wireless Network, without the FCS at the end of the frame.`}, - LINKTYPE_DBUS: {Sym: "dbus", Description: `Raw D-Bus messages, starting with the endianness flag, followed by the message type, etc., but without the authentication handshake before the message sequence.`}, - LINKTYPE_DVB_CI: {Sym: "dvb_ci", Description: `DVB-CI (DVB Common Interface for communication between a PC Card module and a DVB receiver), with the message format specified by the PCAP format for DVB-CI specification.`}, - LINKTYPE_MUX27010: {Sym: "mux27010", Description: `Variant of 3GPP TS 27.010 multiplexing protocol (similar to, but not the same as, 27.010).`}, - LINKTYPE_STANAG_5066_D_PDU: {Sym: "stanag_5066_d_pdu", Description: `D_PDUs as described by NATO standard STANAG 5066, starting with the synchronization sequence, and including both header and data CRCs. The current version of STANAG 5066 is backwards-compatible with the 1.0.2 version, although newer versions are classified.`}, - LINKTYPE_NFLOG: {Sym: "nflog", Description: `Linux netlink NETLINK NFLOG socket log messages.`}, - LINKTYPE_NETANALYZER: {Sym: "netanalyzer", Description: `Pseudo-header for Hilscher Gesellschaft für Systemautomation mbH netANALYZER devices, followed by an Ethernet frame, beginning with the MAC header and ending with the FCS.`}, - LINKTYPE_NETANALYZER_TRANSPARENT: {Sym: "netanalyzer_transparent", Description: `Pseudo-header for Hilscher Gesellschaft für Systemautomation mbH netANALYZER devices, followed by an Ethernet frame, beginning with the preamble, SFD, and MAC header, and ending with the FCS.`}, - LINKTYPE_IPOIB: {Sym: "ipoib", Description: `IP-over-InfiniBand, as specified by RFC 4391 section 6.`}, - LINKTYPE_MPEG_2_TS: {Sym: "mpeg_2_ts", Description: `MPEG-2 Transport Stream transport packets, as specified by ISO 13818-1/ITU-T Recommendation H.222.0 (see table 2-2 of section 2.4.3.2 "Transport Stream packet layer").`}, - LINKTYPE_NG40: {Sym: "ng40", Description: `Pseudo-header for ng4T GmbH's UMTS Iub/Iur-over-ATM and Iub/Iur-over-IP format as used by their ng40 protocol tester, followed by frames for the Frame Protocol as specified by 3GPP TS 25.427 for dedicated channels and 3GPP TS 25.435 for common/shared channels in the case of ATM AAL2 or UDP traffic, by SSCOP packets as specified by ITU-T Recommendation Q.2110 for ATM AAL5 traffic, and by NBAP packets for SCTP traffic.`}, - LINKTYPE_NFC_LLCP: {Sym: "nfc_llcp", Description: `Pseudo-header for NFC LLCP packet captures, followed by frame data for the LLCP Protocol as specified by NFCForum-TS-LLCP_1.1.`}, - LINKTYPE_INFINIBAND: {Sym: "infiniband", Description: `Raw InfiniBand frames, starting with the Local Routing Header, as specified in Chapter 5 "Data packet format" of InfiniBandâ„¢ Architectural Specification Release 1.2.1 Volume 1 - General Specifications.`}, - LINKTYPE_SCTP: {Sym: "sctp", Description: `SCTP packets, as defined by RFC 4960, with no lower-level protocols such as IPv4 or IPv6.`}, - LINKTYPE_USBPCAP: {Sym: "usbpcap", Description: `USB packets, beginning with a USBPcap header.`}, - LINKTYPE_RTAC_SERIAL: {Sym: "rtac_serial", Description: `Serial-line packet header for the Schweitzer Engineering Laboratories "RTAC" product, followed by a payload for one of a number of industrial control protocols.`}, - LINKTYPE_BLUETOOTH_LE_LL: {Sym: "bluetooth_le_ll", Description: `Bluetooth Low Energy air interface Link Layer packets, in the format described in section 2.1 "PACKET FORMAT" of volume 6 of the Bluetooth Specification Version 4.0 (see PDF page 2200), but without the Preamble.`}, - LINKTYPE_NETLINK: {Sym: "netlink", Description: `Linux Netlink capture encapsulation.`}, - LINKTYPE_BLUETOOTH_LINUX_MONITOR: {Sym: "bluetooth_linux_monitor", Description: `Bluetooth Linux Monitor encapsulation of traffic for the BlueZ stack.`}, - LINKTYPE_BLUETOOTH_BREDR_BB: {Sym: "bluetooth_bredr_bb", Description: `Bluetooth Basic Rate and Enhanced Data Rate baseband packets.`}, - LINKTYPE_BLUETOOTH_LE_LL_WITH_PHDR: {Sym: "bluetooth_le_ll_with_phdr", Description: `Bluetooth Low Energy link-layer packets.`}, - LINKTYPE_PROFIBUS_DL: {Sym: "profibus_dl", Description: `PROFIBUS data link layer packets, as specified by IEC standard 61158-4-3, beginning with the start delimiter, ending with the end delimiter, and including all octets between them.`}, - LINKTYPE_PKTAP: {Sym: "pktap", Description: `Apple PKTAP capture encapsulation.`}, - LINKTYPE_EPON: {Sym: "epon", Description: `Ethernet-over-passive-optical-network packets, starting with the last 6 octets of the modified preamble as specified by 65.1.3.2 "Transmit" in Clause 65 of Section 5 of IEEE 802.3, followed immediately by an Ethernet frame.`}, - LINKTYPE_IPMI_HPM_2: {Sym: "ipmi_hpm_2", Description: `IPMI trace packets, as specified by Table 3-20 "Trace Data Block Format" in the PICMG HPM.2 specification. The time stamps for packets in this format must match the time stamps in the Trace Data Blocks.`}, - LINKTYPE_ZWAVE_R1_R2: {Sym: "zwave_r1_r2", Description: `Z-Wave RF profile R1 and R2 packets, as specified by ITU-T Recommendation G.9959, with some MAC layer fields moved.`}, - LINKTYPE_ZWAVE_R3: {Sym: "zwave_r3", Description: `Z-Wave RF profile R3 packets, as specified by ITU-T Recommendation G.9959, with some MAC layer fields moved.`}, - LINKTYPE_WATTSTOPPER_DLM: {Sym: "wattstopper_dlm", Description: `Formats for WattStopper Digital Lighting Management (DLM) and Legrand Nitoo Open protocol common packet structure captures.`}, - LINKTYPE_ISO_14443: {Sym: "iso_14443", Description: `Messages between ISO 14443 contactless smartcards (Proximity Integrated Circuit Card, PICC) and card readers (Proximity Coupling Device, PCD), with the message format specified by the PCAP format for ISO14443 specification.`}, - LINKTYPE_RDS: {Sym: "rds", Description: `Radio data system (RDS) groups, as per IEC 62106, encapsulated in this form.`}, - LINKTYPE_USB_DARWIN: {Sym: "usb_darwin", Description: `USB packets, beginning with a Darwin (macOS, etc.) USB header.`}, - LINKTYPE_SDLC: {Sym: "sdlc", Description: `SDLC packets, as specified by Chapter 1, "DLC Links", section "Synchronous Data Link Control (SDLC)" of Systems Network Architecture Formats, GA27-3136-20, without the flag fields, zero-bit insertion, or Frame Check Sequence field, containing SNA path information units (PIUs) as the payload.`}, - LINKTYPE_LORATAP: {Sym: "loratap", Description: `LoRaTap pseudo-header, followed by the payload, which is typically the PHYPayload from the LoRaWan specification.`}, - LINKTYPE_VSOCK: {Sym: "vsock", Description: `Protocol for communication between host and guest machines in VMware and KVM hypervisors.`}, - LINKTYPE_NORDIC_BLE: {Sym: "nordic_ble", Description: `Messages to and from a Nordic Semiconductor nRF Sniffer for Bluetooth LE packets, beginning with a pseudo-header.`}, - LINKTYPE_DOCSIS31_XRA31: {Sym: "docsis31_xra31", Description: `DOCSIS packets and bursts, preceded by a pseudo-header giving metadata about the packet.`}, - LINKTYPE_ETHERNET_MPACKET: {Sym: "ethernet_mpacket", Description: `mPackets, as specified by IEEE 802.3br Figure 99-4, starting with the preamble and always ending with a CRC field.`}, - LINKTYPE_DISPLAYPORT_AUX: {Sym: "displayport_aux", Description: `DisplayPort AUX channel monitoring data as specified by VESA DisplayPort(DP) Standard preceded by a pseudo-header.`}, - LINKTYPE_LINUX_SLL2: {Sym: "linux_sll2", Description: `Linux "cooked" capture encapsulation v2.`}, - LINKTYPE_OPENVIZSLA: {Sym: "openvizsla", Description: `Openvizsla FPGA-based USB sniffer.`}, - LINKTYPE_EBHSCR: {Sym: "ebhscr", Description: `Elektrobit High Speed Capture and Replay (EBHSCR) format.`}, - LINKTYPE_VPP_DISPATCH: {Sym: "vpp_dispatch", Description: `Records in traces from the http://fd.io VPP graph dispatch tracer, in the the graph dispatcher trace format.`}, - LINKTYPE_DSA_TAG_BRCM: {Sym: "dsa_tag_brcm", Description: `Ethernet frames, with a switch tag inserted between the source address field and the type/length field in the Ethernet header.`}, - LINKTYPE_DSA_TAG_BRCM_PREPEND: {Sym: "dsa_tag_brcm_prepend", Description: `Ethernet frames, with a switch tag inserted before the destination address in the Ethernet header.`}, - LINKTYPE_IEEE802_15_4_TAP: {Sym: "ieee802_15_4_tap", Description: `IEEE 802.15.4 Low-Rate Wireless Networks, with a pseudo-header containing TLVs with metadata preceding the 802.15.4 header.`}, - LINKTYPE_DSA_TAG_DSA: {Sym: "dsa_tag_dsa", Description: `Ethernet frames, with a switch tag inserted between the source address field and the type/length field in the Ethernet header.`}, - LINKTYPE_DSA_TAG_EDSA: {Sym: "dsa_tag_edsa", Description: `Ethernet frames, with a programmable Ethernet type switch tag inserted between the source address field and the type/length field in the Ethernet header.`}, - LINKTYPE_ELEE: {Sym: "elee", Description: `Payload of lawful intercept packets using the ELEE protocol. The packet begins with the ELEE header; it does not include any transport-layer or lower-layer headers for protcols used to transport ELEE packets.`}, - LINKTYPE_Z_WAVE_SERIAL: {Sym: "z_wave_serial", Description: `Serial frames transmitted between a host and a Z-Wave chip over an RS-232 or USB serial connection, as described in section 5 of the Z-Wave Serial API Host Application Programming Guide.`}, - LINKTYPE_USB_2_0: {Sym: "usb_2_0", Description: `USB 2.0, 1.1, or 1.0 packet, beginning with a PID, as described by Chapter 8 "Protocol Layer" of the the Universal Serial Bus Specification Revision 2.0.`}, - LINKTYPE_ATSC_ALP: {Sym: "atsc_alp", Description: `ATSC Link-Layer Protocol frames, as described in section 5 of the A/330 Link-Layer Protocol specification, found at the ATSC 3.0 standards page, beginning with a Base Header.`}, - LINKTYPE_ETW: {Sym: "etw", Description: `Event Tracing for Windows messages, beginning with a pseudo-header.`}, +// TODO: is shared between pcap and pcapng +var linkToFormat = map[int]*decode.Group{ + format.LinkTypeETHERNET: &pcapngEther8023Format, + format.LinkTypeLINUX_SLL: &pcapngSLLPacketFormat, + format.LinkTypeLINUX_SLL2: &pcapngSLL2PacketFormat, } -var linkToFormat = map[int]*decode.Group{ - LINKTYPE_ETHERNET: &pcapngEther8023Format, +var linkToDecodeFn = map[int]func(fd *flowsdecoder.Decoder, bs []byte){ + format.LinkTypeETHERNET: (*flowsdecoder.Decoder).EthernetFrame, + format.LinkTypeLINUX_SLL: (*flowsdecoder.Decoder).SLLPacket, + format.LinkTypeLINUX_SLL2: func(fd *flowsdecoder.Decoder, bs []byte) { + // TODO: gopacket does not support SLL2 atm so convert SLL to SSL2 + nbs := []byte{ + 0, bs[10], // packet type + bs[8], bs[9], // arphdr + 0, bs[11], // link layer address length + bs[12], bs[13], bs[14], bs[15], bs[16], bs[17], bs[18], bs[19], // link layer address + bs[0], bs[1], // protocol type + } + nbs = append(nbs, bs[20:]...) + fd.SLLPacket(nbs) + }, +} + +func fieldFlows(d *decode.D, fd *flowsdecoder.Decoder, tcpStreamFormat decode.Group, ipv4PacketFormat decode.Group) { + d.FieldArray("ipv4_reassembled", func(d *decode.D) { + for _, p := range fd.IPV4Reassbled { + bb := bitio.NewBufferFromBytes(p.Datagram, -1) + if dv, _, _ := d.TryFieldFormatBitBuf( + "ipv4_packet", + bb, + ipv4PacketFormat, + nil, + ); dv == nil { + d.FieldRootBitBuf("ipv4_packet", bb) + } + } + }) + + d.FieldArray("tcp_connections", func(d *decode.D) { + for _, s := range fd.TCPConnections { + d.FieldStruct("flow", func(d *decode.D) { + d.FieldValueStr("source_ip", s.ClientEndpoint.IP.String()) + d.FieldValueU("source_port", uint64(s.ClientEndpoint.Port), d.MapUToScalar(format.TCPPortMap)) + d.FieldValueStr("destination_ip", s.ServerEnpoint.IP.String()) + d.FieldValueU("destination_port", uint64(s.ServerEnpoint.Port), d.MapUToScalar(format.TCPPortMap)) + csBB := bitio.NewBufferFromBytes(s.ClientStream.Bytes(), -1) + if dv, _, _ := d.TryFieldFormatBitBuf( + "client_stream", + csBB, + tcpStreamFormat, + format.TCPStreamIn{ + SourcePort: s.ClientEndpoint.Port, + DestinationPort: s.ServerEnpoint.Port, + }, + ); dv == nil { + d.FieldRootBitBuf("client_stream", csBB) + } + + scBB := bitio.NewBufferFromBytes(s.ServerStream.Bytes(), -1) + if dv, _, _ := d.TryFieldFormatBitBuf( + "server_stream", + scBB, + tcpStreamFormat, + format.TCPStreamIn{ + SourcePort: s.ClientEndpoint.Port, + DestinationPort: s.ServerEnpoint.Port, + }, + ); dv == nil { + d.FieldRootBitBuf("server_stream", scBB) + } + }) + } + }) } diff --git a/format/pcap/testdata/dhcp_big_endian.fqtest b/format/pcap/testdata/dhcp_big_endian.fqtest index e220a025..993d2812 100644 --- a/format/pcap/testdata/dhcp_big_endian.fqtest +++ b/format/pcap/testdata/dhcp_big_endian.fqtest @@ -44,11 +44,11 @@ $ fq -d pcapng verbose /dhcp_big_endian.pcapng 0x060| 12 eb f2 c8 | .... | timestamp_low: 317453000 0x64-0x67.7 (4) 0x060| 00 00 01 3a | ...: | capture_packet_length: 314 0x68-0x6b.7 (4) 0x060| 00 00 01 3a| ...:| original_packet_length: 314 0x6c-0x6f.7 (4) - | | | packet: {} (ether8023) 0x70-0x1a9.7 (314) + | | | packet: {} (ether8023_frame) 0x70-0x1a9.7 (314) 0x070|ff ff ff ff ff ff |...... | destination: "ff:ff:ff:ff:ff:ff" (0xffffffffffff) 0x70-0x75.7 (6) 0x070| 00 0b 82 01 fc 42 | .....B | source: "00:0b:82:01:fc:42" (0xb8201fc42) 0x76-0x7b.7 (6) 0x070| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x7c-0x7d.7 (2) - | | | packet: {} (ipv4) 0x7e-0x1a9.7 (300) + | | | packet: {} (ipv4_packet) 0x7e-0x1a9.7 (300) 0x070| 45 | E | version: 4 0x7e-0x7e.3 (0.4) 0x070| 45 | E | ihl: 5 0x7e.4-0x7e.7 (0.4) 0x070| 00| .| dscp: 0 0x7f-0x7f.5 (0.6) @@ -60,12 +60,12 @@ $ fq -d pcapng verbose /dhcp_big_endian.pcapng 0x080| 00 | . | more_fragments: false 0x84.2-0x84.2 (0.1) 0x080| 00 00 | .. | fragment_offset: 0 0x84.3-0x85.7 (1.5) 0x080| fa | . | ttl: 250 0x86-0x86.7 (1) -0x080| 11 | . | protocol: "udp" (17) (user datagram protocol) 0x87-0x87.7 (1) -0x080| 17 8b | .. | header_checksum: 0x178b 0x88-0x89.7 (2) +0x080| 11 | . | protocol: "udp" (17) (User datagram protocol) 0x87-0x87.7 (1) +0x080| 17 8b | .. | header_checksum: 0x178b (valid) 0x88-0x89.7 (2) 0x080| 00 00 00 00 | .... | source_ip: "0.0.0.0" (0x0) 0x8a-0x8d.7 (4) 0x080| ff ff| ..| destination_ip: "255.255.255.255" (0xffffffff) 0x8e-0x91.7 (4) 0x090|ff ff |.. | - | | | data: {} (udp) 0x92-0x1a9.7 (280) + | | | data: {} (udp_datagram) 0x92-0x1a9.7 (280) 0x090| 00 44 | .D | source_port: "bootpc" (68) (Bootstrap Protocol Client) 0x92-0x93.7 (2) 0x090| 00 43 | .C | destination_port: "bootps" (67) (Bootstrap Protocol Server) 0x94-0x95.7 (2) 0x090| 01 18 | .. | length: 280 0x96-0x97.7 (2) @@ -85,12 +85,12 @@ $ fq -d pcapng verbose /dhcp_big_endian.pcapng 0x1c0|12 f0 73 20 |..s | timestamp_low: 317748000 0x1c0-0x1c3.7 (4) 0x1c0| 00 00 01 56 | ...V | capture_packet_length: 342 0x1c4-0x1c7.7 (4) 0x1c0| 00 00 01 56 | ...V | original_packet_length: 342 0x1c8-0x1cb.7 (4) - | | | packet: {} (ether8023) 0x1cc-0x321.7 (342) + | | | packet: {} (ether8023_frame) 0x1cc-0x321.7 (342) 0x1c0| 00 0b 82 01| ....| destination: "00:0b:82:01:fc:42" (0xb8201fc42) 0x1cc-0x1d1.7 (6) 0x1d0|fc 42 |.B | 0x1d0| 00 08 74 ad f1 9b | ..t... | source: "00:08:74:ad:f1:9b" (0x874adf19b) 0x1d2-0x1d7.7 (6) 0x1d0| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x1d8-0x1d9.7 (2) - | | | packet: {} (ipv4) 0x1da-0x321.7 (328) + | | | packet: {} (ipv4_packet) 0x1da-0x321.7 (328) 0x1d0| 45 | E | version: 4 0x1da-0x1da.3 (0.4) 0x1d0| 45 | E | ihl: 5 0x1da.4-0x1da.7 (0.4) 0x1d0| 00 | . | dscp: 0 0x1db-0x1db.5 (0.6) @@ -102,11 +102,11 @@ $ fq -d pcapng verbose /dhcp_big_endian.pcapng 0x1e0|00 |. | more_fragments: false 0x1e0.2-0x1e0.2 (0.1) 0x1e0|00 00 |.. | fragment_offset: 0 0x1e0.3-0x1e1.7 (1.5) 0x1e0| 80 | . | ttl: 128 0x1e2-0x1e2.7 (1) -0x1e0| 11 | . | protocol: "udp" (17) (user datagram protocol) 0x1e3-0x1e3.7 (1) -0x1e0| 00 00 | .. | header_checksum: 0x0 0x1e4-0x1e5.7 (2) +0x1e0| 11 | . | protocol: "udp" (17) (User datagram protocol) 0x1e3-0x1e3.7 (1) +0x1e0| 00 00 | .. | header_checksum: 0x0 (invalid) 0x1e4-0x1e5.7 (2) 0x1e0| c0 a8 00 01 | .... | source_ip: "192.168.0.1" (0xc0a80001) 0x1e6-0x1e9.7 (4) 0x1e0| c0 a8 00 0a | .... | destination_ip: "192.168.0.10" (0xc0a8000a) 0x1ea-0x1ed.7 (4) - | | | data: {} (udp) 0x1ee-0x321.7 (308) + | | | data: {} (udp_datagram) 0x1ee-0x321.7 (308) 0x1e0| 00 43| .C| source_port: "bootps" (67) (Bootstrap Protocol Server) 0x1ee-0x1ef.7 (2) 0x1f0|00 44 |.D | destination_port: "bootpc" (68) (Bootstrap Protocol Client) 0x1f0-0x1f1.7 (2) 0x1f0| 01 34 | .4 | length: 308 0x1f2-0x1f3.7 (2) @@ -126,11 +126,11 @@ $ fq -d pcapng verbose /dhcp_big_endian.pcapng 0x330| 17 18 89 60 | ...` | timestamp_low: 387484000 0x338-0x33b.7 (4) 0x330| 00 00 01 3a| ...:| capture_packet_length: 314 0x33c-0x33f.7 (4) 0x340|00 00 01 3a |...: | original_packet_length: 314 0x340-0x343.7 (4) - | | | packet: {} (ether8023) 0x344-0x47d.7 (314) + | | | packet: {} (ether8023_frame) 0x344-0x47d.7 (314) 0x340| ff ff ff ff ff ff | ...... | destination: "ff:ff:ff:ff:ff:ff" (0xffffffffffff) 0x344-0x349.7 (6) 0x340| 00 0b 82 01 fc 42| .....B| source: "00:0b:82:01:fc:42" (0xb8201fc42) 0x34a-0x34f.7 (6) 0x350|08 00 |.. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x350-0x351.7 (2) - | | | packet: {} (ipv4) 0x352-0x47d.7 (300) + | | | packet: {} (ipv4_packet) 0x352-0x47d.7 (300) 0x350| 45 | E | version: 4 0x352-0x352.3 (0.4) 0x350| 45 | E | ihl: 5 0x352.4-0x352.7 (0.4) 0x350| 00 | . | dscp: 0 0x353-0x353.5 (0.6) @@ -142,12 +142,12 @@ $ fq -d pcapng verbose /dhcp_big_endian.pcapng 0x350| 00 | . | more_fragments: false 0x358.2-0x358.2 (0.1) 0x350| 00 00 | .. | fragment_offset: 0 0x358.3-0x359.7 (1.5) 0x350| fa | . | ttl: 250 0x35a-0x35a.7 (1) -0x350| 11 | . | protocol: "udp" (17) (user datagram protocol) 0x35b-0x35b.7 (1) -0x350| 17 8a | .. | header_checksum: 0x178a 0x35c-0x35d.7 (2) +0x350| 11 | . | protocol: "udp" (17) (User datagram protocol) 0x35b-0x35b.7 (1) +0x350| 17 8a | .. | header_checksum: 0x178a (valid) 0x35c-0x35d.7 (2) 0x350| 00 00| ..| source_ip: "0.0.0.0" (0x0) 0x35e-0x361.7 (4) 0x360|00 00 |.. | 0x360| ff ff ff ff | .... | destination_ip: "255.255.255.255" (0xffffffff) 0x362-0x365.7 (4) - | | | data: {} (udp) 0x366-0x47d.7 (280) + | | | data: {} (udp_datagram) 0x366-0x47d.7 (280) 0x360| 00 44 | .D | source_port: "bootpc" (68) (Bootstrap Protocol Client) 0x366-0x367.7 (2) 0x360| 00 43 | .C | destination_port: "bootps" (67) (Bootstrap Protocol Server) 0x368-0x369.7 (2) 0x360| 01 18 | .. | length: 280 0x36a-0x36b.7 (2) @@ -167,11 +167,11 @@ $ fq -d pcapng verbose /dhcp_big_endian.pcapng 0x490| 17 1d 53 f0 | ..S. | timestamp_low: 387798000 0x494-0x497.7 (4) 0x490| 00 00 01 56 | ...V | capture_packet_length: 342 0x498-0x49b.7 (4) 0x490| 00 00 01 56| ...V| original_packet_length: 342 0x49c-0x49f.7 (4) - | | | packet: {} (ether8023) 0x4a0-0x5f5.7 (342) + | | | packet: {} (ether8023_frame) 0x4a0-0x5f5.7 (342) 0x4a0|00 0b 82 01 fc 42 |.....B | destination: "00:0b:82:01:fc:42" (0xb8201fc42) 0x4a0-0x4a5.7 (6) 0x4a0| 00 08 74 ad f1 9b | ..t... | source: "00:08:74:ad:f1:9b" (0x874adf19b) 0x4a6-0x4ab.7 (6) 0x4a0| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x4ac-0x4ad.7 (2) - | | | packet: {} (ipv4) 0x4ae-0x5f5.7 (328) + | | | packet: {} (ipv4_packet) 0x4ae-0x5f5.7 (328) 0x4a0| 45 | E | version: 4 0x4ae-0x4ae.3 (0.4) 0x4a0| 45 | E | ihl: 5 0x4ae.4-0x4ae.7 (0.4) 0x4a0| 00| .| dscp: 0 0x4af-0x4af.5 (0.6) @@ -183,12 +183,12 @@ $ fq -d pcapng verbose /dhcp_big_endian.pcapng 0x4b0| 00 | . | more_fragments: false 0x4b4.2-0x4b4.2 (0.1) 0x4b0| 00 00 | .. | fragment_offset: 0 0x4b4.3-0x4b5.7 (1.5) 0x4b0| 80 | . | ttl: 128 0x4b6-0x4b6.7 (1) -0x4b0| 11 | . | protocol: "udp" (17) (user datagram protocol) 0x4b7-0x4b7.7 (1) -0x4b0| 00 00 | .. | header_checksum: 0x0 0x4b8-0x4b9.7 (2) +0x4b0| 11 | . | protocol: "udp" (17) (User datagram protocol) 0x4b7-0x4b7.7 (1) +0x4b0| 00 00 | .. | header_checksum: 0x0 (invalid) 0x4b8-0x4b9.7 (2) 0x4b0| c0 a8 00 01 | .... | source_ip: "192.168.0.1" (0xc0a80001) 0x4ba-0x4bd.7 (4) 0x4b0| c0 a8| ..| destination_ip: "192.168.0.10" (0xc0a8000a) 0x4be-0x4c1.7 (4) 0x4c0|00 0a |.. | - | | | data: {} (udp) 0x4c2-0x5f5.7 (308) + | | | data: {} (udp_datagram) 0x4c2-0x5f5.7 (308) 0x4c0| 00 43 | .C | source_port: "bootps" (67) (Bootstrap Protocol Server) 0x4c2-0x4c3.7 (2) 0x4c0| 00 44 | .D | destination_port: "bootpc" (68) (Bootstrap Protocol Client) 0x4c4-0x4c5.7 (2) 0x4c0| 01 34 | .4 | length: 308 0x4c6-0x4c7.7 (2) @@ -200,3 +200,5 @@ $ fq -d pcapng verbose /dhcp_big_endian.pcapng 0x5f0| 00 00 | .. | padding: raw bits 0x5f6-0x5f7.7 (2) | | | options: [0] 0x5f8-NA (0) 0x5f0| 00 00 01 78| | ...x| | footer_length: 376 0x5f8-0x5fb.7 (4) + | | | ipv4_reassembled: [0] 0x5fc-NA (0) + | | | tcp_connections: [0] 0x5fc-NA (0) diff --git a/format/pcap/testdata/dhcp_little_endian.fqtest b/format/pcap/testdata/dhcp_little_endian.fqtest index e2d9c3f4..c13bb5a6 100644 --- a/format/pcap/testdata/dhcp_little_endian.fqtest +++ b/format/pcap/testdata/dhcp_little_endian.fqtest @@ -44,11 +44,11 @@ $ fq -d pcapng verbose /dhcp_little_endian.pcapng 0x060| c8 f2 eb 12 | .... | timestamp_low: 317453000 0x64-0x67.7 (4) 0x060| 3a 01 00 00 | :... | capture_packet_length: 314 0x68-0x6b.7 (4) 0x060| 3a 01 00 00| :...| original_packet_length: 314 0x6c-0x6f.7 (4) - | | | packet: {} (ether8023) 0x70-0x1a9.7 (314) + | | | packet: {} (ether8023_frame) 0x70-0x1a9.7 (314) 0x070|ff ff ff ff ff ff |...... | destination: "ff:ff:ff:ff:ff:ff" (0xffffffffffff) 0x70-0x75.7 (6) 0x070| 00 0b 82 01 fc 42 | .....B | source: "00:0b:82:01:fc:42" (0xb8201fc42) 0x76-0x7b.7 (6) 0x070| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x7c-0x7d.7 (2) - | | | packet: {} (ipv4) 0x7e-0x1a9.7 (300) + | | | packet: {} (ipv4_packet) 0x7e-0x1a9.7 (300) 0x070| 45 | E | version: 4 0x7e-0x7e.3 (0.4) 0x070| 45 | E | ihl: 5 0x7e.4-0x7e.7 (0.4) 0x070| 00| .| dscp: 0 0x7f-0x7f.5 (0.6) @@ -60,12 +60,12 @@ $ fq -d pcapng verbose /dhcp_little_endian.pcapng 0x080| 00 | . | more_fragments: false 0x84.2-0x84.2 (0.1) 0x080| 00 00 | .. | fragment_offset: 0 0x84.3-0x85.7 (1.5) 0x080| fa | . | ttl: 250 0x86-0x86.7 (1) -0x080| 11 | . | protocol: "udp" (17) (user datagram protocol) 0x87-0x87.7 (1) -0x080| 17 8b | .. | header_checksum: 0x178b 0x88-0x89.7 (2) +0x080| 11 | . | protocol: "udp" (17) (User datagram protocol) 0x87-0x87.7 (1) +0x080| 17 8b | .. | header_checksum: 0x178b (valid) 0x88-0x89.7 (2) 0x080| 00 00 00 00 | .... | source_ip: "0.0.0.0" (0x0) 0x8a-0x8d.7 (4) 0x080| ff ff| ..| destination_ip: "255.255.255.255" (0xffffffff) 0x8e-0x91.7 (4) 0x090|ff ff |.. | - | | | data: {} (udp) 0x92-0x1a9.7 (280) + | | | data: {} (udp_datagram) 0x92-0x1a9.7 (280) 0x090| 00 44 | .D | source_port: "bootpc" (68) (Bootstrap Protocol Client) 0x92-0x93.7 (2) 0x090| 00 43 | .C | destination_port: "bootps" (67) (Bootstrap Protocol Server) 0x94-0x95.7 (2) 0x090| 01 18 | .. | length: 280 0x96-0x97.7 (2) @@ -85,12 +85,12 @@ $ fq -d pcapng verbose /dhcp_little_endian.pcapng 0x1c0|20 73 f0 12 | s.. | timestamp_low: 317748000 0x1c0-0x1c3.7 (4) 0x1c0| 56 01 00 00 | V... | capture_packet_length: 342 0x1c4-0x1c7.7 (4) 0x1c0| 56 01 00 00 | V... | original_packet_length: 342 0x1c8-0x1cb.7 (4) - | | | packet: {} (ether8023) 0x1cc-0x321.7 (342) + | | | packet: {} (ether8023_frame) 0x1cc-0x321.7 (342) 0x1c0| 00 0b 82 01| ....| destination: "00:0b:82:01:fc:42" (0xb8201fc42) 0x1cc-0x1d1.7 (6) 0x1d0|fc 42 |.B | 0x1d0| 00 08 74 ad f1 9b | ..t... | source: "00:08:74:ad:f1:9b" (0x874adf19b) 0x1d2-0x1d7.7 (6) 0x1d0| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x1d8-0x1d9.7 (2) - | | | packet: {} (ipv4) 0x1da-0x321.7 (328) + | | | packet: {} (ipv4_packet) 0x1da-0x321.7 (328) 0x1d0| 45 | E | version: 4 0x1da-0x1da.3 (0.4) 0x1d0| 45 | E | ihl: 5 0x1da.4-0x1da.7 (0.4) 0x1d0| 00 | . | dscp: 0 0x1db-0x1db.5 (0.6) @@ -102,11 +102,11 @@ $ fq -d pcapng verbose /dhcp_little_endian.pcapng 0x1e0|00 |. | more_fragments: false 0x1e0.2-0x1e0.2 (0.1) 0x1e0|00 00 |.. | fragment_offset: 0 0x1e0.3-0x1e1.7 (1.5) 0x1e0| 80 | . | ttl: 128 0x1e2-0x1e2.7 (1) -0x1e0| 11 | . | protocol: "udp" (17) (user datagram protocol) 0x1e3-0x1e3.7 (1) -0x1e0| 00 00 | .. | header_checksum: 0x0 0x1e4-0x1e5.7 (2) +0x1e0| 11 | . | protocol: "udp" (17) (User datagram protocol) 0x1e3-0x1e3.7 (1) +0x1e0| 00 00 | .. | header_checksum: 0x0 (invalid) 0x1e4-0x1e5.7 (2) 0x1e0| c0 a8 00 01 | .... | source_ip: "192.168.0.1" (0xc0a80001) 0x1e6-0x1e9.7 (4) 0x1e0| c0 a8 00 0a | .... | destination_ip: "192.168.0.10" (0xc0a8000a) 0x1ea-0x1ed.7 (4) - | | | data: {} (udp) 0x1ee-0x321.7 (308) + | | | data: {} (udp_datagram) 0x1ee-0x321.7 (308) 0x1e0| 00 43| .C| source_port: "bootps" (67) (Bootstrap Protocol Server) 0x1ee-0x1ef.7 (2) 0x1f0|00 44 |.D | destination_port: "bootpc" (68) (Bootstrap Protocol Client) 0x1f0-0x1f1.7 (2) 0x1f0| 01 34 | .4 | length: 308 0x1f2-0x1f3.7 (2) @@ -126,11 +126,11 @@ $ fq -d pcapng verbose /dhcp_little_endian.pcapng 0x330| 60 89 18 17 | `... | timestamp_low: 387484000 0x338-0x33b.7 (4) 0x330| 3a 01 00 00| :...| capture_packet_length: 314 0x33c-0x33f.7 (4) 0x340|3a 01 00 00 |:... | original_packet_length: 314 0x340-0x343.7 (4) - | | | packet: {} (ether8023) 0x344-0x47d.7 (314) + | | | packet: {} (ether8023_frame) 0x344-0x47d.7 (314) 0x340| ff ff ff ff ff ff | ...... | destination: "ff:ff:ff:ff:ff:ff" (0xffffffffffff) 0x344-0x349.7 (6) 0x340| 00 0b 82 01 fc 42| .....B| source: "00:0b:82:01:fc:42" (0xb8201fc42) 0x34a-0x34f.7 (6) 0x350|08 00 |.. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x350-0x351.7 (2) - | | | packet: {} (ipv4) 0x352-0x47d.7 (300) + | | | packet: {} (ipv4_packet) 0x352-0x47d.7 (300) 0x350| 45 | E | version: 4 0x352-0x352.3 (0.4) 0x350| 45 | E | ihl: 5 0x352.4-0x352.7 (0.4) 0x350| 00 | . | dscp: 0 0x353-0x353.5 (0.6) @@ -142,12 +142,12 @@ $ fq -d pcapng verbose /dhcp_little_endian.pcapng 0x350| 00 | . | more_fragments: false 0x358.2-0x358.2 (0.1) 0x350| 00 00 | .. | fragment_offset: 0 0x358.3-0x359.7 (1.5) 0x350| fa | . | ttl: 250 0x35a-0x35a.7 (1) -0x350| 11 | . | protocol: "udp" (17) (user datagram protocol) 0x35b-0x35b.7 (1) -0x350| 17 8a | .. | header_checksum: 0x178a 0x35c-0x35d.7 (2) +0x350| 11 | . | protocol: "udp" (17) (User datagram protocol) 0x35b-0x35b.7 (1) +0x350| 17 8a | .. | header_checksum: 0x178a (valid) 0x35c-0x35d.7 (2) 0x350| 00 00| ..| source_ip: "0.0.0.0" (0x0) 0x35e-0x361.7 (4) 0x360|00 00 |.. | 0x360| ff ff ff ff | .... | destination_ip: "255.255.255.255" (0xffffffff) 0x362-0x365.7 (4) - | | | data: {} (udp) 0x366-0x47d.7 (280) + | | | data: {} (udp_datagram) 0x366-0x47d.7 (280) 0x360| 00 44 | .D | source_port: "bootpc" (68) (Bootstrap Protocol Client) 0x366-0x367.7 (2) 0x360| 00 43 | .C | destination_port: "bootps" (67) (Bootstrap Protocol Server) 0x368-0x369.7 (2) 0x360| 01 18 | .. | length: 280 0x36a-0x36b.7 (2) @@ -167,11 +167,11 @@ $ fq -d pcapng verbose /dhcp_little_endian.pcapng 0x490| f0 53 1d 17 | .S.. | timestamp_low: 387798000 0x494-0x497.7 (4) 0x490| 56 01 00 00 | V... | capture_packet_length: 342 0x498-0x49b.7 (4) 0x490| 56 01 00 00| V...| original_packet_length: 342 0x49c-0x49f.7 (4) - | | | packet: {} (ether8023) 0x4a0-0x5f5.7 (342) + | | | packet: {} (ether8023_frame) 0x4a0-0x5f5.7 (342) 0x4a0|00 0b 82 01 fc 42 |.....B | destination: "00:0b:82:01:fc:42" (0xb8201fc42) 0x4a0-0x4a5.7 (6) 0x4a0| 00 08 74 ad f1 9b | ..t... | source: "00:08:74:ad:f1:9b" (0x874adf19b) 0x4a6-0x4ab.7 (6) 0x4a0| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x4ac-0x4ad.7 (2) - | | | packet: {} (ipv4) 0x4ae-0x5f5.7 (328) + | | | packet: {} (ipv4_packet) 0x4ae-0x5f5.7 (328) 0x4a0| 45 | E | version: 4 0x4ae-0x4ae.3 (0.4) 0x4a0| 45 | E | ihl: 5 0x4ae.4-0x4ae.7 (0.4) 0x4a0| 00| .| dscp: 0 0x4af-0x4af.5 (0.6) @@ -183,12 +183,12 @@ $ fq -d pcapng verbose /dhcp_little_endian.pcapng 0x4b0| 00 | . | more_fragments: false 0x4b4.2-0x4b4.2 (0.1) 0x4b0| 00 00 | .. | fragment_offset: 0 0x4b4.3-0x4b5.7 (1.5) 0x4b0| 80 | . | ttl: 128 0x4b6-0x4b6.7 (1) -0x4b0| 11 | . | protocol: "udp" (17) (user datagram protocol) 0x4b7-0x4b7.7 (1) -0x4b0| 00 00 | .. | header_checksum: 0x0 0x4b8-0x4b9.7 (2) +0x4b0| 11 | . | protocol: "udp" (17) (User datagram protocol) 0x4b7-0x4b7.7 (1) +0x4b0| 00 00 | .. | header_checksum: 0x0 (invalid) 0x4b8-0x4b9.7 (2) 0x4b0| c0 a8 00 01 | .... | source_ip: "192.168.0.1" (0xc0a80001) 0x4ba-0x4bd.7 (4) 0x4b0| c0 a8| ..| destination_ip: "192.168.0.10" (0xc0a8000a) 0x4be-0x4c1.7 (4) 0x4c0|00 0a |.. | - | | | data: {} (udp) 0x4c2-0x5f5.7 (308) + | | | data: {} (udp_datagram) 0x4c2-0x5f5.7 (308) 0x4c0| 00 43 | .C | source_port: "bootps" (67) (Bootstrap Protocol Server) 0x4c2-0x4c3.7 (2) 0x4c0| 00 44 | .D | destination_port: "bootpc" (68) (Bootstrap Protocol Client) 0x4c4-0x4c5.7 (2) 0x4c0| 01 34 | .4 | length: 308 0x4c6-0x4c7.7 (2) @@ -200,3 +200,5 @@ $ fq -d pcapng verbose /dhcp_little_endian.pcapng 0x5f0| 00 00 | .. | padding: raw bits 0x5f6-0x5f7.7 (2) | | | options: [0] 0x5f8-NA (0) 0x5f0| 78 01 00 00| | x...| | footer_length: 376 0x5f8-0x5fb.7 (4) + | | | ipv4_reassembled: [0] 0x5fc-NA (0) + | | | tcp_connections: [0] 0x5fc-NA (0) diff --git a/format/pcap/testdata/http_gzip.cap b/format/pcap/testdata/http_gzip.cap new file mode 100644 index 0000000000000000000000000000000000000000..04b9998bb798764dc7a170ca36c964bd2b288887 GIT binary patch literal 1707 zcmaKsOKclO7{|v>2w{s+%OS)UIx2-Wt@q_eY;PK=CUs&bHVM=w;ka3k?N!#ho85I{ zR~*72f~pdg=;K(0=0JHJTG~S^q*e-47!?WBN~jbr1S+H+NDsbn2{XI$GXcvZ?R@j? zZ~i;qf4&DB*FJWGUeNe$Zv)`MlVkVai*3Eq2PW||8Q{(qJ-H633x(vdeh|kA^@qp7 z@xJJXcdo?Uc(_*gfSI%P%YKr)<{tR*(rEzPz0X|lb@x-to3l?y+||?bEFm8~*haRQ z4&NaIK*(&7PzfE(tnRrucb#tzNF`Y*QT z3tgH6n0{zwFJR1nutt}omyn58>eW85jgN$kZlddH{ShICf8Lci2$+HIJBbtV3}h{2 zS}d}P$UvgP6s?j16Pe5m%QL)(N@%7fKnWT1$S9j0Dr+KxjunuKqiOAwtSBNIVmNqs zj^{^Ub_AwmwOoO^E{#BAN#L0<6BvRMNLtWXKgR`mJm9!&puARLIflo74;7Onq+_6k zDi&KQDLzrx6(0z@iZHhsu>sg)2{B`qhb1pyXL$+|Cx@``Ao=KEts(J&Dfojf^BMw-k;JtH87GZTyfKza zCQpoVA&Co$6`ik&i&a(0SyE13mQ7A9;4|}3#0~Bc=(6siv-S0@ zmAzj0&Xi+^hHVM)>*YT10Go>p=Yq8^gX`|?ZwOKK?n)f=Lgw!#@iDmw4I@EZdpJGi zp-$j4#Gh!$KIo6aX~`lhLCA#!KQG{%iFC$8okYeGG6WdYMX88bKf^I0Y_V~a(+qLQ zL#0I1qSLrKc^T#YgT`T?LyKobT*L#se;Dz3dN@Z1!u-5HALI@+i}@Bd12P3TU&WWf zL%l5;RlK|HO1j|#yKojZely}YqZLmfwO|zm81;7+SyD99uCHppo~i2i2wLWal4GUO zY-XH}kjm~q(@z=(06kyT4%dFTx_PaZNT;rD{(gO^=Bp)dm~<^cPp0p^sehTcM}L>h z_9s%)H-36QVLbe6Ec58#pPyvhp~d;^3&GU>%izk(%5yJ)`|9&!C5$9BE>+rG)7?sg z^AMK*?*2+Gt@q?yDcSGan?ZllL@7fwa?b3J)YkW%X%Iu{MjqZN| DR+|&r literal 0 HcmV?d00001 diff --git a/format/pcap/testdata/http_gzip.fqtest b/format/pcap/testdata/http_gzip.fqtest new file mode 100644 index 00000000..e0b8c854 --- /dev/null +++ b/format/pcap/testdata/http_gzip.fqtest @@ -0,0 +1,629 @@ +# from https://wiki.wireshark.org/SampleCaptures +$ fq -d pcap verbose /http_gzip.cap + |00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef|.: {} /http_gzip.cap (pcap) 0x0-0x6aa.7 (1707) +0x0000|d4 c3 b2 a1 |.... | magic: "little_endian" (0xd4c3b2a1) (valid) 0x0-0x3.7 (4) +0x0000| 02 00 | .. | version_major: 2 0x4-0x5.7 (2) +0x0000| 04 00 | .. | version_minor: 4 0x6-0x7.7 (2) +0x0000| 00 00 00 00 | .... | thiszone: 0 0x8-0xb.7 (4) +0x0000| 00 00 00 00| ....| sigfigs: 0 0xc-0xf.7 (4) +0x0010|ff ff 00 00 |.... | snaplen: 65535 0x10-0x13.7 (4) +0x0010| 01 00 00 00 | .... | network: "ethernet" (1) (IEEE 802.3 Ethernet) 0x14-0x17.7 (4) + | | | packets: [10] 0x18-0x6aa.7 (1683) + | | | [0]: packet {} 0x18-0x71.7 (90) +0x0010| 3c d3 81 41 | <..A | ts_sec: 1099027260 0x18-0x1b.7 (4) +0x0010| f0 23 06 00| .#..| ts_usec: 402416 0x1c-0x1f.7 (4) +0x0020|4a 00 00 00 |J... | incl_len: 74 0x20-0x23.7 (4) +0x0020| 4a 00 00 00 | J... | orig_len: 74 0x24-0x27.7 (4) + | | | packet: {} (ether8023_frame) 0x28-0x71.7 (74) +0x0020| 00 c0 f0 2d 4a a3 | ...-J. | destination: "00:c0:f0:2d:4a:a3" (0xc0f02d4aa3) 0x28-0x2d.7 (6) +0x0020| 00 0a| ..| source: "00:0a:95:67:49:3c" (0xa9567493c) 0x2e-0x33.7 (6) +0x0030|95 67 49 3c |.gI< | +0x0030| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x34-0x35.7 (2) + | | | packet: {} (ipv4_packet) 0x36-0x71.7 (60) +0x0030| 45 | E | version: 4 0x36-0x36.3 (0.4) +0x0030| 45 | E | ihl: 5 0x36.4-0x36.7 (0.4) +0x0030| 00 | . | dscp: 0 0x37-0x37.5 (0.6) +0x0030| 00 | . | ecn: 0 0x37.6-0x37.7 (0.2) +0x0030| 00 3c | .< | total_length: 60 0x38-0x39.7 (2) +0x0030| f5 d9 | .. | identification: 62937 0x3a-0x3b.7 (2) +0x0030| 40 | @ | reserved: 0 0x3c-0x3c (0.1) +0x0030| 40 | @ | dont_fragment: true 0x3c.1-0x3c.1 (0.1) +0x0030| 40 | @ | more_fragments: false 0x3c.2-0x3c.2 (0.1) +0x0030| 40 00 | @. | fragment_offset: 0 0x3c.3-0x3d.7 (1.5) +0x0030| 40 | @ | ttl: 64 0x3e-0x3e.7 (1) +0x0030| 06| .| protocol: "tcp" (6) (Transmission control protocol) 0x3f-0x3f.7 (1) +0x0040|39 8e |9. | header_checksum: 0x398e (valid) 0x40-0x41.7 (2) +0x0040| c0 a8 45 02 | ..E. | source_ip: "192.168.69.2" (0xc0a84502) 0x42-0x45.7 (4) +0x0040| c0 a8 45 01 | ..E. | destination_ip: "192.168.69.1" (0xc0a84501) 0x46-0x49.7 (4) + | | | data: {} (tcp_segment) 0x4a-0x71.7 (40) +0x0040| 85 0b | .. | source_port: 34059 0x4a-0x4b.7 (2) +0x0040| 00 50 | .P | destination_port: "http" (80) (World Wide Web HTTP) 0x4c-0x4d.7 (2) +0x0040| 8f f5| ..| sequence_number: 2415239730 0x4e-0x51.7 (4) +0x0050|a2 32 |.2 | +0x0050| 00 00 00 00 | .... | acknowledgment_number: 0 0x52-0x55.7 (4) +0x0050| a0 | . | data_offset: 10 0x56-0x56.3 (0.4) +0x0050| a0 | . | reserved: 0 0x56.4-0x56.6 (0.3) +0x0050| a0 | . | ns: false 0x56.7-0x56.7 (0.1) +0x0050| 02 | . | cwr: false 0x57-0x57 (0.1) +0x0050| 02 | . | ece: false 0x57.1-0x57.1 (0.1) +0x0050| 02 | . | urg: false 0x57.2-0x57.2 (0.1) +0x0050| 02 | . | ack: false 0x57.3-0x57.3 (0.1) +0x0050| 02 | . | psh: false 0x57.4-0x57.4 (0.1) +0x0050| 02 | . | rst: false 0x57.5-0x57.5 (0.1) +0x0050| 02 | . | syn: true 0x57.6-0x57.6 (0.1) +0x0050| 02 | . | fin: false 0x57.7-0x57.7 (0.1) +0x0050| 16 d0 | .. | window_size: 5840 0x58-0x59.7 (2) +0x0050| 9e 89 | .. | checksum: 0x9e89 0x5a-0x5b.7 (2) +0x0050| 00 00 | .. | urgent_pointer: 0 0x5c-0x5d.7 (2) + | | | options: [5] 0x5e-0x71.7 (20) + | | | [0]: option {} 0x5e-0x61.7 (4) +0x0050| 02 | . | kind: "maxseg" (2) (Maximum segment size) 0x5e-0x5e.7 (1) +0x0050| 04| .| length: 4 0x5f-0x5f.7 (1) +0x0060|05 b4 |.. | data: raw bits 0x60-0x61.7 (2) + | | | [1]: option {} 0x62-0x63.7 (2) +0x0060| 04 | . | kind: "sack_permitted" (4) (Selective Acknowledgement permitted) 0x62-0x62.7 (1) +0x0060| 02 | . | length: 2 0x63-0x63.7 (1) + | | | data: raw bits 0x64-NA (0) + | | | [2]: option {} 0x64-0x6d.7 (10) +0x0060| 08 | . | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x64-0x64.7 (1) +0x0060| 0a | . | length: 10 0x65-0x65.7 (1) +0x0060| 77 e3 57 eb 00 00 00 00 | w.W..... | data: raw bits 0x66-0x6d.7 (8) + | | | [3]: option {} 0x6e-0x6e.7 (1) +0x0060| 01 | . | kind: "nop" (1) (No operation) 0x6e-0x6e.7 (1) + | | | [4]: option {} 0x6f-0x71.7 (3) +0x0060| 03| .| kind: "winscale" (3) (Window scale) 0x6f-0x6f.7 (1) +0x0070|03 |. | length: 3 0x70-0x70.7 (1) +0x0070| 07 | . | data: raw bits 0x71-0x71.7 (1) + | | | data: raw bits 0x72-NA (0) + | | | capture_padding: raw bits 0x72-NA (0) + | | | [1]: packet {} 0x72-0xcb.7 (90) +0x0070| 3c d3 81 41 | <..A | ts_sec: 1099027260 0x72-0x75.7 (4) +0x0070| 2b 24 06 00 | +$.. | ts_usec: 402475 0x76-0x79.7 (4) +0x0070| 4a 00 00 00 | J... | incl_len: 74 0x7a-0x7d.7 (4) +0x0070| 4a 00| J.| orig_len: 74 0x7e-0x81.7 (4) +0x0080|00 00 |.. | + | | | packet: {} (ether8023_frame) 0x82-0xcb.7 (74) +0x0080| 00 0a 95 67 49 3c | ...gI< | destination: "00:0a:95:67:49:3c" (0xa9567493c) 0x82-0x87.7 (6) +0x0080| 00 c0 f0 2d 4a a3 | ...-J. | source: "00:c0:f0:2d:4a:a3" (0xc0f02d4aa3) 0x88-0x8d.7 (6) +0x0080| 08 00| ..| ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x8e-0x8f.7 (2) + | | | packet: {} (ipv4_packet) 0x90-0xcb.7 (60) +0x0090|45 |E | version: 4 0x90-0x90.3 (0.4) +0x0090|45 |E | ihl: 5 0x90.4-0x90.7 (0.4) +0x0090| 00 | . | dscp: 0 0x91-0x91.5 (0.6) +0x0090| 00 | . | ecn: 0 0x91.6-0x91.7 (0.2) +0x0090| 00 3c | .< | total_length: 60 0x92-0x93.7 (2) +0x0090| 00 00 | .. | identification: 0 0x94-0x95.7 (2) +0x0090| 40 | @ | reserved: 0 0x96-0x96 (0.1) +0x0090| 40 | @ | dont_fragment: true 0x96.1-0x96.1 (0.1) +0x0090| 40 | @ | more_fragments: false 0x96.2-0x96.2 (0.1) +0x0090| 40 00 | @. | fragment_offset: 0 0x96.3-0x97.7 (1.5) +0x0090| 40 | @ | ttl: 64 0x98-0x98.7 (1) +0x0090| 06 | . | protocol: "tcp" (6) (Transmission control protocol) 0x99-0x99.7 (1) +0x0090| 2f 68 | /h | header_checksum: 0x2f68 (valid) 0x9a-0x9b.7 (2) +0x0090| c0 a8 45 01| ..E.| source_ip: "192.168.69.1" (0xc0a84501) 0x9c-0x9f.7 (4) +0x00a0|c0 a8 45 02 |..E. | destination_ip: "192.168.69.2" (0xc0a84502) 0xa0-0xa3.7 (4) + | | | data: {} (tcp_segment) 0xa4-0xcb.7 (40) +0x00a0| 00 50 | .P | source_port: "http" (80) (World Wide Web HTTP) 0xa4-0xa5.7 (2) +0x00a0| 85 0b | .. | destination_port: 34059 0xa6-0xa7.7 (2) +0x00a0| 96 18 93 26 | ...& | sequence_number: 2518192934 0xa8-0xab.7 (4) +0x00a0| 8f f5 a2 33| ...3| acknowledgment_number: 2415239731 0xac-0xaf.7 (4) +0x00b0|a0 |. | data_offset: 10 0xb0-0xb0.3 (0.4) +0x00b0|a0 |. | reserved: 0 0xb0.4-0xb0.6 (0.3) +0x00b0|a0 |. | ns: false 0xb0.7-0xb0.7 (0.1) +0x00b0| 12 | . | cwr: false 0xb1-0xb1 (0.1) +0x00b0| 12 | . | ece: false 0xb1.1-0xb1.1 (0.1) +0x00b0| 12 | . | urg: false 0xb1.2-0xb1.2 (0.1) +0x00b0| 12 | . | ack: true 0xb1.3-0xb1.3 (0.1) +0x00b0| 12 | . | psh: false 0xb1.4-0xb1.4 (0.1) +0x00b0| 12 | . | rst: false 0xb1.5-0xb1.5 (0.1) +0x00b0| 12 | . | syn: true 0xb1.6-0xb1.6 (0.1) +0x00b0| 12 | . | fin: false 0xb1.7-0xb1.7 (0.1) +0x00b0| 16 a0 | .. | window_size: 5792 0xb2-0xb3.7 (2) +0x00b0| 2e c3 | .. | checksum: 0x2ec3 0xb4-0xb5.7 (2) +0x00b0| 00 00 | .. | urgent_pointer: 0 0xb6-0xb7.7 (2) + | | | options: [5] 0xb8-0xcb.7 (20) + | | | [0]: option {} 0xb8-0xbb.7 (4) +0x00b0| 02 | . | kind: "maxseg" (2) (Maximum segment size) 0xb8-0xb8.7 (1) +0x00b0| 04 | . | length: 4 0xb9-0xb9.7 (1) +0x00b0| 05 b4 | .. | data: raw bits 0xba-0xbb.7 (2) + | | | [1]: option {} 0xbc-0xbd.7 (2) +0x00b0| 04 | . | kind: "sack_permitted" (4) (Selective Acknowledgement permitted) 0xbc-0xbc.7 (1) +0x00b0| 02 | . | length: 2 0xbd-0xbd.7 (1) + | | | data: raw bits 0xbe-NA (0) + | | | [2]: option {} 0xbe-0xc7.7 (10) +0x00b0| 08 | . | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0xbe-0xbe.7 (1) +0x00b0| 0a| .| length: 10 0xbf-0xbf.7 (1) +0x00c0|19 c9 2c e4 77 e3 57 eb |..,.w.W. | data: raw bits 0xc0-0xc7.7 (8) + | | | [3]: option {} 0xc8-0xc8.7 (1) +0x00c0| 01 | . | kind: "nop" (1) (No operation) 0xc8-0xc8.7 (1) + | | | [4]: option {} 0xc9-0xcb.7 (3) +0x00c0| 03 | . | kind: "winscale" (3) (Window scale) 0xc9-0xc9.7 (1) +0x00c0| 03 | . | length: 3 0xca-0xca.7 (1) +0x00c0| 00 | . | data: raw bits 0xcb-0xcb.7 (1) + | | | data: raw bits 0xcc-NA (0) + | | | capture_padding: raw bits 0xcc-NA (0) + | | | [2]: packet {} 0xcc-0x11d.7 (82) +0x00c0| 3c d3 81 41| <..A| ts_sec: 1099027260 0xcc-0xcf.7 (4) +0x00d0|89 24 06 00 |.$.. | ts_usec: 402569 0xd0-0xd3.7 (4) +0x00d0| 42 00 00 00 | B... | incl_len: 66 0xd4-0xd7.7 (4) +0x00d0| 42 00 00 00 | B... | orig_len: 66 0xd8-0xdb.7 (4) + | | | packet: {} (ether8023_frame) 0xdc-0x11d.7 (66) +0x00d0| 00 c0 f0 2d| ...-| destination: "00:c0:f0:2d:4a:a3" (0xc0f02d4aa3) 0xdc-0xe1.7 (6) +0x00e0|4a a3 |J. | +0x00e0| 00 0a 95 67 49 3c | ...gI< | source: "00:0a:95:67:49:3c" (0xa9567493c) 0xe2-0xe7.7 (6) +0x00e0| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0xe8-0xe9.7 (2) + | | | packet: {} (ipv4_packet) 0xea-0x11d.7 (52) +0x00e0| 45 | E | version: 4 0xea-0xea.3 (0.4) +0x00e0| 45 | E | ihl: 5 0xea.4-0xea.7 (0.4) +0x00e0| 00 | . | dscp: 0 0xeb-0xeb.5 (0.6) +0x00e0| 00 | . | ecn: 0 0xeb.6-0xeb.7 (0.2) +0x00e0| 00 34 | .4 | total_length: 52 0xec-0xed.7 (2) +0x00e0| f5 da| ..| identification: 62938 0xee-0xef.7 (2) +0x00f0|40 |@ | reserved: 0 0xf0-0xf0 (0.1) +0x00f0|40 |@ | dont_fragment: true 0xf0.1-0xf0.1 (0.1) +0x00f0|40 |@ | more_fragments: false 0xf0.2-0xf0.2 (0.1) +0x00f0|40 00 |@. | fragment_offset: 0 0xf0.3-0xf1.7 (1.5) +0x00f0| 40 | @ | ttl: 64 0xf2-0xf2.7 (1) +0x00f0| 06 | . | protocol: "tcp" (6) (Transmission control protocol) 0xf3-0xf3.7 (1) +0x00f0| 39 95 | 9. | header_checksum: 0x3995 (valid) 0xf4-0xf5.7 (2) +0x00f0| c0 a8 45 02 | ..E. | source_ip: "192.168.69.2" (0xc0a84502) 0xf6-0xf9.7 (4) +0x00f0| c0 a8 45 01 | ..E. | destination_ip: "192.168.69.1" (0xc0a84501) 0xfa-0xfd.7 (4) + | | | data: {} (tcp_segment) 0xfe-0x11d.7 (32) +0x00f0| 85 0b| ..| source_port: 34059 0xfe-0xff.7 (2) +0x0100|00 50 |.P | destination_port: "http" (80) (World Wide Web HTTP) 0x100-0x101.7 (2) +0x0100| 8f f5 a2 33 | ...3 | sequence_number: 2415239731 0x102-0x105.7 (4) +0x0100| 96 18 93 27 | ...' | acknowledgment_number: 2518192935 0x106-0x109.7 (4) +0x0100| 80 | . | data_offset: 8 0x10a-0x10a.3 (0.4) +0x0100| 80 | . | reserved: 0 0x10a.4-0x10a.6 (0.3) +0x0100| 80 | . | ns: false 0x10a.7-0x10a.7 (0.1) +0x0100| 10 | . | cwr: false 0x10b-0x10b (0.1) +0x0100| 10 | . | ece: false 0x10b.1-0x10b.1 (0.1) +0x0100| 10 | . | urg: false 0x10b.2-0x10b.2 (0.1) +0x0100| 10 | . | ack: true 0x10b.3-0x10b.3 (0.1) +0x0100| 10 | . | psh: false 0x10b.4-0x10b.4 (0.1) +0x0100| 10 | . | rst: false 0x10b.5-0x10b.5 (0.1) +0x0100| 10 | . | syn: false 0x10b.6-0x10b.6 (0.1) +0x0100| 10 | . | fin: false 0x10b.7-0x10b.7 (0.1) +0x0100| 00 2e | .. | window_size: 46 0x10c-0x10d.7 (2) +0x0100| 73 fa| s.| checksum: 0x73fa 0x10e-0x10f.7 (2) +0x0110|00 00 |.. | urgent_pointer: 0 0x110-0x111.7 (2) + | | | options: [3] 0x112-0x11d.7 (12) + | | | [0]: option {} 0x112-0x112.7 (1) +0x0110| 01 | . | kind: "nop" (1) (No operation) 0x112-0x112.7 (1) + | | | [1]: option {} 0x113-0x113.7 (1) +0x0110| 01 | . | kind: "nop" (1) (No operation) 0x113-0x113.7 (1) + | | | [2]: option {} 0x114-0x11d.7 (10) +0x0110| 08 | . | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x114-0x114.7 (1) +0x0110| 0a | . | length: 10 0x115-0x115.7 (1) +0x0110| 77 e3 57 eb 19 c9 2c e4 | w.W...,. | data: raw bits 0x116-0x11d.7 (8) + | | | data: raw bits 0x11e-NA (0) + | | | capture_padding: raw bits 0x11e-NA (0) + | | | [3]: packet {} 0x11e-0x32c.7 (527) +0x0110| 3c d3| <.| ts_sec: 1099027260 0x11e-0x121.7 (4) +0x0120|81 41 |.A | +0x0120| 0a 25 06 00 | .%.. | ts_usec: 402698 0x122-0x125.7 (4) +0x0120| ff 01 00 00 | .... | incl_len: 511 0x126-0x129.7 (4) +0x0120| ff 01 00 00 | .... | orig_len: 511 0x12a-0x12d.7 (4) + | | | packet: {} (ether8023_frame) 0x12e-0x32c.7 (511) +0x0120| 00 c0| ..| destination: "00:c0:f0:2d:4a:a3" (0xc0f02d4aa3) 0x12e-0x133.7 (6) +0x0130|f0 2d 4a a3 |.-J. | +0x0130| 00 0a 95 67 49 3c | ...gI< | source: "00:0a:95:67:49:3c" (0xa9567493c) 0x134-0x139.7 (6) +0x0130| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x13a-0x13b.7 (2) + | | | packet: {} (ipv4_packet) 0x13c-0x32c.7 (497) +0x0130| 45 | E | version: 4 0x13c-0x13c.3 (0.4) +0x0130| 45 | E | ihl: 5 0x13c.4-0x13c.7 (0.4) +0x0130| 00 | . | dscp: 0 0x13d-0x13d.5 (0.6) +0x0130| 00 | . | ecn: 0 0x13d.6-0x13d.7 (0.2) +0x0130| 01 f1| ..| total_length: 497 0x13e-0x13f.7 (2) +0x0140|f5 db |.. | identification: 62939 0x140-0x141.7 (2) +0x0140| 40 | @ | reserved: 0 0x142-0x142 (0.1) +0x0140| 40 | @ | dont_fragment: true 0x142.1-0x142.1 (0.1) +0x0140| 40 | @ | more_fragments: false 0x142.2-0x142.2 (0.1) +0x0140| 40 00 | @. | fragment_offset: 0 0x142.3-0x143.7 (1.5) +0x0140| 40 | @ | ttl: 64 0x144-0x144.7 (1) +0x0140| 06 | . | protocol: "tcp" (6) (Transmission control protocol) 0x145-0x145.7 (1) +0x0140| 37 d7 | 7. | header_checksum: 0x37d7 (valid) 0x146-0x147.7 (2) +0x0140| c0 a8 45 02 | ..E. | source_ip: "192.168.69.2" (0xc0a84502) 0x148-0x14b.7 (4) +0x0140| c0 a8 45 01| ..E.| destination_ip: "192.168.69.1" (0xc0a84501) 0x14c-0x14f.7 (4) + | | | data: {} (tcp_segment) 0x150-0x32c.7 (477) +0x0150|85 0b |.. | source_port: 34059 0x150-0x151.7 (2) +0x0150| 00 50 | .P | destination_port: "http" (80) (World Wide Web HTTP) 0x152-0x153.7 (2) +0x0150| 8f f5 a2 33 | ...3 | sequence_number: 2415239731 0x154-0x157.7 (4) +0x0150| 96 18 93 27 | ...' | acknowledgment_number: 2518192935 0x158-0x15b.7 (4) +0x0150| 80 | . | data_offset: 8 0x15c-0x15c.3 (0.4) +0x0150| 80 | . | reserved: 0 0x15c.4-0x15c.6 (0.3) +0x0150| 80 | . | ns: false 0x15c.7-0x15c.7 (0.1) +0x0150| 18 | . | cwr: false 0x15d-0x15d (0.1) +0x0150| 18 | . | ece: false 0x15d.1-0x15d.1 (0.1) +0x0150| 18 | . | urg: false 0x15d.2-0x15d.2 (0.1) +0x0150| 18 | . | ack: true 0x15d.3-0x15d.3 (0.1) +0x0150| 18 | . | psh: true 0x15d.4-0x15d.4 (0.1) +0x0150| 18 | . | rst: false 0x15d.5-0x15d.5 (0.1) +0x0150| 18 | . | syn: false 0x15d.6-0x15d.6 (0.1) +0x0150| 18 | . | fin: false 0x15d.7-0x15d.7 (0.1) +0x0150| 00 2e| ..| window_size: 46 0x15e-0x15f.7 (2) +0x0160|16 ca |.. | checksum: 0x16ca 0x160-0x161.7 (2) +0x0160| 00 00 | .. | urgent_pointer: 0 0x162-0x163.7 (2) + | | | options: [3] 0x164-0x16f.7 (12) + | | | [0]: option {} 0x164-0x164.7 (1) +0x0160| 01 | . | kind: "nop" (1) (No operation) 0x164-0x164.7 (1) + | | | [1]: option {} 0x165-0x165.7 (1) +0x0160| 01 | . | kind: "nop" (1) (No operation) 0x165-0x165.7 (1) + | | | [2]: option {} 0x166-0x16f.7 (10) +0x0160| 08 | . | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x166-0x166.7 (1) +0x0160| 0a | . | length: 10 0x167-0x167.7 (1) +0x0160| 77 e3 57 eb 19 c9 2c e4| w.W...,.| data: raw bits 0x168-0x16f.7 (8) +0x0170|47 45 54 20 2f 74 65 73 74 2f 65 74 68 65 72 65|GET /test/ethere| data: raw bits 0x170-0x32c.7 (445) +* |until 0x32c.7 (445) | | + | | | capture_padding: raw bits 0x32d-NA (0) + | | | [4]: packet {} 0x32d-0x37e.7 (82) +0x0320| 3c d3 81| <..| ts_sec: 1099027260 0x32d-0x330.7 (4) +0x0330|41 |A | +0x0330| 3a 25 06 00 | :%.. | ts_usec: 402746 0x331-0x334.7 (4) +0x0330| 42 00 00 00 | B... | incl_len: 66 0x335-0x338.7 (4) +0x0330| 42 00 00 00 | B... | orig_len: 66 0x339-0x33c.7 (4) + | | | packet: {} (ether8023_frame) 0x33d-0x37e.7 (66) +0x0330| 00 0a 95| ...| destination: "00:0a:95:67:49:3c" (0xa9567493c) 0x33d-0x342.7 (6) +0x0340|67 49 3c |gI< | +0x0340| 00 c0 f0 2d 4a a3 | ...-J. | source: "00:c0:f0:2d:4a:a3" (0xc0f02d4aa3) 0x343-0x348.7 (6) +0x0340| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x349-0x34a.7 (2) + | | | packet: {} (ipv4_packet) 0x34b-0x37e.7 (52) +0x0340| 45 | E | version: 4 0x34b-0x34b.3 (0.4) +0x0340| 45 | E | ihl: 5 0x34b.4-0x34b.7 (0.4) +0x0340| 00 | . | dscp: 0 0x34c-0x34c.5 (0.6) +0x0340| 00 | . | ecn: 0 0x34c.6-0x34c.7 (0.2) +0x0340| 00 34 | .4 | total_length: 52 0x34d-0x34e.7 (2) +0x0340| bf| .| identification: 49091 0x34f-0x350.7 (2) +0x0350|c3 |. | +0x0350| 40 | @ | reserved: 0 0x351-0x351 (0.1) +0x0350| 40 | @ | dont_fragment: true 0x351.1-0x351.1 (0.1) +0x0350| 40 | @ | more_fragments: false 0x351.2-0x351.2 (0.1) +0x0350| 40 00 | @. | fragment_offset: 0 0x351.3-0x352.7 (1.5) +0x0350| 40 | @ | ttl: 64 0x353-0x353.7 (1) +0x0350| 06 | . | protocol: "tcp" (6) (Transmission control protocol) 0x354-0x354.7 (1) +0x0350| 6f ac | o. | header_checksum: 0x6fac (valid) 0x355-0x356.7 (2) +0x0350| c0 a8 45 01 | ..E. | source_ip: "192.168.69.1" (0xc0a84501) 0x357-0x35a.7 (4) +0x0350| c0 a8 45 02 | ..E. | destination_ip: "192.168.69.2" (0xc0a84502) 0x35b-0x35e.7 (4) + | | | data: {} (tcp_segment) 0x35f-0x37e.7 (32) +0x0350| 00| .| source_port: "http" (80) (World Wide Web HTTP) 0x35f-0x360.7 (2) +0x0360|50 |P | +0x0360| 85 0b | .. | destination_port: 34059 0x361-0x362.7 (2) +0x0360| 96 18 93 27 | ...' | sequence_number: 2518192935 0x363-0x366.7 (4) +0x0360| 8f f5 a3 f0 | .... | acknowledgment_number: 2415240176 0x367-0x36a.7 (4) +0x0360| 80 | . | data_offset: 8 0x36b-0x36b.3 (0.4) +0x0360| 80 | . | reserved: 0 0x36b.4-0x36b.6 (0.3) +0x0360| 80 | . | ns: false 0x36b.7-0x36b.7 (0.1) +0x0360| 10 | . | cwr: false 0x36c-0x36c (0.1) +0x0360| 10 | . | ece: false 0x36c.1-0x36c.1 (0.1) +0x0360| 10 | . | urg: false 0x36c.2-0x36c.2 (0.1) +0x0360| 10 | . | ack: true 0x36c.3-0x36c.3 (0.1) +0x0360| 10 | . | psh: false 0x36c.4-0x36c.4 (0.1) +0x0360| 10 | . | rst: false 0x36c.5-0x36c.5 (0.1) +0x0360| 10 | . | syn: false 0x36c.6-0x36c.6 (0.1) +0x0360| 10 | . | fin: false 0x36c.7-0x36c.7 (0.1) +0x0360| 19 20 | . | window_size: 6432 0x36d-0x36e.7 (2) +0x0360| 59| Y| checksum: 0x594b 0x36f-0x370.7 (2) +0x0370|4b |K | +0x0370| 00 00 | .. | urgent_pointer: 0 0x371-0x372.7 (2) + | | | options: [3] 0x373-0x37e.7 (12) + | | | [0]: option {} 0x373-0x373.7 (1) +0x0370| 01 | . | kind: "nop" (1) (No operation) 0x373-0x373.7 (1) + | | | [1]: option {} 0x374-0x374.7 (1) +0x0370| 01 | . | kind: "nop" (1) (No operation) 0x374-0x374.7 (1) + | | | [2]: option {} 0x375-0x37e.7 (10) +0x0370| 08 | . | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x375-0x375.7 (1) +0x0370| 0a | . | length: 10 0x376-0x376.7 (1) +0x0370| 19 c9 2c e4 77 e3 57 eb | ..,.w.W. | data: raw bits 0x377-0x37e.7 (8) + | | | data: raw bits 0x37f-NA (0) + | | | capture_padding: raw bits 0x37f-NA (0) + | | | [5]: packet {} 0x37f-0x562.7 (484) +0x0370| 3c| <| ts_sec: 1099027260 0x37f-0x382.7 (4) +0x0380|d3 81 41 |..A | +0x0380| bc 77 06 00 | .w.. | ts_usec: 423868 0x383-0x386.7 (4) +0x0380| d4 01 00 00 | .... | incl_len: 468 0x387-0x38a.7 (4) +0x0380| d4 01 00 00 | .... | orig_len: 468 0x38b-0x38e.7 (4) + | | | packet: {} (ether8023_frame) 0x38f-0x562.7 (468) +0x0380| 00| .| destination: "00:0a:95:67:49:3c" (0xa9567493c) 0x38f-0x394.7 (6) +0x0390|0a 95 67 49 3c |..gI< | +0x0390| 00 c0 f0 2d 4a a3 | ...-J. | source: "00:c0:f0:2d:4a:a3" (0xc0f02d4aa3) 0x395-0x39a.7 (6) +0x0390| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x39b-0x39c.7 (2) + | | | packet: {} (ipv4_packet) 0x39d-0x562.7 (454) +0x0390| 45 | E | version: 4 0x39d-0x39d.3 (0.4) +0x0390| 45 | E | ihl: 5 0x39d.4-0x39d.7 (0.4) +0x0390| 00 | . | dscp: 0 0x39e-0x39e.5 (0.6) +0x0390| 00 | . | ecn: 0 0x39e.6-0x39e.7 (0.2) +0x0390| 01| .| total_length: 454 0x39f-0x3a0.7 (2) +0x03a0|c6 |. | +0x03a0| bf c4 | .. | identification: 49092 0x3a1-0x3a2.7 (2) +0x03a0| 40 | @ | reserved: 0 0x3a3-0x3a3 (0.1) +0x03a0| 40 | @ | dont_fragment: true 0x3a3.1-0x3a3.1 (0.1) +0x03a0| 40 | @ | more_fragments: false 0x3a3.2-0x3a3.2 (0.1) +0x03a0| 40 00 | @. | fragment_offset: 0 0x3a3.3-0x3a4.7 (1.5) +0x03a0| 40 | @ | ttl: 64 0x3a5-0x3a5.7 (1) +0x03a0| 06 | . | protocol: "tcp" (6) (Transmission control protocol) 0x3a6-0x3a6.7 (1) +0x03a0| 6e 19 | n. | header_checksum: 0x6e19 (valid) 0x3a7-0x3a8.7 (2) +0x03a0| c0 a8 45 01 | ..E. | source_ip: "192.168.69.1" (0xc0a84501) 0x3a9-0x3ac.7 (4) +0x03a0| c0 a8 45| ..E| destination_ip: "192.168.69.2" (0xc0a84502) 0x3ad-0x3b0.7 (4) +0x03b0|02 |. | + | | | data: {} (tcp_segment) 0x3b1-0x562.7 (434) +0x03b0| 00 50 | .P | source_port: "http" (80) (World Wide Web HTTP) 0x3b1-0x3b2.7 (2) +0x03b0| 85 0b | .. | destination_port: 34059 0x3b3-0x3b4.7 (2) +0x03b0| 96 18 93 27 | ...' | sequence_number: 2518192935 0x3b5-0x3b8.7 (4) +0x03b0| 8f f5 a3 f0 | .... | acknowledgment_number: 2415240176 0x3b9-0x3bc.7 (4) +0x03b0| 80 | . | data_offset: 8 0x3bd-0x3bd.3 (0.4) +0x03b0| 80 | . | reserved: 0 0x3bd.4-0x3bd.6 (0.3) +0x03b0| 80 | . | ns: false 0x3bd.7-0x3bd.7 (0.1) +0x03b0| 18 | . | cwr: false 0x3be-0x3be (0.1) +0x03b0| 18 | . | ece: false 0x3be.1-0x3be.1 (0.1) +0x03b0| 18 | . | urg: false 0x3be.2-0x3be.2 (0.1) +0x03b0| 18 | . | ack: true 0x3be.3-0x3be.3 (0.1) +0x03b0| 18 | . | psh: true 0x3be.4-0x3be.4 (0.1) +0x03b0| 18 | . | rst: false 0x3be.5-0x3be.5 (0.1) +0x03b0| 18 | . | syn: false 0x3be.6-0x3be.6 (0.1) +0x03b0| 18 | . | fin: false 0x3be.7-0x3be.7 (0.1) +0x03b0| 19| .| window_size: 6432 0x3bf-0x3c0.7 (2) +0x03c0|20 | | +0x03c0| 2e ef | .. | checksum: 0x2eef 0x3c1-0x3c2.7 (2) +0x03c0| 00 00 | .. | urgent_pointer: 0 0x3c3-0x3c4.7 (2) + | | | options: [3] 0x3c5-0x3d0.7 (12) + | | | [0]: option {} 0x3c5-0x3c5.7 (1) +0x03c0| 01 | . | kind: "nop" (1) (No operation) 0x3c5-0x3c5.7 (1) + | | | [1]: option {} 0x3c6-0x3c6.7 (1) +0x03c0| 01 | . | kind: "nop" (1) (No operation) 0x3c6-0x3c6.7 (1) + | | | [2]: option {} 0x3c7-0x3d0.7 (10) +0x03c0| 08 | . | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x3c7-0x3c7.7 (1) +0x03c0| 0a | . | length: 10 0x3c8-0x3c8.7 (1) +0x03c0| 19 c9 2c e6 77 e3 57| ..,.w.W| data: raw bits 0x3c9-0x3d0.7 (8) +0x03d0|eb |. | +0x03d0| 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b| HTTP/1.1 200 OK| data: raw bits 0x3d1-0x562.7 (402) +0x03e0|0d 0a 44 61 74 65 3a 20 46 72 69 2c 20 32 39 20|..Date: Fri, 29 | +* |until 0x562.7 (402) | | + | | | capture_padding: raw bits 0x563-NA (0) + | | | [6]: packet {} 0x563-0x5b4.7 (82) +0x0560| 3c d3 81 41 | <..A | ts_sec: 1099027260 0x563-0x566.7 (4) +0x0560| 6d 78 06 00 | mx.. | ts_usec: 424045 0x567-0x56a.7 (4) +0x0560| 42 00 00 00 | B... | incl_len: 66 0x56b-0x56e.7 (4) +0x0560| 42| B| orig_len: 66 0x56f-0x572.7 (4) +0x0570|00 00 00 |... | + | | | packet: {} (ether8023_frame) 0x573-0x5b4.7 (66) +0x0570| 00 c0 f0 2d 4a a3 | ...-J. | destination: "00:c0:f0:2d:4a:a3" (0xc0f02d4aa3) 0x573-0x578.7 (6) +0x0570| 00 0a 95 67 49 3c | ...gI< | source: "00:0a:95:67:49:3c" (0xa9567493c) 0x579-0x57e.7 (6) +0x0570| 08| .| ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x57f-0x580.7 (2) +0x0580|00 |. | + | | | packet: {} (ipv4_packet) 0x581-0x5b4.7 (52) +0x0580| 45 | E | version: 4 0x581-0x581.3 (0.4) +0x0580| 45 | E | ihl: 5 0x581.4-0x581.7 (0.4) +0x0580| 00 | . | dscp: 0 0x582-0x582.5 (0.6) +0x0580| 00 | . | ecn: 0 0x582.6-0x582.7 (0.2) +0x0580| 00 34 | .4 | total_length: 52 0x583-0x584.7 (2) +0x0580| f5 dc | .. | identification: 62940 0x585-0x586.7 (2) +0x0580| 40 | @ | reserved: 0 0x587-0x587 (0.1) +0x0580| 40 | @ | dont_fragment: true 0x587.1-0x587.1 (0.1) +0x0580| 40 | @ | more_fragments: false 0x587.2-0x587.2 (0.1) +0x0580| 40 00 | @. | fragment_offset: 0 0x587.3-0x588.7 (1.5) +0x0580| 40 | @ | ttl: 64 0x589-0x589.7 (1) +0x0580| 06 | . | protocol: "tcp" (6) (Transmission control protocol) 0x58a-0x58a.7 (1) +0x0580| 39 93 | 9. | header_checksum: 0x3993 (valid) 0x58b-0x58c.7 (2) +0x0580| c0 a8 45| ..E| source_ip: "192.168.69.2" (0xc0a84502) 0x58d-0x590.7 (4) +0x0590|02 |. | +0x0590| c0 a8 45 01 | ..E. | destination_ip: "192.168.69.1" (0xc0a84501) 0x591-0x594.7 (4) + | | | data: {} (tcp_segment) 0x595-0x5b4.7 (32) +0x0590| 85 0b | .. | source_port: 34059 0x595-0x596.7 (2) +0x0590| 00 50 | .P | destination_port: "http" (80) (World Wide Web HTTP) 0x597-0x598.7 (2) +0x0590| 8f f5 a3 f0 | .... | sequence_number: 2415240176 0x599-0x59c.7 (4) +0x0590| 96 18 94| ...| acknowledgment_number: 2518193337 0x59d-0x5a0.7 (4) +0x05a0|b9 |. | +0x05a0| 80 | . | data_offset: 8 0x5a1-0x5a1.3 (0.4) +0x05a0| 80 | . | reserved: 0 0x5a1.4-0x5a1.6 (0.3) +0x05a0| 80 | . | ns: false 0x5a1.7-0x5a1.7 (0.1) +0x05a0| 10 | . | cwr: false 0x5a2-0x5a2 (0.1) +0x05a0| 10 | . | ece: false 0x5a2.1-0x5a2.1 (0.1) +0x05a0| 10 | . | urg: false 0x5a2.2-0x5a2.2 (0.1) +0x05a0| 10 | . | ack: true 0x5a2.3-0x5a2.3 (0.1) +0x05a0| 10 | . | psh: false 0x5a2.4-0x5a2.4 (0.1) +0x05a0| 10 | . | rst: false 0x5a2.5-0x5a2.5 (0.1) +0x05a0| 10 | . | syn: false 0x5a2.6-0x5a2.6 (0.1) +0x05a0| 10 | . | fin: false 0x5a2.7-0x5a2.7 (0.1) +0x05a0| 00 36 | .6 | window_size: 54 0x5a3-0x5a4.7 (2) +0x05a0| 70 8b | p. | checksum: 0x708b 0x5a5-0x5a6.7 (2) +0x05a0| 00 00 | .. | urgent_pointer: 0 0x5a7-0x5a8.7 (2) + | | | options: [3] 0x5a9-0x5b4.7 (12) + | | | [0]: option {} 0x5a9-0x5a9.7 (1) +0x05a0| 01 | . | kind: "nop" (1) (No operation) 0x5a9-0x5a9.7 (1) + | | | [1]: option {} 0x5aa-0x5aa.7 (1) +0x05a0| 01 | . | kind: "nop" (1) (No operation) 0x5aa-0x5aa.7 (1) + | | | [2]: option {} 0x5ab-0x5b4.7 (10) +0x05a0| 08 | . | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x5ab-0x5ab.7 (1) +0x05a0| 0a | . | length: 10 0x5ac-0x5ac.7 (1) +0x05a0| 77 e3 58| w.X| data: raw bits 0x5ad-0x5b4.7 (8) +0x05b0|01 19 c9 2c e6 |...,. | + | | | data: raw bits 0x5b5-NA (0) + | | | capture_padding: raw bits 0x5b5-NA (0) + | | | [7]: packet {} 0x5b5-0x606.7 (82) +0x05b0| 3c d3 81 41 | <..A | ts_sec: 1099027260 0x5b5-0x5b8.7 (4) +0x05b0| eb 78 06 00 | .x.. | ts_usec: 424171 0x5b9-0x5bc.7 (4) +0x05b0| 42 00 00| B..| incl_len: 66 0x5bd-0x5c0.7 (4) +0x05c0|00 |. | +0x05c0| 42 00 00 00 | B... | orig_len: 66 0x5c1-0x5c4.7 (4) + | | | packet: {} (ether8023_frame) 0x5c5-0x606.7 (66) +0x05c0| 00 0a 95 67 49 3c | ...gI< | destination: "00:0a:95:67:49:3c" (0xa9567493c) 0x5c5-0x5ca.7 (6) +0x05c0| 00 c0 f0 2d 4a| ...-J| source: "00:c0:f0:2d:4a:a3" (0xc0f02d4aa3) 0x5cb-0x5d0.7 (6) +0x05d0|a3 |. | +0x05d0| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x5d1-0x5d2.7 (2) + | | | packet: {} (ipv4_packet) 0x5d3-0x606.7 (52) +0x05d0| 45 | E | version: 4 0x5d3-0x5d3.3 (0.4) +0x05d0| 45 | E | ihl: 5 0x5d3.4-0x5d3.7 (0.4) +0x05d0| 00 | . | dscp: 0 0x5d4-0x5d4.5 (0.6) +0x05d0| 00 | . | ecn: 0 0x5d4.6-0x5d4.7 (0.2) +0x05d0| 00 34 | .4 | total_length: 52 0x5d5-0x5d6.7 (2) +0x05d0| bf c5 | .. | identification: 49093 0x5d7-0x5d8.7 (2) +0x05d0| 40 | @ | reserved: 0 0x5d9-0x5d9 (0.1) +0x05d0| 40 | @ | dont_fragment: true 0x5d9.1-0x5d9.1 (0.1) +0x05d0| 40 | @ | more_fragments: false 0x5d9.2-0x5d9.2 (0.1) +0x05d0| 40 00 | @. | fragment_offset: 0 0x5d9.3-0x5da.7 (1.5) +0x05d0| 40 | @ | ttl: 64 0x5db-0x5db.7 (1) +0x05d0| 06 | . | protocol: "tcp" (6) (Transmission control protocol) 0x5dc-0x5dc.7 (1) +0x05d0| 6f aa | o. | header_checksum: 0x6faa (valid) 0x5dd-0x5de.7 (2) +0x05d0| c0| .| source_ip: "192.168.69.1" (0xc0a84501) 0x5df-0x5e2.7 (4) +0x05e0|a8 45 01 |.E. | +0x05e0| c0 a8 45 02 | ..E. | destination_ip: "192.168.69.2" (0xc0a84502) 0x5e3-0x5e6.7 (4) + | | | data: {} (tcp_segment) 0x5e7-0x606.7 (32) +0x05e0| 00 50 | .P | source_port: "http" (80) (World Wide Web HTTP) 0x5e7-0x5e8.7 (2) +0x05e0| 85 0b | .. | destination_port: 34059 0x5e9-0x5ea.7 (2) +0x05e0| 96 18 94 b9 | .... | sequence_number: 2518193337 0x5eb-0x5ee.7 (4) +0x05e0| 8f| .| acknowledgment_number: 2415240176 0x5ef-0x5f2.7 (4) +0x05f0|f5 a3 f0 |... | +0x05f0| 80 | . | data_offset: 8 0x5f3-0x5f3.3 (0.4) +0x05f0| 80 | . | reserved: 0 0x5f3.4-0x5f3.6 (0.3) +0x05f0| 80 | . | ns: false 0x5f3.7-0x5f3.7 (0.1) +0x05f0| 11 | . | cwr: false 0x5f4-0x5f4 (0.1) +0x05f0| 11 | . | ece: false 0x5f4.1-0x5f4.1 (0.1) +0x05f0| 11 | . | urg: false 0x5f4.2-0x5f4.2 (0.1) +0x05f0| 11 | . | ack: true 0x5f4.3-0x5f4.3 (0.1) +0x05f0| 11 | . | psh: false 0x5f4.4-0x5f4.4 (0.1) +0x05f0| 11 | . | rst: false 0x5f4.5-0x5f4.5 (0.1) +0x05f0| 11 | . | syn: false 0x5f4.6-0x5f4.6 (0.1) +0x05f0| 11 | . | fin: true 0x5f4.7-0x5f4.7 (0.1) +0x05f0| 19 20 | . | window_size: 6432 0x5f5-0x5f6.7 (2) +0x05f0| 57 a0 | W. | checksum: 0x57a0 0x5f7-0x5f8.7 (2) +0x05f0| 00 00 | .. | urgent_pointer: 0 0x5f9-0x5fa.7 (2) + | | | options: [3] 0x5fb-0x606.7 (12) + | | | [0]: option {} 0x5fb-0x5fb.7 (1) +0x05f0| 01 | . | kind: "nop" (1) (No operation) 0x5fb-0x5fb.7 (1) + | | | [1]: option {} 0x5fc-0x5fc.7 (1) +0x05f0| 01 | . | kind: "nop" (1) (No operation) 0x5fc-0x5fc.7 (1) + | | | [2]: option {} 0x5fd-0x606.7 (10) +0x05f0| 08 | . | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x5fd-0x5fd.7 (1) +0x05f0| 0a | . | length: 10 0x5fe-0x5fe.7 (1) +0x05f0| 19| .| data: raw bits 0x5ff-0x606.7 (8) +0x0600|c9 2c e6 77 e3 58 01 |.,.w.X. | + | | | data: raw bits 0x607-NA (0) + | | | capture_padding: raw bits 0x607-NA (0) + | | | [8]: packet {} 0x607-0x658.7 (82) +0x0600| 3c d3 81 41 | <..A | ts_sec: 1099027260 0x607-0x60a.7 (4) +0x0600| 85 7c 06 00 | .|.. | ts_usec: 425093 0x60b-0x60e.7 (4) +0x0600| 42| B| incl_len: 66 0x60f-0x612.7 (4) +0x0610|00 00 00 |... | +0x0610| 42 00 00 00 | B... | orig_len: 66 0x613-0x616.7 (4) + | | | packet: {} (ether8023_frame) 0x617-0x658.7 (66) +0x0610| 00 c0 f0 2d 4a a3 | ...-J. | destination: "00:c0:f0:2d:4a:a3" (0xc0f02d4aa3) 0x617-0x61c.7 (6) +0x0610| 00 0a 95| ...| source: "00:0a:95:67:49:3c" (0xa9567493c) 0x61d-0x622.7 (6) +0x0620|67 49 3c |gI< | +0x0620| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x623-0x624.7 (2) + | | | packet: {} (ipv4_packet) 0x625-0x658.7 (52) +0x0620| 45 | E | version: 4 0x625-0x625.3 (0.4) +0x0620| 45 | E | ihl: 5 0x625.4-0x625.7 (0.4) +0x0620| 00 | . | dscp: 0 0x626-0x626.5 (0.6) +0x0620| 00 | . | ecn: 0 0x626.6-0x626.7 (0.2) +0x0620| 00 34 | .4 | total_length: 52 0x627-0x628.7 (2) +0x0620| f5 dd | .. | identification: 62941 0x629-0x62a.7 (2) +0x0620| 40 | @ | reserved: 0 0x62b-0x62b (0.1) +0x0620| 40 | @ | dont_fragment: true 0x62b.1-0x62b.1 (0.1) +0x0620| 40 | @ | more_fragments: false 0x62b.2-0x62b.2 (0.1) +0x0620| 40 00 | @. | fragment_offset: 0 0x62b.3-0x62c.7 (1.5) +0x0620| 40 | @ | ttl: 64 0x62d-0x62d.7 (1) +0x0620| 06 | . | protocol: "tcp" (6) (Transmission control protocol) 0x62e-0x62e.7 (1) +0x0620| 39| 9| header_checksum: 0x3992 (valid) 0x62f-0x630.7 (2) +0x0630|92 |. | +0x0630| c0 a8 45 02 | ..E. | source_ip: "192.168.69.2" (0xc0a84502) 0x631-0x634.7 (4) +0x0630| c0 a8 45 01 | ..E. | destination_ip: "192.168.69.1" (0xc0a84501) 0x635-0x638.7 (4) + | | | data: {} (tcp_segment) 0x639-0x658.7 (32) +0x0630| 85 0b | .. | source_port: 34059 0x639-0x63a.7 (2) +0x0630| 00 50 | .P | destination_port: "http" (80) (World Wide Web HTTP) 0x63b-0x63c.7 (2) +0x0630| 8f f5 a3| ...| sequence_number: 2415240176 0x63d-0x640.7 (4) +0x0640|f0 |. | +0x0640| 96 18 94 ba | .... | acknowledgment_number: 2518193338 0x641-0x644.7 (4) +0x0640| 80 | . | data_offset: 8 0x645-0x645.3 (0.4) +0x0640| 80 | . | reserved: 0 0x645.4-0x645.6 (0.3) +0x0640| 80 | . | ns: false 0x645.7-0x645.7 (0.1) +0x0640| 11 | . | cwr: false 0x646-0x646 (0.1) +0x0640| 11 | . | ece: false 0x646.1-0x646.1 (0.1) +0x0640| 11 | . | urg: false 0x646.2-0x646.2 (0.1) +0x0640| 11 | . | ack: true 0x646.3-0x646.3 (0.1) +0x0640| 11 | . | psh: false 0x646.4-0x646.4 (0.1) +0x0640| 11 | . | rst: false 0x646.5-0x646.5 (0.1) +0x0640| 11 | . | syn: false 0x646.6-0x646.6 (0.1) +0x0640| 11 | . | fin: true 0x646.7-0x646.7 (0.1) +0x0640| 00 36 | .6 | window_size: 54 0x647-0x648.7 (2) +0x0640| 70 88 | p. | checksum: 0x7088 0x649-0x64a.7 (2) +0x0640| 00 00 | .. | urgent_pointer: 0 0x64b-0x64c.7 (2) + | | | options: [3] 0x64d-0x658.7 (12) + | | | [0]: option {} 0x64d-0x64d.7 (1) +0x0640| 01 | . | kind: "nop" (1) (No operation) 0x64d-0x64d.7 (1) + | | | [1]: option {} 0x64e-0x64e.7 (1) +0x0640| 01 | . | kind: "nop" (1) (No operation) 0x64e-0x64e.7 (1) + | | | [2]: option {} 0x64f-0x658.7 (10) +0x0640| 08| .| kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x64f-0x64f.7 (1) +0x0650|0a |. | length: 10 0x650-0x650.7 (1) +0x0650| 77 e3 58 02 19 c9 2c e6 | w.X...,. | data: raw bits 0x651-0x658.7 (8) + | | | data: raw bits 0x659-NA (0) + | | | capture_padding: raw bits 0x659-NA (0) + | | | [9]: packet {} 0x659-0x6aa.7 (82) +0x0650| 3c d3 81 41 | <..A | ts_sec: 1099027260 0x659-0x65c.7 (4) +0x0650| ab 7c 06| .|.| ts_usec: 425131 0x65d-0x660.7 (4) +0x0660|00 |. | +0x0660| 42 00 00 00 | B... | incl_len: 66 0x661-0x664.7 (4) +0x0660| 42 00 00 00 | B... | orig_len: 66 0x665-0x668.7 (4) + | | | packet: {} (ether8023_frame) 0x669-0x6aa.7 (66) +0x0660| 00 0a 95 67 49 3c | ...gI< | destination: "00:0a:95:67:49:3c" (0xa9567493c) 0x669-0x66e.7 (6) +0x0660| 00| .| source: "00:c0:f0:2d:4a:a3" (0xc0f02d4aa3) 0x66f-0x674.7 (6) +0x0670|c0 f0 2d 4a a3 |..-J. | +0x0670| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x675-0x676.7 (2) + | | | packet: {} (ipv4_packet) 0x677-0x6aa.7 (52) +0x0670| 45 | E | version: 4 0x677-0x677.3 (0.4) +0x0670| 45 | E | ihl: 5 0x677.4-0x677.7 (0.4) +0x0670| 00 | . | dscp: 0 0x678-0x678.5 (0.6) +0x0670| 00 | . | ecn: 0 0x678.6-0x678.7 (0.2) +0x0670| 00 34 | .4 | total_length: 52 0x679-0x67a.7 (2) +0x0670| bf c6 | .. | identification: 49094 0x67b-0x67c.7 (2) +0x0670| 40 | @ | reserved: 0 0x67d-0x67d (0.1) +0x0670| 40 | @ | dont_fragment: true 0x67d.1-0x67d.1 (0.1) +0x0670| 40 | @ | more_fragments: false 0x67d.2-0x67d.2 (0.1) +0x0670| 40 00 | @. | fragment_offset: 0 0x67d.3-0x67e.7 (1.5) +0x0670| 40| @| ttl: 64 0x67f-0x67f.7 (1) +0x0680|06 |. | protocol: "tcp" (6) (Transmission control protocol) 0x680-0x680.7 (1) +0x0680| 6f a9 | o. | header_checksum: 0x6fa9 (valid) 0x681-0x682.7 (2) +0x0680| c0 a8 45 01 | ..E. | source_ip: "192.168.69.1" (0xc0a84501) 0x683-0x686.7 (4) +0x0680| c0 a8 45 02 | ..E. | destination_ip: "192.168.69.2" (0xc0a84502) 0x687-0x68a.7 (4) + | | | data: {} (tcp_segment) 0x68b-0x6aa.7 (32) +0x0680| 00 50 | .P | source_port: "http" (80) (World Wide Web HTTP) 0x68b-0x68c.7 (2) +0x0680| 85 0b | .. | destination_port: 34059 0x68d-0x68e.7 (2) +0x0680| 96| .| sequence_number: 2518193338 0x68f-0x692.7 (4) +0x0690|18 94 ba |... | +0x0690| 8f f5 a3 f1 | .... | acknowledgment_number: 2415240177 0x693-0x696.7 (4) +0x0690| 80 | . | data_offset: 8 0x697-0x697.3 (0.4) +0x0690| 80 | . | reserved: 0 0x697.4-0x697.6 (0.3) +0x0690| 80 | . | ns: false 0x697.7-0x697.7 (0.1) +0x0690| 10 | . | cwr: false 0x698-0x698 (0.1) +0x0690| 10 | . | ece: false 0x698.1-0x698.1 (0.1) +0x0690| 10 | . | urg: false 0x698.2-0x698.2 (0.1) +0x0690| 10 | . | ack: true 0x698.3-0x698.3 (0.1) +0x0690| 10 | . | psh: false 0x698.4-0x698.4 (0.1) +0x0690| 10 | . | rst: false 0x698.5-0x698.5 (0.1) +0x0690| 10 | . | syn: false 0x698.6-0x698.6 (0.1) +0x0690| 10 | . | fin: false 0x698.7-0x698.7 (0.1) +0x0690| 19 20 | . | window_size: 6432 0x699-0x69a.7 (2) +0x0690| 57 9e | W. | checksum: 0x579e 0x69b-0x69c.7 (2) +0x0690| 00 00 | .. | urgent_pointer: 0 0x69d-0x69e.7 (2) + | | | options: [3] 0x69f-0x6aa.7 (12) + | | | [0]: option {} 0x69f-0x69f.7 (1) +0x0690| 01| .| kind: "nop" (1) (No operation) 0x69f-0x69f.7 (1) + | | | [1]: option {} 0x6a0-0x6a0.7 (1) +0x06a0|01 |. | kind: "nop" (1) (No operation) 0x6a0-0x6a0.7 (1) + | | | [2]: option {} 0x6a1-0x6aa.7 (10) +0x06a0| 08 | . | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x6a1-0x6a1.7 (1) +0x06a0| 0a | . | length: 10 0x6a2-0x6a2.7 (1) +0x06a0| 19 c9 2c e6 77 e3 58 02| | ..,.w.X.| | data: raw bits 0x6a3-0x6aa.7 (8) + | | | data: raw bits 0x6ab-NA (0) + | | | capture_padding: raw bits 0x6ab-NA (0) + | | | ipv4_reassembled: [0] 0x6ab-NA (0) + | | | tcp_connections: [1] 0x6ab-NA (0) + | | | [0]: flow {} 0x6ab-NA (0) + | | | source_ip: "192.168.69.2" 0x6ab-NA (0) + | | | source_port: 34059 0x6ab-NA (0) + | | | destination_ip: "192.168.69.1" 0x6ab-NA (0) + | | | destination_port: "http" (80) (World Wide Web HTTP) 0x6ab-NA (0) + 0x000|47 45 54 20 2f 74 65 73 74 2f 65 74 68 65 72 65|GET /test/ethere| client_stream: raw bits 0x0-0x1bc.7 (445) + * |until 0x1bc.7 (end) (445) | | + 0x000|48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d|HTTP/1.1 200 OK.| server_stream: raw bits 0x0-0x191.7 (402) + * |until 0x191.7 (end) (402) | | diff --git a/format/pcap/testdata/ipv4frags.fqtest b/format/pcap/testdata/ipv4frags.fqtest index 2c9ca1c9..5b1b77ea 100644 --- a/format/pcap/testdata/ipv4frags.fqtest +++ b/format/pcap/testdata/ipv4frags.fqtest @@ -1,101 +1,130 @@ # from https://wiki.wireshark.org/SampleCaptures $ fq -d pcap verbose /ipv4frags.pcap - |00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef|.: {} /ipv4frags.pcap (pcap) 0x0-0xbad.7 (2990) -0x000|d4 c3 b2 a1 |.... | magic: "little_endian" (0xd4c3b2a1) (valid) 0x0-0x3.7 (4) -0x000| 02 00 | .. | version_major: 2 0x4-0x5.7 (2) -0x000| 04 00 | .. | version_minor: 4 0x6-0x7.7 (2) -0x000| 00 00 00 00 | .... | thiszone: 0 0x8-0xb.7 (4) -0x000| 00 00 00 00| ....| sigfigs: 0 0xc-0xf.7 (4) -0x010|d0 07 00 00 |.... | snaplen: 2000 0x10-0x13.7 (4) -0x010| 01 00 00 00 | .... | network: "ethernet" (1) (IEEE 802.3 Ethernet) 0x14-0x17.7 (4) - | | | packets: [3] 0x18-0xbad.7 (2966) - | | | [0]: packet {} 0x18-0x419.7 (1026) -0x010| 14 2b d2 59 | .+.Y | ts_sec: 1506945812 0x18-0x1b.7 (4) -0x010| 5c 2a 08 00| \*..| ts_usec: 535132 0x1c-0x1f.7 (4) -0x020|f2 03 00 00 |.... | incl_len: 1010 0x20-0x23.7 (4) -0x020| f2 03 00 00 | .... | orig_len: 1010 0x24-0x27.7 (4) - | | | packet: {} (ether8023) 0x28-0x419.7 (1010) -0x020| 08 00 27 e2 9f a6 | ..'... | destination: "08:00:27:e2:9f:a6" (0x80027e29fa6) 0x28-0x2d.7 (6) -0x020| 08 00| ..| source: "08:00:27:fc:6a:c9" (0x80027fc6ac9) 0x2e-0x33.7 (6) -0x030|27 fc 6a c9 |'.j. | -0x030| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x34-0x35.7 (2) - | | | packet: {} (ipv4) 0x36-0x419.7 (996) -0x030| 45 | E | version: 4 0x36-0x36.3 (0.4) -0x030| 45 | E | ihl: 5 0x36.4-0x36.7 (0.4) -0x030| 00 | . | dscp: 0 0x37-0x37.5 (0.6) -0x030| 00 | . | ecn: 0 0x37.6-0x37.7 (0.2) -0x030| 03 e4 | .. | total_length: 996 0x38-0x39.7 (2) -0x030| b5 d0 | .. | identification: 46544 0x3a-0x3b.7 (2) -0x030| 20 | | reserved: 0 0x3c-0x3c (0.1) -0x030| 20 | | dont_fragment: false 0x3c.1-0x3c.1 (0.1) -0x030| 20 | | more_fragments: true 0x3c.2-0x3c.2 (0.1) -0x030| 20 00 | . | fragment_offset: 0 0x3c.3-0x3d.7 (1.5) -0x030| 40 | @ | ttl: 64 0x3e-0x3e.7 (1) -0x030| 01| .| protocol: "icmp" (1) (internet control message protocol) 0x3f-0x3f.7 (1) -0x040|9b 44 |.D | header_checksum: 0x9b44 0x40-0x41.7 (2) -0x040| 02 01 01 02 | .... | source_ip: "2.1.1.2" (0x2010102) 0x42-0x45.7 (4) -0x040| 02 01 01 01 | .... | destination_ip: "2.1.1.1" (0x2010101) 0x46-0x49.7 (4) -0x040| 08 00 4d 71 13 c2| ..Mq..| data: raw bits 0x4a-0x419.7 (976) -0x050|00 01 14 2b d2 59 00 00 00 00 3d 2a 08 00 00 00|...+.Y....=*....| -* |until 0x419.7 (976) | | - | | | capture_padding: raw bits 0x41a-NA (0) - | | | [1]: packet {} 0x41a-0x5fb.7 (482) -0x410| 14 2b d2 59 | .+.Y | ts_sec: 1506945812 0x41a-0x41d.7 (4) -0x410| 9d 2a| .*| ts_usec: 535197 0x41e-0x421.7 (4) -0x420|08 00 |.. | -0x420| d2 01 00 00 | .... | incl_len: 466 0x422-0x425.7 (4) -0x420| d2 01 00 00 | .... | orig_len: 466 0x426-0x429.7 (4) - | | | packet: {} (ether8023) 0x42a-0x5fb.7 (466) -0x420| 08 00 27 e2 9f a6| ..'...| destination: "08:00:27:e2:9f:a6" (0x80027e29fa6) 0x42a-0x42f.7 (6) -0x430|08 00 27 fc 6a c9 |..'.j. | source: "08:00:27:fc:6a:c9" (0x80027fc6ac9) 0x430-0x435.7 (6) -0x430| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x436-0x437.7 (2) - | | | packet: {} (ipv4) 0x438-0x5fb.7 (452) -0x430| 45 | E | version: 4 0x438-0x438.3 (0.4) -0x430| 45 | E | ihl: 5 0x438.4-0x438.7 (0.4) -0x430| 00 | . | dscp: 0 0x439-0x439.5 (0.6) -0x430| 00 | . | ecn: 0 0x439.6-0x439.7 (0.2) -0x430| 01 c4 | .. | total_length: 452 0x43a-0x43b.7 (2) -0x430| b5 d0 | .. | identification: 46544 0x43c-0x43d.7 (2) -0x430| 00 | . | reserved: 0 0x43e-0x43e (0.1) -0x430| 00 | . | dont_fragment: false 0x43e.1-0x43e.1 (0.1) -0x430| 00 | . | more_fragments: false 0x43e.2-0x43e.2 (0.1) -0x430| 00 7a| .z| fragment_offset: 122 0x43e.3-0x43f.7 (1.5) -0x440|40 |@ | ttl: 64 0x440-0x440.7 (1) -0x440| 01 | . | protocol: "icmp" (1) (internet control message protocol) 0x441-0x441.7 (1) -0x440| bc ea | .. | header_checksum: 0xbcea 0x442-0x443.7 (2) -0x440| 02 01 01 02 | .... | source_ip: "2.1.1.2" (0x2010102) 0x444-0x447.7 (4) -0x440| 02 01 01 01 | .... | destination_ip: "2.1.1.1" (0x2010101) 0x448-0x44b.7 (4) -0x440| c8 c9 ca cb| ....| data: raw bits 0x44c-0x5fb.7 (432) -0x450|cc cd ce cf d0 d1 d2 d3 d4 d5 d6 d7 d8 d9 da db|................| -* |until 0x5fb.7 (432) | | - | | | capture_padding: raw bits 0x5fc-NA (0) - | | | [2]: packet {} 0x5fc-0xbad.7 (1458) -0x5f0| 14 2b d2 59| .+.Y| ts_sec: 1506945812 0x5fc-0x5ff.7 (4) -0x600|59 2c 08 00 |Y,.. | ts_usec: 535641 0x600-0x603.7 (4) -0x600| a2 05 00 00 | .... | incl_len: 1442 0x604-0x607.7 (4) -0x600| a2 05 00 00 | .... | orig_len: 1442 0x608-0x60b.7 (4) - | | | packet: {} (ether8023) 0x60c-0xbad.7 (1442) -0x600| 08 00 27 fc| ..'.| destination: "08:00:27:fc:6a:c9" (0x80027fc6ac9) 0x60c-0x611.7 (6) -0x610|6a c9 |j. | -0x610| 08 00 27 e2 9f a6 | ..'... | source: "08:00:27:e2:9f:a6" (0x80027e29fa6) 0x612-0x617.7 (6) -0x610| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x618-0x619.7 (2) - | | | packet: {} (ipv4) 0x61a-0xbad.7 (1428) -0x610| 45 | E | version: 4 0x61a-0x61a.3 (0.4) -0x610| 45 | E | ihl: 5 0x61a.4-0x61a.7 (0.4) -0x610| 00 | . | dscp: 0 0x61b-0x61b.5 (0.6) -0x610| 00 | . | ecn: 0 0x61b.6-0x61b.7 (0.2) -0x610| 05 94 | .. | total_length: 1428 0x61c-0x61d.7 (2) -0x610| 83 f6| ..| identification: 33782 0x61e-0x61f.7 (2) -0x620|00 |. | reserved: 0 0x620-0x620 (0.1) -0x620|00 |. | dont_fragment: false 0x620.1-0x620.1 (0.1) -0x620|00 |. | more_fragments: false 0x620.2-0x620.2 (0.1) -0x620|00 00 |.. | fragment_offset: 0 0x620.3-0x621.7 (1.5) -0x620| 40 | @ | ttl: 64 0x622-0x622.7 (1) -0x620| 01 | . | protocol: "icmp" (1) (internet control message protocol) 0x623-0x623.7 (1) -0x620| eb 6e | .n | header_checksum: 0xeb6e 0x624-0x625.7 (2) -0x620| 02 01 01 01 | .... | source_ip: "2.1.1.1" (0x2010101) 0x626-0x629.7 (4) -0x620| 02 01 01 02 | .... | destination_ip: "2.1.1.2" (0x2010102) 0x62a-0x62d.7 (4) -0x620| 00 00| ..| data: raw bits 0x62e-0xbad.7 (1408) -0x630|55 71 13 c2 00 01 14 2b d2 59 00 00 00 00 3d 2a|Uq.....+.Y....=*| -* |until 0xbad.7 (end) (1408) | | - | | | capture_padding: raw bits 0xbae-NA (0) + |00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef|.: {} /ipv4frags.pcap (pcap) 0x0-0xbad.7 (2990) +0x0000|d4 c3 b2 a1 |.... | magic: "little_endian" (0xd4c3b2a1) (valid) 0x0-0x3.7 (4) +0x0000| 02 00 | .. | version_major: 2 0x4-0x5.7 (2) +0x0000| 04 00 | .. | version_minor: 4 0x6-0x7.7 (2) +0x0000| 00 00 00 00 | .... | thiszone: 0 0x8-0xb.7 (4) +0x0000| 00 00 00 00| ....| sigfigs: 0 0xc-0xf.7 (4) +0x0010|d0 07 00 00 |.... | snaplen: 2000 0x10-0x13.7 (4) +0x0010| 01 00 00 00 | .... | network: "ethernet" (1) (IEEE 802.3 Ethernet) 0x14-0x17.7 (4) + | | | packets: [3] 0x18-0xbad.7 (2966) + | | | [0]: packet {} 0x18-0x419.7 (1026) +0x0010| 14 2b d2 59 | .+.Y | ts_sec: 1506945812 0x18-0x1b.7 (4) +0x0010| 5c 2a 08 00| \*..| ts_usec: 535132 0x1c-0x1f.7 (4) +0x0020|f2 03 00 00 |.... | incl_len: 1010 0x20-0x23.7 (4) +0x0020| f2 03 00 00 | .... | orig_len: 1010 0x24-0x27.7 (4) + | | | packet: {} (ether8023_frame) 0x28-0x419.7 (1010) +0x0020| 08 00 27 e2 9f a6 | ..'... | destination: "08:00:27:e2:9f:a6" (0x80027e29fa6) 0x28-0x2d.7 (6) +0x0020| 08 00| ..| source: "08:00:27:fc:6a:c9" (0x80027fc6ac9) 0x2e-0x33.7 (6) +0x0030|27 fc 6a c9 |'.j. | +0x0030| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x34-0x35.7 (2) + | | | packet: {} (ipv4_packet) 0x36-0x419.7 (996) +0x0030| 45 | E | version: 4 0x36-0x36.3 (0.4) +0x0030| 45 | E | ihl: 5 0x36.4-0x36.7 (0.4) +0x0030| 00 | . | dscp: 0 0x37-0x37.5 (0.6) +0x0030| 00 | . | ecn: 0 0x37.6-0x37.7 (0.2) +0x0030| 03 e4 | .. | total_length: 996 0x38-0x39.7 (2) +0x0030| b5 d0 | .. | identification: 46544 0x3a-0x3b.7 (2) +0x0030| 20 | | reserved: 0 0x3c-0x3c (0.1) +0x0030| 20 | | dont_fragment: false 0x3c.1-0x3c.1 (0.1) +0x0030| 20 | | more_fragments: true 0x3c.2-0x3c.2 (0.1) +0x0030| 20 00 | . | fragment_offset: 0 0x3c.3-0x3d.7 (1.5) +0x0030| 40 | @ | ttl: 64 0x3e-0x3e.7 (1) +0x0030| 01| .| protocol: "icmp" (1) (Internet control message protocol) 0x3f-0x3f.7 (1) +0x0040|9b 44 |.D | header_checksum: 0x9b44 (valid) 0x40-0x41.7 (2) +0x0040| 02 01 01 02 | .... | source_ip: "2.1.1.2" (0x2010102) 0x42-0x45.7 (4) +0x0040| 02 01 01 01 | .... | destination_ip: "2.1.1.1" (0x2010101) 0x46-0x49.7 (4) +0x0040| 08 00 4d 71 13 c2| ..Mq..| data: raw bits 0x4a-0x419.7 (976) +0x0050|00 01 14 2b d2 59 00 00 00 00 3d 2a 08 00 00 00|...+.Y....=*....| +* |until 0x419.7 (976) | | + | | | capture_padding: raw bits 0x41a-NA (0) + | | | [1]: packet {} 0x41a-0x5fb.7 (482) +0x0410| 14 2b d2 59 | .+.Y | ts_sec: 1506945812 0x41a-0x41d.7 (4) +0x0410| 9d 2a| .*| ts_usec: 535197 0x41e-0x421.7 (4) +0x0420|08 00 |.. | +0x0420| d2 01 00 00 | .... | incl_len: 466 0x422-0x425.7 (4) +0x0420| d2 01 00 00 | .... | orig_len: 466 0x426-0x429.7 (4) + | | | packet: {} (ether8023_frame) 0x42a-0x5fb.7 (466) +0x0420| 08 00 27 e2 9f a6| ..'...| destination: "08:00:27:e2:9f:a6" (0x80027e29fa6) 0x42a-0x42f.7 (6) +0x0430|08 00 27 fc 6a c9 |..'.j. | source: "08:00:27:fc:6a:c9" (0x80027fc6ac9) 0x430-0x435.7 (6) +0x0430| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x436-0x437.7 (2) + | | | packet: {} (ipv4_packet) 0x438-0x5fb.7 (452) +0x0430| 45 | E | version: 4 0x438-0x438.3 (0.4) +0x0430| 45 | E | ihl: 5 0x438.4-0x438.7 (0.4) +0x0430| 00 | . | dscp: 0 0x439-0x439.5 (0.6) +0x0430| 00 | . | ecn: 0 0x439.6-0x439.7 (0.2) +0x0430| 01 c4 | .. | total_length: 452 0x43a-0x43b.7 (2) +0x0430| b5 d0 | .. | identification: 46544 0x43c-0x43d.7 (2) +0x0430| 00 | . | reserved: 0 0x43e-0x43e (0.1) +0x0430| 00 | . | dont_fragment: false 0x43e.1-0x43e.1 (0.1) +0x0430| 00 | . | more_fragments: false 0x43e.2-0x43e.2 (0.1) +0x0430| 00 7a| .z| fragment_offset: 122 0x43e.3-0x43f.7 (1.5) +0x0440|40 |@ | ttl: 64 0x440-0x440.7 (1) +0x0440| 01 | . | protocol: "icmp" (1) (Internet control message protocol) 0x441-0x441.7 (1) +0x0440| bc ea | .. | header_checksum: 0xbcea (valid) 0x442-0x443.7 (2) +0x0440| 02 01 01 02 | .... | source_ip: "2.1.1.2" (0x2010102) 0x444-0x447.7 (4) +0x0440| 02 01 01 01 | .... | destination_ip: "2.1.1.1" (0x2010101) 0x448-0x44b.7 (4) +0x0440| c8 c9 ca cb| ....| data: raw bits 0x44c-0x5fb.7 (432) +0x0450|cc cd ce cf d0 d1 d2 d3 d4 d5 d6 d7 d8 d9 da db|................| +* |until 0x5fb.7 (432) | | + | | | capture_padding: raw bits 0x5fc-NA (0) + | | | [2]: packet {} 0x5fc-0xbad.7 (1458) +0x05f0| 14 2b d2 59| .+.Y| ts_sec: 1506945812 0x5fc-0x5ff.7 (4) +0x0600|59 2c 08 00 |Y,.. | ts_usec: 535641 0x600-0x603.7 (4) +0x0600| a2 05 00 00 | .... | incl_len: 1442 0x604-0x607.7 (4) +0x0600| a2 05 00 00 | .... | orig_len: 1442 0x608-0x60b.7 (4) + | | | packet: {} (ether8023_frame) 0x60c-0xbad.7 (1442) +0x0600| 08 00 27 fc| ..'.| destination: "08:00:27:fc:6a:c9" (0x80027fc6ac9) 0x60c-0x611.7 (6) +0x0610|6a c9 |j. | +0x0610| 08 00 27 e2 9f a6 | ..'... | source: "08:00:27:e2:9f:a6" (0x80027e29fa6) 0x612-0x617.7 (6) +0x0610| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x618-0x619.7 (2) + | | | packet: {} (ipv4_packet) 0x61a-0xbad.7 (1428) +0x0610| 45 | E | version: 4 0x61a-0x61a.3 (0.4) +0x0610| 45 | E | ihl: 5 0x61a.4-0x61a.7 (0.4) +0x0610| 00 | . | dscp: 0 0x61b-0x61b.5 (0.6) +0x0610| 00 | . | ecn: 0 0x61b.6-0x61b.7 (0.2) +0x0610| 05 94 | .. | total_length: 1428 0x61c-0x61d.7 (2) +0x0610| 83 f6| ..| identification: 33782 0x61e-0x61f.7 (2) +0x0620|00 |. | reserved: 0 0x620-0x620 (0.1) +0x0620|00 |. | dont_fragment: false 0x620.1-0x620.1 (0.1) +0x0620|00 |. | more_fragments: false 0x620.2-0x620.2 (0.1) +0x0620|00 00 |.. | fragment_offset: 0 0x620.3-0x621.7 (1.5) +0x0620| 40 | @ | ttl: 64 0x622-0x622.7 (1) +0x0620| 01 | . | protocol: "icmp" (1) (Internet control message protocol) 0x623-0x623.7 (1) +0x0620| eb 6e | .n | header_checksum: 0xeb6e (valid) 0x624-0x625.7 (2) +0x0620| 02 01 01 01 | .... | source_ip: "2.1.1.1" (0x2010101) 0x626-0x629.7 (4) +0x0620| 02 01 01 02 | .... | destination_ip: "2.1.1.2" (0x2010102) 0x62a-0x62d.7 (4) + | | | data: {} (icmp) 0x62e-0xbad.7 (1408) +0x0620| 00 | . | type: "echo_reply" (0) (Echo reply) 0x62e-0x62e.7 (1) +0x0620| 00| .| code: 0 0x62f-0x62f.7 (1) +0x0630|55 71 |Uq | checksum: 21873 0x630-0x631.7 (2) +0x0630| 13 c2 00 01 14 2b d2 59 00 00 00 00 3d 2a| .....+.Y....=*| content: raw bits 0x632-0xbad.7 (1404) +0x0640|08 00 00 00 00 00 10 11 12 13 14 15 16 17 18 19|................| +* |until 0xbad.7 (end) (1404) | | + | | | capture_padding: raw bits 0xbae-NA (0) + | | | ipv4_reassembled: [1] 0xbae-NA (0) + | | | [0]: ipv4_packet {} (ipv4_packet) 0x0-0x593.7 (1428) + 0x000|45 |E | version: 4 0x0-0x0.3 (0.4) + 0x000|45 |E | ihl: 5 0x0.4-0x0.7 (0.4) + 0x000| 00 | . | dscp: 0 0x1-0x1.5 (0.6) + 0x000| 00 | . | ecn: 0 0x1.6-0x1.7 (0.2) + 0x000| 05 94 | .. | total_length: 1428 0x2-0x3.7 (2) + 0x000| b5 d0 | .. | identification: 46544 0x4-0x5.7 (2) + 0x000| 00 | . | reserved: 0 0x6-0x6 (0.1) + 0x000| 00 | . | dont_fragment: false 0x6.1-0x6.1 (0.1) + 0x000| 00 | . | more_fragments: false 0x6.2-0x6.2 (0.1) + 0x000| 00 00 | .. | fragment_offset: 0 0x6.3-0x7.7 (1.5) + 0x000| 40 | @ | ttl: 64 0x8-0x8.7 (1) + 0x000| 01 | . | protocol: "icmp" (1) (Internet control message protocol) 0x9-0x9.7 (1) + 0x000| b9 94 | .. | header_checksum: 0xb994 (valid) 0xa-0xb.7 (2) + 0x000| 02 01 01 02| ....| source_ip: "2.1.1.2" (0x2010102) 0xc-0xf.7 (4) + 0x010|02 01 01 01 |.... | destination_ip: "2.1.1.1" (0x2010101) 0x10-0x13.7 (4) + | | | data: {} (icmp) 0x14-0x593.7 (1408) + 0x010| 08 | . | type: "echo_request" (8) (Echo request) 0x14-0x14.7 (1) + 0x010| 00 | . | code: 0 0x15-0x15.7 (1) + 0x010| 4d 71 | Mq | checksum: 19825 0x16-0x17.7 (2) + 0x010| 13 c2 00 01 14 2b d2 59| .....+.Y| content: raw bits 0x18-0x593.7 (1404) + 0x020|00 00 00 00 3d 2a 08 00 00 00 00 00 10 11 12 13|....=*..........| + * |until 0x593.7 (end) (1404) | | + | | | tcp_connections: [0] 0xbae-NA (0) diff --git a/format/pcap/testdata/many_interfaces.fqtest b/format/pcap/testdata/many_interfaces.fqtest index 07aac997..1a05b073 100644 --- a/format/pcap/testdata/many_interfaces.fqtest +++ b/format/pcap/testdata/many_interfaces.fqtest @@ -410,12 +410,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x05b0|e7 6d 62 c9 |.mb. | timestamp_low: 3378671079 0x5b0-0x5b3.7 (4) 0x05b0| b2 00 00 00 | .... | capture_packet_length: 178 0x5b4-0x5b7.7 (4) 0x05b0| b2 00 00 00 | .... | original_packet_length: 178 0x5b8-0x5bb.7 (4) - | | | packet: {} (ether8023) 0x5bc-0x66d.7 (178) + | | | packet: {} (ether8023_frame) 0x5bc-0x66d.7 (178) 0x05b0| ff ff ff ff| ....| destination: "ff:ff:ff:ff:ff:ff" (0xffffffffffff) 0x5bc-0x5c1.7 (6) 0x05c0|ff ff |.. | 0x05c0| a4 5e 60 f1 7d 93 | .^`.}. | source: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0x5c2-0x5c7.7 (6) 0x05c0| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x5c8-0x5c9.7 (2) - | | | packet: {} (ipv4) 0x5ca-0x66d.7 (164) + | | | packet: {} (ipv4_packet) 0x5ca-0x66d.7 (164) 0x05c0| 45 | E | version: 4 0x5ca-0x5ca.3 (0.4) 0x05c0| 45 | E | ihl: 5 0x5ca.4-0x5ca.7 (0.4) 0x05c0| 00 | . | dscp: 0 0x5cb-0x5cb.5 (0.6) @@ -427,11 +427,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x05d0|00 |. | more_fragments: false 0x5d0.2-0x5d0.2 (0.1) 0x05d0|00 00 |.. | fragment_offset: 0 0x5d0.3-0x5d1.7 (1.5) 0x05d0| 40 | @ | ttl: 64 0x5d2-0x5d2.7 (1) -0x05d0| 11 | . | protocol: "udp" (17) (user datagram protocol) 0x5d3-0x5d3.7 (1) -0x05d0| f1 47 | .G | header_checksum: 0xf147 0x5d4-0x5d5.7 (2) +0x05d0| 11 | . | protocol: "udp" (17) (User datagram protocol) 0x5d3-0x5d3.7 (1) +0x05d0| f1 47 | .G | header_checksum: 0xf147 (valid) 0x5d4-0x5d5.7 (2) 0x05d0| c0 a8 01 8b | .... | source_ip: "192.168.1.139" (0xc0a8018b) 0x5d6-0x5d9.7 (4) 0x05d0| ff ff ff ff | .... | destination_ip: "255.255.255.255" (0xffffffff) 0x5da-0x5dd.7 (4) - | | | data: {} (udp) 0x5de-0x66d.7 (144) + | | | data: {} (udp_datagram) 0x5de-0x66d.7 (144) 0x05d0| 44 5c| D\| source_port: 17500 0x5de-0x5df.7 (2) 0x05e0|44 5c |D\ | destination_port: 17500 0x5e0-0x5e1.7 (2) 0x05e0| 00 90 | .. | length: 144 0x5e2-0x5e3.7 (2) @@ -451,11 +451,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x0680| df 6e 62 c9 | .nb. | timestamp_low: 3378671327 0x684-0x687.7 (4) 0x0680| b2 00 00 00 | .... | capture_packet_length: 178 0x688-0x68b.7 (4) 0x0680| b2 00 00 00| ....| original_packet_length: 178 0x68c-0x68f.7 (4) - | | | packet: {} (ether8023) 0x690-0x741.7 (178) + | | | packet: {} (ether8023_frame) 0x690-0x741.7 (178) 0x0690|ff ff ff ff ff ff |...... | destination: "ff:ff:ff:ff:ff:ff" (0xffffffffffff) 0x690-0x695.7 (6) 0x0690| a4 5e 60 f1 7d 93 | .^`.}. | source: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0x696-0x69b.7 (6) 0x0690| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x69c-0x69d.7 (2) - | | | packet: {} (ipv4) 0x69e-0x741.7 (164) + | | | packet: {} (ipv4_packet) 0x69e-0x741.7 (164) 0x0690| 45 | E | version: 4 0x69e-0x69e.3 (0.4) 0x0690| 45 | E | ihl: 5 0x69e.4-0x69e.7 (0.4) 0x0690| 00| .| dscp: 0 0x69f-0x69f.5 (0.6) @@ -467,12 +467,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x06a0| 00 | . | more_fragments: false 0x6a4.2-0x6a4.2 (0.1) 0x06a0| 00 00 | .. | fragment_offset: 0 0x6a4.3-0x6a5.7 (1.5) 0x06a0| 40 | @ | ttl: 64 0x6a6-0x6a6.7 (1) -0x06a0| 11 | . | protocol: "udp" (17) (user datagram protocol) 0x6a7-0x6a7.7 (1) -0x06a0| 94 ba | .. | header_checksum: 0x94ba 0x6a8-0x6a9.7 (2) +0x06a0| 11 | . | protocol: "udp" (17) (User datagram protocol) 0x6a7-0x6a7.7 (1) +0x06a0| 94 ba | .. | header_checksum: 0x94ba (valid) 0x6a8-0x6a9.7 (2) 0x06a0| c0 a8 01 8b | .... | source_ip: "192.168.1.139" (0xc0a8018b) 0x6aa-0x6ad.7 (4) 0x06a0| c0 a8| ..| destination_ip: "192.168.1.255" (0xc0a801ff) 0x6ae-0x6b1.7 (4) 0x06b0|01 ff |.. | - | | | data: {} (udp) 0x6b2-0x741.7 (144) + | | | data: {} (udp_datagram) 0x6b2-0x741.7 (144) 0x06b0| 44 5c | D\ | source_port: 17500 0x6b2-0x6b3.7 (2) 0x06b0| 44 5c | D\ | destination_port: 17500 0x6b4-0x6b5.7 (2) 0x06b0| 00 90 | .. | length: 144 0x6b6-0x6b7.7 (2) @@ -522,11 +522,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x08e0| 3f e6 69 c9 | ?.i. | timestamp_low: 3379160639 0x8e8-0x8eb.7 (4) 0x08e0| 56 00 00 00| V...| capture_packet_length: 86 0x8ec-0x8ef.7 (4) 0x08f0|56 00 00 00 |V... | original_packet_length: 86 0x8f0-0x8f3.7 (4) - | | | packet: {} (ether8023) 0x8f4-0x949.7 (86) + | | | packet: {} (ether8023_frame) 0x8f4-0x949.7 (86) 0x08f0| 94 10 3e 05 36 d3 | ..>.6. | destination: "94:10:3e:05:36:d3" (0x94103e0536d3) 0x8f4-0x8f9.7 (6) 0x08f0| a4 5e 60 f1 7d 93| .^`.}.| source: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0x8fa-0x8ff.7 (6) 0x0900|08 00 |.. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x900-0x901.7 (2) - | | | packet: {} (ipv4) 0x902-0x949.7 (72) + | | | packet: {} (ipv4_packet) 0x902-0x949.7 (72) 0x0900| 45 | E | version: 4 0x902-0x902.3 (0.4) 0x0900| 45 | E | ihl: 5 0x902.4-0x902.7 (0.4) 0x0900| 00 | . | dscp: 0 0x903-0x903.5 (0.6) @@ -538,12 +538,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x0900| 00 | . | more_fragments: false 0x908.2-0x908.2 (0.1) 0x0900| 00 00 | .. | fragment_offset: 0 0x908.3-0x909.7 (1.5) 0x0900| ff | . | ttl: 255 0x90a-0x90a.7 (1) -0x0900| 11 | . | protocol: "udp" (17) (user datagram protocol) 0x90b-0x90b.7 (1) -0x0900| 5c 95 | \. | header_checksum: 0x5c95 0x90c-0x90d.7 (2) +0x0900| 11 | . | protocol: "udp" (17) (User datagram protocol) 0x90b-0x90b.7 (1) +0x0900| 5c 95 | \. | header_checksum: 0x5c95 (valid) 0x90c-0x90d.7 (2) 0x0900| c0 a8| ..| source_ip: "192.168.1.139" (0xc0a8018b) 0x90e-0x911.7 (4) 0x0910|01 8b |.. | 0x0910| c0 a8 01 01 | .... | destination_ip: "192.168.1.1" (0xc0a80101) 0x912-0x915.7 (4) - | | | data: {} (udp) 0x916-0x949.7 (52) + | | | data: {} (udp_datagram) 0x916-0x949.7 (52) 0x0910| c2 54 | .T | source_port: 49748 0x916-0x917.7 (2) 0x0910| 00 35 | .5 | destination_port: "domain" (53) (Domain Name Server) 0x918-0x919.7 (2) 0x0910| 00 34 | .4 | length: 52 0x91a-0x91b.7 (2) @@ -605,12 +605,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x0960|40 e6 69 c9 |@.i. | timestamp_low: 3379160640 0x960-0x963.7 (4) 0x0960| 5a 00 00 00 | Z... | capture_packet_length: 90 0x964-0x967.7 (4) 0x0960| 5a 00 00 00 | Z... | original_packet_length: 90 0x968-0x96b.7 (4) - | | | packet: {} (ether8023) 0x96c-0x9c5.7 (90) + | | | packet: {} (ether8023_frame) 0x96c-0x9c5.7 (90) 0x0960| 94 10 3e 05| ..>.| destination: "94:10:3e:05:36:d3" (0x94103e0536d3) 0x96c-0x971.7 (6) 0x0970|36 d3 |6. | 0x0970| a4 5e 60 f1 7d 93 | .^`.}. | source: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0x972-0x977.7 (6) 0x0970| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x978-0x979.7 (2) - | | | packet: {} (ipv4) 0x97a-0x9c5.7 (76) + | | | packet: {} (ipv4_packet) 0x97a-0x9c5.7 (76) 0x0970| 45 | E | version: 4 0x97a-0x97a.3 (0.4) 0x0970| 45 | E | ihl: 5 0x97a.4-0x97a.7 (0.4) 0x0970| c0 | . | dscp: 48 0x97b-0x97b.5 (0.6) @@ -622,11 +622,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x0980|00 |. | more_fragments: false 0x980.2-0x980.2 (0.1) 0x0980|00 00 |.. | fragment_offset: 0 0x980.3-0x981.7 (1.5) 0x0980| 40 | @ | ttl: 64 0x982-0x982.7 (1) -0x0980| 11 | . | protocol: "udp" (17) (user datagram protocol) 0x983-0x983.7 (1) -0x0980| 2a 8e | *. | header_checksum: 0x2a8e 0x984-0x985.7 (2) +0x0980| 11 | . | protocol: "udp" (17) (User datagram protocol) 0x983-0x983.7 (1) +0x0980| 2a 8e | *. | header_checksum: 0x2a8e (valid) 0x984-0x985.7 (2) 0x0980| c0 a8 01 8b | .... | source_ip: "192.168.1.139" (0xc0a8018b) 0x986-0x989.7 (4) 0x0980| 11 fd 0c fd | .... | destination_ip: "17.253.12.253" (0x11fd0cfd) 0x98a-0x98d.7 (4) - | | | data: {} (udp) 0x98e-0x9c5.7 (56) + | | | data: {} (udp_datagram) 0x98e-0x9c5.7 (56) 0x0980| 00 7b| .{| source_port: "ntp" (123) (Network Time Protocol) 0x98e-0x98f.7 (2) 0x0990|00 7b |.{ | destination_port: "ntp" (123) (Network Time Protocol) 0x990-0x991.7 (2) 0x0990| 00 38 | .8 | length: 56 0x992-0x993.7 (2) @@ -646,12 +646,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x09d0| b2 b0 6a c9| ..j.| timestamp_low: 3379212466 0x9dc-0x9df.7 (4) 0x09e0|70 00 00 00 |p... | capture_packet_length: 112 0x9e0-0x9e3.7 (4) 0x09e0| 70 00 00 00 | p... | original_packet_length: 112 0x9e4-0x9e7.7 (4) - | | | packet: {} (ether8023) 0x9e8-0xa57.7 (112) + | | | packet: {} (ether8023_frame) 0x9e8-0xa57.7 (112) 0x09e0| a4 5e 60 f1 7d 93 | .^`.}. | destination: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0x9e8-0x9ed.7 (6) 0x09e0| 94 10| ..| source: "94:10:3e:05:36:d3" (0x94103e0536d3) 0x9ee-0x9f3.7 (6) 0x09f0|3e 05 36 d3 |>.6. | 0x09f0| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x9f4-0x9f5.7 (2) - | | | packet: {} (ipv4) 0x9f6-0xa57.7 (98) + | | | packet: {} (ipv4_packet) 0x9f6-0xa57.7 (98) 0x09f0| 45 | E | version: 4 0x9f6-0x9f6.3 (0.4) 0x09f0| 45 | E | ihl: 5 0x9f6.4-0x9f6.7 (0.4) 0x09f0| 00 | . | dscp: 0 0x9f7-0x9f7.5 (0.6) @@ -663,11 +663,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x09f0| 40 | @ | more_fragments: false 0x9fc.2-0x9fc.2 (0.1) 0x09f0| 40 00 | @. | fragment_offset: 0 0x9fc.3-0x9fd.7 (1.5) 0x09f0| 40 | @ | ttl: 64 0x9fe-0x9fe.7 (1) -0x09f0| 11| .| protocol: "udp" (17) (user datagram protocol) 0x9ff-0x9ff.7 (1) -0x0a00|b6 ae |.. | header_checksum: 0xb6ae 0xa00-0xa01.7 (2) +0x09f0| 11| .| protocol: "udp" (17) (User datagram protocol) 0x9ff-0x9ff.7 (1) +0x0a00|b6 ae |.. | header_checksum: 0xb6ae (valid) 0xa00-0xa01.7 (2) 0x0a00| c0 a8 01 01 | .... | source_ip: "192.168.1.1" (0xc0a80101) 0xa02-0xa05.7 (4) 0x0a00| c0 a8 01 8b | .... | destination_ip: "192.168.1.139" (0xc0a8018b) 0xa06-0xa09.7 (4) - | | | data: {} (udp) 0xa0a-0xa57.7 (78) + | | | data: {} (udp_datagram) 0xa0a-0xa57.7 (78) 0x0a00| 00 35 | .5 | source_port: "domain" (53) (Domain Name Server) 0xa0a-0xa0b.7 (2) 0x0a00| c2 54 | .T | destination_port: 49748 0xa0c-0xa0d.7 (2) 0x0a00| 00 4e| .N| length: 78 0xa0e-0xa0f.7 (2) @@ -772,12 +772,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x0a60| 9a b3 6a c9| ..j.| timestamp_low: 3379213210 0xa6c-0xa6f.7 (4) 0x0a70|58 00 00 00 |X... | capture_packet_length: 88 0xa70-0xa73.7 (4) 0x0a70| 58 00 00 00 | X... | original_packet_length: 88 0xa74-0xa77.7 (4) - | | | packet: {} (ether8023) 0xa78-0xacf.7 (88) + | | | packet: {} (ether8023_frame) 0xa78-0xacf.7 (88) 0x0a70| 94 10 3e 05 36 d3 | ..>.6. | destination: "94:10:3e:05:36:d3" (0x94103e0536d3) 0xa78-0xa7d.7 (6) 0x0a70| a4 5e| .^| source: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0xa7e-0xa83.7 (6) 0x0a80|60 f1 7d 93 |`.}. | 0x0a80| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0xa84-0xa85.7 (2) - | | | packet: {} (ipv4) 0xa86-0xacf.7 (74) + | | | packet: {} (ipv4_packet) 0xa86-0xacf.7 (74) 0x0a80| 45 | E | version: 4 0xa86-0xa86.3 (0.4) 0x0a80| 45 | E | ihl: 5 0xa86.4-0xa86.7 (0.4) 0x0a80| 00 | . | dscp: 0 0xa87-0xa87.5 (0.6) @@ -789,11 +789,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x0a80| 00 | . | more_fragments: false 0xa8c.2-0xa8c.2 (0.1) 0x0a80| 00 00 | .. | fragment_offset: 0 0xa8c.3-0xa8d.7 (1.5) 0x0a80| ff | . | ttl: 255 0xa8e-0xa8e.7 (1) -0x0a80| 11| .| protocol: "udp" (17) (user datagram protocol) 0xa8f-0xa8f.7 (1) -0x0a90|e5 56 |.V | header_checksum: 0xe556 0xa90-0xa91.7 (2) +0x0a80| 11| .| protocol: "udp" (17) (User datagram protocol) 0xa8f-0xa8f.7 (1) +0x0a90|e5 56 |.V | header_checksum: 0xe556 (valid) 0xa90-0xa91.7 (2) 0x0a90| c0 a8 01 8b | .... | source_ip: "192.168.1.139" (0xc0a8018b) 0xa92-0xa95.7 (4) 0x0a90| c0 a8 01 01 | .... | destination_ip: "192.168.1.1" (0xc0a80101) 0xa96-0xa99.7 (4) - | | | data: {} (udp) 0xa9a-0xacf.7 (54) + | | | data: {} (udp_datagram) 0xa9a-0xacf.7 (54) 0x0a90| fe 21 | .! | source_port: 65057 0xa9a-0xa9b.7 (2) 0x0a90| 00 35 | .5 | destination_port: "domain" (53) (Domain Name Server) 0xa9c-0xa9d.7 (2) 0x0a90| 00 36| .6| length: 54 0xa9e-0xa9f.7 (2) @@ -857,11 +857,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x0ae0| fd 3a 6b c9 | .:k. | timestamp_low: 3379247869 0xae4-0xae7.7 (4) 0x0ae0| 97 00 00 00 | .... | capture_packet_length: 151 0xae8-0xaeb.7 (4) 0x0ae0| 97 00 00 00| ....| original_packet_length: 151 0xaec-0xaef.7 (4) - | | | packet: {} (ether8023) 0xaf0-0xb86.7 (151) + | | | packet: {} (ether8023_frame) 0xaf0-0xb86.7 (151) 0x0af0|a4 5e 60 f1 7d 93 |.^`.}. | destination: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0xaf0-0xaf5.7 (6) 0x0af0| 94 10 3e 05 36 d3 | ..>.6. | source: "94:10:3e:05:36:d3" (0x94103e0536d3) 0xaf6-0xafb.7 (6) 0x0af0| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0xafc-0xafd.7 (2) - | | | packet: {} (ipv4) 0xafe-0xb86.7 (137) + | | | packet: {} (ipv4_packet) 0xafe-0xb86.7 (137) 0x0af0| 45 | E | version: 4 0xafe-0xafe.3 (0.4) 0x0af0| 45 | E | ihl: 5 0xafe.4-0xafe.7 (0.4) 0x0af0| 00| .| dscp: 0 0xaff-0xaff.5 (0.6) @@ -873,12 +873,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x0b00| 40 | @ | more_fragments: false 0xb04.2-0xb04.2 (0.1) 0x0b00| 40 00 | @. | fragment_offset: 0 0xb04.3-0xb05.7 (1.5) 0x0b00| 40 | @ | ttl: 64 0xb06-0xb06.7 (1) -0x0b00| 11 | . | protocol: "udp" (17) (user datagram protocol) 0xb07-0xb07.7 (1) -0x0b00| b6 87 | .. | header_checksum: 0xb687 0xb08-0xb09.7 (2) +0x0b00| 11 | . | protocol: "udp" (17) (User datagram protocol) 0xb07-0xb07.7 (1) +0x0b00| b6 87 | .. | header_checksum: 0xb687 (valid) 0xb08-0xb09.7 (2) 0x0b00| c0 a8 01 01 | .... | source_ip: "192.168.1.1" (0xc0a80101) 0xb0a-0xb0d.7 (4) 0x0b00| c0 a8| ..| destination_ip: "192.168.1.139" (0xc0a8018b) 0xb0e-0xb11.7 (4) 0x0b10|01 8b |.. | - | | | data: {} (udp) 0xb12-0xb86.7 (117) + | | | data: {} (udp_datagram) 0xb12-0xb86.7 (117) 0x0b10| 00 35 | .5 | source_port: "domain" (53) (Domain Name Server) 0xb12-0xb13.7 (2) 0x0b10| fe 21 | .! | destination_port: 65057 0xb14-0xb15.7 (2) 0x0b10| 00 75 | .u | length: 117 0xb16-0xb17.7 (2) @@ -1006,12 +1006,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x0b90| 1c 41 6b c9| .Ak.| timestamp_low: 3379249436 0xb9c-0xb9f.7 (4) 0x0ba0|56 00 00 00 |V... | capture_packet_length: 86 0xba0-0xba3.7 (4) 0x0ba0| 56 00 00 00 | V... | original_packet_length: 86 0xba4-0xba7.7 (4) - | | | packet: {} (ether8023) 0xba8-0xbfd.7 (86) + | | | packet: {} (ether8023_frame) 0xba8-0xbfd.7 (86) 0x0ba0| 94 10 3e 05 36 d3 | ..>.6. | destination: "94:10:3e:05:36:d3" (0x94103e0536d3) 0xba8-0xbad.7 (6) 0x0ba0| a4 5e| .^| source: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0xbae-0xbb3.7 (6) 0x0bb0|60 f1 7d 93 |`.}. | 0x0bb0| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0xbb4-0xbb5.7 (2) - | | | packet: {} (ipv4) 0xbb6-0xbfd.7 (72) + | | | packet: {} (ipv4_packet) 0xbb6-0xbfd.7 (72) 0x0bb0| 45 | E | version: 4 0xbb6-0xbb6.3 (0.4) 0x0bb0| 45 | E | ihl: 5 0xbb6.4-0xbb6.7 (0.4) 0x0bb0| 00 | . | dscp: 0 0xbb7-0xbb7.5 (0.6) @@ -1023,11 +1023,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x0bb0| 00 | . | more_fragments: false 0xbbc.2-0xbbc.2 (0.1) 0x0bb0| 00 00 | .. | fragment_offset: 0 0xbbc.3-0xbbd.7 (1.5) 0x0bb0| ff | . | ttl: 255 0xbbe-0xbbe.7 (1) -0x0bb0| 11| .| protocol: "udp" (17) (user datagram protocol) 0xbbf-0xbbf.7 (1) -0x0bc0|19 60 |.` | header_checksum: 0x1960 0xbc0-0xbc1.7 (2) +0x0bb0| 11| .| protocol: "udp" (17) (User datagram protocol) 0xbbf-0xbbf.7 (1) +0x0bc0|19 60 |.` | header_checksum: 0x1960 (valid) 0xbc0-0xbc1.7 (2) 0x0bc0| c0 a8 01 8b | .... | source_ip: "192.168.1.139" (0xc0a8018b) 0xbc2-0xbc5.7 (4) 0x0bc0| c0 a8 01 01 | .... | destination_ip: "192.168.1.1" (0xc0a80101) 0xbc6-0xbc9.7 (4) - | | | data: {} (udp) 0xbca-0xbfd.7 (52) + | | | data: {} (udp_datagram) 0xbca-0xbfd.7 (52) 0x0bc0| ca 28 | .( | source_port: 51752 0xbca-0xbcb.7 (2) 0x0bc0| 00 35 | .5 | destination_port: "domain" (53) (Domain Name Server) 0xbcc-0xbcd.7 (2) 0x0bc0| 00 34| .4| length: 52 0xbce-0xbcf.7 (2) @@ -1091,11 +1091,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x0c10| 23 67 6b c9 | #gk. | timestamp_low: 3379259171 0xc14-0xc17.7 (4) 0x0c10| 5a 00 00 00 | Z... | capture_packet_length: 90 0xc18-0xc1b.7 (4) 0x0c10| 5a 00 00 00| Z...| original_packet_length: 90 0xc1c-0xc1f.7 (4) - | | | packet: {} (ether8023) 0xc20-0xc79.7 (90) + | | | packet: {} (ether8023_frame) 0xc20-0xc79.7 (90) 0x0c20|a4 5e 60 f1 7d 93 |.^`.}. | destination: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0xc20-0xc25.7 (6) 0x0c20| 94 10 3e 05 36 d3 | ..>.6. | source: "94:10:3e:05:36:d3" (0x94103e0536d3) 0xc26-0xc2b.7 (6) 0x0c20| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0xc2c-0xc2d.7 (2) - | | | packet: {} (ipv4) 0xc2e-0xc79.7 (76) + | | | packet: {} (ipv4_packet) 0xc2e-0xc79.7 (76) 0x0c20| 45 | E | version: 4 0xc2e-0xc2e.3 (0.4) 0x0c20| 45 | E | ihl: 5 0xc2e.4-0xc2e.7 (0.4) 0x0c20| 28| (| dscp: 10 0xc2f-0xc2f.5 (0.6) @@ -1107,12 +1107,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x0c30| 40 | @ | more_fragments: false 0xc34.2-0xc34.2 (0.1) 0x0c30| 40 00 | @. | fragment_offset: 0 0xc34.3-0xc35.7 (1.5) 0x0c30| 34 | 4 | ttl: 52 0xc36-0xc36.7 (1) -0x0c30| 11 | . | protocol: "udp" (17) (user datagram protocol) 0xc37-0xc37.7 (1) -0x0c30| 65 4c | eL | header_checksum: 0x654c 0xc38-0xc39.7 (2) +0x0c30| 11 | . | protocol: "udp" (17) (User datagram protocol) 0xc37-0xc37.7 (1) +0x0c30| 65 4c | eL | header_checksum: 0x654c (valid) 0xc38-0xc39.7 (2) 0x0c30| 11 fd 0c fd | .... | source_ip: "17.253.12.253" (0x11fd0cfd) 0xc3a-0xc3d.7 (4) 0x0c30| c0 a8| ..| destination_ip: "192.168.1.139" (0xc0a8018b) 0xc3e-0xc41.7 (4) 0x0c40|01 8b |.. | - | | | data: {} (udp) 0xc42-0xc79.7 (56) + | | | data: {} (udp_datagram) 0xc42-0xc79.7 (56) 0x0c40| 00 7b | .{ | source_port: "ntp" (123) (Network Time Protocol) 0xc42-0xc43.7 (2) 0x0c40| 00 7b | .{ | destination_port: "ntp" (123) (Network Time Protocol) 0xc44-0xc45.7 (2) 0x0c40| 00 38 | .8 | length: 56 0xc46-0xc47.7 (2) @@ -1132,12 +1132,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x0c90|27 67 6b c9 |'gk. | timestamp_low: 3379259175 0xc90-0xc93.7 (4) 0x0c90| 56 00 00 00 | V... | capture_packet_length: 86 0xc94-0xc97.7 (4) 0x0c90| 56 00 00 00 | V... | original_packet_length: 86 0xc98-0xc9b.7 (4) - | | | packet: {} (ether8023) 0xc9c-0xcf1.7 (86) + | | | packet: {} (ether8023_frame) 0xc9c-0xcf1.7 (86) 0x0c90| a4 5e 60 f1| .^`.| destination: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0xc9c-0xca1.7 (6) 0x0ca0|7d 93 |}. | 0x0ca0| 94 10 3e 05 36 d3 | ..>.6. | source: "94:10:3e:05:36:d3" (0x94103e0536d3) 0xca2-0xca7.7 (6) 0x0ca0| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0xca8-0xca9.7 (2) - | | | packet: {} (ipv4) 0xcaa-0xcf1.7 (72) + | | | packet: {} (ipv4_packet) 0xcaa-0xcf1.7 (72) 0x0ca0| 45 | E | version: 4 0xcaa-0xcaa.3 (0.4) 0x0ca0| 45 | E | ihl: 5 0xcaa.4-0xcaa.7 (0.4) 0x0ca0| 00 | . | dscp: 0 0xcab-0xcab.5 (0.6) @@ -1149,11 +1149,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x0cb0|40 |@ | more_fragments: false 0xcb0.2-0xcb0.2 (0.1) 0x0cb0|40 00 |@. | fragment_offset: 0 0xcb0.3-0xcb1.7 (1.5) 0x0cb0| 40 | @ | ttl: 64 0xcb2-0xcb2.7 (1) -0x0cb0| 11 | . | protocol: "udp" (17) (user datagram protocol) 0xcb3-0xcb3.7 (1) -0x0cb0| b6 c8 | .. | header_checksum: 0xb6c8 0xcb4-0xcb5.7 (2) +0x0cb0| 11 | . | protocol: "udp" (17) (User datagram protocol) 0xcb3-0xcb3.7 (1) +0x0cb0| b6 c8 | .. | header_checksum: 0xb6c8 (valid) 0xcb4-0xcb5.7 (2) 0x0cb0| c0 a8 01 01 | .... | source_ip: "192.168.1.1" (0xc0a80101) 0xcb6-0xcb9.7 (4) 0x0cb0| c0 a8 01 8b | .... | destination_ip: "192.168.1.139" (0xc0a8018b) 0xcba-0xcbd.7 (4) - | | | data: {} (udp) 0xcbe-0xcf1.7 (52) + | | | data: {} (udp_datagram) 0xcbe-0xcf1.7 (52) 0x0cb0| 00 35| .5| source_port: "domain" (53) (Domain Name Server) 0xcbe-0xcbf.7 (2) 0x0cc0|ca 28 |.( | destination_port: 51752 0xcc0-0xcc1.7 (2) 0x0cc0| 00 34 | .4 | length: 52 0xcc2-0xcc3.7 (2) @@ -1215,11 +1215,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x0d00| a8 34 6e c9 | .4n. | timestamp_low: 3379442856 0xd08-0xd0b.7 (4) 0x0d00| 54 00 00 00| T...| capture_packet_length: 84 0xd0c-0xd0f.7 (4) 0x0d10|54 00 00 00 |T... | original_packet_length: 84 0xd10-0xd13.7 (4) - | | | packet: {} (ether8023) 0xd14-0xd67.7 (84) + | | | packet: {} (ether8023_frame) 0xd14-0xd67.7 (84) 0x0d10| a4 5e 60 f1 7d 93 | .^`.}. | destination: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0xd14-0xd19.7 (6) 0x0d10| 94 10 3e 05 36 d3| ..>.6.| source: "94:10:3e:05:36:d3" (0x94103e0536d3) 0xd1a-0xd1f.7 (6) 0x0d20|08 00 |.. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0xd20-0xd21.7 (2) - | | | packet: {} (ipv4) 0xd22-0xd67.7 (70) + | | | packet: {} (ipv4_packet) 0xd22-0xd67.7 (70) 0x0d20| 45 | E | version: 4 0xd22-0xd22.3 (0.4) 0x0d20| 45 | E | ihl: 5 0xd22.4-0xd22.7 (0.4) 0x0d20| 28 | ( | dscp: 10 0xd23-0xd23.5 (0.6) @@ -1231,12 +1231,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x0d20| 00 | . | more_fragments: false 0xd28.2-0xd28.2 (0.1) 0x0d20| 00 00 | .. | fragment_offset: 0 0xd28.3-0xd29.7 (1.5) 0x0d20| 29 | ) | ttl: 41 0xd2a-0xd2a.7 (1) -0x0d20| 11 | . | protocol: "udp" (17) (user datagram protocol) 0xd2b-0xd2b.7 (1) -0x0d20| 89 05 | .. | header_checksum: 0x8905 0xd2c-0xd2d.7 (2) +0x0d20| 11 | . | protocol: "udp" (17) (User datagram protocol) 0xd2b-0xd2b.7 (1) +0x0d20| 89 05 | .. | header_checksum: 0x8905 (valid) 0xd2c-0xd2d.7 (2) 0x0d20| ad c2| ..| source_ip: "173.194.204.189" (0xadc2ccbd) 0xd2e-0xd31.7 (4) 0x0d30|cc bd |.. | 0x0d30| c0 a8 01 8b | .... | destination_ip: "192.168.1.139" (0xc0a8018b) 0xd32-0xd35.7 (4) - | | | data: {} (udp) 0xd36-0xd67.7 (50) + | | | data: {} (udp_datagram) 0xd36-0xd67.7 (50) 0x0d30| 01 bb | .. | source_port: "https" (443) (http protocol over TLS/SSL) 0xd36-0xd37.7 (2) 0x0d30| cc c9 | .. | destination_port: 52425 0xd38-0xd39.7 (2) 0x0d30| 00 32 | .2 | length: 50 0xd3a-0xd3b.7 (2) @@ -1256,12 +1256,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x0d70| b7 e5 71 c9| ..q.| timestamp_low: 3379684791 0xd7c-0xd7f.7 (4) 0x0d80|56 00 00 00 |V... | capture_packet_length: 86 0xd80-0xd83.7 (4) 0x0d80| 56 00 00 00 | V... | original_packet_length: 86 0xd84-0xd87.7 (4) - | | | packet: {} (ether8023) 0xd88-0xddd.7 (86) + | | | packet: {} (ether8023_frame) 0xd88-0xddd.7 (86) 0x0d80| 94 10 3e 05 36 d3 | ..>.6. | destination: "94:10:3e:05:36:d3" (0x94103e0536d3) 0xd88-0xd8d.7 (6) 0x0d80| a4 5e| .^| source: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0xd8e-0xd93.7 (6) 0x0d90|60 f1 7d 93 |`.}. | 0x0d90| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0xd94-0xd95.7 (2) - | | | packet: {} (ipv4) 0xd96-0xddd.7 (72) + | | | packet: {} (ipv4_packet) 0xd96-0xddd.7 (72) 0x0d90| 45 | E | version: 4 0xd96-0xd96.3 (0.4) 0x0d90| 45 | E | ihl: 5 0xd96.4-0xd96.7 (0.4) 0x0d90| 00 | . | dscp: 0 0xd97-0xd97.5 (0.6) @@ -1273,11 +1273,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x0d90| 00 | . | more_fragments: false 0xd9c.2-0xd9c.2 (0.1) 0x0d90| 00 00 | .. | fragment_offset: 0 0xd9c.3-0xd9d.7 (1.5) 0x0d90| ff | . | ttl: 255 0xd9e-0xd9e.7 (1) -0x0d90| 11| .| protocol: "udp" (17) (user datagram protocol) 0xd9f-0xd9f.7 (1) -0x0da0|d0 93 |.. | header_checksum: 0xd093 0xda0-0xda1.7 (2) +0x0d90| 11| .| protocol: "udp" (17) (User datagram protocol) 0xd9f-0xd9f.7 (1) +0x0da0|d0 93 |.. | header_checksum: 0xd093 (valid) 0xda0-0xda1.7 (2) 0x0da0| c0 a8 01 8b | .... | source_ip: "192.168.1.139" (0xc0a8018b) 0xda2-0xda5.7 (4) 0x0da0| c0 a8 01 01 | .... | destination_ip: "192.168.1.1" (0xc0a80101) 0xda6-0xda9.7 (4) - | | | data: {} (udp) 0xdaa-0xddd.7 (52) + | | | data: {} (udp_datagram) 0xdaa-0xddd.7 (52) 0x0da0| c5 17 | .. | source_port: 50455 0xdaa-0xdab.7 (2) 0x0da0| 00 35 | .5 | destination_port: "domain" (53) (Domain Name Server) 0xdac-0xdad.7 (2) 0x0da0| 00 34| .4| length: 52 0xdae-0xdaf.7 (2) @@ -1341,11 +1341,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x0df0| 08 17 72 c9 | ..r. | timestamp_low: 3379697416 0xdf4-0xdf7.7 (4) 0x0df0| 54 00 00 00 | T... | capture_packet_length: 84 0xdf8-0xdfb.7 (4) 0x0df0| 54 00 00 00| T...| original_packet_length: 84 0xdfc-0xdff.7 (4) - | | | packet: {} (ether8023) 0xe00-0xe53.7 (84) + | | | packet: {} (ether8023_frame) 0xe00-0xe53.7 (84) 0x0e00|a4 5e 60 f1 7d 93 |.^`.}. | destination: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0xe00-0xe05.7 (6) 0x0e00| 94 10 3e 05 36 d3 | ..>.6. | source: "94:10:3e:05:36:d3" (0x94103e0536d3) 0xe06-0xe0b.7 (6) 0x0e00| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0xe0c-0xe0d.7 (2) - | | | packet: {} (ipv4) 0xe0e-0xe53.7 (70) + | | | packet: {} (ipv4_packet) 0xe0e-0xe53.7 (70) 0x0e00| 45 | E | version: 4 0xe0e-0xe0e.3 (0.4) 0x0e00| 45 | E | ihl: 5 0xe0e.4-0xe0e.7 (0.4) 0x0e00| 28| (| dscp: 10 0xe0f-0xe0f.5 (0.6) @@ -1357,12 +1357,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x0e10| 00 | . | more_fragments: false 0xe14.2-0xe14.2 (0.1) 0x0e10| 00 00 | .. | fragment_offset: 0 0xe14.3-0xe15.7 (1.5) 0x0e10| 29 | ) | ttl: 41 0xe16-0xe16.7 (1) -0x0e10| 11 | . | protocol: "udp" (17) (user datagram protocol) 0xe17-0xe17.7 (1) -0x0e10| 88 59 | .Y | header_checksum: 0x8859 0xe18-0xe19.7 (2) +0x0e10| 11 | . | protocol: "udp" (17) (User datagram protocol) 0xe17-0xe17.7 (1) +0x0e10| 88 59 | .Y | header_checksum: 0x8859 (valid) 0xe18-0xe19.7 (2) 0x0e10| ad c2 cc bd | .... | source_ip: "173.194.204.189" (0xadc2ccbd) 0xe1a-0xe1d.7 (4) 0x0e10| c0 a8| ..| destination_ip: "192.168.1.139" (0xc0a8018b) 0xe1e-0xe21.7 (4) 0x0e20|01 8b |.. | - | | | data: {} (udp) 0xe22-0xe53.7 (50) + | | | data: {} (udp_datagram) 0xe22-0xe53.7 (50) 0x0e20| 01 bb | .. | source_port: "https" (443) (http protocol over TLS/SSL) 0xe22-0xe23.7 (2) 0x0e20| cc c9 | .. | destination_port: 52425 0xe24-0xe25.7 (2) 0x0e20| 00 32 | .2 | length: 50 0xe26-0xe27.7 (2) @@ -1382,11 +1382,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x0e60| cf 17 72 c9 | ..r. | timestamp_low: 3379697615 0xe68-0xe6b.7 (4) 0x0e60| 56 00 00 00| V...| capture_packet_length: 86 0xe6c-0xe6f.7 (4) 0x0e70|56 00 00 00 |V... | original_packet_length: 86 0xe70-0xe73.7 (4) - | | | packet: {} (ether8023) 0xe74-0xec9.7 (86) + | | | packet: {} (ether8023_frame) 0xe74-0xec9.7 (86) 0x0e70| 94 10 3e 05 36 d3 | ..>.6. | destination: "94:10:3e:05:36:d3" (0x94103e0536d3) 0xe74-0xe79.7 (6) 0x0e70| a4 5e 60 f1 7d 93| .^`.}.| source: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0xe7a-0xe7f.7 (6) 0x0e80|08 00 |.. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0xe80-0xe81.7 (2) - | | | packet: {} (ipv4) 0xe82-0xec9.7 (72) + | | | packet: {} (ipv4_packet) 0xe82-0xec9.7 (72) 0x0e80| 45 | E | version: 4 0xe82-0xe82.3 (0.4) 0x0e80| 45 | E | ihl: 5 0xe82.4-0xe82.7 (0.4) 0x0e80| 00 | . | dscp: 0 0xe83-0xe83.5 (0.6) @@ -1398,12 +1398,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x0e80| 00 | . | more_fragments: false 0xe88.2-0xe88.2 (0.1) 0x0e80| 00 00 | .. | fragment_offset: 0 0xe88.3-0xe89.7 (1.5) 0x0e80| 40 | @ | ttl: 64 0xe8a-0xe8a.7 (1) -0x0e80| 11 | . | protocol: "udp" (17) (user datagram protocol) 0xe8b-0xe8b.7 (1) -0x0e80| a9 92 | .. | header_checksum: 0xa992 0xe8c-0xe8d.7 (2) +0x0e80| 11 | . | protocol: "udp" (17) (User datagram protocol) 0xe8b-0xe8b.7 (1) +0x0e80| a9 92 | .. | header_checksum: 0xa992 (valid) 0xe8c-0xe8d.7 (2) 0x0e80| c0 a8| ..| source_ip: "192.168.1.139" (0xc0a8018b) 0xe8e-0xe91.7 (4) 0x0e90|01 8b |.. | 0x0e90| ad c2 cc bd | .... | destination_ip: "173.194.204.189" (0xadc2ccbd) 0xe92-0xe95.7 (4) - | | | data: {} (udp) 0xe96-0xec9.7 (52) + | | | data: {} (udp_datagram) 0xe96-0xec9.7 (52) 0x0e90| cc c9 | .. | source_port: 52425 0xe96-0xe97.7 (2) 0x0e90| 01 bb | .. | destination_port: "https" (443) (http protocol over TLS/SSL) 0xe98-0xe99.7 (2) 0x0e90| 00 34 | .4 | length: 52 0xe9a-0xe9b.7 (2) @@ -1423,12 +1423,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x0ee0|bf 8e 73 c9 |..s. | timestamp_low: 3379793599 0xee0-0xee3.7 (4) 0x0ee0| 97 00 00 00 | .... | capture_packet_length: 151 0xee4-0xee7.7 (4) 0x0ee0| 97 00 00 00 | .... | original_packet_length: 151 0xee8-0xeeb.7 (4) - | | | packet: {} (ether8023) 0xeec-0xf82.7 (151) + | | | packet: {} (ether8023_frame) 0xeec-0xf82.7 (151) 0x0ee0| a4 5e 60 f1| .^`.| destination: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0xeec-0xef1.7 (6) 0x0ef0|7d 93 |}. | 0x0ef0| 94 10 3e 05 36 d3 | ..>.6. | source: "94:10:3e:05:36:d3" (0x94103e0536d3) 0xef2-0xef7.7 (6) 0x0ef0| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0xef8-0xef9.7 (2) - | | | packet: {} (ipv4) 0xefa-0xf82.7 (137) + | | | packet: {} (ipv4_packet) 0xefa-0xf82.7 (137) 0x0ef0| 45 | E | version: 4 0xefa-0xefa.3 (0.4) 0x0ef0| 45 | E | ihl: 5 0xefa.4-0xefa.7 (0.4) 0x0ef0| 00 | . | dscp: 0 0xefb-0xefb.5 (0.6) @@ -1440,11 +1440,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x0f00|40 |@ | more_fragments: false 0xf00.2-0xf00.2 (0.1) 0x0f00|40 00 |@. | fragment_offset: 0 0xf00.3-0xf01.7 (1.5) 0x0f00| 40 | @ | ttl: 64 0xf02-0xf02.7 (1) -0x0f00| 11 | . | protocol: "udp" (17) (user datagram protocol) 0xf03-0xf03.7 (1) -0x0f00| b6 87 | .. | header_checksum: 0xb687 0xf04-0xf05.7 (2) +0x0f00| 11 | . | protocol: "udp" (17) (User datagram protocol) 0xf03-0xf03.7 (1) +0x0f00| b6 87 | .. | header_checksum: 0xb687 (valid) 0xf04-0xf05.7 (2) 0x0f00| c0 a8 01 01 | .... | source_ip: "192.168.1.1" (0xc0a80101) 0xf06-0xf09.7 (4) 0x0f00| c0 a8 01 8b | .... | destination_ip: "192.168.1.139" (0xc0a8018b) 0xf0a-0xf0d.7 (4) - | | | data: {} (udp) 0xf0e-0xf82.7 (117) + | | | data: {} (udp_datagram) 0xf0e-0xf82.7 (117) 0x0f00| 00 35| .5| source_port: "domain" (53) (Domain Name Server) 0xf0e-0xf0f.7 (2) 0x0f10|c5 17 |.. | destination_port: 50455 0xf10-0xf11.7 (2) 0x0f10| 00 75 | .u | length: 117 0xf12-0xf13.7 (2) @@ -1599,11 +1599,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x0f90| 9c a7 73 c9 | ..s. | timestamp_low: 3379799964 0xf98-0xf9b.7 (4) 0x0f90| 54 00 00 00| T...| capture_packet_length: 84 0xf9c-0xf9f.7 (4) 0x0fa0|54 00 00 00 |T... | original_packet_length: 84 0xfa0-0xfa3.7 (4) - | | | packet: {} (ether8023) 0xfa4-0xff7.7 (84) + | | | packet: {} (ether8023_frame) 0xfa4-0xff7.7 (84) 0x0fa0| 94 10 3e 05 36 d3 | ..>.6. | destination: "94:10:3e:05:36:d3" (0x94103e0536d3) 0xfa4-0xfa9.7 (6) 0x0fa0| a4 5e 60 f1 7d 93| .^`.}.| source: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0xfaa-0xfaf.7 (6) 0x0fb0|08 00 |.. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0xfb0-0xfb1.7 (2) - | | | packet: {} (ipv4) 0xfb2-0xff7.7 (70) + | | | packet: {} (ipv4_packet) 0xfb2-0xff7.7 (70) 0x0fb0| 45 | E | version: 4 0xfb2-0xfb2.3 (0.4) 0x0fb0| 45 | E | ihl: 5 0xfb2.4-0xfb2.7 (0.4) 0x0fb0| 00 | . | dscp: 0 0xfb3-0xfb3.5 (0.6) @@ -1615,12 +1615,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x0fb0| 00 | . | more_fragments: false 0xfb8.2-0xfb8.2 (0.1) 0x0fb0| 00 00 | .. | fragment_offset: 0 0xfb8.3-0xfb9.7 (1.5) 0x0fb0| ff | . | ttl: 255 0xfba-0xfba.7 (1) -0x0fb0| 11 | . | protocol: "udp" (17) (user datagram protocol) 0xfbb-0xfbb.7 (1) -0x0fb0| d9 55 | .U | header_checksum: 0xd955 0xfbc-0xfbd.7 (2) +0x0fb0| 11 | . | protocol: "udp" (17) (User datagram protocol) 0xfbb-0xfbb.7 (1) +0x0fb0| d9 55 | .U | header_checksum: 0xd955 (valid) 0xfbc-0xfbd.7 (2) 0x0fb0| c0 a8| ..| source_ip: "192.168.1.139" (0xc0a8018b) 0xfbe-0xfc1.7 (4) 0x0fc0|01 8b |.. | 0x0fc0| c0 a8 01 01 | .... | destination_ip: "192.168.1.1" (0xc0a80101) 0xfc2-0xfc5.7 (4) - | | | data: {} (udp) 0xfc6-0xff7.7 (50) + | | | data: {} (udp_datagram) 0xfc6-0xff7.7 (50) 0x0fc0| f0 c6 | .. | source_port: 61638 0xfc6-0xfc7.7 (2) 0x0fc0| 00 35 | .5 | destination_port: "domain" (53) (Domain Name Server) 0xfc8-0xfc9.7 (2) 0x0fc0| 00 32 | .2 | length: 50 0xfca-0xfcb.7 (2) @@ -1684,12 +1684,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x1000| af ac 73 c9| ..s.| timestamp_low: 3379801263 0x100c-0x100f.7 (4) 0x1010|69 00 00 00 |i... | capture_packet_length: 105 0x1010-0x1013.7 (4) 0x1010| 69 00 00 00 | i... | original_packet_length: 105 0x1014-0x1017.7 (4) - | | | packet: {} (ether8023) 0x1018-0x1080.7 (105) + | | | packet: {} (ether8023_frame) 0x1018-0x1080.7 (105) 0x1010| a4 5e 60 f1 7d 93 | .^`.}. | destination: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0x1018-0x101d.7 (6) 0x1010| 94 10| ..| source: "94:10:3e:05:36:d3" (0x94103e0536d3) 0x101e-0x1023.7 (6) 0x1020|3e 05 36 d3 |>.6. | 0x1020| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x1024-0x1025.7 (2) - | | | packet: {} (ipv4) 0x1026-0x1080.7 (91) + | | | packet: {} (ipv4_packet) 0x1026-0x1080.7 (91) 0x1020| 45 | E | version: 4 0x1026-0x1026.3 (0.4) 0x1020| 45 | E | ihl: 5 0x1026.4-0x1026.7 (0.4) 0x1020| 00 | . | dscp: 0 0x1027-0x1027.5 (0.6) @@ -1701,11 +1701,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x1020| 40 | @ | more_fragments: false 0x102c.2-0x102c.2 (0.1) 0x1020| 40 00 | @. | fragment_offset: 0 0x102c.3-0x102d.7 (1.5) 0x1020| 40 | @ | ttl: 64 0x102e-0x102e.7 (1) -0x1020| 11| .| protocol: "udp" (17) (user datagram protocol) 0x102f-0x102f.7 (1) -0x1030|b6 b5 |.. | header_checksum: 0xb6b5 0x1030-0x1031.7 (2) +0x1020| 11| .| protocol: "udp" (17) (User datagram protocol) 0x102f-0x102f.7 (1) +0x1030|b6 b5 |.. | header_checksum: 0xb6b5 (valid) 0x1030-0x1031.7 (2) 0x1030| c0 a8 01 01 | .... | source_ip: "192.168.1.1" (0xc0a80101) 0x1032-0x1035.7 (4) 0x1030| c0 a8 01 8b | .... | destination_ip: "192.168.1.139" (0xc0a8018b) 0x1036-0x1039.7 (4) - | | | data: {} (udp) 0x103a-0x1080.7 (71) + | | | data: {} (udp_datagram) 0x103a-0x1080.7 (71) 0x1030| 00 35 | .5 | source_port: "domain" (53) (Domain Name Server) 0x103a-0x103b.7 (2) 0x1030| f0 c6 | .. | destination_port: 61638 0x103c-0x103d.7 (2) 0x1030| 00 47| .G| length: 71 0x103e-0x103f.7 (2) @@ -1807,11 +1807,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x1090| b4 c8 73 c9 | ..s. | timestamp_low: 3379808436 0x1098-0x109b.7 (4) 0x1090| 58 00 00 00| X...| capture_packet_length: 88 0x109c-0x109f.7 (4) 0x10a0|58 00 00 00 |X... | original_packet_length: 88 0x10a0-0x10a3.7 (4) - | | | packet: {} (ether8023) 0x10a4-0x10fb.7 (88) + | | | packet: {} (ether8023_frame) 0x10a4-0x10fb.7 (88) 0x10a0| 94 10 3e 05 36 d3 | ..>.6. | destination: "94:10:3e:05:36:d3" (0x94103e0536d3) 0x10a4-0x10a9.7 (6) 0x10a0| a4 5e 60 f1 7d 93| .^`.}.| source: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0x10aa-0x10af.7 (6) 0x10b0|08 00 |.. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x10b0-0x10b1.7 (2) - | | | packet: {} (ipv4) 0x10b2-0x10fb.7 (74) + | | | packet: {} (ipv4_packet) 0x10b2-0x10fb.7 (74) 0x10b0| 45 | E | version: 4 0x10b2-0x10b2.3 (0.4) 0x10b0| 45 | E | ihl: 5 0x10b2.4-0x10b2.7 (0.4) 0x10b0| 00 | . | dscp: 0 0x10b3-0x10b3.5 (0.6) @@ -1823,12 +1823,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x10b0| 00 | . | more_fragments: false 0x10b8.2-0x10b8.2 (0.1) 0x10b0| 00 00 | .. | fragment_offset: 0 0x10b8.3-0x10b9.7 (1.5) 0x10b0| ff | . | ttl: 255 0x10ba-0x10ba.7 (1) -0x10b0| 11 | . | protocol: "udp" (17) (user datagram protocol) 0x10bb-0x10bb.7 (1) -0x10b0| b4 ed | .. | header_checksum: 0xb4ed 0x10bc-0x10bd.7 (2) +0x10b0| 11 | . | protocol: "udp" (17) (User datagram protocol) 0x10bb-0x10bb.7 (1) +0x10b0| b4 ed | .. | header_checksum: 0xb4ed (valid) 0x10bc-0x10bd.7 (2) 0x10b0| c0 a8| ..| source_ip: "192.168.1.139" (0xc0a8018b) 0x10be-0x10c1.7 (4) 0x10c0|01 8b |.. | 0x10c0| c0 a8 01 01 | .... | destination_ip: "192.168.1.1" (0xc0a80101) 0x10c2-0x10c5.7 (4) - | | | data: {} (udp) 0x10c6-0x10fb.7 (54) + | | | data: {} (udp_datagram) 0x10c6-0x10fb.7 (54) 0x10c0| cc 06 | .. | source_port: 52230 0x10c6-0x10c7.7 (2) 0x10c0| 00 35 | .5 | destination_port: "domain" (53) (Domain Name Server) 0x10c8-0x10c9.7 (2) 0x10c0| 00 36 | .6 | length: 54 0x10ca-0x10cb.7 (2) @@ -1892,12 +1892,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x1110|3e 01 74 c9 |>.t. | timestamp_low: 3379822910 0x1110-0x1113.7 (4) 0x1110| 7a 00 00 00 | z... | capture_packet_length: 122 0x1114-0x1117.7 (4) 0x1110| 7a 00 00 00 | z... | original_packet_length: 122 0x1118-0x111b.7 (4) - | | | packet: {} (ether8023) 0x111c-0x1195.7 (122) + | | | packet: {} (ether8023_frame) 0x111c-0x1195.7 (122) 0x1110| a4 5e 60 f1| .^`.| destination: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0x111c-0x1121.7 (6) 0x1120|7d 93 |}. | 0x1120| 94 10 3e 05 36 d3 | ..>.6. | source: "94:10:3e:05:36:d3" (0x94103e0536d3) 0x1122-0x1127.7 (6) 0x1120| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x1128-0x1129.7 (2) - | | | packet: {} (ipv4) 0x112a-0x1195.7 (108) + | | | packet: {} (ipv4_packet) 0x112a-0x1195.7 (108) 0x1120| 45 | E | version: 4 0x112a-0x112a.3 (0.4) 0x1120| 45 | E | ihl: 5 0x112a.4-0x112a.7 (0.4) 0x1120| 00 | . | dscp: 0 0x112b-0x112b.5 (0.6) @@ -1909,11 +1909,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x1130|40 |@ | more_fragments: false 0x1130.2-0x1130.2 (0.1) 0x1130|40 00 |@. | fragment_offset: 0 0x1130.3-0x1131.7 (1.5) 0x1130| 40 | @ | ttl: 64 0x1132-0x1132.7 (1) -0x1130| 11 | . | protocol: "udp" (17) (user datagram protocol) 0x1133-0x1133.7 (1) -0x1130| b6 a4 | .. | header_checksum: 0xb6a4 0x1134-0x1135.7 (2) +0x1130| 11 | . | protocol: "udp" (17) (User datagram protocol) 0x1133-0x1133.7 (1) +0x1130| b6 a4 | .. | header_checksum: 0xb6a4 (valid) 0x1134-0x1135.7 (2) 0x1130| c0 a8 01 01 | .... | source_ip: "192.168.1.1" (0xc0a80101) 0x1136-0x1139.7 (4) 0x1130| c0 a8 01 8b | .... | destination_ip: "192.168.1.139" (0xc0a8018b) 0x113a-0x113d.7 (4) - | | | data: {} (udp) 0x113e-0x1195.7 (88) + | | | data: {} (udp_datagram) 0x113e-0x1195.7 (88) 0x1130| 00 35| .5| source_port: "domain" (53) (Domain Name Server) 0x113e-0x113f.7 (2) 0x1140|cc 06 |.. | destination_port: 52230 0x1140-0x1141.7 (2) 0x1140| 00 58 | .X | length: 88 0x1142-0x1143.7 (2) @@ -2022,12 +2022,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x11a0| 98 10 84 c9| ....| timestamp_low: 3380875416 0x11ac-0x11af.7 (4) 0x11b0|4f 00 00 00 |O... | capture_packet_length: 79 0x11b0-0x11b3.7 (4) 0x11b0| 4f 00 00 00 | O... | original_packet_length: 79 0x11b4-0x11b7.7 (4) - | | | packet: {} (ether8023) 0x11b8-0x1206.7 (79) + | | | packet: {} (ether8023_frame) 0x11b8-0x1206.7 (79) 0x11b0| 94 10 3e 05 36 d3 | ..>.6. | destination: "94:10:3e:05:36:d3" (0x94103e0536d3) 0x11b8-0x11bd.7 (6) 0x11b0| a4 5e| .^| source: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0x11be-0x11c3.7 (6) 0x11c0|60 f1 7d 93 |`.}. | 0x11c0| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x11c4-0x11c5.7 (2) - | | | packet: {} (ipv4) 0x11c6-0x1206.7 (65) + | | | packet: {} (ipv4_packet) 0x11c6-0x1206.7 (65) 0x11c0| 45 | E | version: 4 0x11c6-0x11c6.3 (0.4) 0x11c0| 45 | E | ihl: 5 0x11c6.4-0x11c6.7 (0.4) 0x11c0| 00 | . | dscp: 0 0x11c7-0x11c7.5 (0.6) @@ -2039,11 +2039,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x11c0| 00 | . | more_fragments: false 0x11cc.2-0x11cc.2 (0.1) 0x11c0| 00 00 | .. | fragment_offset: 0 0x11cc.3-0x11cd.7 (1.5) 0x11c0| 40 | @ | ttl: 64 0x11ce-0x11ce.7 (1) -0x11c0| 11| .| protocol: "udp" (17) (user datagram protocol) 0x11cf-0x11cf.7 (1) -0x11d0|61 74 |at | header_checksum: 0x6174 0x11d0-0x11d1.7 (2) +0x11c0| 11| .| protocol: "udp" (17) (User datagram protocol) 0x11cf-0x11cf.7 (1) +0x11d0|61 74 |at | header_checksum: 0x6174 (valid) 0x11d0-0x11d1.7 (2) 0x11d0| c0 a8 01 8b | .... | source_ip: "192.168.1.139" (0xc0a8018b) 0x11d2-0x11d5.7 (4) 0x11d0| c0 a8 01 01 | .... | destination_ip: "192.168.1.1" (0xc0a80101) 0x11d6-0x11d9.7 (4) - | | | data: {} (udp) 0x11da-0x1206.7 (45) + | | | data: {} (udp_datagram) 0x11da-0x1206.7 (45) 0x11d0| 99 6c | .l | source_port: 39276 0x11da-0x11db.7 (2) 0x11d0| 00 35 | .5 | destination_port: "domain" (53) (Domain Name Server) 0x11dc-0x11dd.7 (2) 0x11d0| 00 2d| .-| length: 45 0x11de-0x11df.7 (2) @@ -2098,12 +2098,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x1210| 22 73 84 c9| "s..| timestamp_low: 3380900642 0x121c-0x121f.7 (4) 0x1220|17 01 00 00 |.... | capture_packet_length: 279 0x1220-0x1223.7 (4) 0x1220| 17 01 00 00 | .... | original_packet_length: 279 0x1224-0x1227.7 (4) - | | | packet: {} (ether8023) 0x1228-0x133e.7 (279) + | | | packet: {} (ether8023_frame) 0x1228-0x133e.7 (279) 0x1220| a4 5e 60 f1 7d 93 | .^`.}. | destination: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0x1228-0x122d.7 (6) 0x1220| 94 10| ..| source: "94:10:3e:05:36:d3" (0x94103e0536d3) 0x122e-0x1233.7 (6) 0x1230|3e 05 36 d3 |>.6. | 0x1230| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x1234-0x1235.7 (2) - | | | packet: {} (ipv4) 0x1236-0x133e.7 (265) + | | | packet: {} (ipv4_packet) 0x1236-0x133e.7 (265) 0x1230| 45 | E | version: 4 0x1236-0x1236.3 (0.4) 0x1230| 45 | E | ihl: 5 0x1236.4-0x1236.7 (0.4) 0x1230| 00 | . | dscp: 0 0x1237-0x1237.5 (0.6) @@ -2115,11 +2115,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x1230| 40 | @ | more_fragments: false 0x123c.2-0x123c.2 (0.1) 0x1230| 40 00 | @. | fragment_offset: 0 0x123c.3-0x123d.7 (1.5) 0x1230| 40 | @ | ttl: 64 0x123e-0x123e.7 (1) -0x1230| 11| .| protocol: "udp" (17) (user datagram protocol) 0x123f-0x123f.7 (1) -0x1240|b6 07 |.. | header_checksum: 0xb607 0x1240-0x1241.7 (2) +0x1230| 11| .| protocol: "udp" (17) (User datagram protocol) 0x123f-0x123f.7 (1) +0x1240|b6 07 |.. | header_checksum: 0xb607 (valid) 0x1240-0x1241.7 (2) 0x1240| c0 a8 01 01 | .... | source_ip: "192.168.1.1" (0xc0a80101) 0x1242-0x1245.7 (4) 0x1240| c0 a8 01 8b | .... | destination_ip: "192.168.1.139" (0xc0a8018b) 0x1246-0x1249.7 (4) - | | | data: {} (udp) 0x124a-0x133e.7 (245) + | | | data: {} (udp_datagram) 0x124a-0x133e.7 (245) 0x1240| 00 35 | .5 | source_port: "domain" (53) (Domain Name Server) 0x124a-0x124b.7 (2) 0x1240| 99 6c | .l | destination_port: 39276 0x124c-0x124d.7 (2) 0x1240| 00 f5| ..| length: 245 0x124e-0x124f.7 (2) @@ -2537,11 +2537,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x1350| 82 74 84 c9 | .t.. | timestamp_low: 3380900994 0x1354-0x1357.7 (4) 0x1350| 4e 00 00 00 | N... | capture_packet_length: 78 0x1358-0x135b.7 (4) 0x1350| 4e 00 00 00| N...| original_packet_length: 78 0x135c-0x135f.7 (4) - | | | packet: {} (ether8023) 0x1360-0x13ad.7 (78) + | | | packet: {} (ether8023_frame) 0x1360-0x13ad.7 (78) 0x1360|94 10 3e 05 36 d3 |..>.6. | destination: "94:10:3e:05:36:d3" (0x94103e0536d3) 0x1360-0x1365.7 (6) 0x1360| a4 5e 60 f1 7d 93 | .^`.}. | source: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0x1366-0x136b.7 (6) 0x1360| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x136c-0x136d.7 (2) - | | | packet: {} (ipv4) 0x136e-0x13ad.7 (64) + | | | packet: {} (ipv4_packet) 0x136e-0x13ad.7 (64) 0x1360| 45 | E | version: 4 0x136e-0x136e.3 (0.4) 0x1360| 45 | E | ihl: 5 0x136e.4-0x136e.7 (0.4) 0x1360| 00| .| dscp: 0 0x136f-0x136f.5 (0.6) @@ -2553,12 +2553,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x1370| 40 | @ | more_fragments: false 0x1374.2-0x1374.2 (0.1) 0x1370| 40 00 | @. | fragment_offset: 0 0x1374.3-0x1375.7 (1.5) 0x1370| 40 | @ | ttl: 64 0x1376-0x1376.7 (1) -0x1370| 06 | . | protocol: "tcp" (6) (transmission control protocol) 0x1377-0x1377.7 (1) -0x1370| 32 ef | 2. | header_checksum: 0x32ef 0x1378-0x1379.7 (2) +0x1370| 06 | . | protocol: "tcp" (6) (Transmission control protocol) 0x1377-0x1377.7 (1) +0x1370| 32 ef | 2. | header_checksum: 0x32ef (valid) 0x1378-0x1379.7 (2) 0x1370| c0 a8 01 8b | .... | source_ip: "192.168.1.139" (0xc0a8018b) 0x137a-0x137d.7 (4) 0x1370| 4a 7d| J}| destination_ip: "74.125.228.227" (0x4a7de4e3) 0x137e-0x1381.7 (4) 0x1380|e4 e3 |.. | - | | | data: {} (tcp) 0x1382-0x13ad.7 (44) + | | | data: {} (tcp_segment) 0x1382-0x13ad.7 (44) 0x1380| c7 25 | .% | source_port: 50981 0x1382-0x1383.7 (2) 0x1380| 01 bb | .. | destination_port: "https" (443) (http protocol over TLS/SSL) 0x1384-0x1385.7 (2) 0x1380| 2b ce 2e 8a | +... | sequence_number: 734932618 0x1386-0x1389.7 (4) @@ -2577,8 +2577,33 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x1390|ff ff |.. | window_size: 65535 0x1390-0x1391.7 (2) 0x1390| 45 e4 | E. | checksum: 0x45e4 0x1392-0x1393.7 (2) 0x1390| 00 00 | .. | urgent_pointer: 0 0x1394-0x1395.7 (2) -0x1390| 02 04 05 b4 01 03 03 05 01 01| ..........| options: raw bits 0x1396-0x13ad.7 (24) -0x13a0|08 0a 4b 2a 91 21 00 00 00 00 04 02 00 00 |..K*.!........ | + | | | options: [9] 0x1396-0x13ad.7 (24) + | | | [0]: option {} 0x1396-0x1399.7 (4) +0x1390| 02 | . | kind: "maxseg" (2) (Maximum segment size) 0x1396-0x1396.7 (1) +0x1390| 04 | . | length: 4 0x1397-0x1397.7 (1) +0x1390| 05 b4 | .. | data: raw bits 0x1398-0x1399.7 (2) + | | | [1]: option {} 0x139a-0x139a.7 (1) +0x1390| 01 | . | kind: "nop" (1) (No operation) 0x139a-0x139a.7 (1) + | | | [2]: option {} 0x139b-0x139d.7 (3) +0x1390| 03 | . | kind: "winscale" (3) (Window scale) 0x139b-0x139b.7 (1) +0x1390| 03 | . | length: 3 0x139c-0x139c.7 (1) +0x1390| 05 | . | data: raw bits 0x139d-0x139d.7 (1) + | | | [3]: option {} 0x139e-0x139e.7 (1) +0x1390| 01 | . | kind: "nop" (1) (No operation) 0x139e-0x139e.7 (1) + | | | [4]: option {} 0x139f-0x139f.7 (1) +0x1390| 01| .| kind: "nop" (1) (No operation) 0x139f-0x139f.7 (1) + | | | [5]: option {} 0x13a0-0x13a9.7 (10) +0x13a0|08 |. | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x13a0-0x13a0.7 (1) +0x13a0| 0a | . | length: 10 0x13a1-0x13a1.7 (1) +0x13a0| 4b 2a 91 21 00 00 00 00 | K*.!.... | data: raw bits 0x13a2-0x13a9.7 (8) + | | | [6]: option {} 0x13aa-0x13ab.7 (2) +0x13a0| 04 | . | kind: "sack_permitted" (4) (Selective Acknowledgement permitted) 0x13aa-0x13aa.7 (1) +0x13a0| 02 | . | length: 2 0x13ab-0x13ab.7 (1) + | | | data: raw bits 0x13ac-NA (0) + | | | [7]: option {} 0x13ac-0x13ac.7 (1) +0x13a0| 00 | . | kind: "end" (0) (End of options list) 0x13ac-0x13ac.7 (1) + | | | [8]: option {} 0x13ad-0x13ad.7 (1) +0x13a0| 00 | . | kind: "end" (0) (End of options list) 0x13ad-0x13ad.7 (1) | | | data: raw bits 0x13ae-NA (0) | | | capture_padding: raw bits 0x13ae-NA (0) 0x13a0| 00 00| ..| padding: raw bits 0x13ae-0x13af.7 (2) @@ -2592,11 +2617,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x13c0| 83 db 84 c9 | .... | timestamp_low: 3380927363 0x13c4-0x13c7.7 (4) 0x13c0| 4a 00 00 00 | J... | capture_packet_length: 74 0x13c8-0x13cb.7 (4) 0x13c0| 4a 00 00 00| J...| original_packet_length: 74 0x13cc-0x13cf.7 (4) - | | | packet: {} (ether8023) 0x13d0-0x1419.7 (74) + | | | packet: {} (ether8023_frame) 0x13d0-0x1419.7 (74) 0x13d0|a4 5e 60 f1 7d 93 |.^`.}. | destination: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0x13d0-0x13d5.7 (6) 0x13d0| 94 10 3e 05 36 d3 | ..>.6. | source: "94:10:3e:05:36:d3" (0x94103e0536d3) 0x13d6-0x13db.7 (6) 0x13d0| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x13dc-0x13dd.7 (2) - | | | packet: {} (ipv4) 0x13de-0x1419.7 (60) + | | | packet: {} (ipv4_packet) 0x13de-0x1419.7 (60) 0x13d0| 45 | E | version: 4 0x13de-0x13de.3 (0.4) 0x13d0| 45 | E | ihl: 5 0x13de.4-0x13de.7 (0.4) 0x13d0| 28| (| dscp: 10 0x13df-0x13df.5 (0.6) @@ -2608,12 +2633,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x13e0| 00 | . | more_fragments: false 0x13e4.2-0x13e4.2 (0.1) 0x13e0| 00 00 | .. | fragment_offset: 0 0x13e4.3-0x13e5.7 (1.5) 0x13e0| 35 | 5 | ttl: 53 0x13e6-0x13e6.7 (1) -0x13e0| 06 | . | protocol: "tcp" (6) (transmission control protocol) 0x13e7-0x13e7.7 (1) -0x13e0| 53 1e | S. | header_checksum: 0x531e 0x13e8-0x13e9.7 (2) +0x13e0| 06 | . | protocol: "tcp" (6) (Transmission control protocol) 0x13e7-0x13e7.7 (1) +0x13e0| 53 1e | S. | header_checksum: 0x531e (valid) 0x13e8-0x13e9.7 (2) 0x13e0| 4a 7d e4 e3 | J}.. | source_ip: "74.125.228.227" (0x4a7de4e3) 0x13ea-0x13ed.7 (4) 0x13e0| c0 a8| ..| destination_ip: "192.168.1.139" (0xc0a8018b) 0x13ee-0x13f1.7 (4) 0x13f0|01 8b |.. | - | | | data: {} (tcp) 0x13f2-0x1419.7 (40) + | | | data: {} (tcp_segment) 0x13f2-0x1419.7 (40) 0x13f0| 01 bb | .. | source_port: "https" (443) (http protocol over TLS/SSL) 0x13f2-0x13f3.7 (2) 0x13f0| c7 25 | .% | destination_port: 50981 0x13f4-0x13f5.7 (2) 0x13f0| 43 54 83 30 | CT.0 | sequence_number: 1129612080 0x13f6-0x13f9.7 (4) @@ -2632,8 +2657,26 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x1400|a6 2c |., | window_size: 42540 0x1400-0x1401.7 (2) 0x1400| 8a 97 | .. | checksum: 0x8a97 0x1402-0x1403.7 (2) 0x1400| 00 00 | .. | urgent_pointer: 0 0x1404-0x1405.7 (2) -0x1400| 02 04 05 96 04 02 08 0a e4 57| .........W| options: raw bits 0x1406-0x1419.7 (20) -0x1410|7b 53 4b 2a 91 21 01 03 03 07 |{SK*.!.... | + | | | options: [5] 0x1406-0x1419.7 (20) + | | | [0]: option {} 0x1406-0x1409.7 (4) +0x1400| 02 | . | kind: "maxseg" (2) (Maximum segment size) 0x1406-0x1406.7 (1) +0x1400| 04 | . | length: 4 0x1407-0x1407.7 (1) +0x1400| 05 96 | .. | data: raw bits 0x1408-0x1409.7 (2) + | | | [1]: option {} 0x140a-0x140b.7 (2) +0x1400| 04 | . | kind: "sack_permitted" (4) (Selective Acknowledgement permitted) 0x140a-0x140a.7 (1) +0x1400| 02 | . | length: 2 0x140b-0x140b.7 (1) + | | | data: raw bits 0x140c-NA (0) + | | | [2]: option {} 0x140c-0x1415.7 (10) +0x1400| 08 | . | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x140c-0x140c.7 (1) +0x1400| 0a | . | length: 10 0x140d-0x140d.7 (1) +0x1400| e4 57| .W| data: raw bits 0x140e-0x1415.7 (8) +0x1410|7b 53 4b 2a 91 21 |{SK*.! | + | | | [3]: option {} 0x1416-0x1416.7 (1) +0x1410| 01 | . | kind: "nop" (1) (No operation) 0x1416-0x1416.7 (1) + | | | [4]: option {} 0x1417-0x1419.7 (3) +0x1410| 03 | . | kind: "winscale" (3) (Window scale) 0x1417-0x1417.7 (1) +0x1410| 03 | . | length: 3 0x1418-0x1418.7 (1) +0x1410| 07 | . | data: raw bits 0x1419-0x1419.7 (1) | | | data: raw bits 0x141a-NA (0) | | | capture_padding: raw bits 0x141a-NA (0) 0x1410| 00 00 | .. | padding: raw bits 0x141a-0x141b.7 (2) @@ -2647,12 +2690,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x1430|c1 db 84 c9 |.... | timestamp_low: 3380927425 0x1430-0x1433.7 (4) 0x1430| 42 00 00 00 | B... | capture_packet_length: 66 0x1434-0x1437.7 (4) 0x1430| 42 00 00 00 | B... | original_packet_length: 66 0x1438-0x143b.7 (4) - | | | packet: {} (ether8023) 0x143c-0x147d.7 (66) + | | | packet: {} (ether8023_frame) 0x143c-0x147d.7 (66) 0x1430| 94 10 3e 05| ..>.| destination: "94:10:3e:05:36:d3" (0x94103e0536d3) 0x143c-0x1441.7 (6) 0x1440|36 d3 |6. | 0x1440| a4 5e 60 f1 7d 93 | .^`.}. | source: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0x1442-0x1447.7 (6) 0x1440| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x1448-0x1449.7 (2) - | | | packet: {} (ipv4) 0x144a-0x147d.7 (52) + | | | packet: {} (ipv4_packet) 0x144a-0x147d.7 (52) 0x1440| 45 | E | version: 4 0x144a-0x144a.3 (0.4) 0x1440| 45 | E | ihl: 5 0x144a.4-0x144a.7 (0.4) 0x1440| 00 | . | dscp: 0 0x144b-0x144b.5 (0.6) @@ -2664,11 +2707,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x1450|40 |@ | more_fragments: false 0x1450.2-0x1450.2 (0.1) 0x1450|40 00 |@. | fragment_offset: 0 0x1450.3-0x1451.7 (1.5) 0x1450| 40 | @ | ttl: 64 0x1452-0x1452.7 (1) -0x1450| 06 | . | protocol: "tcp" (6) (transmission control protocol) 0x1453-0x1453.7 (1) -0x1450| 1a f9 | .. | header_checksum: 0x1af9 0x1454-0x1455.7 (2) +0x1450| 06 | . | protocol: "tcp" (6) (Transmission control protocol) 0x1453-0x1453.7 (1) +0x1450| 1a f9 | .. | header_checksum: 0x1af9 (valid) 0x1454-0x1455.7 (2) 0x1450| c0 a8 01 8b | .... | source_ip: "192.168.1.139" (0xc0a8018b) 0x1456-0x1459.7 (4) 0x1450| 4a 7d e4 e3 | J}.. | destination_ip: "74.125.228.227" (0x4a7de4e3) 0x145a-0x145d.7 (4) - | | | data: {} (tcp) 0x145e-0x147d.7 (32) + | | | data: {} (tcp_segment) 0x145e-0x147d.7 (32) 0x1450| c7 25| .%| source_port: 50981 0x145e-0x145f.7 (2) 0x1460|01 bb |.. | destination_port: "https" (443) (http protocol over TLS/SSL) 0x1460-0x1461.7 (2) 0x1460| 2b ce 2e 8b | +... | sequence_number: 734932619 0x1462-0x1465.7 (4) @@ -2687,7 +2730,15 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x1460| 10 19 | .. | window_size: 4121 0x146c-0x146d.7 (2) 0x1460| 4f 3f| O?| checksum: 0x4f3f 0x146e-0x146f.7 (2) 0x1470|00 00 |.. | urgent_pointer: 0 0x1470-0x1471.7 (2) -0x1470| 01 01 08 0a 4b 2a 91 3b e4 57 7b 53 | ....K*.;.W{S | options: raw bits 0x1472-0x147d.7 (12) + | | | options: [3] 0x1472-0x147d.7 (12) + | | | [0]: option {} 0x1472-0x1472.7 (1) +0x1470| 01 | . | kind: "nop" (1) (No operation) 0x1472-0x1472.7 (1) + | | | [1]: option {} 0x1473-0x1473.7 (1) +0x1470| 01 | . | kind: "nop" (1) (No operation) 0x1473-0x1473.7 (1) + | | | [2]: option {} 0x1474-0x147d.7 (10) +0x1470| 08 | . | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x1474-0x1474.7 (1) +0x1470| 0a | . | length: 10 0x1475-0x1475.7 (1) +0x1470| 4b 2a 91 3b e4 57 7b 53 | K*.;.W{S | data: raw bits 0x1476-0x147d.7 (8) | | | data: raw bits 0x147e-NA (0) | | | capture_padding: raw bits 0x147e-NA (0) 0x1470| 00 00| ..| padding: raw bits 0x147e-0x147f.7 (2) @@ -2701,11 +2752,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x1490| 6d dc 84 c9 | m... | timestamp_low: 3380927597 0x1494-0x1497.7 (4) 0x1490| 47 02 00 00 | G... | capture_packet_length: 583 0x1498-0x149b.7 (4) 0x1490| 47 02 00 00| G...| original_packet_length: 583 0x149c-0x149f.7 (4) - | | | packet: {} (ether8023) 0x14a0-0x16e6.7 (583) + | | | packet: {} (ether8023_frame) 0x14a0-0x16e6.7 (583) 0x14a0|94 10 3e 05 36 d3 |..>.6. | destination: "94:10:3e:05:36:d3" (0x94103e0536d3) 0x14a0-0x14a5.7 (6) 0x14a0| a4 5e 60 f1 7d 93 | .^`.}. | source: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0x14a6-0x14ab.7 (6) 0x14a0| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x14ac-0x14ad.7 (2) - | | | packet: {} (ipv4) 0x14ae-0x16e6.7 (569) + | | | packet: {} (ipv4_packet) 0x14ae-0x16e6.7 (569) 0x14a0| 45 | E | version: 4 0x14ae-0x14ae.3 (0.4) 0x14a0| 45 | E | ihl: 5 0x14ae.4-0x14ae.7 (0.4) 0x14a0| 00| .| dscp: 0 0x14af-0x14af.5 (0.6) @@ -2717,12 +2768,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x14b0| 40 | @ | more_fragments: false 0x14b4.2-0x14b4.2 (0.1) 0x14b0| 40 00 | @. | fragment_offset: 0 0x14b4.3-0x14b5.7 (1.5) 0x14b0| 40 | @ | ttl: 64 0x14b6-0x14b6.7 (1) -0x14b0| 06 | . | protocol: "tcp" (6) (transmission control protocol) 0x14b7-0x14b7.7 (1) -0x14b0| b9 82 | .. | header_checksum: 0xb982 0x14b8-0x14b9.7 (2) +0x14b0| 06 | . | protocol: "tcp" (6) (Transmission control protocol) 0x14b7-0x14b7.7 (1) +0x14b0| b9 82 | .. | header_checksum: 0xb982 (valid) 0x14b8-0x14b9.7 (2) 0x14b0| c0 a8 01 8b | .... | source_ip: "192.168.1.139" (0xc0a8018b) 0x14ba-0x14bd.7 (4) 0x14b0| 4a 7d| J}| destination_ip: "74.125.228.227" (0x4a7de4e3) 0x14be-0x14c1.7 (4) 0x14c0|e4 e3 |.. | - | | | data: {} (tcp) 0x14c2-0x16e6.7 (549) + | | | data: {} (tcp_segment) 0x14c2-0x16e6.7 (549) 0x14c0| c7 25 | .% | source_port: 50981 0x14c2-0x14c3.7 (2) 0x14c0| 01 bb | .. | destination_port: "https" (443) (http protocol over TLS/SSL) 0x14c4-0x14c5.7 (2) 0x14c0| 2b ce 2e 8b | +... | sequence_number: 734932619 0x14c6-0x14c9.7 (4) @@ -2741,7 +2792,15 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x14d0|10 19 |.. | window_size: 4121 0x14d0-0x14d1.7 (2) 0x14d0| 15 03 | .. | checksum: 0x1503 0x14d2-0x14d3.7 (2) 0x14d0| 00 00 | .. | urgent_pointer: 0 0x14d4-0x14d5.7 (2) -0x14d0| 01 01 08 0a 4b 2a 91 3b e4 57| ....K*.;.W| options: raw bits 0x14d6-0x14e1.7 (12) + | | | options: [3] 0x14d6-0x14e1.7 (12) + | | | [0]: option {} 0x14d6-0x14d6.7 (1) +0x14d0| 01 | . | kind: "nop" (1) (No operation) 0x14d6-0x14d6.7 (1) + | | | [1]: option {} 0x14d7-0x14d7.7 (1) +0x14d0| 01 | . | kind: "nop" (1) (No operation) 0x14d7-0x14d7.7 (1) + | | | [2]: option {} 0x14d8-0x14e1.7 (10) +0x14d0| 08 | . | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x14d8-0x14d8.7 (1) +0x14d0| 0a | . | length: 10 0x14d9-0x14d9.7 (1) +0x14d0| 4b 2a 91 3b e4 57| K*.;.W| data: raw bits 0x14da-0x14e1.7 (8) 0x14e0|7b 53 |{S | 0x14e0| 16 03 01 02 00 01 00 01 fc 03 03 f0 91 bc| ..............| data: raw bits 0x14e2-0x16e6.7 (517) 0x14f0|87 3e ed 9d cc 98 4a 6a 2e 84 3f 5c 1d 9b a9 e9|.>....Jj..?\....| @@ -2758,12 +2817,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x16f0| 70 40 85 c9| p@..| timestamp_low: 3380953200 0x16fc-0x16ff.7 (4) 0x1700|42 00 00 00 |B... | capture_packet_length: 66 0x1700-0x1703.7 (4) 0x1700| 42 00 00 00 | B... | original_packet_length: 66 0x1704-0x1707.7 (4) - | | | packet: {} (ether8023) 0x1708-0x1749.7 (66) + | | | packet: {} (ether8023_frame) 0x1708-0x1749.7 (66) 0x1700| a4 5e 60 f1 7d 93 | .^`.}. | destination: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0x1708-0x170d.7 (6) 0x1700| 94 10| ..| source: "94:10:3e:05:36:d3" (0x94103e0536d3) 0x170e-0x1713.7 (6) 0x1710|3e 05 36 d3 |>.6. | 0x1710| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x1714-0x1715.7 (2) - | | | packet: {} (ipv4) 0x1716-0x1749.7 (52) + | | | packet: {} (ipv4_packet) 0x1716-0x1749.7 (52) 0x1710| 45 | E | version: 4 0x1716-0x1716.3 (0.4) 0x1710| 45 | E | ihl: 5 0x1716.4-0x1716.7 (0.4) 0x1710| 28 | ( | dscp: 10 0x1717-0x1717.5 (0.6) @@ -2775,11 +2834,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x1710| 00 | . | more_fragments: false 0x171c.2-0x171c.2 (0.1) 0x1710| 00 00 | .. | fragment_offset: 0 0x171c.3-0x171d.7 (1.5) 0x1710| 35 | 5 | ttl: 53 0x171e-0x171e.7 (1) -0x1710| 06| .| protocol: "tcp" (6) (transmission control protocol) 0x171f-0x171f.7 (1) -0x1720|53 1b |S. | header_checksum: 0x531b 0x1720-0x1721.7 (2) +0x1710| 06| .| protocol: "tcp" (6) (Transmission control protocol) 0x171f-0x171f.7 (1) +0x1720|53 1b |S. | header_checksum: 0x531b (valid) 0x1720-0x1721.7 (2) 0x1720| 4a 7d e4 e3 | J}.. | source_ip: "74.125.228.227" (0x4a7de4e3) 0x1722-0x1725.7 (4) 0x1720| c0 a8 01 8b | .... | destination_ip: "192.168.1.139" (0xc0a8018b) 0x1726-0x1729.7 (4) - | | | data: {} (tcp) 0x172a-0x1749.7 (32) + | | | data: {} (tcp_segment) 0x172a-0x1749.7 (32) 0x1720| 01 bb | .. | source_port: "https" (443) (http protocol over TLS/SSL) 0x172a-0x172b.7 (2) 0x1720| c7 25 | .% | destination_port: 50981 0x172c-0x172d.7 (2) 0x1720| 43 54| CT| sequence_number: 1129612081 0x172e-0x1731.7 (4) @@ -2799,8 +2858,15 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x1730| 01 55 | .U | window_size: 341 0x1738-0x1739.7 (2) 0x1730| 5b e3 | [. | checksum: 0x5be3 0x173a-0x173b.7 (2) 0x1730| 00 00 | .. | urgent_pointer: 0 0x173c-0x173d.7 (2) -0x1730| 01 01| ..| options: raw bits 0x173e-0x1749.7 (12) -0x1740|08 0a e4 57 7b 6e 4b 2a 91 3b |...W{nK*.; | + | | | options: [3] 0x173e-0x1749.7 (12) + | | | [0]: option {} 0x173e-0x173e.7 (1) +0x1730| 01 | . | kind: "nop" (1) (No operation) 0x173e-0x173e.7 (1) + | | | [1]: option {} 0x173f-0x173f.7 (1) +0x1730| 01| .| kind: "nop" (1) (No operation) 0x173f-0x173f.7 (1) + | | | [2]: option {} 0x1740-0x1749.7 (10) +0x1740|08 |. | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x1740-0x1740.7 (1) +0x1740| 0a | . | length: 10 0x1741-0x1741.7 (1) +0x1740| e4 57 7b 6e 4b 2a 91 3b | .W{nK*.; | data: raw bits 0x1742-0x1749.7 (8) | | | data: raw bits 0x174a-NA (0) | | | capture_padding: raw bits 0x174a-NA (0) 0x1740| 00 00 | .. | padding: raw bits 0x174a-0x174b.7 (2) @@ -2814,12 +2880,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x1760|5d 45 85 c9 |]E.. | timestamp_low: 3380954461 0x1760-0x1763.7 (4) 0x1760| d4 00 00 00 | .... | capture_packet_length: 212 0x1764-0x1767.7 (4) 0x1760| d4 00 00 00 | .... | original_packet_length: 212 0x1768-0x176b.7 (4) - | | | packet: {} (ether8023) 0x176c-0x183f.7 (212) + | | | packet: {} (ether8023_frame) 0x176c-0x183f.7 (212) 0x1760| a4 5e 60 f1| .^`.| destination: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0x176c-0x1771.7 (6) 0x1770|7d 93 |}. | 0x1770| 94 10 3e 05 36 d3 | ..>.6. | source: "94:10:3e:05:36:d3" (0x94103e0536d3) 0x1772-0x1777.7 (6) 0x1770| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x1778-0x1779.7 (2) - | | | packet: {} (ipv4) 0x177a-0x183f.7 (198) + | | | packet: {} (ipv4_packet) 0x177a-0x183f.7 (198) 0x1770| 45 | E | version: 4 0x177a-0x177a.3 (0.4) 0x1770| 45 | E | ihl: 5 0x177a.4-0x177a.7 (0.4) 0x1770| 28 | ( | dscp: 10 0x177b-0x177b.5 (0.6) @@ -2831,11 +2897,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x1780|00 |. | more_fragments: false 0x1780.2-0x1780.2 (0.1) 0x1780|00 00 |.. | fragment_offset: 0 0x1780.3-0x1781.7 (1.5) 0x1780| 35 | 5 | ttl: 53 0x1782-0x1782.7 (1) -0x1780| 06 | . | protocol: "tcp" (6) (transmission control protocol) 0x1783-0x1783.7 (1) -0x1780| 52 88 | R. | header_checksum: 0x5288 0x1784-0x1785.7 (2) +0x1780| 06 | . | protocol: "tcp" (6) (Transmission control protocol) 0x1783-0x1783.7 (1) +0x1780| 52 88 | R. | header_checksum: 0x5288 (valid) 0x1784-0x1785.7 (2) 0x1780| 4a 7d e4 e3 | J}.. | source_ip: "74.125.228.227" (0x4a7de4e3) 0x1786-0x1789.7 (4) 0x1780| c0 a8 01 8b | .... | destination_ip: "192.168.1.139" (0xc0a8018b) 0x178a-0x178d.7 (4) - | | | data: {} (tcp) 0x178e-0x183f.7 (178) + | | | data: {} (tcp_segment) 0x178e-0x183f.7 (178) 0x1780| 01 bb| ..| source_port: "https" (443) (http protocol over TLS/SSL) 0x178e-0x178f.7 (2) 0x1790|c7 25 |.% | destination_port: 50981 0x1790-0x1791.7 (2) 0x1790| 43 54 83 31 | CT.1 | sequence_number: 1129612081 0x1792-0x1795.7 (4) @@ -2854,7 +2920,15 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x1790| 01 55 | .U | window_size: 341 0x179c-0x179d.7 (2) 0x1790| bf 9c| ..| checksum: 0xbf9c 0x179e-0x179f.7 (2) 0x17a0|00 00 |.. | urgent_pointer: 0 0x17a0-0x17a1.7 (2) -0x17a0| 01 01 08 0a e4 57 7b 6e 4b 2a 91 3b | .....W{nK*.; | options: raw bits 0x17a2-0x17ad.7 (12) + | | | options: [3] 0x17a2-0x17ad.7 (12) + | | | [0]: option {} 0x17a2-0x17a2.7 (1) +0x17a0| 01 | . | kind: "nop" (1) (No operation) 0x17a2-0x17a2.7 (1) + | | | [1]: option {} 0x17a3-0x17a3.7 (1) +0x17a0| 01 | . | kind: "nop" (1) (No operation) 0x17a3-0x17a3.7 (1) + | | | [2]: option {} 0x17a4-0x17ad.7 (10) +0x17a0| 08 | . | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x17a4-0x17a4.7 (1) +0x17a0| 0a | . | length: 10 0x17a5-0x17a5.7 (1) +0x17a0| e4 57 7b 6e 4b 2a 91 3b | .W{nK*.; | data: raw bits 0x17a6-0x17ad.7 (8) 0x17a0| 16 03| ..| data: raw bits 0x17ae-0x183f.7 (146) 0x17b0|03 00 5a 02 00 00 56 03 03 55 d0 e5 ff ab 64 a2|..Z...V..U....d.| * |until 0x183f.7 (146) | | @@ -2870,11 +2944,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x1850| 94 45 85 c9 | .E.. | timestamp_low: 3380954516 0x1854-0x1857.7 (4) 0x1850| 42 00 00 00 | B... | capture_packet_length: 66 0x1858-0x185b.7 (4) 0x1850| 42 00 00 00| B...| original_packet_length: 66 0x185c-0x185f.7 (4) - | | | packet: {} (ether8023) 0x1860-0x18a1.7 (66) + | | | packet: {} (ether8023_frame) 0x1860-0x18a1.7 (66) 0x1860|94 10 3e 05 36 d3 |..>.6. | destination: "94:10:3e:05:36:d3" (0x94103e0536d3) 0x1860-0x1865.7 (6) 0x1860| a4 5e 60 f1 7d 93 | .^`.}. | source: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0x1866-0x186b.7 (6) 0x1860| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x186c-0x186d.7 (2) - | | | packet: {} (ipv4) 0x186e-0x18a1.7 (52) + | | | packet: {} (ipv4_packet) 0x186e-0x18a1.7 (52) 0x1860| 45 | E | version: 4 0x186e-0x186e.3 (0.4) 0x1860| 45 | E | ihl: 5 0x186e.4-0x186e.7 (0.4) 0x1860| 00| .| dscp: 0 0x186f-0x186f.5 (0.6) @@ -2886,12 +2960,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x1870| 40 | @ | more_fragments: false 0x1874.2-0x1874.2 (0.1) 0x1870| 40 00 | @. | fragment_offset: 0 0x1874.3-0x1875.7 (1.5) 0x1870| 40 | @ | ttl: 64 0x1876-0x1876.7 (1) -0x1870| 06 | . | protocol: "tcp" (6) (transmission control protocol) 0x1877-0x1877.7 (1) -0x1870| 6f b5 | o. | header_checksum: 0x6fb5 0x1878-0x1879.7 (2) +0x1870| 06 | . | protocol: "tcp" (6) (Transmission control protocol) 0x1877-0x1877.7 (1) +0x1870| 6f b5 | o. | header_checksum: 0x6fb5 (valid) 0x1878-0x1879.7 (2) 0x1870| c0 a8 01 8b | .... | source_ip: "192.168.1.139" (0xc0a8018b) 0x187a-0x187d.7 (4) 0x1870| 4a 7d| J}| destination_ip: "74.125.228.227" (0x4a7de4e3) 0x187e-0x1881.7 (4) 0x1880|e4 e3 |.. | - | | | data: {} (tcp) 0x1882-0x18a1.7 (32) + | | | data: {} (tcp_segment) 0x1882-0x18a1.7 (32) 0x1880| c7 25 | .% | source_port: 50981 0x1882-0x1883.7 (2) 0x1880| 01 bb | .. | destination_port: "https" (443) (http protocol over TLS/SSL) 0x1884-0x1885.7 (2) 0x1880| 2b ce 30 90 | +.0. | sequence_number: 734933136 0x1886-0x1889.7 (4) @@ -2910,7 +2984,15 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x1890|10 14 |.. | window_size: 4116 0x1890-0x1891.7 (2) 0x1890| 4c 78 | Lx | checksum: 0x4c78 0x1892-0x1893.7 (2) 0x1890| 00 00 | .. | urgent_pointer: 0 0x1894-0x1895.7 (2) -0x1890| 01 01 08 0a 4b 2a 91 55 e4 57| ....K*.U.W| options: raw bits 0x1896-0x18a1.7 (12) + | | | options: [3] 0x1896-0x18a1.7 (12) + | | | [0]: option {} 0x1896-0x1896.7 (1) +0x1890| 01 | . | kind: "nop" (1) (No operation) 0x1896-0x1896.7 (1) + | | | [1]: option {} 0x1897-0x1897.7 (1) +0x1890| 01 | . | kind: "nop" (1) (No operation) 0x1897-0x1897.7 (1) + | | | [2]: option {} 0x1898-0x18a1.7 (10) +0x1890| 08 | . | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x1898-0x1898.7 (1) +0x1890| 0a | . | length: 10 0x1899-0x1899.7 (1) +0x1890| 4b 2a 91 55 e4 57| K*.U.W| data: raw bits 0x189a-0x18a1.7 (8) 0x18a0|7b 6e |{n | | | | data: raw bits 0x18a2-NA (0) | | | capture_padding: raw bits 0x18a2-NA (0) @@ -2925,11 +3007,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x18b0| 4b 46 85 c9 | KF.. | timestamp_low: 3380954699 0x18b8-0x18bb.7 (4) 0x18b0| 75 00 00 00| u...| capture_packet_length: 117 0x18bc-0x18bf.7 (4) 0x18c0|75 00 00 00 |u... | original_packet_length: 117 0x18c0-0x18c3.7 (4) - | | | packet: {} (ether8023) 0x18c4-0x1938.7 (117) + | | | packet: {} (ether8023_frame) 0x18c4-0x1938.7 (117) 0x18c0| 94 10 3e 05 36 d3 | ..>.6. | destination: "94:10:3e:05:36:d3" (0x94103e0536d3) 0x18c4-0x18c9.7 (6) 0x18c0| a4 5e 60 f1 7d 93| .^`.}.| source: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0x18ca-0x18cf.7 (6) 0x18d0|08 00 |.. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x18d0-0x18d1.7 (2) - | | | packet: {} (ipv4) 0x18d2-0x1938.7 (103) + | | | packet: {} (ipv4_packet) 0x18d2-0x1938.7 (103) 0x18d0| 45 | E | version: 4 0x18d2-0x18d2.3 (0.4) 0x18d0| 45 | E | ihl: 5 0x18d2.4-0x18d2.7 (0.4) 0x18d0| 00 | . | dscp: 0 0x18d3-0x18d3.5 (0.6) @@ -2941,12 +3023,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x18d0| 40 | @ | more_fragments: false 0x18d8.2-0x18d8.2 (0.1) 0x18d0| 40 00 | @. | fragment_offset: 0 0x18d8.3-0x18d9.7 (1.5) 0x18d0| 40 | @ | ttl: 64 0x18da-0x18da.7 (1) -0x18d0| 06 | . | protocol: "tcp" (6) (transmission control protocol) 0x18db-0x18db.7 (1) -0x18d0| cc 5a | .Z | header_checksum: 0xcc5a 0x18dc-0x18dd.7 (2) +0x18d0| 06 | . | protocol: "tcp" (6) (Transmission control protocol) 0x18db-0x18db.7 (1) +0x18d0| cc 5a | .Z | header_checksum: 0xcc5a (valid) 0x18dc-0x18dd.7 (2) 0x18d0| c0 a8| ..| source_ip: "192.168.1.139" (0xc0a8018b) 0x18de-0x18e1.7 (4) 0x18e0|01 8b |.. | 0x18e0| 4a 7d e4 e3 | J}.. | destination_ip: "74.125.228.227" (0x4a7de4e3) 0x18e2-0x18e5.7 (4) - | | | data: {} (tcp) 0x18e6-0x1938.7 (83) + | | | data: {} (tcp_segment) 0x18e6-0x1938.7 (83) 0x18e0| c7 25 | .% | source_port: 50981 0x18e6-0x18e7.7 (2) 0x18e0| 01 bb | .. | destination_port: "https" (443) (http protocol over TLS/SSL) 0x18e8-0x18e9.7 (2) 0x18e0| 2b ce 30 90 | +.0. | sequence_number: 734933136 0x18ea-0x18ed.7 (4) @@ -2966,7 +3048,15 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x18f0| 10 14 | .. | window_size: 4116 0x18f4-0x18f5.7 (2) 0x18f0| 9a 08 | .. | checksum: 0x9a08 0x18f6-0x18f7.7 (2) 0x18f0| 00 00 | .. | urgent_pointer: 0 0x18f8-0x18f9.7 (2) -0x18f0| 01 01 08 0a 4b 2a| ....K*| options: raw bits 0x18fa-0x1905.7 (12) + | | | options: [3] 0x18fa-0x1905.7 (12) + | | | [0]: option {} 0x18fa-0x18fa.7 (1) +0x18f0| 01 | . | kind: "nop" (1) (No operation) 0x18fa-0x18fa.7 (1) + | | | [1]: option {} 0x18fb-0x18fb.7 (1) +0x18f0| 01 | . | kind: "nop" (1) (No operation) 0x18fb-0x18fb.7 (1) + | | | [2]: option {} 0x18fc-0x1905.7 (10) +0x18f0| 08 | . | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x18fc-0x18fc.7 (1) +0x18f0| 0a | . | length: 10 0x18fd-0x18fd.7 (1) +0x18f0| 4b 2a| K*| data: raw bits 0x18fe-0x1905.7 (8) 0x1900|91 55 e4 57 7b 6e |.U.W{n | 0x1900| 14 03 03 00 01 01 16 03 03 00| ..........| data: raw bits 0x1906-0x1938.7 (51) 0x1910|28 00 00 00 00 00 00 00 00 2f 64 40 f5 c5 eb af|(......../d@....| @@ -2983,12 +3073,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x1950|7e 4d 85 c9 |~M.. | timestamp_low: 3380956542 0x1950-0x1953.7 (4) 0x1950| 77 00 00 00 | w... | capture_packet_length: 119 0x1954-0x1957.7 (4) 0x1950| 77 00 00 00 | w... | original_packet_length: 119 0x1958-0x195b.7 (4) - | | | packet: {} (ether8023) 0x195c-0x19d2.7 (119) + | | | packet: {} (ether8023_frame) 0x195c-0x19d2.7 (119) 0x1950| 94 10 3e 05| ..>.| destination: "94:10:3e:05:36:d3" (0x94103e0536d3) 0x195c-0x1961.7 (6) 0x1960|36 d3 |6. | 0x1960| a4 5e 60 f1 7d 93 | .^`.}. | source: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0x1962-0x1967.7 (6) 0x1960| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x1968-0x1969.7 (2) - | | | packet: {} (ipv4) 0x196a-0x19d2.7 (105) + | | | packet: {} (ipv4_packet) 0x196a-0x19d2.7 (105) 0x1960| 45 | E | version: 4 0x196a-0x196a.3 (0.4) 0x1960| 45 | E | ihl: 5 0x196a.4-0x196a.7 (0.4) 0x1960| 00 | . | dscp: 0 0x196b-0x196b.5 (0.6) @@ -3000,11 +3090,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x1970|40 |@ | more_fragments: false 0x1970.2-0x1970.2 (0.1) 0x1970|40 00 |@. | fragment_offset: 0 0x1970.3-0x1971.7 (1.5) 0x1970| 40 | @ | ttl: 64 0x1972-0x1972.7 (1) -0x1970| 06 | . | protocol: "tcp" (6) (transmission control protocol) 0x1973-0x1973.7 (1) -0x1970| 84 df | .. | header_checksum: 0x84df 0x1974-0x1975.7 (2) +0x1970| 06 | . | protocol: "tcp" (6) (Transmission control protocol) 0x1973-0x1973.7 (1) +0x1970| 84 df | .. | header_checksum: 0x84df (valid) 0x1974-0x1975.7 (2) 0x1970| c0 a8 01 8b | .... | source_ip: "192.168.1.139" (0xc0a8018b) 0x1976-0x1979.7 (4) 0x1970| 4a 7d e4 e3 | J}.. | destination_ip: "74.125.228.227" (0x4a7de4e3) 0x197a-0x197d.7 (4) - | | | data: {} (tcp) 0x197e-0x19d2.7 (85) + | | | data: {} (tcp_segment) 0x197e-0x19d2.7 (85) 0x1970| c7 25| .%| source_port: 50981 0x197e-0x197f.7 (2) 0x1980|01 bb |.. | destination_port: "https" (443) (http protocol over TLS/SSL) 0x1980-0x1981.7 (2) 0x1980| 2b ce 30 c3 | +.0. | sequence_number: 734933187 0x1982-0x1985.7 (4) @@ -3023,7 +3113,15 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x1980| 10 14 | .. | window_size: 4116 0x198c-0x198d.7 (2) 0x1980| 2a 6b| *k| checksum: 0x2a6b 0x198e-0x198f.7 (2) 0x1990|00 00 |.. | urgent_pointer: 0 0x1990-0x1991.7 (2) -0x1990| 01 01 08 0a 4b 2a 91 57 e4 57 7b 6e | ....K*.W.W{n | options: raw bits 0x1992-0x199d.7 (12) + | | | options: [3] 0x1992-0x199d.7 (12) + | | | [0]: option {} 0x1992-0x1992.7 (1) +0x1990| 01 | . | kind: "nop" (1) (No operation) 0x1992-0x1992.7 (1) + | | | [1]: option {} 0x1993-0x1993.7 (1) +0x1990| 01 | . | kind: "nop" (1) (No operation) 0x1993-0x1993.7 (1) + | | | [2]: option {} 0x1994-0x199d.7 (10) +0x1990| 08 | . | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x1994-0x1994.7 (1) +0x1990| 0a | . | length: 10 0x1995-0x1995.7 (1) +0x1990| 4b 2a 91 57 e4 57 7b 6e | K*.W.W{n | data: raw bits 0x1996-0x199d.7 (8) 0x1990| 17 03| ..| data: raw bits 0x199e-0x19d2.7 (53) 0x19a0|03 00 30 00 00 00 00 00 00 00 01 51 98 2a 12 b0|..0........Q.*..| * |until 0x19d2.7 (53) | | @@ -3039,11 +3137,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x19e0| 7f 4d 85 c9 | .M.. | timestamp_low: 3380956543 0x19e8-0x19eb.7 (4) 0x19e0| 74 00 00 00| t...| capture_packet_length: 116 0x19ec-0x19ef.7 (4) 0x19f0|74 00 00 00 |t... | original_packet_length: 116 0x19f0-0x19f3.7 (4) - | | | packet: {} (ether8023) 0x19f4-0x1a67.7 (116) + | | | packet: {} (ether8023_frame) 0x19f4-0x1a67.7 (116) 0x19f0| 94 10 3e 05 36 d3 | ..>.6. | destination: "94:10:3e:05:36:d3" (0x94103e0536d3) 0x19f4-0x19f9.7 (6) 0x19f0| a4 5e 60 f1 7d 93| .^`.}.| source: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0x19fa-0x19ff.7 (6) 0x1a00|08 00 |.. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x1a00-0x1a01.7 (2) - | | | packet: {} (ipv4) 0x1a02-0x1a67.7 (102) + | | | packet: {} (ipv4_packet) 0x1a02-0x1a67.7 (102) 0x1a00| 45 | E | version: 4 0x1a02-0x1a02.3 (0.4) 0x1a00| 45 | E | ihl: 5 0x1a02.4-0x1a02.7 (0.4) 0x1a00| 00 | . | dscp: 0 0x1a03-0x1a03.5 (0.6) @@ -3055,12 +3153,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x1a00| 40 | @ | more_fragments: false 0x1a08.2-0x1a08.2 (0.1) 0x1a00| 40 00 | @. | fragment_offset: 0 0x1a08.3-0x1a09.7 (1.5) 0x1a00| 40 | @ | ttl: 64 0x1a0a-0x1a0a.7 (1) -0x1a00| 06 | . | protocol: "tcp" (6) (transmission control protocol) 0x1a0b-0x1a0b.7 (1) -0x1a00| 65 45 | eE | header_checksum: 0x6545 0x1a0c-0x1a0d.7 (2) +0x1a00| 06 | . | protocol: "tcp" (6) (Transmission control protocol) 0x1a0b-0x1a0b.7 (1) +0x1a00| 65 45 | eE | header_checksum: 0x6545 (valid) 0x1a0c-0x1a0d.7 (2) 0x1a00| c0 a8| ..| source_ip: "192.168.1.139" (0xc0a8018b) 0x1a0e-0x1a11.7 (4) 0x1a10|01 8b |.. | 0x1a10| 4a 7d e4 e3 | J}.. | destination_ip: "74.125.228.227" (0x4a7de4e3) 0x1a12-0x1a15.7 (4) - | | | data: {} (tcp) 0x1a16-0x1a67.7 (82) + | | | data: {} (tcp_segment) 0x1a16-0x1a67.7 (82) 0x1a10| c7 25 | .% | source_port: 50981 0x1a16-0x1a17.7 (2) 0x1a10| 01 bb | .. | destination_port: "https" (443) (http protocol over TLS/SSL) 0x1a18-0x1a19.7 (2) 0x1a10| 2b ce 30 f8 | +.0. | sequence_number: 734933240 0x1a1a-0x1a1d.7 (4) @@ -3080,7 +3178,15 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x1a20| 10 14 | .. | window_size: 4116 0x1a24-0x1a25.7 (2) 0x1a20| f2 bb | .. | checksum: 0xf2bb 0x1a26-0x1a27.7 (2) 0x1a20| 00 00 | .. | urgent_pointer: 0 0x1a28-0x1a29.7 (2) -0x1a20| 01 01 08 0a 4b 2a| ....K*| options: raw bits 0x1a2a-0x1a35.7 (12) + | | | options: [3] 0x1a2a-0x1a35.7 (12) + | | | [0]: option {} 0x1a2a-0x1a2a.7 (1) +0x1a20| 01 | . | kind: "nop" (1) (No operation) 0x1a2a-0x1a2a.7 (1) + | | | [1]: option {} 0x1a2b-0x1a2b.7 (1) +0x1a20| 01 | . | kind: "nop" (1) (No operation) 0x1a2b-0x1a2b.7 (1) + | | | [2]: option {} 0x1a2c-0x1a35.7 (10) +0x1a20| 08 | . | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x1a2c-0x1a2c.7 (1) +0x1a20| 0a | . | length: 10 0x1a2d-0x1a2d.7 (1) +0x1a20| 4b 2a| K*| data: raw bits 0x1a2e-0x1a35.7 (8) 0x1a30|91 57 e4 57 7b 6e |.W.W{n | 0x1a30| 17 03 03 00 2d 00 00 00 00 00| ....-.....| data: raw bits 0x1a36-0x1a67.7 (50) 0x1a40|00 00 02 f0 bc fa 7b fe 22 8d 11 11 1b 0b 72 db|......{.".....r.| @@ -3097,12 +3203,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x1a70| 80 4d 85 c9| .M..| timestamp_low: 3380956544 0x1a7c-0x1a7f.7 (4) 0x1a80|6c 00 00 00 |l... | capture_packet_length: 108 0x1a80-0x1a83.7 (4) 0x1a80| 6c 00 00 00 | l... | original_packet_length: 108 0x1a84-0x1a87.7 (4) - | | | packet: {} (ether8023) 0x1a88-0x1af3.7 (108) + | | | packet: {} (ether8023_frame) 0x1a88-0x1af3.7 (108) 0x1a80| 94 10 3e 05 36 d3 | ..>.6. | destination: "94:10:3e:05:36:d3" (0x94103e0536d3) 0x1a88-0x1a8d.7 (6) 0x1a80| a4 5e| .^| source: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0x1a8e-0x1a93.7 (6) 0x1a90|60 f1 7d 93 |`.}. | 0x1a90| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x1a94-0x1a95.7 (2) - | | | packet: {} (ipv4) 0x1a96-0x1af3.7 (94) + | | | packet: {} (ipv4_packet) 0x1a96-0x1af3.7 (94) 0x1a90| 45 | E | version: 4 0x1a96-0x1a96.3 (0.4) 0x1a90| 45 | E | ihl: 5 0x1a96.4-0x1a96.7 (0.4) 0x1a90| 00 | . | dscp: 0 0x1a97-0x1a97.5 (0.6) @@ -3114,11 +3220,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x1a90| 40 | @ | more_fragments: false 0x1a9c.2-0x1a9c.2 (0.1) 0x1a90| 40 00 | @. | fragment_offset: 0 0x1a9c.3-0x1a9d.7 (1.5) 0x1a90| 40 | @ | ttl: 64 0x1a9e-0x1a9e.7 (1) -0x1a90| 06| .| protocol: "tcp" (6) (transmission control protocol) 0x1a9f-0x1a9f.7 (1) -0x1aa0|45 86 |E. | header_checksum: 0x4586 0x1aa0-0x1aa1.7 (2) +0x1a90| 06| .| protocol: "tcp" (6) (Transmission control protocol) 0x1a9f-0x1a9f.7 (1) +0x1aa0|45 86 |E. | header_checksum: 0x4586 (valid) 0x1aa0-0x1aa1.7 (2) 0x1aa0| c0 a8 01 8b | .... | source_ip: "192.168.1.139" (0xc0a8018b) 0x1aa2-0x1aa5.7 (4) 0x1aa0| 4a 7d e4 e3 | J}.. | destination_ip: "74.125.228.227" (0x4a7de4e3) 0x1aa6-0x1aa9.7 (4) - | | | data: {} (tcp) 0x1aaa-0x1af3.7 (74) + | | | data: {} (tcp_segment) 0x1aaa-0x1af3.7 (74) 0x1aa0| c7 25 | .% | source_port: 50981 0x1aaa-0x1aab.7 (2) 0x1aa0| 01 bb | .. | destination_port: "https" (443) (http protocol over TLS/SSL) 0x1aac-0x1aad.7 (2) 0x1aa0| 2b ce| +.| sequence_number: 734933290 0x1aae-0x1ab1.7 (4) @@ -3138,8 +3244,15 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x1ab0| 10 14 | .. | window_size: 4116 0x1ab8-0x1ab9.7 (2) 0x1ab0| 17 a0 | .. | checksum: 0x17a0 0x1aba-0x1abb.7 (2) 0x1ab0| 00 00 | .. | urgent_pointer: 0 0x1abc-0x1abd.7 (2) -0x1ab0| 01 01| ..| options: raw bits 0x1abe-0x1ac9.7 (12) -0x1ac0|08 0a 4b 2a 91 57 e4 57 7b 6e |..K*.W.W{n | + | | | options: [3] 0x1abe-0x1ac9.7 (12) + | | | [0]: option {} 0x1abe-0x1abe.7 (1) +0x1ab0| 01 | . | kind: "nop" (1) (No operation) 0x1abe-0x1abe.7 (1) + | | | [1]: option {} 0x1abf-0x1abf.7 (1) +0x1ab0| 01| .| kind: "nop" (1) (No operation) 0x1abf-0x1abf.7 (1) + | | | [2]: option {} 0x1ac0-0x1ac9.7 (10) +0x1ac0|08 |. | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x1ac0-0x1ac0.7 (1) +0x1ac0| 0a | . | length: 10 0x1ac1-0x1ac1.7 (1) +0x1ac0| 4b 2a 91 57 e4 57 7b 6e | K*.W.W{n | data: raw bits 0x1ac2-0x1ac9.7 (8) 0x1ac0| 17 03 03 00 25 00| ....%.| data: raw bits 0x1aca-0x1af3.7 (42) 0x1ad0|00 00 00 00 00 00 03 91 f4 86 be 5b 2a 4f 9f 3e|...........[*O.>| * |until 0x1af3.7 (42) | | @@ -3155,11 +3268,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x1b00| 58 4e 85 c9 | XN.. | timestamp_low: 3380956760 0x1b08-0x1b0b.7 (4) 0x1b00| d6 04 00 00| ....| capture_packet_length: 1238 0x1b0c-0x1b0f.7 (4) 0x1b10|d6 04 00 00 |.... | original_packet_length: 1238 0x1b10-0x1b13.7 (4) - | | | packet: {} (ether8023) 0x1b14-0x1fe9.7 (1238) + | | | packet: {} (ether8023_frame) 0x1b14-0x1fe9.7 (1238) 0x1b10| 94 10 3e 05 36 d3 | ..>.6. | destination: "94:10:3e:05:36:d3" (0x94103e0536d3) 0x1b14-0x1b19.7 (6) 0x1b10| a4 5e 60 f1 7d 93| .^`.}.| source: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0x1b1a-0x1b1f.7 (6) 0x1b20|08 00 |.. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x1b20-0x1b21.7 (2) - | | | packet: {} (ipv4) 0x1b22-0x1fe9.7 (1224) + | | | packet: {} (ipv4_packet) 0x1b22-0x1fe9.7 (1224) 0x1b20| 45 | E | version: 4 0x1b22-0x1b22.3 (0.4) 0x1b20| 45 | E | ihl: 5 0x1b22.4-0x1b22.7 (0.4) 0x1b20| 00 | . | dscp: 0 0x1b23-0x1b23.5 (0.6) @@ -3171,12 +3284,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x1b20| 40 | @ | more_fragments: false 0x1b28.2-0x1b28.2 (0.1) 0x1b20| 40 00 | @. | fragment_offset: 0 0x1b28.3-0x1b29.7 (1.5) 0x1b20| 40 | @ | ttl: 64 0x1b2a-0x1b2a.7 (1) -0x1b20| 06 | . | protocol: "tcp" (6) (transmission control protocol) 0x1b2b-0x1b2b.7 (1) -0x1b20| 8c 81 | .. | header_checksum: 0x8c81 0x1b2c-0x1b2d.7 (2) +0x1b20| 06 | . | protocol: "tcp" (6) (Transmission control protocol) 0x1b2b-0x1b2b.7 (1) +0x1b20| 8c 81 | .. | header_checksum: 0x8c81 (valid) 0x1b2c-0x1b2d.7 (2) 0x1b20| c0 a8| ..| source_ip: "192.168.1.139" (0xc0a8018b) 0x1b2e-0x1b31.7 (4) 0x1b30|01 8b |.. | 0x1b30| 4a 7d e4 e3 | J}.. | destination_ip: "74.125.228.227" (0x4a7de4e3) 0x1b32-0x1b35.7 (4) - | | | data: {} (tcp) 0x1b36-0x1fe9.7 (1204) + | | | data: {} (tcp_segment) 0x1b36-0x1fe9.7 (1204) 0x1b30| c7 25 | .% | source_port: 50981 0x1b36-0x1b37.7 (2) 0x1b30| 01 bb | .. | destination_port: "https" (443) (http protocol over TLS/SSL) 0x1b38-0x1b39.7 (2) 0x1b30| 2b ce 31 54 | +.1T | sequence_number: 734933332 0x1b3a-0x1b3d.7 (4) @@ -3196,7 +3309,15 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x1b40| 10 14 | .. | window_size: 4116 0x1b44-0x1b45.7 (2) 0x1b40| 4e 99 | N. | checksum: 0x4e99 0x1b46-0x1b47.7 (2) 0x1b40| 00 00 | .. | urgent_pointer: 0 0x1b48-0x1b49.7 (2) -0x1b40| 01 01 08 0a 4b 2a| ....K*| options: raw bits 0x1b4a-0x1b55.7 (12) + | | | options: [3] 0x1b4a-0x1b55.7 (12) + | | | [0]: option {} 0x1b4a-0x1b4a.7 (1) +0x1b40| 01 | . | kind: "nop" (1) (No operation) 0x1b4a-0x1b4a.7 (1) + | | | [1]: option {} 0x1b4b-0x1b4b.7 (1) +0x1b40| 01 | . | kind: "nop" (1) (No operation) 0x1b4b-0x1b4b.7 (1) + | | | [2]: option {} 0x1b4c-0x1b55.7 (10) +0x1b40| 08 | . | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x1b4c-0x1b4c.7 (1) +0x1b40| 0a | . | length: 10 0x1b4d-0x1b4d.7 (1) +0x1b40| 4b 2a| K*| data: raw bits 0x1b4e-0x1b55.7 (8) 0x1b50|91 57 e4 57 7b 6e |.W.W{n | 0x1b50| 17 03 03 04 8f 00 00 00 00 00| ..........| data: raw bits 0x1b56-0x1fe9.7 (1172) 0x1b60|00 00 04 98 59 fb 7c d9 ba ce c7 cc 54 de 7c d1|....Y.|.....T.|.| @@ -3213,12 +3334,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x2000|56 fc 85 c9 |V... | timestamp_low: 3381001302 0x2000-0x2003.7 (4) 0x2000| 42 00 00 00 | B... | capture_packet_length: 66 0x2004-0x2007.7 (4) 0x2000| 42 00 00 00 | B... | original_packet_length: 66 0x2008-0x200b.7 (4) - | | | packet: {} (ether8023) 0x200c-0x204d.7 (66) + | | | packet: {} (ether8023_frame) 0x200c-0x204d.7 (66) 0x2000| a4 5e 60 f1| .^`.| destination: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0x200c-0x2011.7 (6) 0x2010|7d 93 |}. | 0x2010| 94 10 3e 05 36 d3 | ..>.6. | source: "94:10:3e:05:36:d3" (0x94103e0536d3) 0x2012-0x2017.7 (6) 0x2010| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x2018-0x2019.7 (2) - | | | packet: {} (ipv4) 0x201a-0x204d.7 (52) + | | | packet: {} (ipv4_packet) 0x201a-0x204d.7 (52) 0x2010| 45 | E | version: 4 0x201a-0x201a.3 (0.4) 0x2010| 45 | E | ihl: 5 0x201a.4-0x201a.7 (0.4) 0x2010| 28 | ( | dscp: 10 0x201b-0x201b.5 (0.6) @@ -3230,11 +3351,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x2020|00 |. | more_fragments: false 0x2020.2-0x2020.2 (0.1) 0x2020|00 00 |.. | fragment_offset: 0 0x2020.3-0x2021.7 (1.5) 0x2020| 35 | 5 | ttl: 53 0x2022-0x2022.7 (1) -0x2020| 06 | . | protocol: "tcp" (6) (transmission control protocol) 0x2023-0x2023.7 (1) -0x2020| 53 0c | S. | header_checksum: 0x530c 0x2024-0x2025.7 (2) +0x2020| 06 | . | protocol: "tcp" (6) (Transmission control protocol) 0x2023-0x2023.7 (1) +0x2020| 53 0c | S. | header_checksum: 0x530c (valid) 0x2024-0x2025.7 (2) 0x2020| 4a 7d e4 e3 | J}.. | source_ip: "74.125.228.227" (0x4a7de4e3) 0x2026-0x2029.7 (4) 0x2020| c0 a8 01 8b | .... | destination_ip: "192.168.1.139" (0xc0a8018b) 0x202a-0x202d.7 (4) - | | | data: {} (tcp) 0x202e-0x204d.7 (32) + | | | data: {} (tcp_segment) 0x202e-0x204d.7 (32) 0x2020| 01 bb| ..| source_port: "https" (443) (http protocol over TLS/SSL) 0x202e-0x202f.7 (2) 0x2030|c7 25 |.% | destination_port: 50981 0x2030-0x2031.7 (2) 0x2030| 43 54 83 c3 | CT.. | sequence_number: 1129612227 0x2032-0x2035.7 (4) @@ -3253,7 +3374,15 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x2030| 01 68 | .h | window_size: 360 0x203c-0x203d.7 (2) 0x2030| 55 ae| U.| checksum: 0x55ae 0x203e-0x203f.7 (2) 0x2040|00 00 |.. | urgent_pointer: 0 0x2040-0x2041.7 (2) -0x2040| 01 01 08 0a e4 57 7b 8c 4b 2a 91 55 | .....W{.K*.U | options: raw bits 0x2042-0x204d.7 (12) + | | | options: [3] 0x2042-0x204d.7 (12) + | | | [0]: option {} 0x2042-0x2042.7 (1) +0x2040| 01 | . | kind: "nop" (1) (No operation) 0x2042-0x2042.7 (1) + | | | [1]: option {} 0x2043-0x2043.7 (1) +0x2040| 01 | . | kind: "nop" (1) (No operation) 0x2043-0x2043.7 (1) + | | | [2]: option {} 0x2044-0x204d.7 (10) +0x2040| 08 | . | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x2044-0x2044.7 (1) +0x2040| 0a | . | length: 10 0x2045-0x2045.7 (1) +0x2040| e4 57 7b 8c 4b 2a 91 55 | .W{.K*.U | data: raw bits 0x2046-0x204d.7 (8) | | | data: raw bits 0x204e-NA (0) | | | capture_padding: raw bits 0x204e-NA (0) 0x2040| 00 00| ..| padding: raw bits 0x204e-0x204f.7 (2) @@ -3267,11 +3396,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x2060| 3e 00 86 c9 | >... | timestamp_low: 3381002302 0x2064-0x2067.7 (4) 0x2060| 7a 00 00 00 | z... | capture_packet_length: 122 0x2068-0x206b.7 (4) 0x2060| 7a 00 00 00| z...| original_packet_length: 122 0x206c-0x206f.7 (4) - | | | packet: {} (ether8023) 0x2070-0x20e9.7 (122) + | | | packet: {} (ether8023_frame) 0x2070-0x20e9.7 (122) 0x2070|a4 5e 60 f1 7d 93 |.^`.}. | destination: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0x2070-0x2075.7 (6) 0x2070| 94 10 3e 05 36 d3 | ..>.6. | source: "94:10:3e:05:36:d3" (0x94103e0536d3) 0x2076-0x207b.7 (6) 0x2070| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x207c-0x207d.7 (2) - | | | packet: {} (ipv4) 0x207e-0x20e9.7 (108) + | | | packet: {} (ipv4_packet) 0x207e-0x20e9.7 (108) 0x2070| 45 | E | version: 4 0x207e-0x207e.3 (0.4) 0x2070| 45 | E | ihl: 5 0x207e.4-0x207e.7 (0.4) 0x2070| 28| (| dscp: 10 0x207f-0x207f.5 (0.6) @@ -3283,12 +3412,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x2080| 00 | . | more_fragments: false 0x2084.2-0x2084.2 (0.1) 0x2080| 00 00 | .. | fragment_offset: 0 0x2084.3-0x2085.7 (1.5) 0x2080| 35 | 5 | ttl: 53 0x2086-0x2086.7 (1) -0x2080| 06 | . | protocol: "tcp" (6) (transmission control protocol) 0x2087-0x2087.7 (1) -0x2080| 52 d3 | R. | header_checksum: 0x52d3 0x2088-0x2089.7 (2) +0x2080| 06 | . | protocol: "tcp" (6) (Transmission control protocol) 0x2087-0x2087.7 (1) +0x2080| 52 d3 | R. | header_checksum: 0x52d3 (valid) 0x2088-0x2089.7 (2) 0x2080| 4a 7d e4 e3 | J}.. | source_ip: "74.125.228.227" (0x4a7de4e3) 0x208a-0x208d.7 (4) 0x2080| c0 a8| ..| destination_ip: "192.168.1.139" (0xc0a8018b) 0x208e-0x2091.7 (4) 0x2090|01 8b |.. | - | | | data: {} (tcp) 0x2092-0x20e9.7 (88) + | | | data: {} (tcp_segment) 0x2092-0x20e9.7 (88) 0x2090| 01 bb | .. | source_port: "https" (443) (http protocol over TLS/SSL) 0x2092-0x2093.7 (2) 0x2090| c7 25 | .% | destination_port: 50981 0x2094-0x2095.7 (2) 0x2090| 43 54 83 c3 | CT.. | sequence_number: 1129612227 0x2096-0x2099.7 (4) @@ -3307,7 +3436,15 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x20a0|01 68 |.h | window_size: 360 0x20a0-0x20a1.7 (2) 0x20a0| 94 d1 | .. | checksum: 0x94d1 0x20a2-0x20a3.7 (2) 0x20a0| 00 00 | .. | urgent_pointer: 0 0x20a4-0x20a5.7 (2) -0x20a0| 01 01 08 0a e4 57 7b 8d 4b 2a| .....W{.K*| options: raw bits 0x20a6-0x20b1.7 (12) + | | | options: [3] 0x20a6-0x20b1.7 (12) + | | | [0]: option {} 0x20a6-0x20a6.7 (1) +0x20a0| 01 | . | kind: "nop" (1) (No operation) 0x20a6-0x20a6.7 (1) + | | | [1]: option {} 0x20a7-0x20a7.7 (1) +0x20a0| 01 | . | kind: "nop" (1) (No operation) 0x20a7-0x20a7.7 (1) + | | | [2]: option {} 0x20a8-0x20b1.7 (10) +0x20a0| 08 | . | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x20a8-0x20a8.7 (1) +0x20a0| 0a | . | length: 10 0x20a9-0x20a9.7 (1) +0x20a0| e4 57 7b 8d 4b 2a| .W{.K*| data: raw bits 0x20aa-0x20b1.7 (8) 0x20b0|91 55 |.U | 0x20b0| 17 03 03 00 33 00 00 00 00 00 00 00 01 84| ....3.........| data: raw bits 0x20b2-0x20e9.7 (56) 0x20c0|43 dc 31 8d ea 84 17 37 3d ee 7d 47 7d a0 24 3f|C.1....7=.}G}.$?| @@ -3324,12 +3461,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x2100|43 00 86 c9 |C... | timestamp_low: 3381002307 0x2100-0x2103.7 (4) 0x2100| 6c 00 00 00 | l... | capture_packet_length: 108 0x2104-0x2107.7 (4) 0x2100| 6c 00 00 00 | l... | original_packet_length: 108 0x2108-0x210b.7 (4) - | | | packet: {} (ether8023) 0x210c-0x2177.7 (108) + | | | packet: {} (ether8023_frame) 0x210c-0x2177.7 (108) 0x2100| a4 5e 60 f1| .^`.| destination: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0x210c-0x2111.7 (6) 0x2110|7d 93 |}. | 0x2110| 94 10 3e 05 36 d3 | ..>.6. | source: "94:10:3e:05:36:d3" (0x94103e0536d3) 0x2112-0x2117.7 (6) 0x2110| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x2118-0x2119.7 (2) - | | | packet: {} (ipv4) 0x211a-0x2177.7 (94) + | | | packet: {} (ipv4_packet) 0x211a-0x2177.7 (94) 0x2110| 45 | E | version: 4 0x211a-0x211a.3 (0.4) 0x2110| 45 | E | ihl: 5 0x211a.4-0x211a.7 (0.4) 0x2110| 28 | ( | dscp: 10 0x211b-0x211b.5 (0.6) @@ -3341,11 +3478,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x2120|00 |. | more_fragments: false 0x2120.2-0x2120.2 (0.1) 0x2120|00 00 |.. | fragment_offset: 0 0x2120.3-0x2121.7 (1.5) 0x2120| 35 | 5 | ttl: 53 0x2122-0x2122.7 (1) -0x2120| 06 | . | protocol: "tcp" (6) (transmission control protocol) 0x2123-0x2123.7 (1) -0x2120| 52 e0 | R. | header_checksum: 0x52e0 0x2124-0x2125.7 (2) +0x2120| 06 | . | protocol: "tcp" (6) (Transmission control protocol) 0x2123-0x2123.7 (1) +0x2120| 52 e0 | R. | header_checksum: 0x52e0 (valid) 0x2124-0x2125.7 (2) 0x2120| 4a 7d e4 e3 | J}.. | source_ip: "74.125.228.227" (0x4a7de4e3) 0x2126-0x2129.7 (4) 0x2120| c0 a8 01 8b | .... | destination_ip: "192.168.1.139" (0xc0a8018b) 0x212a-0x212d.7 (4) - | | | data: {} (tcp) 0x212e-0x2177.7 (74) + | | | data: {} (tcp_segment) 0x212e-0x2177.7 (74) 0x2120| 01 bb| ..| source_port: "https" (443) (http protocol over TLS/SSL) 0x212e-0x212f.7 (2) 0x2130|c7 25 |.% | destination_port: 50981 0x2130-0x2131.7 (2) 0x2130| 43 54 83 fb | CT.. | sequence_number: 1129612283 0x2132-0x2135.7 (4) @@ -3364,7 +3501,15 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x2130| 01 68 | .h | window_size: 360 0x213c-0x213d.7 (2) 0x2130| fb 2c| .,| checksum: 0xfb2c 0x213e-0x213f.7 (2) 0x2140|00 00 |.. | urgent_pointer: 0 0x2140-0x2141.7 (2) -0x2140| 01 01 08 0a e4 57 7b 8d 4b 2a 91 55 | .....W{.K*.U | options: raw bits 0x2142-0x214d.7 (12) + | | | options: [3] 0x2142-0x214d.7 (12) + | | | [0]: option {} 0x2142-0x2142.7 (1) +0x2140| 01 | . | kind: "nop" (1) (No operation) 0x2142-0x2142.7 (1) + | | | [1]: option {} 0x2143-0x2143.7 (1) +0x2140| 01 | . | kind: "nop" (1) (No operation) 0x2143-0x2143.7 (1) + | | | [2]: option {} 0x2144-0x214d.7 (10) +0x2140| 08 | . | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x2144-0x2144.7 (1) +0x2140| 0a | . | length: 10 0x2145-0x2145.7 (1) +0x2140| e4 57 7b 8d 4b 2a 91 55 | .W{.K*.U | data: raw bits 0x2146-0x214d.7 (8) 0x2140| 17 03| ..| data: raw bits 0x214e-0x2177.7 (42) 0x2150|03 00 25 00 00 00 00 00 00 00 02 a8 2a 53 77 c7|..%.........*Sw.| * |until 0x2177.7 (42) | | @@ -3380,12 +3525,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x2180| 44 00 86 c9| D...| timestamp_low: 3381002308 0x218c-0x218f.7 (4) 0x2190|68 00 00 00 |h... | capture_packet_length: 104 0x2190-0x2193.7 (4) 0x2190| 68 00 00 00 | h... | original_packet_length: 104 0x2194-0x2197.7 (4) - | | | packet: {} (ether8023) 0x2198-0x21ff.7 (104) + | | | packet: {} (ether8023_frame) 0x2198-0x21ff.7 (104) 0x2190| a4 5e 60 f1 7d 93 | .^`.}. | destination: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0x2198-0x219d.7 (6) 0x2190| 94 10| ..| source: "94:10:3e:05:36:d3" (0x94103e0536d3) 0x219e-0x21a3.7 (6) 0x21a0|3e 05 36 d3 |>.6. | 0x21a0| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x21a4-0x21a5.7 (2) - | | | packet: {} (ipv4) 0x21a6-0x21ff.7 (90) + | | | packet: {} (ipv4_packet) 0x21a6-0x21ff.7 (90) 0x21a0| 45 | E | version: 4 0x21a6-0x21a6.3 (0.4) 0x21a0| 45 | E | ihl: 5 0x21a6.4-0x21a6.7 (0.4) 0x21a0| 28 | ( | dscp: 10 0x21a7-0x21a7.5 (0.6) @@ -3397,11 +3542,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x21a0| 00 | . | more_fragments: false 0x21ac.2-0x21ac.2 (0.1) 0x21a0| 00 00 | .. | fragment_offset: 0 0x21ac.3-0x21ad.7 (1.5) 0x21a0| 35 | 5 | ttl: 53 0x21ae-0x21ae.7 (1) -0x21a0| 06| .| protocol: "tcp" (6) (transmission control protocol) 0x21af-0x21af.7 (1) -0x21b0|52 e3 |R. | header_checksum: 0x52e3 0x21b0-0x21b1.7 (2) +0x21a0| 06| .| protocol: "tcp" (6) (Transmission control protocol) 0x21af-0x21af.7 (1) +0x21b0|52 e3 |R. | header_checksum: 0x52e3 (valid) 0x21b0-0x21b1.7 (2) 0x21b0| 4a 7d e4 e3 | J}.. | source_ip: "74.125.228.227" (0x4a7de4e3) 0x21b2-0x21b5.7 (4) 0x21b0| c0 a8 01 8b | .... | destination_ip: "192.168.1.139" (0xc0a8018b) 0x21b6-0x21b9.7 (4) - | | | data: {} (tcp) 0x21ba-0x21ff.7 (70) + | | | data: {} (tcp_segment) 0x21ba-0x21ff.7 (70) 0x21b0| 01 bb | .. | source_port: "https" (443) (http protocol over TLS/SSL) 0x21ba-0x21bb.7 (2) 0x21b0| c7 25 | .% | destination_port: 50981 0x21bc-0x21bd.7 (2) 0x21b0| 43 54| CT| sequence_number: 1129612325 0x21be-0x21c1.7 (4) @@ -3421,8 +3566,15 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x21c0| 01 68 | .h | window_size: 360 0x21c8-0x21c9.7 (2) 0x21c0| 01 de | .. | checksum: 0x1de 0x21ca-0x21cb.7 (2) 0x21c0| 00 00 | .. | urgent_pointer: 0 0x21cc-0x21cd.7 (2) -0x21c0| 01 01| ..| options: raw bits 0x21ce-0x21d9.7 (12) -0x21d0|08 0a e4 57 7b 8e 4b 2a 91 55 |...W{.K*.U | + | | | options: [3] 0x21ce-0x21d9.7 (12) + | | | [0]: option {} 0x21ce-0x21ce.7 (1) +0x21c0| 01 | . | kind: "nop" (1) (No operation) 0x21ce-0x21ce.7 (1) + | | | [1]: option {} 0x21cf-0x21cf.7 (1) +0x21c0| 01| .| kind: "nop" (1) (No operation) 0x21cf-0x21cf.7 (1) + | | | [2]: option {} 0x21d0-0x21d9.7 (10) +0x21d0|08 |. | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x21d0-0x21d0.7 (1) +0x21d0| 0a | . | length: 10 0x21d1-0x21d1.7 (1) +0x21d0| e4 57 7b 8e 4b 2a 91 55 | .W{.K*.U | data: raw bits 0x21d2-0x21d9.7 (8) 0x21d0| 17 03 03 00 21 00| ....!.| data: raw bits 0x21da-0x21ff.7 (38) 0x21e0|00 00 00 00 00 00 03 bd 10 a7 a4 4e 7d 28 b4 4a|...........N}(.J| 0x21f0|55 a3 39 db 64 b3 7a ae 3d e4 2e fc eb 8e 66 c5|U.9.d.z.=.....f.| @@ -3438,11 +3590,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x2210| 9b 00 86 c9 | .... | timestamp_low: 3381002395 0x2214-0x2217.7 (4) 0x2210| 42 00 00 00 | B... | capture_packet_length: 66 0x2218-0x221b.7 (4) 0x2210| 42 00 00 00| B...| original_packet_length: 66 0x221c-0x221f.7 (4) - | | | packet: {} (ether8023) 0x2220-0x2261.7 (66) + | | | packet: {} (ether8023_frame) 0x2220-0x2261.7 (66) 0x2220|94 10 3e 05 36 d3 |..>.6. | destination: "94:10:3e:05:36:d3" (0x94103e0536d3) 0x2220-0x2225.7 (6) 0x2220| a4 5e 60 f1 7d 93 | .^`.}. | source: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0x2226-0x222b.7 (6) 0x2220| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x222c-0x222d.7 (2) - | | | packet: {} (ipv4) 0x222e-0x2261.7 (52) + | | | packet: {} (ipv4_packet) 0x222e-0x2261.7 (52) 0x2220| 45 | E | version: 4 0x222e-0x222e.3 (0.4) 0x2220| 45 | E | ihl: 5 0x222e.4-0x222e.7 (0.4) 0x2220| 00| .| dscp: 0 0x222f-0x222f.5 (0.6) @@ -3454,12 +3606,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x2230| 40 | @ | more_fragments: false 0x2234.2-0x2234.2 (0.1) 0x2230| 40 00 | @. | fragment_offset: 0 0x2234.3-0x2235.7 (1.5) 0x2230| 40 | @ | ttl: 64 0x2236-0x2236.7 (1) -0x2230| 06 | . | protocol: "tcp" (6) (transmission control protocol) 0x2237-0x2237.7 (1) -0x2230| ef bc | .. | header_checksum: 0xefbc 0x2238-0x2239.7 (2) +0x2230| 06 | . | protocol: "tcp" (6) (Transmission control protocol) 0x2237-0x2237.7 (1) +0x2230| ef bc | .. | header_checksum: 0xefbc (valid) 0x2238-0x2239.7 (2) 0x2230| c0 a8 01 8b | .... | source_ip: "192.168.1.139" (0xc0a8018b) 0x223a-0x223d.7 (4) 0x2230| 4a 7d| J}| destination_ip: "74.125.228.227" (0x4a7de4e3) 0x223e-0x2241.7 (4) 0x2240|e4 e3 |.. | - | | | data: {} (tcp) 0x2242-0x2261.7 (32) + | | | data: {} (tcp_segment) 0x2242-0x2261.7 (32) 0x2240| c7 25 | .% | source_port: 50981 0x2242-0x2243.7 (2) 0x2240| 01 bb | .. | destination_port: "https" (443) (http protocol over TLS/SSL) 0x2244-0x2245.7 (2) 0x2240| 2b ce 35 e8 | +.5. | sequence_number: 734934504 0x2246-0x2249.7 (4) @@ -3478,7 +3630,15 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x2250|10 12 |.. | window_size: 4114 0x2250-0x2251.7 (2) 0x2250| 46 9c | F. | checksum: 0x469c 0x2252-0x2253.7 (2) 0x2250| 00 00 | .. | urgent_pointer: 0 0x2254-0x2255.7 (2) -0x2250| 01 01 08 0a 4b 2a 91 84 e4 57| ....K*...W| options: raw bits 0x2256-0x2261.7 (12) + | | | options: [3] 0x2256-0x2261.7 (12) + | | | [0]: option {} 0x2256-0x2256.7 (1) +0x2250| 01 | . | kind: "nop" (1) (No operation) 0x2256-0x2256.7 (1) + | | | [1]: option {} 0x2257-0x2257.7 (1) +0x2250| 01 | . | kind: "nop" (1) (No operation) 0x2257-0x2257.7 (1) + | | | [2]: option {} 0x2258-0x2261.7 (10) +0x2250| 08 | . | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x2258-0x2258.7 (1) +0x2250| 0a | . | length: 10 0x2259-0x2259.7 (1) +0x2250| 4b 2a 91 84 e4 57| K*...W| data: raw bits 0x225a-0x2261.7 (8) 0x2260|7b 8d |{. | | | | data: raw bits 0x2262-NA (0) | | | capture_padding: raw bits 0x2262-NA (0) @@ -3493,11 +3653,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x2270| 9b 00 86 c9 | .... | timestamp_low: 3381002395 0x2278-0x227b.7 (4) 0x2270| 42 00 00 00| B...| capture_packet_length: 66 0x227c-0x227f.7 (4) 0x2280|42 00 00 00 |B... | original_packet_length: 66 0x2280-0x2283.7 (4) - | | | packet: {} (ether8023) 0x2284-0x22c5.7 (66) + | | | packet: {} (ether8023_frame) 0x2284-0x22c5.7 (66) 0x2280| 94 10 3e 05 36 d3 | ..>.6. | destination: "94:10:3e:05:36:d3" (0x94103e0536d3) 0x2284-0x2289.7 (6) 0x2280| a4 5e 60 f1 7d 93| .^`.}.| source: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0x228a-0x228f.7 (6) 0x2290|08 00 |.. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x2290-0x2291.7 (2) - | | | packet: {} (ipv4) 0x2292-0x22c5.7 (52) + | | | packet: {} (ipv4_packet) 0x2292-0x22c5.7 (52) 0x2290| 45 | E | version: 4 0x2292-0x2292.3 (0.4) 0x2290| 45 | E | ihl: 5 0x2292.4-0x2292.7 (0.4) 0x2290| 00 | . | dscp: 0 0x2293-0x2293.5 (0.6) @@ -3509,12 +3669,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x2290| 40 | @ | more_fragments: false 0x2298.2-0x2298.2 (0.1) 0x2290| 40 00 | @. | fragment_offset: 0 0x2298.3-0x2299.7 (1.5) 0x2290| 40 | @ | ttl: 64 0x229a-0x229a.7 (1) -0x2290| 06 | . | protocol: "tcp" (6) (transmission control protocol) 0x229b-0x229b.7 (1) -0x2290| a3 7a | .z | header_checksum: 0xa37a 0x229c-0x229d.7 (2) +0x2290| 06 | . | protocol: "tcp" (6) (Transmission control protocol) 0x229b-0x229b.7 (1) +0x2290| a3 7a | .z | header_checksum: 0xa37a (valid) 0x229c-0x229d.7 (2) 0x2290| c0 a8| ..| source_ip: "192.168.1.139" (0xc0a8018b) 0x229e-0x22a1.7 (4) 0x22a0|01 8b |.. | 0x22a0| 4a 7d e4 e3 | J}.. | destination_ip: "74.125.228.227" (0x4a7de4e3) 0x22a2-0x22a5.7 (4) - | | | data: {} (tcp) 0x22a6-0x22c5.7 (32) + | | | data: {} (tcp_segment) 0x22a6-0x22c5.7 (32) 0x22a0| c7 25 | .% | source_port: 50981 0x22a6-0x22a7.7 (2) 0x22a0| 01 bb | .. | destination_port: "https" (443) (http protocol over TLS/SSL) 0x22a8-0x22a9.7 (2) 0x22a0| 2b ce 35 e8 | +.5. | sequence_number: 734934504 0x22aa-0x22ad.7 (4) @@ -3534,7 +3694,15 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x22b0| 10 11 | .. | window_size: 4113 0x22b4-0x22b5.7 (2) 0x22b0| 46 73 | Fs | checksum: 0x4673 0x22b6-0x22b7.7 (2) 0x22b0| 00 00 | .. | urgent_pointer: 0 0x22b8-0x22b9.7 (2) -0x22b0| 01 01 08 0a 4b 2a| ....K*| options: raw bits 0x22ba-0x22c5.7 (12) + | | | options: [3] 0x22ba-0x22c5.7 (12) + | | | [0]: option {} 0x22ba-0x22ba.7 (1) +0x22b0| 01 | . | kind: "nop" (1) (No operation) 0x22ba-0x22ba.7 (1) + | | | [1]: option {} 0x22bb-0x22bb.7 (1) +0x22b0| 01 | . | kind: "nop" (1) (No operation) 0x22bb-0x22bb.7 (1) + | | | [2]: option {} 0x22bc-0x22c5.7 (10) +0x22b0| 08 | . | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x22bc-0x22bc.7 (1) +0x22b0| 0a | . | length: 10 0x22bd-0x22bd.7 (1) +0x22b0| 4b 2a| K*| data: raw bits 0x22be-0x22c5.7 (8) 0x22c0|91 84 e4 57 7b 8d |...W{. | | | | data: raw bits 0x22c6-NA (0) | | | capture_padding: raw bits 0x22c6-NA (0) @@ -3549,12 +3717,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x22d0| 9c 00 86 c9| ....| timestamp_low: 3381002396 0x22dc-0x22df.7 (4) 0x22e0|42 00 00 00 |B... | capture_packet_length: 66 0x22e0-0x22e3.7 (4) 0x22e0| 42 00 00 00 | B... | original_packet_length: 66 0x22e4-0x22e7.7 (4) - | | | packet: {} (ether8023) 0x22e8-0x2329.7 (66) + | | | packet: {} (ether8023_frame) 0x22e8-0x2329.7 (66) 0x22e0| 94 10 3e 05 36 d3 | ..>.6. | destination: "94:10:3e:05:36:d3" (0x94103e0536d3) 0x22e8-0x22ed.7 (6) 0x22e0| a4 5e| .^| source: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0x22ee-0x22f3.7 (6) 0x22f0|60 f1 7d 93 |`.}. | 0x22f0| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x22f4-0x22f5.7 (2) - | | | packet: {} (ipv4) 0x22f6-0x2329.7 (52) + | | | packet: {} (ipv4_packet) 0x22f6-0x2329.7 (52) 0x22f0| 45 | E | version: 4 0x22f6-0x22f6.3 (0.4) 0x22f0| 45 | E | ihl: 5 0x22f6.4-0x22f6.7 (0.4) 0x22f0| 00 | . | dscp: 0 0x22f7-0x22f7.5 (0.6) @@ -3566,11 +3734,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x22f0| 40 | @ | more_fragments: false 0x22fc.2-0x22fc.2 (0.1) 0x22f0| 40 00 | @. | fragment_offset: 0 0x22fc.3-0x22fd.7 (1.5) 0x22f0| 40 | @ | ttl: 64 0x22fe-0x22fe.7 (1) -0x22f0| 06| .| protocol: "tcp" (6) (transmission control protocol) 0x22ff-0x22ff.7 (1) -0x2300|c8 9c |.. | header_checksum: 0xc89c 0x2300-0x2301.7 (2) +0x22f0| 06| .| protocol: "tcp" (6) (Transmission control protocol) 0x22ff-0x22ff.7 (1) +0x2300|c8 9c |.. | header_checksum: 0xc89c (valid) 0x2300-0x2301.7 (2) 0x2300| c0 a8 01 8b | .... | source_ip: "192.168.1.139" (0xc0a8018b) 0x2302-0x2305.7 (4) 0x2300| 4a 7d e4 e3 | J}.. | destination_ip: "74.125.228.227" (0x4a7de4e3) 0x2306-0x2309.7 (4) - | | | data: {} (tcp) 0x230a-0x2329.7 (32) + | | | data: {} (tcp_segment) 0x230a-0x2329.7 (32) 0x2300| c7 25 | .% | source_port: 50981 0x230a-0x230b.7 (2) 0x2300| 01 bb | .. | destination_port: "https" (443) (http protocol over TLS/SSL) 0x230c-0x230d.7 (2) 0x2300| 2b ce| +.| sequence_number: 734934504 0x230e-0x2311.7 (4) @@ -3590,8 +3758,15 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x2310| 10 10 | .. | window_size: 4112 0x2318-0x2319.7 (2) 0x2310| 46 4d | FM | checksum: 0x464d 0x231a-0x231b.7 (2) 0x2310| 00 00 | .. | urgent_pointer: 0 0x231c-0x231d.7 (2) -0x2310| 01 01| ..| options: raw bits 0x231e-0x2329.7 (12) -0x2320|08 0a 4b 2a 91 84 e4 57 7b 8e |..K*...W{. | + | | | options: [3] 0x231e-0x2329.7 (12) + | | | [0]: option {} 0x231e-0x231e.7 (1) +0x2310| 01 | . | kind: "nop" (1) (No operation) 0x231e-0x231e.7 (1) + | | | [1]: option {} 0x231f-0x231f.7 (1) +0x2310| 01| .| kind: "nop" (1) (No operation) 0x231f-0x231f.7 (1) + | | | [2]: option {} 0x2320-0x2329.7 (10) +0x2320|08 |. | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x2320-0x2320.7 (1) +0x2320| 0a | . | length: 10 0x2321-0x2321.7 (1) +0x2320| 4b 2a 91 84 e4 57 7b 8e | K*...W{. | data: raw bits 0x2322-0x2329.7 (8) | | | data: raw bits 0x232a-NA (0) | | | capture_padding: raw bits 0x232a-NA (0) 0x2320| 00 00 | .. | padding: raw bits 0x232a-0x232b.7 (2) @@ -3605,12 +3780,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x2340|5e 01 86 c9 |^... | timestamp_low: 3381002590 0x2340-0x2343.7 (4) 0x2340| 68 00 00 00 | h... | capture_packet_length: 104 0x2344-0x2347.7 (4) 0x2340| 68 00 00 00 | h... | original_packet_length: 104 0x2348-0x234b.7 (4) - | | | packet: {} (ether8023) 0x234c-0x23b3.7 (104) + | | | packet: {} (ether8023_frame) 0x234c-0x23b3.7 (104) 0x2340| 94 10 3e 05| ..>.| destination: "94:10:3e:05:36:d3" (0x94103e0536d3) 0x234c-0x2351.7 (6) 0x2350|36 d3 |6. | 0x2350| a4 5e 60 f1 7d 93 | .^`.}. | source: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0x2352-0x2357.7 (6) 0x2350| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x2358-0x2359.7 (2) - | | | packet: {} (ipv4) 0x235a-0x23b3.7 (90) + | | | packet: {} (ipv4_packet) 0x235a-0x23b3.7 (90) 0x2350| 45 | E | version: 4 0x235a-0x235a.3 (0.4) 0x2350| 45 | E | ihl: 5 0x235a.4-0x235a.7 (0.4) 0x2350| 00 | . | dscp: 0 0x235b-0x235b.5 (0.6) @@ -3622,11 +3797,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x2360|40 |@ | more_fragments: false 0x2360.2-0x2360.2 (0.1) 0x2360|40 00 |@. | fragment_offset: 0 0x2360.3-0x2361.7 (1.5) 0x2360| 40 | @ | ttl: 64 0x2362-0x2362.7 (1) -0x2360| 06 | . | protocol: "tcp" (6) (transmission control protocol) 0x2363-0x2363.7 (1) -0x2360| 2d c3 | -. | header_checksum: 0x2dc3 0x2364-0x2365.7 (2) +0x2360| 06 | . | protocol: "tcp" (6) (Transmission control protocol) 0x2363-0x2363.7 (1) +0x2360| 2d c3 | -. | header_checksum: 0x2dc3 (valid) 0x2364-0x2365.7 (2) 0x2360| c0 a8 01 8b | .... | source_ip: "192.168.1.139" (0xc0a8018b) 0x2366-0x2369.7 (4) 0x2360| 4a 7d e4 e3 | J}.. | destination_ip: "74.125.228.227" (0x4a7de4e3) 0x236a-0x236d.7 (4) - | | | data: {} (tcp) 0x236e-0x23b3.7 (70) + | | | data: {} (tcp_segment) 0x236e-0x23b3.7 (70) 0x2360| c7 25| .%| source_port: 50981 0x236e-0x236f.7 (2) 0x2370|01 bb |.. | destination_port: "https" (443) (http protocol over TLS/SSL) 0x2370-0x2371.7 (2) 0x2370| 2b ce 35 e8 | +.5. | sequence_number: 734934504 0x2372-0x2375.7 (4) @@ -3645,7 +3820,15 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x2370| 10 10 | .. | window_size: 4112 0x237c-0x237d.7 (2) 0x2370| c1 14| ..| checksum: 0xc114 0x237e-0x237f.7 (2) 0x2380|00 00 |.. | urgent_pointer: 0 0x2380-0x2381.7 (2) -0x2380| 01 01 08 0a 4b 2a 91 84 e4 57 7b 8e | ....K*...W{. | options: raw bits 0x2382-0x238d.7 (12) + | | | options: [3] 0x2382-0x238d.7 (12) + | | | [0]: option {} 0x2382-0x2382.7 (1) +0x2380| 01 | . | kind: "nop" (1) (No operation) 0x2382-0x2382.7 (1) + | | | [1]: option {} 0x2383-0x2383.7 (1) +0x2380| 01 | . | kind: "nop" (1) (No operation) 0x2383-0x2383.7 (1) + | | | [2]: option {} 0x2384-0x238d.7 (10) +0x2380| 08 | . | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x2384-0x2384.7 (1) +0x2380| 0a | . | length: 10 0x2385-0x2385.7 (1) +0x2380| 4b 2a 91 84 e4 57 7b 8e | K*...W{. | data: raw bits 0x2386-0x238d.7 (8) 0x2380| 17 03| ..| data: raw bits 0x238e-0x23b3.7 (38) 0x2390|03 00 21 00 00 00 00 00 00 00 05 04 b0 d9 88 2d|..!............-| * |until 0x23b3.7 (38) | | @@ -3661,11 +3844,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x23c0| 31 06 86 c9 | 1... | timestamp_low: 3381003825 0x23c8-0x23cb.7 (4) 0x23c0| 30 02 00 00| 0...| capture_packet_length: 560 0x23cc-0x23cf.7 (4) 0x23d0|30 02 00 00 |0... | original_packet_length: 560 0x23d0-0x23d3.7 (4) - | | | packet: {} (ether8023) 0x23d4-0x2603.7 (560) + | | | packet: {} (ether8023_frame) 0x23d4-0x2603.7 (560) 0x23d0| a4 5e 60 f1 7d 93 | .^`.}. | destination: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0x23d4-0x23d9.7 (6) 0x23d0| 94 10 3e 05 36 d3| ..>.6.| source: "94:10:3e:05:36:d3" (0x94103e0536d3) 0x23da-0x23df.7 (6) 0x23e0|08 00 |.. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x23e0-0x23e1.7 (2) - | | | packet: {} (ipv4) 0x23e2-0x2603.7 (546) + | | | packet: {} (ipv4_packet) 0x23e2-0x2603.7 (546) 0x23e0| 45 | E | version: 4 0x23e2-0x23e2.3 (0.4) 0x23e0| 45 | E | ihl: 5 0x23e2.4-0x23e2.7 (0.4) 0x23e0| 28 | ( | dscp: 10 0x23e3-0x23e3.5 (0.6) @@ -3677,12 +3860,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x23e0| 00 | . | more_fragments: false 0x23e8.2-0x23e8.2 (0.1) 0x23e0| 00 00 | .. | fragment_offset: 0 0x23e8.3-0x23e9.7 (1.5) 0x23e0| 35 | 5 | ttl: 53 0x23ea-0x23ea.7 (1) -0x23e0| 06 | . | protocol: "tcp" (6) (transmission control protocol) 0x23eb-0x23eb.7 (1) -0x23e0| 51 1a | Q. | header_checksum: 0x511a 0x23ec-0x23ed.7 (2) +0x23e0| 06 | . | protocol: "tcp" (6) (Transmission control protocol) 0x23eb-0x23eb.7 (1) +0x23e0| 51 1a | Q. | header_checksum: 0x511a (valid) 0x23ec-0x23ed.7 (2) 0x23e0| 4a 7d| J}| source_ip: "74.125.228.227" (0x4a7de4e3) 0x23ee-0x23f1.7 (4) 0x23f0|e4 e3 |.. | 0x23f0| c0 a8 01 8b | .... | destination_ip: "192.168.1.139" (0xc0a8018b) 0x23f2-0x23f5.7 (4) - | | | data: {} (tcp) 0x23f6-0x2603.7 (526) + | | | data: {} (tcp_segment) 0x23f6-0x2603.7 (526) 0x23f0| 01 bb | .. | source_port: "https" (443) (http protocol over TLS/SSL) 0x23f6-0x23f7.7 (2) 0x23f0| c7 25 | .% | destination_port: 50981 0x23f8-0x23f9.7 (2) 0x23f0| 43 54 84 4b | CT.K | sequence_number: 1129612363 0x23fa-0x23fd.7 (4) @@ -3702,7 +3885,15 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x2400| 01 68 | .h | window_size: 360 0x2404-0x2405.7 (2) 0x2400| 6c 2b | l+ | checksum: 0x6c2b 0x2406-0x2407.7 (2) 0x2400| 00 00 | .. | urgent_pointer: 0 0x2408-0x2409.7 (2) -0x2400| 01 01 08 0a e4 57| .....W| options: raw bits 0x240a-0x2415.7 (12) + | | | options: [3] 0x240a-0x2415.7 (12) + | | | [0]: option {} 0x240a-0x240a.7 (1) +0x2400| 01 | . | kind: "nop" (1) (No operation) 0x240a-0x240a.7 (1) + | | | [1]: option {} 0x240b-0x240b.7 (1) +0x2400| 01 | . | kind: "nop" (1) (No operation) 0x240b-0x240b.7 (1) + | | | [2]: option {} 0x240c-0x2415.7 (10) +0x2400| 08 | . | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x240c-0x240c.7 (1) +0x2400| 0a | . | length: 10 0x240d-0x240d.7 (1) +0x2400| e4 57| .W| data: raw bits 0x240e-0x2415.7 (8) 0x2410|7b 99 4b 2a 91 55 |{.K*.U | 0x2410| 17 03 03 01 e9 00 00 00 00 00| ..........| data: raw bits 0x2416-0x2603.7 (494) 0x2420|00 00 04 cf 1d 4f e3 82 9a 07 84 9e f6 6f 6c 9c|.....O.......ol.| @@ -3719,11 +3910,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x2610| 34 06 86 c9 | 4... | timestamp_low: 3381003828 0x2618-0x261b.7 (4) 0x2610| 68 00 00 00| h...| capture_packet_length: 104 0x261c-0x261f.7 (4) 0x2620|68 00 00 00 |h... | original_packet_length: 104 0x2620-0x2623.7 (4) - | | | packet: {} (ether8023) 0x2624-0x268b.7 (104) + | | | packet: {} (ether8023_frame) 0x2624-0x268b.7 (104) 0x2620| a4 5e 60 f1 7d 93 | .^`.}. | destination: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0x2624-0x2629.7 (6) 0x2620| 94 10 3e 05 36 d3| ..>.6.| source: "94:10:3e:05:36:d3" (0x94103e0536d3) 0x262a-0x262f.7 (6) 0x2630|08 00 |.. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x2630-0x2631.7 (2) - | | | packet: {} (ipv4) 0x2632-0x268b.7 (90) + | | | packet: {} (ipv4_packet) 0x2632-0x268b.7 (90) 0x2630| 45 | E | version: 4 0x2632-0x2632.3 (0.4) 0x2630| 45 | E | ihl: 5 0x2632.4-0x2632.7 (0.4) 0x2630| 28 | ( | dscp: 10 0x2633-0x2633.5 (0.6) @@ -3735,12 +3926,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x2630| 00 | . | more_fragments: false 0x2638.2-0x2638.2 (0.1) 0x2630| 00 00 | .. | fragment_offset: 0 0x2638.3-0x2639.7 (1.5) 0x2630| 35 | 5 | ttl: 53 0x263a-0x263a.7 (1) -0x2630| 06 | . | protocol: "tcp" (6) (transmission control protocol) 0x263b-0x263b.7 (1) -0x2630| 52 e1 | R. | header_checksum: 0x52e1 0x263c-0x263d.7 (2) +0x2630| 06 | . | protocol: "tcp" (6) (Transmission control protocol) 0x263b-0x263b.7 (1) +0x2630| 52 e1 | R. | header_checksum: 0x52e1 (valid) 0x263c-0x263d.7 (2) 0x2630| 4a 7d| J}| source_ip: "74.125.228.227" (0x4a7de4e3) 0x263e-0x2641.7 (4) 0x2640|e4 e3 |.. | 0x2640| c0 a8 01 8b | .... | destination_ip: "192.168.1.139" (0xc0a8018b) 0x2642-0x2645.7 (4) - | | | data: {} (tcp) 0x2646-0x268b.7 (70) + | | | data: {} (tcp_segment) 0x2646-0x268b.7 (70) 0x2640| 01 bb | .. | source_port: "https" (443) (http protocol over TLS/SSL) 0x2646-0x2647.7 (2) 0x2640| c7 25 | .% | destination_port: 50981 0x2648-0x2649.7 (2) 0x2640| 43 54 86 39 | CT.9 | sequence_number: 1129612857 0x264a-0x264d.7 (4) @@ -3760,7 +3951,15 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x2650| 01 68 | .h | window_size: 360 0x2654-0x2655.7 (2) 0x2650| 2a ae | *. | checksum: 0x2aae 0x2656-0x2657.7 (2) 0x2650| 00 00 | .. | urgent_pointer: 0 0x2658-0x2659.7 (2) -0x2650| 01 01 08 0a e4 57| .....W| options: raw bits 0x265a-0x2665.7 (12) + | | | options: [3] 0x265a-0x2665.7 (12) + | | | [0]: option {} 0x265a-0x265a.7 (1) +0x2650| 01 | . | kind: "nop" (1) (No operation) 0x265a-0x265a.7 (1) + | | | [1]: option {} 0x265b-0x265b.7 (1) +0x2650| 01 | . | kind: "nop" (1) (No operation) 0x265b-0x265b.7 (1) + | | | [2]: option {} 0x265c-0x2665.7 (10) +0x2650| 08 | . | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x265c-0x265c.7 (1) +0x2650| 0a | . | length: 10 0x265d-0x265d.7 (1) +0x2650| e4 57| .W| data: raw bits 0x265e-0x2665.7 (8) 0x2660|7b 99 4b 2a 91 55 |{.K*.U | 0x2660| 17 03 03 00 21 00 00 00 00 00| ....!.....| data: raw bits 0x2666-0x268b.7 (38) 0x2670|00 00 05 d5 71 fb a3 87 9f 58 83 90 15 c7 2d 65|....q....X....-e| @@ -3777,12 +3976,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x26a0|35 06 86 c9 |5... | timestamp_low: 3381003829 0x26a0-0x26a3.7 (4) 0x26a0| 70 00 00 00 | p... | capture_packet_length: 112 0x26a4-0x26a7.7 (4) 0x26a0| 70 00 00 00 | p... | original_packet_length: 112 0x26a8-0x26ab.7 (4) - | | | packet: {} (ether8023) 0x26ac-0x271b.7 (112) + | | | packet: {} (ether8023_frame) 0x26ac-0x271b.7 (112) 0x26a0| a4 5e 60 f1| .^`.| destination: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0x26ac-0x26b1.7 (6) 0x26b0|7d 93 |}. | 0x26b0| 94 10 3e 05 36 d3 | ..>.6. | source: "94:10:3e:05:36:d3" (0x94103e0536d3) 0x26b2-0x26b7.7 (6) 0x26b0| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x26b8-0x26b9.7 (2) - | | | packet: {} (ipv4) 0x26ba-0x271b.7 (98) + | | | packet: {} (ipv4_packet) 0x26ba-0x271b.7 (98) 0x26b0| 45 | E | version: 4 0x26ba-0x26ba.3 (0.4) 0x26b0| 45 | E | ihl: 5 0x26ba.4-0x26ba.7 (0.4) 0x26b0| 28 | ( | dscp: 10 0x26bb-0x26bb.5 (0.6) @@ -3794,11 +3993,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x26c0|00 |. | more_fragments: false 0x26c0.2-0x26c0.2 (0.1) 0x26c0|00 00 |.. | fragment_offset: 0 0x26c0.3-0x26c1.7 (1.5) 0x26c0| 35 | 5 | ttl: 53 0x26c2-0x26c2.7 (1) -0x26c0| 06 | . | protocol: "tcp" (6) (transmission control protocol) 0x26c3-0x26c3.7 (1) -0x26c0| 52 d8 | R. | header_checksum: 0x52d8 0x26c4-0x26c5.7 (2) +0x26c0| 06 | . | protocol: "tcp" (6) (Transmission control protocol) 0x26c3-0x26c3.7 (1) +0x26c0| 52 d8 | R. | header_checksum: 0x52d8 (valid) 0x26c4-0x26c5.7 (2) 0x26c0| 4a 7d e4 e3 | J}.. | source_ip: "74.125.228.227" (0x4a7de4e3) 0x26c6-0x26c9.7 (4) 0x26c0| c0 a8 01 8b | .... | destination_ip: "192.168.1.139" (0xc0a8018b) 0x26ca-0x26cd.7 (4) - | | | data: {} (tcp) 0x26ce-0x271b.7 (78) + | | | data: {} (tcp_segment) 0x26ce-0x271b.7 (78) 0x26c0| 01 bb| ..| source_port: "https" (443) (http protocol over TLS/SSL) 0x26ce-0x26cf.7 (2) 0x26d0|c7 25 |.% | destination_port: 50981 0x26d0-0x26d1.7 (2) 0x26d0| 43 54 86 5f | CT._ | sequence_number: 1129612895 0x26d2-0x26d5.7 (4) @@ -3817,7 +4016,15 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x26d0| 01 68 | .h | window_size: 360 0x26dc-0x26dd.7 (2) 0x26d0| f9 18| ..| checksum: 0xf918 0x26de-0x26df.7 (2) 0x26e0|00 00 |.. | urgent_pointer: 0 0x26e0-0x26e1.7 (2) -0x26e0| 01 01 08 0a e4 57 7b 99 4b 2a 91 55 | .....W{.K*.U | options: raw bits 0x26e2-0x26ed.7 (12) + | | | options: [3] 0x26e2-0x26ed.7 (12) + | | | [0]: option {} 0x26e2-0x26e2.7 (1) +0x26e0| 01 | . | kind: "nop" (1) (No operation) 0x26e2-0x26e2.7 (1) + | | | [1]: option {} 0x26e3-0x26e3.7 (1) +0x26e0| 01 | . | kind: "nop" (1) (No operation) 0x26e3-0x26e3.7 (1) + | | | [2]: option {} 0x26e4-0x26ed.7 (10) +0x26e0| 08 | . | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x26e4-0x26e4.7 (1) +0x26e0| 0a | . | length: 10 0x26e5-0x26e5.7 (1) +0x26e0| e4 57 7b 99 4b 2a 91 55 | .W{.K*.U | data: raw bits 0x26e6-0x26ed.7 (8) 0x26e0| 17 03| ..| data: raw bits 0x26ee-0x271b.7 (46) 0x26f0|03 00 29 00 00 00 00 00 00 00 06 a7 fa e5 cc 23|..)............#| * |until 0x271b.7 (46) | | @@ -3833,12 +4040,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x2730|70 06 86 c9 |p... | timestamp_low: 3381003888 0x2730-0x2733.7 (4) 0x2730| 42 00 00 00 | B... | capture_packet_length: 66 0x2734-0x2737.7 (4) 0x2730| 42 00 00 00 | B... | original_packet_length: 66 0x2738-0x273b.7 (4) - | | | packet: {} (ether8023) 0x273c-0x277d.7 (66) + | | | packet: {} (ether8023_frame) 0x273c-0x277d.7 (66) 0x2730| 94 10 3e 05| ..>.| destination: "94:10:3e:05:36:d3" (0x94103e0536d3) 0x273c-0x2741.7 (6) 0x2740|36 d3 |6. | 0x2740| a4 5e 60 f1 7d 93 | .^`.}. | source: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0x2742-0x2747.7 (6) 0x2740| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x2748-0x2749.7 (2) - | | | packet: {} (ipv4) 0x274a-0x277d.7 (52) + | | | packet: {} (ipv4_packet) 0x274a-0x277d.7 (52) 0x2740| 45 | E | version: 4 0x274a-0x274a.3 (0.4) 0x2740| 45 | E | ihl: 5 0x274a.4-0x274a.7 (0.4) 0x2740| 00 | . | dscp: 0 0x274b-0x274b.5 (0.6) @@ -3850,11 +4057,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x2750|40 |@ | more_fragments: false 0x2750.2-0x2750.2 (0.1) 0x2750|40 00 |@. | fragment_offset: 0 0x2750.3-0x2751.7 (1.5) 0x2750| 40 | @ | ttl: 64 0x2752-0x2752.7 (1) -0x2750| 06 | . | protocol: "tcp" (6) (transmission control protocol) 0x2753-0x2753.7 (1) -0x2750| 92 1d | .. | header_checksum: 0x921d 0x2754-0x2755.7 (2) +0x2750| 06 | . | protocol: "tcp" (6) (Transmission control protocol) 0x2753-0x2753.7 (1) +0x2750| 92 1d | .. | header_checksum: 0x921d (valid) 0x2754-0x2755.7 (2) 0x2750| c0 a8 01 8b | .... | source_ip: "192.168.1.139" (0xc0a8018b) 0x2756-0x2759.7 (4) 0x2750| 4a 7d e4 e3 | J}.. | destination_ip: "74.125.228.227" (0x4a7de4e3) 0x275a-0x275d.7 (4) - | | | data: {} (tcp) 0x275e-0x277d.7 (32) + | | | data: {} (tcp_segment) 0x275e-0x277d.7 (32) 0x2750| c7 25| .%| source_port: 50981 0x275e-0x275f.7 (2) 0x2760|01 bb |.. | destination_port: "https" (443) (http protocol over TLS/SSL) 0x2760-0x2761.7 (2) 0x2760| 2b ce 36 0e | +.6. | sequence_number: 734934542 0x2762-0x2765.7 (4) @@ -3873,7 +4080,15 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x2760| 10 00 | .. | window_size: 4096 0x276c-0x276d.7 (2) 0x2760| 44 3d| D=| checksum: 0x443d 0x276e-0x276f.7 (2) 0x2770|00 00 |.. | urgent_pointer: 0 0x2770-0x2771.7 (2) -0x2770| 01 01 08 0a 4b 2a 91 85 e4 57 7b 99 | ....K*...W{. | options: raw bits 0x2772-0x277d.7 (12) + | | | options: [3] 0x2772-0x277d.7 (12) + | | | [0]: option {} 0x2772-0x2772.7 (1) +0x2770| 01 | . | kind: "nop" (1) (No operation) 0x2772-0x2772.7 (1) + | | | [1]: option {} 0x2773-0x2773.7 (1) +0x2770| 01 | . | kind: "nop" (1) (No operation) 0x2773-0x2773.7 (1) + | | | [2]: option {} 0x2774-0x277d.7 (10) +0x2770| 08 | . | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x2774-0x2774.7 (1) +0x2770| 0a | . | length: 10 0x2775-0x2775.7 (1) +0x2770| 4b 2a 91 85 e4 57 7b 99 | K*...W{. | data: raw bits 0x2776-0x277d.7 (8) | | | data: raw bits 0x277e-NA (0) | | | capture_padding: raw bits 0x277e-NA (0) 0x2770| 00 00| ..| padding: raw bits 0x277e-0x277f.7 (2) @@ -3887,11 +4102,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x2790| 70 06 86 c9 | p... | timestamp_low: 3381003888 0x2794-0x2797.7 (4) 0x2790| 42 00 00 00 | B... | capture_packet_length: 66 0x2798-0x279b.7 (4) 0x2790| 42 00 00 00| B...| original_packet_length: 66 0x279c-0x279f.7 (4) - | | | packet: {} (ether8023) 0x27a0-0x27e1.7 (66) + | | | packet: {} (ether8023_frame) 0x27a0-0x27e1.7 (66) 0x27a0|94 10 3e 05 36 d3 |..>.6. | destination: "94:10:3e:05:36:d3" (0x94103e0536d3) 0x27a0-0x27a5.7 (6) 0x27a0| a4 5e 60 f1 7d 93 | .^`.}. | source: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0x27a6-0x27ab.7 (6) 0x27a0| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x27ac-0x27ad.7 (2) - | | | packet: {} (ipv4) 0x27ae-0x27e1.7 (52) + | | | packet: {} (ipv4_packet) 0x27ae-0x27e1.7 (52) 0x27a0| 45 | E | version: 4 0x27ae-0x27ae.3 (0.4) 0x27a0| 45 | E | ihl: 5 0x27ae.4-0x27ae.7 (0.4) 0x27a0| 00| .| dscp: 0 0x27af-0x27af.5 (0.6) @@ -3903,12 +4118,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x27b0| 40 | @ | more_fragments: false 0x27b4.2-0x27b4.2 (0.1) 0x27b0| 40 00 | @. | fragment_offset: 0 0x27b4.3-0x27b5.7 (1.5) 0x27b0| 40 | @ | ttl: 64 0x27b6-0x27b6.7 (1) -0x27b0| 06 | . | protocol: "tcp" (6) (transmission control protocol) 0x27b7-0x27b7.7 (1) -0x27b0| 8e 95 | .. | header_checksum: 0x8e95 0x27b8-0x27b9.7 (2) +0x27b0| 06 | . | protocol: "tcp" (6) (Transmission control protocol) 0x27b7-0x27b7.7 (1) +0x27b0| 8e 95 | .. | header_checksum: 0x8e95 (valid) 0x27b8-0x27b9.7 (2) 0x27b0| c0 a8 01 8b | .... | source_ip: "192.168.1.139" (0xc0a8018b) 0x27ba-0x27bd.7 (4) 0x27b0| 4a 7d| J}| destination_ip: "74.125.228.227" (0x4a7de4e3) 0x27be-0x27c1.7 (4) 0x27c0|e4 e3 |.. | - | | | data: {} (tcp) 0x27c2-0x27e1.7 (32) + | | | data: {} (tcp_segment) 0x27c2-0x27e1.7 (32) 0x27c0| c7 25 | .% | source_port: 50981 0x27c2-0x27c3.7 (2) 0x27c0| 01 bb | .. | destination_port: "https" (443) (http protocol over TLS/SSL) 0x27c4-0x27c5.7 (2) 0x27c0| 2b ce 36 0e | +.6. | sequence_number: 734934542 0x27c6-0x27c9.7 (4) @@ -3927,7 +4142,15 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x27d0|0f ff |.. | window_size: 4095 0x27d0-0x27d1.7 (2) 0x27d0| 44 18 | D. | checksum: 0x4418 0x27d2-0x27d3.7 (2) 0x27d0| 00 00 | .. | urgent_pointer: 0 0x27d4-0x27d5.7 (2) -0x27d0| 01 01 08 0a 4b 2a 91 85 e4 57| ....K*...W| options: raw bits 0x27d6-0x27e1.7 (12) + | | | options: [3] 0x27d6-0x27e1.7 (12) + | | | [0]: option {} 0x27d6-0x27d6.7 (1) +0x27d0| 01 | . | kind: "nop" (1) (No operation) 0x27d6-0x27d6.7 (1) + | | | [1]: option {} 0x27d7-0x27d7.7 (1) +0x27d0| 01 | . | kind: "nop" (1) (No operation) 0x27d7-0x27d7.7 (1) + | | | [2]: option {} 0x27d8-0x27e1.7 (10) +0x27d0| 08 | . | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x27d8-0x27d8.7 (1) +0x27d0| 0a | . | length: 10 0x27d9-0x27d9.7 (1) +0x27d0| 4b 2a 91 85 e4 57| K*...W| data: raw bits 0x27da-0x27e1.7 (8) 0x27e0|7b 99 |{. | | | | data: raw bits 0x27e2-NA (0) | | | capture_padding: raw bits 0x27e2-NA (0) @@ -3942,11 +4165,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x27f0| 7c 06 86 c9 | |... | timestamp_low: 3381003900 0x27f8-0x27fb.7 (4) 0x27f0| 42 00 00 00| B...| capture_packet_length: 66 0x27fc-0x27ff.7 (4) 0x2800|42 00 00 00 |B... | original_packet_length: 66 0x2800-0x2803.7 (4) - | | | packet: {} (ether8023) 0x2804-0x2845.7 (66) + | | | packet: {} (ether8023_frame) 0x2804-0x2845.7 (66) 0x2800| 94 10 3e 05 36 d3 | ..>.6. | destination: "94:10:3e:05:36:d3" (0x94103e0536d3) 0x2804-0x2809.7 (6) 0x2800| a4 5e 60 f1 7d 93| .^`.}.| source: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0x280a-0x280f.7 (6) 0x2810|08 00 |.. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x2810-0x2811.7 (2) - | | | packet: {} (ipv4) 0x2812-0x2845.7 (52) + | | | packet: {} (ipv4_packet) 0x2812-0x2845.7 (52) 0x2810| 45 | E | version: 4 0x2812-0x2812.3 (0.4) 0x2810| 45 | E | ihl: 5 0x2812.4-0x2812.7 (0.4) 0x2810| 00 | . | dscp: 0 0x2813-0x2813.5 (0.6) @@ -3958,12 +4181,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x2810| 40 | @ | more_fragments: false 0x2818.2-0x2818.2 (0.1) 0x2810| 40 00 | @. | fragment_offset: 0 0x2818.3-0x2819.7 (1.5) 0x2810| 40 | @ | ttl: 64 0x281a-0x281a.7 (1) -0x2810| 06 | . | protocol: "tcp" (6) (transmission control protocol) 0x281b-0x281b.7 (1) -0x2810| af a6 | .. | header_checksum: 0xafa6 0x281c-0x281d.7 (2) +0x2810| 06 | . | protocol: "tcp" (6) (Transmission control protocol) 0x281b-0x281b.7 (1) +0x2810| af a6 | .. | header_checksum: 0xafa6 (valid) 0x281c-0x281d.7 (2) 0x2810| c0 a8| ..| source_ip: "192.168.1.139" (0xc0a8018b) 0x281e-0x2821.7 (4) 0x2820|01 8b |.. | 0x2820| 4a 7d e4 e3 | J}.. | destination_ip: "74.125.228.227" (0x4a7de4e3) 0x2822-0x2825.7 (4) - | | | data: {} (tcp) 0x2826-0x2845.7 (32) + | | | data: {} (tcp_segment) 0x2826-0x2845.7 (32) 0x2820| c7 25 | .% | source_port: 50981 0x2826-0x2827.7 (2) 0x2820| 01 bb | .. | destination_port: "https" (443) (http protocol over TLS/SSL) 0x2828-0x2829.7 (2) 0x2820| 2b ce 36 0e | +.6. | sequence_number: 734934542 0x282a-0x282d.7 (4) @@ -3983,7 +4206,15 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x2830| 0f fe | .. | window_size: 4094 0x2834-0x2835.7 (2) 0x2830| 43 eb | C. | checksum: 0x43eb 0x2836-0x2837.7 (2) 0x2830| 00 00 | .. | urgent_pointer: 0 0x2838-0x2839.7 (2) -0x2830| 01 01 08 0a 4b 2a| ....K*| options: raw bits 0x283a-0x2845.7 (12) + | | | options: [3] 0x283a-0x2845.7 (12) + | | | [0]: option {} 0x283a-0x283a.7 (1) +0x2830| 01 | . | kind: "nop" (1) (No operation) 0x283a-0x283a.7 (1) + | | | [1]: option {} 0x283b-0x283b.7 (1) +0x2830| 01 | . | kind: "nop" (1) (No operation) 0x283b-0x283b.7 (1) + | | | [2]: option {} 0x283c-0x2845.7 (10) +0x2830| 08 | . | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x283c-0x283c.7 (1) +0x2830| 0a | . | length: 10 0x283d-0x283d.7 (1) +0x2830| 4b 2a| K*| data: raw bits 0x283e-0x2845.7 (8) 0x2840|91 85 e4 57 7b 99 |...W{. | | | | data: raw bits 0x2846-NA (0) | | | capture_padding: raw bits 0x2846-NA (0) @@ -3998,12 +4229,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x2850| dc 0a 86 c9| ....| timestamp_low: 3381005020 0x285c-0x285f.7 (4) 0x2860|70 00 00 00 |p... | capture_packet_length: 112 0x2860-0x2863.7 (4) 0x2860| 70 00 00 00 | p... | original_packet_length: 112 0x2864-0x2867.7 (4) - | | | packet: {} (ether8023) 0x2868-0x28d7.7 (112) + | | | packet: {} (ether8023_frame) 0x2868-0x28d7.7 (112) 0x2860| 94 10 3e 05 36 d3 | ..>.6. | destination: "94:10:3e:05:36:d3" (0x94103e0536d3) 0x2868-0x286d.7 (6) 0x2860| a4 5e| .^| source: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0x286e-0x2873.7 (6) 0x2870|60 f1 7d 93 |`.}. | 0x2870| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x2874-0x2875.7 (2) - | | | packet: {} (ipv4) 0x2876-0x28d7.7 (98) + | | | packet: {} (ipv4_packet) 0x2876-0x28d7.7 (98) 0x2870| 45 | E | version: 4 0x2876-0x2876.3 (0.4) 0x2870| 45 | E | ihl: 5 0x2876.4-0x2876.7 (0.4) 0x2870| 00 | . | dscp: 0 0x2877-0x2877.5 (0.6) @@ -4015,11 +4246,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x2870| 40 | @ | more_fragments: false 0x287c.2-0x287c.2 (0.1) 0x2870| 40 00 | @. | fragment_offset: 0 0x287c.3-0x287d.7 (1.5) 0x2870| 40 | @ | ttl: 64 0x287e-0x287e.7 (1) -0x2870| 06| .| protocol: "tcp" (6) (transmission control protocol) 0x287f-0x287f.7 (1) -0x2880|bb 76 |.v | header_checksum: 0xbb76 0x2880-0x2881.7 (2) +0x2870| 06| .| protocol: "tcp" (6) (Transmission control protocol) 0x287f-0x287f.7 (1) +0x2880|bb 76 |.v | header_checksum: 0xbb76 (valid) 0x2880-0x2881.7 (2) 0x2880| c0 a8 01 8b | .... | source_ip: "192.168.1.139" (0xc0a8018b) 0x2882-0x2885.7 (4) 0x2880| 4a 7d e4 e3 | J}.. | destination_ip: "74.125.228.227" (0x4a7de4e3) 0x2886-0x2889.7 (4) - | | | data: {} (tcp) 0x288a-0x28d7.7 (78) + | | | data: {} (tcp_segment) 0x288a-0x28d7.7 (78) 0x2880| c7 25 | .% | source_port: 50981 0x288a-0x288b.7 (2) 0x2880| 01 bb | .. | destination_port: "https" (443) (http protocol over TLS/SSL) 0x288c-0x288d.7 (2) 0x2880| 2b ce| +.| sequence_number: 734934542 0x288e-0x2891.7 (4) @@ -4039,8 +4270,15 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x2890| 10 00 | .. | window_size: 4096 0x2898-0x2899.7 (2) 0x2890| 3f 60 | ?` | checksum: 0x3f60 0x289a-0x289b.7 (2) 0x2890| 00 00 | .. | urgent_pointer: 0 0x289c-0x289d.7 (2) -0x2890| 01 01| ..| options: raw bits 0x289e-0x28a9.7 (12) -0x28a0|08 0a 4b 2a 91 86 e4 57 7b 99 |..K*...W{. | + | | | options: [3] 0x289e-0x28a9.7 (12) + | | | [0]: option {} 0x289e-0x289e.7 (1) +0x2890| 01 | . | kind: "nop" (1) (No operation) 0x289e-0x289e.7 (1) + | | | [1]: option {} 0x289f-0x289f.7 (1) +0x2890| 01| .| kind: "nop" (1) (No operation) 0x289f-0x289f.7 (1) + | | | [2]: option {} 0x28a0-0x28a9.7 (10) +0x28a0|08 |. | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x28a0-0x28a0.7 (1) +0x28a0| 0a | . | length: 10 0x28a1-0x28a1.7 (1) +0x28a0| 4b 2a 91 86 e4 57 7b 99 | K*...W{. | data: raw bits 0x28a2-0x28a9.7 (8) 0x28a0| 17 03 03 00 29 00| ....).| data: raw bits 0x28aa-0x28d7.7 (46) 0x28b0|00 00 00 00 00 00 06 96 50 96 ef 10 f4 be e9 a0|........P.......| * |until 0x28d7.7 (46) | | @@ -4056,12 +4294,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x28e0| f8 17 86 c9| ....| timestamp_low: 3381008376 0x28ec-0x28ef.7 (4) 0x28f0|70 05 00 00 |p... | capture_packet_length: 1392 0x28f0-0x28f3.7 (4) 0x28f0| 70 05 00 00 | p... | original_packet_length: 1392 0x28f4-0x28f7.7 (4) - | | | packet: {} (ether8023) 0x28f8-0x2e67.7 (1392) + | | | packet: {} (ether8023_frame) 0x28f8-0x2e67.7 (1392) 0x28f0| 94 10 3e 05 36 d3 | ..>.6. | destination: "94:10:3e:05:36:d3" (0x94103e0536d3) 0x28f8-0x28fd.7 (6) 0x28f0| a4 5e| .^| source: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0x28fe-0x2903.7 (6) 0x2900|60 f1 7d 93 |`.}. | 0x2900| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x2904-0x2905.7 (2) - | | | packet: {} (ipv4) 0x2906-0x2e67.7 (1378) + | | | packet: {} (ipv4_packet) 0x2906-0x2e67.7 (1378) 0x2900| 45 | E | version: 4 0x2906-0x2906.3 (0.4) 0x2900| 45 | E | ihl: 5 0x2906.4-0x2906.7 (0.4) 0x2900| 00 | . | dscp: 0 0x2907-0x2907.5 (0.6) @@ -4073,11 +4311,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x2900| 00 | . | more_fragments: false 0x290c.2-0x290c.2 (0.1) 0x2900| 00 00 | .. | fragment_offset: 0 0x290c.3-0x290d.7 (1.5) 0x2900| 40 | @ | ttl: 64 0x290e-0x290e.7 (1) -0x2900| 11| .| protocol: "udp" (17) (user datagram protocol) 0x290f-0x290f.7 (1) -0x2910|a2 a5 |.. | header_checksum: 0xa2a5 0x2910-0x2911.7 (2) +0x2900| 11| .| protocol: "udp" (17) (User datagram protocol) 0x290f-0x290f.7 (1) +0x2910|a2 a5 |.. | header_checksum: 0xa2a5 (valid) 0x2910-0x2911.7 (2) 0x2910| c0 a8 01 8b | .... | source_ip: "192.168.1.139" (0xc0a8018b) 0x2912-0x2915.7 (4) 0x2910| 4a 7d e4 e3 | J}.. | destination_ip: "74.125.228.227" (0x4a7de4e3) 0x2916-0x2919.7 (4) - | | | data: {} (udp) 0x291a-0x2e67.7 (1358) + | | | data: {} (udp_datagram) 0x291a-0x2e67.7 (1358) 0x2910| fa 90 | .. | source_port: 64144 0x291a-0x291b.7 (2) 0x2910| 01 bb | .. | destination_port: "https" (443) (http protocol over TLS/SSL) 0x291c-0x291d.7 (2) 0x2910| 05 4e| .N| length: 1358 0x291e-0x291f.7 (2) @@ -4097,12 +4335,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x2e70| 62 18 86 c9| b...| timestamp_low: 3381008482 0x2e7c-0x2e7f.7 (4) 0x2e80|4e 00 00 00 |N... | capture_packet_length: 78 0x2e80-0x2e83.7 (4) 0x2e80| 4e 00 00 00 | N... | original_packet_length: 78 0x2e84-0x2e87.7 (4) - | | | packet: {} (ether8023) 0x2e88-0x2ed5.7 (78) + | | | packet: {} (ether8023_frame) 0x2e88-0x2ed5.7 (78) 0x2e80| 94 10 3e 05 36 d3 | ..>.6. | destination: "94:10:3e:05:36:d3" (0x94103e0536d3) 0x2e88-0x2e8d.7 (6) 0x2e80| a4 5e| .^| source: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0x2e8e-0x2e93.7 (6) 0x2e90|60 f1 7d 93 |`.}. | 0x2e90| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x2e94-0x2e95.7 (2) - | | | packet: {} (ipv4) 0x2e96-0x2ed5.7 (64) + | | | packet: {} (ipv4_packet) 0x2e96-0x2ed5.7 (64) 0x2e90| 45 | E | version: 4 0x2e96-0x2e96.3 (0.4) 0x2e90| 45 | E | ihl: 5 0x2e96.4-0x2e96.7 (0.4) 0x2e90| 00 | . | dscp: 0 0x2e97-0x2e97.5 (0.6) @@ -4114,11 +4352,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x2e90| 40 | @ | more_fragments: false 0x2e9c.2-0x2e9c.2 (0.1) 0x2e90| 40 00 | @. | fragment_offset: 0 0x2e9c.3-0x2e9d.7 (1.5) 0x2e90| 40 | @ | ttl: 64 0x2e9e-0x2e9e.7 (1) -0x2e90| 06| .| protocol: "tcp" (6) (transmission control protocol) 0x2e9f-0x2e9f.7 (1) -0x2ea0|cd 85 |.. | header_checksum: 0xcd85 0x2ea0-0x2ea1.7 (2) +0x2e90| 06| .| protocol: "tcp" (6) (Transmission control protocol) 0x2e9f-0x2e9f.7 (1) +0x2ea0|cd 85 |.. | header_checksum: 0xcd85 (valid) 0x2ea0-0x2ea1.7 (2) 0x2ea0| c0 a8 01 8b | .... | source_ip: "192.168.1.139" (0xc0a8018b) 0x2ea2-0x2ea5.7 (4) 0x2ea0| 4a 7d e4 e3 | J}.. | destination_ip: "74.125.228.227" (0x4a7de4e3) 0x2ea6-0x2ea9.7 (4) - | | | data: {} (tcp) 0x2eaa-0x2ed5.7 (44) + | | | data: {} (tcp_segment) 0x2eaa-0x2ed5.7 (44) 0x2ea0| c7 26 | .& | source_port: 50982 0x2eaa-0x2eab.7 (2) 0x2ea0| 01 bb | .. | destination_port: "https" (443) (http protocol over TLS/SSL) 0x2eac-0x2ead.7 (2) 0x2ea0| 91 0a| ..| sequence_number: 2433367640 0x2eae-0x2eb1.7 (4) @@ -4138,9 +4376,34 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x2eb0| ff ff | .. | window_size: 65535 0x2eb8-0x2eb9.7 (2) 0x2eb0| d0 70 | .p | checksum: 0xd070 0x2eba-0x2ebb.7 (2) 0x2eb0| 00 00 | .. | urgent_pointer: 0 0x2ebc-0x2ebd.7 (2) -0x2eb0| 02 04| ..| options: raw bits 0x2ebe-0x2ed5.7 (24) -0x2ec0|05 b4 01 03 03 05 01 01 08 0a 4b 2a 91 89 00 00|..........K*....| -0x2ed0|00 00 04 02 00 00 |...... | + | | | options: [9] 0x2ebe-0x2ed5.7 (24) + | | | [0]: option {} 0x2ebe-0x2ec1.7 (4) +0x2eb0| 02 | . | kind: "maxseg" (2) (Maximum segment size) 0x2ebe-0x2ebe.7 (1) +0x2eb0| 04| .| length: 4 0x2ebf-0x2ebf.7 (1) +0x2ec0|05 b4 |.. | data: raw bits 0x2ec0-0x2ec1.7 (2) + | | | [1]: option {} 0x2ec2-0x2ec2.7 (1) +0x2ec0| 01 | . | kind: "nop" (1) (No operation) 0x2ec2-0x2ec2.7 (1) + | | | [2]: option {} 0x2ec3-0x2ec5.7 (3) +0x2ec0| 03 | . | kind: "winscale" (3) (Window scale) 0x2ec3-0x2ec3.7 (1) +0x2ec0| 03 | . | length: 3 0x2ec4-0x2ec4.7 (1) +0x2ec0| 05 | . | data: raw bits 0x2ec5-0x2ec5.7 (1) + | | | [3]: option {} 0x2ec6-0x2ec6.7 (1) +0x2ec0| 01 | . | kind: "nop" (1) (No operation) 0x2ec6-0x2ec6.7 (1) + | | | [4]: option {} 0x2ec7-0x2ec7.7 (1) +0x2ec0| 01 | . | kind: "nop" (1) (No operation) 0x2ec7-0x2ec7.7 (1) + | | | [5]: option {} 0x2ec8-0x2ed1.7 (10) +0x2ec0| 08 | . | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x2ec8-0x2ec8.7 (1) +0x2ec0| 0a | . | length: 10 0x2ec9-0x2ec9.7 (1) +0x2ec0| 4b 2a 91 89 00 00| K*....| data: raw bits 0x2eca-0x2ed1.7 (8) +0x2ed0|00 00 |.. | + | | | [6]: option {} 0x2ed2-0x2ed3.7 (2) +0x2ed0| 04 | . | kind: "sack_permitted" (4) (Selective Acknowledgement permitted) 0x2ed2-0x2ed2.7 (1) +0x2ed0| 02 | . | length: 2 0x2ed3-0x2ed3.7 (1) + | | | data: raw bits 0x2ed4-NA (0) + | | | [7]: option {} 0x2ed4-0x2ed4.7 (1) +0x2ed0| 00 | . | kind: "end" (0) (End of options list) 0x2ed4-0x2ed4.7 (1) + | | | [8]: option {} 0x2ed5-0x2ed5.7 (1) +0x2ed0| 00 | . | kind: "end" (0) (End of options list) 0x2ed5-0x2ed5.7 (1) | | | data: raw bits 0x2ed6-NA (0) | | | capture_padding: raw bits 0x2ed6-NA (0) 0x2ed0| 00 00 | .. | padding: raw bits 0x2ed6-0x2ed7.7 (2) @@ -4154,12 +4417,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x2ee0| 23 7e 86 c9| #~..| timestamp_low: 3381034531 0x2eec-0x2eef.7 (4) 0x2ef0|42 00 00 00 |B... | capture_packet_length: 66 0x2ef0-0x2ef3.7 (4) 0x2ef0| 42 00 00 00 | B... | original_packet_length: 66 0x2ef4-0x2ef7.7 (4) - | | | packet: {} (ether8023) 0x2ef8-0x2f39.7 (66) + | | | packet: {} (ether8023_frame) 0x2ef8-0x2f39.7 (66) 0x2ef0| a4 5e 60 f1 7d 93 | .^`.}. | destination: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0x2ef8-0x2efd.7 (6) 0x2ef0| 94 10| ..| source: "94:10:3e:05:36:d3" (0x94103e0536d3) 0x2efe-0x2f03.7 (6) 0x2f00|3e 05 36 d3 |>.6. | 0x2f00| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x2f04-0x2f05.7 (2) - | | | packet: {} (ipv4) 0x2f06-0x2f39.7 (52) + | | | packet: {} (ipv4_packet) 0x2f06-0x2f39.7 (52) 0x2f00| 45 | E | version: 4 0x2f06-0x2f06.3 (0.4) 0x2f00| 45 | E | ihl: 5 0x2f06.4-0x2f06.7 (0.4) 0x2f00| 28 | ( | dscp: 10 0x2f07-0x2f07.5 (0.6) @@ -4171,11 +4434,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x2f00| 00 | . | more_fragments: false 0x2f0c.2-0x2f0c.2 (0.1) 0x2f00| 00 00 | .. | fragment_offset: 0 0x2f0c.3-0x2f0d.7 (1.5) 0x2f00| 35 | 5 | ttl: 53 0x2f0e-0x2f0e.7 (1) -0x2f00| 06| .| protocol: "tcp" (6) (transmission control protocol) 0x2f0f-0x2f0f.7 (1) -0x2f10|52 e0 |R. | header_checksum: 0x52e0 0x2f10-0x2f11.7 (2) +0x2f00| 06| .| protocol: "tcp" (6) (Transmission control protocol) 0x2f0f-0x2f0f.7 (1) +0x2f10|52 e0 |R. | header_checksum: 0x52e0 (valid) 0x2f10-0x2f11.7 (2) 0x2f10| 4a 7d e4 e3 | J}.. | source_ip: "74.125.228.227" (0x4a7de4e3) 0x2f12-0x2f15.7 (4) 0x2f10| c0 a8 01 8b | .... | destination_ip: "192.168.1.139" (0xc0a8018b) 0x2f16-0x2f19.7 (4) - | | | data: {} (tcp) 0x2f1a-0x2f39.7 (32) + | | | data: {} (tcp_segment) 0x2f1a-0x2f39.7 (32) 0x2f10| 01 bb | .. | source_port: "https" (443) (http protocol over TLS/SSL) 0x2f1a-0x2f1b.7 (2) 0x2f10| c7 25 | .% | destination_port: 50981 0x2f1c-0x2f1d.7 (2) 0x2f10| 43 54| CT| sequence_number: 1129612941 0x2f1e-0x2f21.7 (4) @@ -4195,8 +4458,15 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x2f20| 01 68 | .h | window_size: 360 0x2f28-0x2f29.7 (2) 0x2f20| 52 2e | R. | checksum: 0x522e 0x2f2a-0x2f2b.7 (2) 0x2f20| 00 00 | .. | urgent_pointer: 0 0x2f2c-0x2f2d.7 (2) -0x2f20| 01 01| ..| options: raw bits 0x2f2e-0x2f39.7 (12) -0x2f30|08 0a e4 57 7b bf 4b 2a 91 84 |...W{.K*.. | + | | | options: [3] 0x2f2e-0x2f39.7 (12) + | | | [0]: option {} 0x2f2e-0x2f2e.7 (1) +0x2f20| 01 | . | kind: "nop" (1) (No operation) 0x2f2e-0x2f2e.7 (1) + | | | [1]: option {} 0x2f2f-0x2f2f.7 (1) +0x2f20| 01| .| kind: "nop" (1) (No operation) 0x2f2f-0x2f2f.7 (1) + | | | [2]: option {} 0x2f30-0x2f39.7 (10) +0x2f30|08 |. | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x2f30-0x2f30.7 (1) +0x2f30| 0a | . | length: 10 0x2f31-0x2f31.7 (1) +0x2f30| e4 57 7b bf 4b 2a 91 84 | .W{.K*.. | data: raw bits 0x2f32-0x2f39.7 (8) | | | data: raw bits 0x2f3a-NA (0) | | | capture_padding: raw bits 0x2f3a-NA (0) 0x2f30| 00 00 | .. | padding: raw bits 0x2f3a-0x2f3b.7 (2) @@ -4210,12 +4480,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x2f50|b4 ec 89 c9 |.... | timestamp_low: 3381259444 0x2f50-0x2f53.7 (4) 0x2f50| 4a 00 00 00 | J... | capture_packet_length: 74 0x2f54-0x2f57.7 (4) 0x2f50| 4a 00 00 00 | J... | original_packet_length: 74 0x2f58-0x2f5b.7 (4) - | | | packet: {} (ether8023) 0x2f5c-0x2fa5.7 (74) + | | | packet: {} (ether8023_frame) 0x2f5c-0x2fa5.7 (74) 0x2f50| a4 5e 60 f1| .^`.| destination: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0x2f5c-0x2f61.7 (6) 0x2f60|7d 93 |}. | 0x2f60| 94 10 3e 05 36 d3 | ..>.6. | source: "94:10:3e:05:36:d3" (0x94103e0536d3) 0x2f62-0x2f67.7 (6) 0x2f60| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x2f68-0x2f69.7 (2) - | | | packet: {} (ipv4) 0x2f6a-0x2fa5.7 (60) + | | | packet: {} (ipv4_packet) 0x2f6a-0x2fa5.7 (60) 0x2f60| 45 | E | version: 4 0x2f6a-0x2f6a.3 (0.4) 0x2f60| 45 | E | ihl: 5 0x2f6a.4-0x2f6a.7 (0.4) 0x2f60| 28 | ( | dscp: 10 0x2f6b-0x2f6b.5 (0.6) @@ -4227,11 +4497,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x2f70|00 |. | more_fragments: false 0x2f70.2-0x2f70.2 (0.1) 0x2f70|00 00 |.. | fragment_offset: 0 0x2f70.3-0x2f71.7 (1.5) 0x2f70| 35 | 5 | ttl: 53 0x2f72-0x2f72.7 (1) -0x2f70| 06 | . | protocol: "tcp" (6) (transmission control protocol) 0x2f73-0x2f73.7 (1) -0x2f70| 52 d5 | R. | header_checksum: 0x52d5 0x2f74-0x2f75.7 (2) +0x2f70| 06 | . | protocol: "tcp" (6) (Transmission control protocol) 0x2f73-0x2f73.7 (1) +0x2f70| 52 d5 | R. | header_checksum: 0x52d5 (valid) 0x2f74-0x2f75.7 (2) 0x2f70| 4a 7d e4 e3 | J}.. | source_ip: "74.125.228.227" (0x4a7de4e3) 0x2f76-0x2f79.7 (4) 0x2f70| c0 a8 01 8b | .... | destination_ip: "192.168.1.139" (0xc0a8018b) 0x2f7a-0x2f7d.7 (4) - | | | data: {} (tcp) 0x2f7e-0x2fa5.7 (40) + | | | data: {} (tcp_segment) 0x2f7e-0x2fa5.7 (40) 0x2f70| 01 bb| ..| source_port: "https" (443) (http protocol over TLS/SSL) 0x2f7e-0x2f7f.7 (2) 0x2f80|c7 26 |.& | destination_port: 50982 0x2f80-0x2f81.7 (2) 0x2f80| 85 02 5f f5 | .._. | sequence_number: 2231525365 0x2f82-0x2f85.7 (4) @@ -4250,8 +4520,26 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x2f80| a6 2c | ., | window_size: 42540 0x2f8c-0x2f8d.7 (2) 0x2f80| f6 3f| .?| checksum: 0xf63f 0x2f8e-0x2f8f.7 (2) 0x2f90|00 00 |.. | urgent_pointer: 0 0x2f90-0x2f91.7 (2) -0x2f90| 02 04 05 96 04 02 08 0a e4 57 7b c4 4b 2a| .........W{.K*| options: raw bits 0x2f92-0x2fa5.7 (20) -0x2fa0|91 89 01 03 03 07 |...... | + | | | options: [5] 0x2f92-0x2fa5.7 (20) + | | | [0]: option {} 0x2f92-0x2f95.7 (4) +0x2f90| 02 | . | kind: "maxseg" (2) (Maximum segment size) 0x2f92-0x2f92.7 (1) +0x2f90| 04 | . | length: 4 0x2f93-0x2f93.7 (1) +0x2f90| 05 96 | .. | data: raw bits 0x2f94-0x2f95.7 (2) + | | | [1]: option {} 0x2f96-0x2f97.7 (2) +0x2f90| 04 | . | kind: "sack_permitted" (4) (Selective Acknowledgement permitted) 0x2f96-0x2f96.7 (1) +0x2f90| 02 | . | length: 2 0x2f97-0x2f97.7 (1) + | | | data: raw bits 0x2f98-NA (0) + | | | [2]: option {} 0x2f98-0x2fa1.7 (10) +0x2f90| 08 | . | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x2f98-0x2f98.7 (1) +0x2f90| 0a | . | length: 10 0x2f99-0x2f99.7 (1) +0x2f90| e4 57 7b c4 4b 2a| .W{.K*| data: raw bits 0x2f9a-0x2fa1.7 (8) +0x2fa0|91 89 |.. | + | | | [3]: option {} 0x2fa2-0x2fa2.7 (1) +0x2fa0| 01 | . | kind: "nop" (1) (No operation) 0x2fa2-0x2fa2.7 (1) + | | | [4]: option {} 0x2fa3-0x2fa5.7 (3) +0x2fa0| 03 | . | kind: "winscale" (3) (Window scale) 0x2fa3-0x2fa3.7 (1) +0x2fa0| 03 | . | length: 3 0x2fa4-0x2fa4.7 (1) +0x2fa0| 07 | . | data: raw bits 0x2fa5-0x2fa5.7 (1) | | | data: raw bits 0x2fa6-NA (0) | | | capture_padding: raw bits 0x2fa6-NA (0) 0x2fa0| 00 00 | .. | padding: raw bits 0x2fa6-0x2fa7.7 (2) @@ -4265,12 +4553,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x2fb0| e8 ec 89 c9| ....| timestamp_low: 3381259496 0x2fbc-0x2fbf.7 (4) 0x2fc0|42 00 00 00 |B... | capture_packet_length: 66 0x2fc0-0x2fc3.7 (4) 0x2fc0| 42 00 00 00 | B... | original_packet_length: 66 0x2fc4-0x2fc7.7 (4) - | | | packet: {} (ether8023) 0x2fc8-0x3009.7 (66) + | | | packet: {} (ether8023_frame) 0x2fc8-0x3009.7 (66) 0x2fc0| 94 10 3e 05 36 d3 | ..>.6. | destination: "94:10:3e:05:36:d3" (0x94103e0536d3) 0x2fc8-0x2fcd.7 (6) 0x2fc0| a4 5e| .^| source: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0x2fce-0x2fd3.7 (6) 0x2fd0|60 f1 7d 93 |`.}. | 0x2fd0| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x2fd4-0x2fd5.7 (2) - | | | packet: {} (ipv4) 0x2fd6-0x3009.7 (52) + | | | packet: {} (ipv4_packet) 0x2fd6-0x3009.7 (52) 0x2fd0| 45 | E | version: 4 0x2fd6-0x2fd6.3 (0.4) 0x2fd0| 45 | E | ihl: 5 0x2fd6.4-0x2fd6.7 (0.4) 0x2fd0| 00 | . | dscp: 0 0x2fd7-0x2fd7.5 (0.6) @@ -4282,11 +4570,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x2fd0| 40 | @ | more_fragments: false 0x2fdc.2-0x2fdc.2 (0.1) 0x2fd0| 40 00 | @. | fragment_offset: 0 0x2fdc.3-0x2fdd.7 (1.5) 0x2fd0| 40 | @ | ttl: 64 0x2fde-0x2fde.7 (1) -0x2fd0| 06| .| protocol: "tcp" (6) (transmission control protocol) 0x2fdf-0x2fdf.7 (1) -0x2fe0|ee 76 |.v | header_checksum: 0xee76 0x2fe0-0x2fe1.7 (2) +0x2fd0| 06| .| protocol: "tcp" (6) (Transmission control protocol) 0x2fdf-0x2fdf.7 (1) +0x2fe0|ee 76 |.v | header_checksum: 0xee76 (valid) 0x2fe0-0x2fe1.7 (2) 0x2fe0| c0 a8 01 8b | .... | source_ip: "192.168.1.139" (0xc0a8018b) 0x2fe2-0x2fe5.7 (4) 0x2fe0| 4a 7d e4 e3 | J}.. | destination_ip: "74.125.228.227" (0x4a7de4e3) 0x2fe6-0x2fe9.7 (4) - | | | data: {} (tcp) 0x2fea-0x3009.7 (32) + | | | data: {} (tcp_segment) 0x2fea-0x3009.7 (32) 0x2fe0| c7 26 | .& | source_port: 50982 0x2fea-0x2feb.7 (2) 0x2fe0| 01 bb | .. | destination_port: "https" (443) (http protocol over TLS/SSL) 0x2fec-0x2fed.7 (2) 0x2fe0| 91 0a| ..| sequence_number: 2433367641 0x2fee-0x2ff1.7 (4) @@ -4306,8 +4594,15 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x2ff0| 10 19 | .. | window_size: 4121 0x2ff8-0x2ff9.7 (2) 0x2ff0| ba 07 | .. | checksum: 0xba07 0x2ffa-0x2ffb.7 (2) 0x2ff0| 00 00 | .. | urgent_pointer: 0 0x2ffc-0x2ffd.7 (2) -0x2ff0| 01 01| ..| options: raw bits 0x2ffe-0x3009.7 (12) -0x3000|08 0a 4b 2a 92 83 e4 57 7b c4 |..K*...W{. | + | | | options: [3] 0x2ffe-0x3009.7 (12) + | | | [0]: option {} 0x2ffe-0x2ffe.7 (1) +0x2ff0| 01 | . | kind: "nop" (1) (No operation) 0x2ffe-0x2ffe.7 (1) + | | | [1]: option {} 0x2fff-0x2fff.7 (1) +0x2ff0| 01| .| kind: "nop" (1) (No operation) 0x2fff-0x2fff.7 (1) + | | | [2]: option {} 0x3000-0x3009.7 (10) +0x3000|08 |. | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x3000-0x3000.7 (1) +0x3000| 0a | . | length: 10 0x3001-0x3001.7 (1) +0x3000| 4b 2a 92 83 e4 57 7b c4 | K*...W{. | data: raw bits 0x3002-0x3009.7 (8) | | | data: raw bits 0x300a-NA (0) | | | capture_padding: raw bits 0x300a-NA (0) 0x3000| 00 00 | .. | padding: raw bits 0x300a-0x300b.7 (2) @@ -4321,12 +4616,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x3020|6e ee 89 c9 |n... | timestamp_low: 3381259886 0x3020-0x3023.7 (4) 0x3020| 1a 01 00 00 | .... | capture_packet_length: 282 0x3024-0x3027.7 (4) 0x3020| 1a 01 00 00 | .... | original_packet_length: 282 0x3028-0x302b.7 (4) - | | | packet: {} (ether8023) 0x302c-0x3145.7 (282) + | | | packet: {} (ether8023_frame) 0x302c-0x3145.7 (282) 0x3020| 94 10 3e 05| ..>.| destination: "94:10:3e:05:36:d3" (0x94103e0536d3) 0x302c-0x3031.7 (6) 0x3030|36 d3 |6. | 0x3030| a4 5e 60 f1 7d 93 | .^`.}. | source: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0x3032-0x3037.7 (6) 0x3030| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x3038-0x3039.7 (2) - | | | packet: {} (ipv4) 0x303a-0x3145.7 (268) + | | | packet: {} (ipv4_packet) 0x303a-0x3145.7 (268) 0x3030| 45 | E | version: 4 0x303a-0x303a.3 (0.4) 0x3030| 45 | E | ihl: 5 0x303a.4-0x303a.7 (0.4) 0x3030| 00 | . | dscp: 0 0x303b-0x303b.5 (0.6) @@ -4338,11 +4633,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x3040|40 |@ | more_fragments: false 0x3040.2-0x3040.2 (0.1) 0x3040|40 00 |@. | fragment_offset: 0 0x3040.3-0x3041.7 (1.5) 0x3040| 40 | @ | ttl: 64 0x3042-0x3042.7 (1) -0x3040| 06 | . | protocol: "tcp" (6) (transmission control protocol) 0x3043-0x3043.7 (1) -0x3040| d8 48 | .H | header_checksum: 0xd848 0x3044-0x3045.7 (2) +0x3040| 06 | . | protocol: "tcp" (6) (Transmission control protocol) 0x3043-0x3043.7 (1) +0x3040| d8 48 | .H | header_checksum: 0xd848 (valid) 0x3044-0x3045.7 (2) 0x3040| c0 a8 01 8b | .... | source_ip: "192.168.1.139" (0xc0a8018b) 0x3046-0x3049.7 (4) 0x3040| 4a 7d e4 e3 | J}.. | destination_ip: "74.125.228.227" (0x4a7de4e3) 0x304a-0x304d.7 (4) - | | | data: {} (tcp) 0x304e-0x3145.7 (248) + | | | data: {} (tcp_segment) 0x304e-0x3145.7 (248) 0x3040| c7 26| .&| source_port: 50982 0x304e-0x304f.7 (2) 0x3050|01 bb |.. | destination_port: "https" (443) (http protocol over TLS/SSL) 0x3050-0x3051.7 (2) 0x3050| 91 0a 3e 59 | ..>Y | sequence_number: 2433367641 0x3052-0x3055.7 (4) @@ -4361,7 +4656,15 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x3050| 10 19 | .. | window_size: 4121 0x305c-0x305d.7 (2) 0x3050| b0 b8| ..| checksum: 0xb0b8 0x305e-0x305f.7 (2) 0x3060|00 00 |.. | urgent_pointer: 0 0x3060-0x3061.7 (2) -0x3060| 01 01 08 0a 4b 2a 92 83 e4 57 7b c4 | ....K*...W{. | options: raw bits 0x3062-0x306d.7 (12) + | | | options: [3] 0x3062-0x306d.7 (12) + | | | [0]: option {} 0x3062-0x3062.7 (1) +0x3060| 01 | . | kind: "nop" (1) (No operation) 0x3062-0x3062.7 (1) + | | | [1]: option {} 0x3063-0x3063.7 (1) +0x3060| 01 | . | kind: "nop" (1) (No operation) 0x3063-0x3063.7 (1) + | | | [2]: option {} 0x3064-0x306d.7 (10) +0x3060| 08 | . | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x3064-0x3064.7 (1) +0x3060| 0a | . | length: 10 0x3065-0x3065.7 (1) +0x3060| 4b 2a 92 83 e4 57 7b c4 | K*...W{. | data: raw bits 0x3066-0x306d.7 (8) 0x3060| 16 03| ..| data: raw bits 0x306e-0x3145.7 (216) 0x3070|01 00 d3 01 00 00 cf 03 03 c0 a6 33 83 e1 1e ec|...........3....| * |until 0x3145.7 (216) | | @@ -4377,12 +4680,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x3150| a2 ee 89 c9| ....| timestamp_low: 3381259938 0x315c-0x315f.7 (4) 0x3160|70 05 00 00 |p... | capture_packet_length: 1392 0x3160-0x3163.7 (4) 0x3160| 70 05 00 00 | p... | original_packet_length: 1392 0x3164-0x3167.7 (4) - | | | packet: {} (ether8023) 0x3168-0x36d7.7 (1392) + | | | packet: {} (ether8023_frame) 0x3168-0x36d7.7 (1392) 0x3160| 94 10 3e 05 36 d3 | ..>.6. | destination: "94:10:3e:05:36:d3" (0x94103e0536d3) 0x3168-0x316d.7 (6) 0x3160| a4 5e| .^| source: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0x316e-0x3173.7 (6) 0x3170|60 f1 7d 93 |`.}. | 0x3170| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x3174-0x3175.7 (2) - | | | packet: {} (ipv4) 0x3176-0x36d7.7 (1378) + | | | packet: {} (ipv4_packet) 0x3176-0x36d7.7 (1378) 0x3170| 45 | E | version: 4 0x3176-0x3176.3 (0.4) 0x3170| 45 | E | ihl: 5 0x3176.4-0x3176.7 (0.4) 0x3170| 00 | . | dscp: 0 0x3177-0x3177.5 (0.6) @@ -4394,11 +4697,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x3170| 00 | . | more_fragments: false 0x317c.2-0x317c.2 (0.1) 0x3170| 00 00 | .. | fragment_offset: 0 0x317c.3-0x317d.7 (1.5) 0x3170| 40 | @ | ttl: 64 0x317e-0x317e.7 (1) -0x3170| 11| .| protocol: "udp" (17) (user datagram protocol) 0x317f-0x317f.7 (1) -0x3180|b9 81 |.. | header_checksum: 0xb981 0x3180-0x3181.7 (2) +0x3170| 11| .| protocol: "udp" (17) (User datagram protocol) 0x317f-0x317f.7 (1) +0x3180|b9 81 |.. | header_checksum: 0xb981 (valid) 0x3180-0x3181.7 (2) 0x3180| c0 a8 01 8b | .... | source_ip: "192.168.1.139" (0xc0a8018b) 0x3182-0x3185.7 (4) 0x3180| 4a 7d e4 e3 | J}.. | destination_ip: "74.125.228.227" (0x4a7de4e3) 0x3186-0x3189.7 (4) - | | | data: {} (udp) 0x318a-0x36d7.7 (1358) + | | | data: {} (udp_datagram) 0x318a-0x36d7.7 (1358) 0x3180| fa 90 | .. | source_port: 64144 0x318a-0x318b.7 (2) 0x3180| 01 bb | .. | destination_port: "https" (443) (http protocol over TLS/SSL) 0x318c-0x318d.7 (2) 0x3180| 05 4e| .N| length: 1358 0x318e-0x318f.7 (2) @@ -4418,12 +4721,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x36e0| 52 ef 89 c9| R...| timestamp_low: 3381260114 0x36ec-0x36ef.7 (4) 0x36f0|43 00 00 00 |C... | capture_packet_length: 67 0x36f0-0x36f3.7 (4) 0x36f0| 43 00 00 00 | C... | original_packet_length: 67 0x36f4-0x36f7.7 (4) - | | | packet: {} (ether8023) 0x36f8-0x373a.7 (67) + | | | packet: {} (ether8023_frame) 0x36f8-0x373a.7 (67) 0x36f0| 94 10 3e 05 36 d3 | ..>.6. | destination: "94:10:3e:05:36:d3" (0x94103e0536d3) 0x36f8-0x36fd.7 (6) 0x36f0| a4 5e| .^| source: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0x36fe-0x3703.7 (6) 0x3700|60 f1 7d 93 |`.}. | 0x3700| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x3704-0x3705.7 (2) - | | | packet: {} (ipv4) 0x3706-0x373a.7 (53) + | | | packet: {} (ipv4_packet) 0x3706-0x373a.7 (53) 0x3700| 45 | E | version: 4 0x3706-0x3706.3 (0.4) 0x3700| 45 | E | ihl: 5 0x3706.4-0x3706.7 (0.4) 0x3700| 00 | . | dscp: 0 0x3707-0x3707.5 (0.6) @@ -4435,11 +4738,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x3700| 00 | . | more_fragments: false 0x370c.2-0x370c.2 (0.1) 0x3700| 00 00 | .. | fragment_offset: 0 0x370c.3-0x370d.7 (1.5) 0x3700| 40 | @ | ttl: 64 0x370e-0x370e.7 (1) -0x3700| 11| .| protocol: "udp" (17) (user datagram protocol) 0x370f-0x370f.7 (1) -0x3710|37 63 |7c | header_checksum: 0x3763 0x3710-0x3711.7 (2) +0x3700| 11| .| protocol: "udp" (17) (User datagram protocol) 0x370f-0x370f.7 (1) +0x3710|37 63 |7c | header_checksum: 0x3763 (valid) 0x3710-0x3711.7 (2) 0x3710| c0 a8 01 8b | .... | source_ip: "192.168.1.139" (0xc0a8018b) 0x3712-0x3715.7 (4) 0x3710| ad c2 79 36 | ..y6 | destination_ip: "173.194.121.54" (0xadc27936) 0x3716-0x3719.7 (4) - | | | data: {} (udp) 0x371a-0x373a.7 (33) + | | | data: {} (udp_datagram) 0x371a-0x373a.7 (33) 0x3710| c7 2d | .- | source_port: 50989 0x371a-0x371b.7 (2) 0x3710| 01 bb | .. | destination_port: "https" (443) (http protocol over TLS/SSL) 0x371c-0x371d.7 (2) 0x3710| 00 21| .!| length: 33 0x371e-0x371f.7 (2) @@ -4458,12 +4761,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x3750|96 f2 89 c9 |.... | timestamp_low: 3381260950 0x3750-0x3753.7 (4) 0x3750| 70 05 00 00 | p... | capture_packet_length: 1392 0x3754-0x3757.7 (4) 0x3750| 70 05 00 00 | p... | original_packet_length: 1392 0x3758-0x375b.7 (4) - | | | packet: {} (ether8023) 0x375c-0x3ccb.7 (1392) + | | | packet: {} (ether8023_frame) 0x375c-0x3ccb.7 (1392) 0x3750| a4 5e 60 f1| .^`.| destination: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0x375c-0x3761.7 (6) 0x3760|7d 93 |}. | 0x3760| 94 10 3e 05 36 d3 | ..>.6. | source: "94:10:3e:05:36:d3" (0x94103e0536d3) 0x3762-0x3767.7 (6) 0x3760| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x3768-0x3769.7 (2) - | | | packet: {} (ipv4) 0x376a-0x3ccb.7 (1378) + | | | packet: {} (ipv4_packet) 0x376a-0x3ccb.7 (1378) 0x3760| 45 | E | version: 4 0x376a-0x376a.3 (0.4) 0x3760| 45 | E | ihl: 5 0x376a.4-0x376a.7 (0.4) 0x3760| 28 | ( | dscp: 10 0x376b-0x376b.5 (0.6) @@ -4475,11 +4778,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x3770|00 |. | more_fragments: false 0x3770.2-0x3770.2 (0.1) 0x3770|00 00 |.. | fragment_offset: 0 0x3770.3-0x3771.7 (1.5) 0x3770| 35 | 5 | ttl: 53 0x3772-0x3772.7 (1) -0x3770| 11 | . | protocol: "udp" (17) (user datagram protocol) 0x3773-0x3773.7 (1) -0x3770| f5 c8 | .. | header_checksum: 0xf5c8 0x3774-0x3775.7 (2) +0x3770| 11 | . | protocol: "udp" (17) (User datagram protocol) 0x3773-0x3773.7 (1) +0x3770| f5 c8 | .. | header_checksum: 0xf5c8 (valid) 0x3774-0x3775.7 (2) 0x3770| 4a 7d e4 e3 | J}.. | source_ip: "74.125.228.227" (0x4a7de4e3) 0x3776-0x3779.7 (4) 0x3770| c0 a8 01 8b | .... | destination_ip: "192.168.1.139" (0xc0a8018b) 0x377a-0x377d.7 (4) - | | | data: {} (udp) 0x377e-0x3ccb.7 (1358) + | | | data: {} (udp_datagram) 0x377e-0x3ccb.7 (1358) 0x3770| 01 bb| ..| source_port: "https" (443) (http protocol over TLS/SSL) 0x377e-0x377f.7 (2) 0x3780|fa 90 |.. | destination_port: 64144 0x3780-0x3781.7 (2) 0x3780| 05 4e | .N | length: 1358 0x3782-0x3783.7 (2) @@ -4499,12 +4802,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x3ce0|bc f3 89 c9 |.... | timestamp_low: 3381261244 0x3ce0-0x3ce3.7 (4) 0x3ce0| 70 05 00 00 | p... | capture_packet_length: 1392 0x3ce4-0x3ce7.7 (4) 0x3ce0| 70 05 00 00 | p... | original_packet_length: 1392 0x3ce8-0x3ceb.7 (4) - | | | packet: {} (ether8023) 0x3cec-0x425b.7 (1392) + | | | packet: {} (ether8023_frame) 0x3cec-0x425b.7 (1392) 0x3ce0| a4 5e 60 f1| .^`.| destination: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0x3cec-0x3cf1.7 (6) 0x3cf0|7d 93 |}. | 0x3cf0| 94 10 3e 05 36 d3 | ..>.6. | source: "94:10:3e:05:36:d3" (0x94103e0536d3) 0x3cf2-0x3cf7.7 (6) 0x3cf0| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x3cf8-0x3cf9.7 (2) - | | | packet: {} (ipv4) 0x3cfa-0x425b.7 (1378) + | | | packet: {} (ipv4_packet) 0x3cfa-0x425b.7 (1378) 0x3cf0| 45 | E | version: 4 0x3cfa-0x3cfa.3 (0.4) 0x3cf0| 45 | E | ihl: 5 0x3cfa.4-0x3cfa.7 (0.4) 0x3cf0| 28 | ( | dscp: 10 0x3cfb-0x3cfb.5 (0.6) @@ -4516,11 +4819,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x3d00|00 |. | more_fragments: false 0x3d00.2-0x3d00.2 (0.1) 0x3d00|00 00 |.. | fragment_offset: 0 0x3d00.3-0x3d01.7 (1.5) 0x3d00| 35 | 5 | ttl: 53 0x3d02-0x3d02.7 (1) -0x3d00| 11 | . | protocol: "udp" (17) (user datagram protocol) 0x3d03-0x3d03.7 (1) -0x3d00| f5 97 | .. | header_checksum: 0xf597 0x3d04-0x3d05.7 (2) +0x3d00| 11 | . | protocol: "udp" (17) (User datagram protocol) 0x3d03-0x3d03.7 (1) +0x3d00| f5 97 | .. | header_checksum: 0xf597 (valid) 0x3d04-0x3d05.7 (2) 0x3d00| 4a 7d e4 e3 | J}.. | source_ip: "74.125.228.227" (0x4a7de4e3) 0x3d06-0x3d09.7 (4) 0x3d00| c0 a8 01 8b | .... | destination_ip: "192.168.1.139" (0xc0a8018b) 0x3d0a-0x3d0d.7 (4) - | | | data: {} (udp) 0x3d0e-0x425b.7 (1358) + | | | data: {} (udp_datagram) 0x3d0e-0x425b.7 (1358) 0x3d00| 01 bb| ..| source_port: "https" (443) (http protocol over TLS/SSL) 0x3d0e-0x3d0f.7 (2) 0x3d10|fa 90 |.. | destination_port: 64144 0x3d10-0x3d11.7 (2) 0x3d10| 05 4e | .N | length: 1358 0x3d12-0x3d13.7 (2) @@ -4540,12 +4843,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x4270|52 f4 89 c9 |R... | timestamp_low: 3381261394 0x4270-0x4273.7 (4) 0x4270| 52 00 00 00 | R... | capture_packet_length: 82 0x4274-0x4277.7 (4) 0x4270| 52 00 00 00 | R... | original_packet_length: 82 0x4278-0x427b.7 (4) - | | | packet: {} (ether8023) 0x427c-0x42cd.7 (82) + | | | packet: {} (ether8023_frame) 0x427c-0x42cd.7 (82) 0x4270| 94 10 3e 05| ..>.| destination: "94:10:3e:05:36:d3" (0x94103e0536d3) 0x427c-0x4281.7 (6) 0x4280|36 d3 |6. | 0x4280| a4 5e 60 f1 7d 93 | .^`.}. | source: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0x4282-0x4287.7 (6) 0x4280| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x4288-0x4289.7 (2) - | | | packet: {} (ipv4) 0x428a-0x42cd.7 (68) + | | | packet: {} (ipv4_packet) 0x428a-0x42cd.7 (68) 0x4280| 45 | E | version: 4 0x428a-0x428a.3 (0.4) 0x4280| 45 | E | ihl: 5 0x428a.4-0x428a.7 (0.4) 0x4280| 00 | . | dscp: 0 0x428b-0x428b.5 (0.6) @@ -4557,11 +4860,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x4290|00 |. | more_fragments: false 0x4290.2-0x4290.2 (0.1) 0x4290|00 00 |.. | fragment_offset: 0 0x4290.3-0x4291.7 (1.5) 0x4290| 40 | @ | ttl: 64 0x4292-0x4292.7 (1) -0x4290| 11 | . | protocol: "udp" (17) (user datagram protocol) 0x4293-0x4293.7 (1) -0x4290| ef 90 | .. | header_checksum: 0xef90 0x4294-0x4295.7 (2) +0x4290| 11 | . | protocol: "udp" (17) (User datagram protocol) 0x4293-0x4293.7 (1) +0x4290| ef 90 | .. | header_checksum: 0xef90 (valid) 0x4294-0x4295.7 (2) 0x4290| c0 a8 01 8b | .... | source_ip: "192.168.1.139" (0xc0a8018b) 0x4296-0x4299.7 (4) 0x4290| 4a 7d e4 e3 | J}.. | destination_ip: "74.125.228.227" (0x4a7de4e3) 0x429a-0x429d.7 (4) - | | | data: {} (udp) 0x429e-0x42cd.7 (48) + | | | data: {} (udp_datagram) 0x429e-0x42cd.7 (48) 0x4290| fa 90| ..| source_port: 64144 0x429e-0x429f.7 (2) 0x42a0|01 bb |.. | destination_port: "https" (443) (http protocol over TLS/SSL) 0x42a0-0x42a1.7 (2) 0x42a0| 00 30 | .0 | length: 48 0x42a2-0x42a3.7 (2) @@ -4581,11 +4884,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x42e0| be f5 89 c9 | .... | timestamp_low: 3381261758 0x42e4-0x42e7.7 (4) 0x42e0| 70 05 00 00 | p... | capture_packet_length: 1392 0x42e8-0x42eb.7 (4) 0x42e0| 70 05 00 00| p...| original_packet_length: 1392 0x42ec-0x42ef.7 (4) - | | | packet: {} (ether8023) 0x42f0-0x485f.7 (1392) + | | | packet: {} (ether8023_frame) 0x42f0-0x485f.7 (1392) 0x42f0|94 10 3e 05 36 d3 |..>.6. | destination: "94:10:3e:05:36:d3" (0x94103e0536d3) 0x42f0-0x42f5.7 (6) 0x42f0| a4 5e 60 f1 7d 93 | .^`.}. | source: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0x42f6-0x42fb.7 (6) 0x42f0| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x42fc-0x42fd.7 (2) - | | | packet: {} (ipv4) 0x42fe-0x485f.7 (1378) + | | | packet: {} (ipv4_packet) 0x42fe-0x485f.7 (1378) 0x42f0| 45 | E | version: 4 0x42fe-0x42fe.3 (0.4) 0x42f0| 45 | E | ihl: 5 0x42fe.4-0x42fe.7 (0.4) 0x42f0| 00| .| dscp: 0 0x42ff-0x42ff.5 (0.6) @@ -4597,12 +4900,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x4300| 00 | . | more_fragments: false 0x4304.2-0x4304.2 (0.1) 0x4300| 00 00 | .. | fragment_offset: 0 0x4304.3-0x4305.7 (1.5) 0x4300| 40 | @ | ttl: 64 0x4306-0x4306.7 (1) -0x4300| 11 | . | protocol: "udp" (17) (user datagram protocol) 0x4307-0x4307.7 (1) -0x4300| 43 e7 | C. | header_checksum: 0x43e7 0x4308-0x4309.7 (2) +0x4300| 11 | . | protocol: "udp" (17) (User datagram protocol) 0x4307-0x4307.7 (1) +0x4300| 43 e7 | C. | header_checksum: 0x43e7 (valid) 0x4308-0x4309.7 (2) 0x4300| c0 a8 01 8b | .... | source_ip: "192.168.1.139" (0xc0a8018b) 0x430a-0x430d.7 (4) 0x4300| 4a 7d| J}| destination_ip: "74.125.228.227" (0x4a7de4e3) 0x430e-0x4311.7 (4) 0x4310|e4 e3 |.. | - | | | data: {} (udp) 0x4312-0x485f.7 (1358) + | | | data: {} (udp_datagram) 0x4312-0x485f.7 (1358) 0x4310| fa 90 | .. | source_port: 64144 0x4312-0x4313.7 (2) 0x4310| 01 bb | .. | destination_port: "https" (443) (http protocol over TLS/SSL) 0x4314-0x4315.7 (2) 0x4310| 05 4e | .N | length: 1358 0x4316-0x4317.7 (2) @@ -4622,11 +4925,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x4870| f8 f5 89 c9 | .... | timestamp_low: 3381261816 0x4874-0x4877.7 (4) 0x4870| d4 02 00 00 | .... | capture_packet_length: 724 0x4878-0x487b.7 (4) 0x4870| d4 02 00 00| ....| original_packet_length: 724 0x487c-0x487f.7 (4) - | | | packet: {} (ether8023) 0x4880-0x4b53.7 (724) + | | | packet: {} (ether8023_frame) 0x4880-0x4b53.7 (724) 0x4880|94 10 3e 05 36 d3 |..>.6. | destination: "94:10:3e:05:36:d3" (0x94103e0536d3) 0x4880-0x4885.7 (6) 0x4880| a4 5e 60 f1 7d 93 | .^`.}. | source: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0x4886-0x488b.7 (6) 0x4880| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x488c-0x488d.7 (2) - | | | packet: {} (ipv4) 0x488e-0x4b53.7 (710) + | | | packet: {} (ipv4_packet) 0x488e-0x4b53.7 (710) 0x4880| 45 | E | version: 4 0x488e-0x488e.3 (0.4) 0x4880| 45 | E | ihl: 5 0x488e.4-0x488e.7 (0.4) 0x4880| 00| .| dscp: 0 0x488f-0x488f.5 (0.6) @@ -4638,12 +4941,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x4890| 00 | . | more_fragments: false 0x4894.2-0x4894.2 (0.1) 0x4890| 00 00 | .. | fragment_offset: 0 0x4894.3-0x4895.7 (1.5) 0x4890| 40 | @ | ttl: 64 0x4896-0x4896.7 (1) -0x4890| 11 | . | protocol: "udp" (17) (user datagram protocol) 0x4897-0x4897.7 (1) -0x4890| 82 e7 | .. | header_checksum: 0x82e7 0x4898-0x4899.7 (2) +0x4890| 11 | . | protocol: "udp" (17) (User datagram protocol) 0x4897-0x4897.7 (1) +0x4890| 82 e7 | .. | header_checksum: 0x82e7 (valid) 0x4898-0x4899.7 (2) 0x4890| c0 a8 01 8b | .... | source_ip: "192.168.1.139" (0xc0a8018b) 0x489a-0x489d.7 (4) 0x4890| 4a 7d| J}| destination_ip: "74.125.228.227" (0x4a7de4e3) 0x489e-0x48a1.7 (4) 0x48a0|e4 e3 |.. | - | | | data: {} (udp) 0x48a2-0x4b53.7 (690) + | | | data: {} (udp_datagram) 0x48a2-0x4b53.7 (690) 0x48a0| fa 90 | .. | source_port: 64144 0x48a2-0x48a3.7 (2) 0x48a0| 01 bb | .. | destination_port: "https" (443) (http protocol over TLS/SSL) 0x48a4-0x48a5.7 (2) 0x48a0| 02 b2 | .. | length: 690 0x48a6-0x48a7.7 (2) @@ -4663,11 +4966,11 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x4b60| f9 f5 89 c9 | .... | timestamp_low: 3381261817 0x4b68-0x4b6b.7 (4) 0x4b60| c3 00 00 00| ....| capture_packet_length: 195 0x4b6c-0x4b6f.7 (4) 0x4b70|c3 00 00 00 |.... | original_packet_length: 195 0x4b70-0x4b73.7 (4) - | | | packet: {} (ether8023) 0x4b74-0x4c36.7 (195) + | | | packet: {} (ether8023_frame) 0x4b74-0x4c36.7 (195) 0x4b70| 94 10 3e 05 36 d3 | ..>.6. | destination: "94:10:3e:05:36:d3" (0x94103e0536d3) 0x4b74-0x4b79.7 (6) 0x4b70| a4 5e 60 f1 7d 93| .^`.}.| source: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0x4b7a-0x4b7f.7 (6) 0x4b80|08 00 |.. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x4b80-0x4b81.7 (2) - | | | packet: {} (ipv4) 0x4b82-0x4c36.7 (181) + | | | packet: {} (ipv4_packet) 0x4b82-0x4c36.7 (181) 0x4b80| 45 | E | version: 4 0x4b82-0x4b82.3 (0.4) 0x4b80| 45 | E | ihl: 5 0x4b82.4-0x4b82.7 (0.4) 0x4b80| 00 | . | dscp: 0 0x4b83-0x4b83.5 (0.6) @@ -4679,12 +4982,12 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x4b80| 00 | . | more_fragments: false 0x4b88.2-0x4b88.2 (0.1) 0x4b80| 00 00 | .. | fragment_offset: 0 0x4b88.3-0x4b89.7 (1.5) 0x4b80| 40 | @ | ttl: 64 0x4b8a-0x4b8a.7 (1) -0x4b80| 11 | . | protocol: "udp" (17) (user datagram protocol) 0x4b8b-0x4b8b.7 (1) -0x4b80| 5b 3c | [< | header_checksum: 0x5b3c 0x4b8c-0x4b8d.7 (2) +0x4b80| 11 | . | protocol: "udp" (17) (User datagram protocol) 0x4b8b-0x4b8b.7 (1) +0x4b80| 5b 3c | [< | header_checksum: 0x5b3c (valid) 0x4b8c-0x4b8d.7 (2) 0x4b80| c0 a8| ..| source_ip: "192.168.1.139" (0xc0a8018b) 0x4b8e-0x4b91.7 (4) 0x4b90|01 8b |.. | 0x4b90| 4a 7d e4 e3 | J}.. | destination_ip: "74.125.228.227" (0x4a7de4e3) 0x4b92-0x4b95.7 (4) - | | | data: {} (udp) 0x4b96-0x4c36.7 (161) + | | | data: {} (udp_datagram) 0x4b96-0x4c36.7 (161) 0x4b90| fa 90 | .. | source_port: 64144 0x4b96-0x4b97.7 (2) 0x4b90| 01 bb | .. | destination_port: "https" (443) (http protocol over TLS/SSL) 0x4b98-0x4b99.7 (2) 0x4b90| 00 a1 | .. | length: 161 0x4b9a-0x4b9b.7 (2) @@ -5199,3 +5502,22 @@ $ fq -d pcapng verbose /many_interfaces.pcapng 0x51b0|00 00 |.. | code: "end" (0) (End of options) 0x51b0-0x51b1.7 (2) 0x51b0| 00 00 | .. | length: 0 0x51b2-0x51b3.7 (2) 0x51b0| 6c 00 00 00| | l...| | footer_length: 108 0x51b4-0x51b7.7 (4) + | | | ipv4_reassembled: [0] 0x51b8-NA (0) + | | | tcp_connections: [2] 0x51b8-NA (0) + | | | [0]: flow {} 0x51b8-NA (0) + | | | source_ip: "192.168.1.139" 0x51b8-NA (0) + | | | source_port: 50981 0x51b8-NA (0) + | | | destination_ip: "74.125.228.227" 0x51b8-NA (0) + | | | destination_port: "https" (443) (http protocol over TLS/SSL) 0x51b8-NA (0) + 0x000|16 03 01 02 00 01 00 01 fc 03 03 f0 91 bc 87 3e|...............>| client_stream: raw bits 0x0-0x7b0.7 (1969) + * |until 0x7b0.7 (end) (1969) | | + 0x000|16 03 03 00 5a 02 00 00 56 03 03 55 d0 e5 ff ab|....Z...V..U....| server_stream: raw bits 0x0-0x35b.7 (860) + * |until 0x35b.7 (end) (860) | | + | | | [1]: flow {} 0x51b8-NA (0) + | | | source_ip: "192.168.1.139" 0x51b8-NA (0) + | | | source_port: 50982 0x51b8-NA (0) + | | | destination_ip: "74.125.228.227" 0x51b8-NA (0) + | | | destination_port: "https" (443) (http protocol over TLS/SSL) 0x51b8-NA (0) + 0x000|16 03 01 00 d3 01 00 00 cf 03 03 c0 a6 33 83 e1|.............3..| client_stream: raw bits 0x0-0xd7.7 (216) + * |until 0xd7.7 (end) (216) | | + | | | server_stream: raw bits 0x0-NA (0) diff --git a/format/pcap/testdata/sll2_tcp.fqtest b/format/pcap/testdata/sll2_tcp.fqtest new file mode 100644 index 00000000..b38e0db2 --- /dev/null +++ b/format/pcap/testdata/sll2_tcp.fqtest @@ -0,0 +1,348 @@ +$ fq -d pcap verbose /sll2_tcp.pcap + |00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef|.: {} /sll2_tcp.pcap (pcap) 0x0-0x1e4.7 (485) +0x000|d4 c3 b2 a1 |.... | magic: "little_endian" (0xd4c3b2a1) (valid) 0x0-0x3.7 (4) +0x000| 02 00 | .. | version_major: 2 0x4-0x5.7 (2) +0x000| 04 00 | .. | version_minor: 4 0x6-0x7.7 (2) +0x000| 00 00 00 00 | .... | thiszone: 0 0x8-0xb.7 (4) +0x000| 00 00 00 00| ....| sigfigs: 0 0xc-0xf.7 (4) +0x010|00 00 04 00 |.... | snaplen: 262144 0x10-0x13.7 (4) +0x010| 14 01 00 00 | .... | network: "linux_sll2" (276) (Linux "cooked" capture encapsulation v2) 0x14-0x17.7 (4) + | | | packets: [5] 0x18-0x1e4.7 (461) + | | | [0]: packet {} 0x18-0x77.7 (96) +0x010| 44 08 a5 61 | D..a | ts_sec: 1638205508 0x18-0x1b.7 (4) +0x010| 29 c1 0b 00| )...| ts_usec: 770345 0x1c-0x1f.7 (4) +0x020|50 00 00 00 |P... | incl_len: 80 0x20-0x23.7 (4) +0x020| 50 00 00 00 | P... | orig_len: 80 0x24-0x27.7 (4) + | | | packet: {} (sll2_packet) 0x28-0x77.7 (80) +0x020| 08 00 | .. | protocol_type: "ipv4" (0x800) (Internet Protocol version 4) 0x28-0x29.7 (2) +0x020| 00 00 | .. | reserved: 0 0x2a-0x2b.7 (2) +0x020| 00 00 00 01| ....| interface_index: 1 0x2c-0x2f.7 (4) +0x030|03 04 |.. | arphdr_type: "loopback" (772) (Loopback device) 0x30-0x31.7 (2) +0x030| 00 | . | packet_type: "to_us" (0) (Sent to us) 0x32-0x32.7 (1) +0x030| 06 | . | link_address_length: 6 0x33-0x33.7 (1) +0x030| 00 00 00 00 00 00 | ...... | link_address: "00:00:00:00:00:00" (0x0) 0x34-0x39.7 (6) +0x030| 00 00 | .. | padding: raw bits 0x3a-0x3b.7 (2) + | | | data: {} (ipv4_packet) 0x3c-0x77.7 (60) +0x030| 45 | E | version: 4 0x3c-0x3c.3 (0.4) +0x030| 45 | E | ihl: 5 0x3c.4-0x3c.7 (0.4) +0x030| 00 | . | dscp: 0 0x3d-0x3d.5 (0.6) +0x030| 00 | . | ecn: 0 0x3d.6-0x3d.7 (0.2) +0x030| 00 3c| .<| total_length: 60 0x3e-0x3f.7 (2) +0x040|af 93 |.. | identification: 44947 0x40-0x41.7 (2) +0x040| 40 | @ | reserved: 0 0x42-0x42 (0.1) +0x040| 40 | @ | dont_fragment: true 0x42.1-0x42.1 (0.1) +0x040| 40 | @ | more_fragments: false 0x42.2-0x42.2 (0.1) +0x040| 40 00 | @. | fragment_offset: 0 0x42.3-0x43.7 (1.5) +0x040| 40 | @ | ttl: 64 0x44-0x44.7 (1) +0x040| 06 | . | protocol: "tcp" (6) (Transmission control protocol) 0x45-0x45.7 (1) +0x040| 8d 26 | .& | header_checksum: 0x8d26 (valid) 0x46-0x47.7 (2) +0x040| 7f 00 00 01 | .... | source_ip: "127.0.0.1" (0x7f000001) 0x48-0x4b.7 (4) +0x040| 7f 00 00 01| ....| destination_ip: "127.0.0.1" (0x7f000001) 0x4c-0x4f.7 (4) + | | | data: {} (tcp_segment) 0x50-0x77.7 (40) +0x050|b8 46 |.F | source_port: 47174 0x50-0x51.7 (2) +0x050| 04 d2 | .. | destination_port: 1234 0x52-0x53.7 (2) +0x050| 4e 2a 3f da | N*?. | sequence_number: 1311391706 0x54-0x57.7 (4) +0x050| 00 00 00 00 | .... | acknowledgment_number: 0 0x58-0x5b.7 (4) +0x050| a0 | . | data_offset: 10 0x5c-0x5c.3 (0.4) +0x050| a0 | . | reserved: 0 0x5c.4-0x5c.6 (0.3) +0x050| a0 | . | ns: false 0x5c.7-0x5c.7 (0.1) +0x050| 02 | . | cwr: false 0x5d-0x5d (0.1) +0x050| 02 | . | ece: false 0x5d.1-0x5d.1 (0.1) +0x050| 02 | . | urg: false 0x5d.2-0x5d.2 (0.1) +0x050| 02 | . | ack: false 0x5d.3-0x5d.3 (0.1) +0x050| 02 | . | psh: false 0x5d.4-0x5d.4 (0.1) +0x050| 02 | . | rst: false 0x5d.5-0x5d.5 (0.1) +0x050| 02 | . | syn: true 0x5d.6-0x5d.6 (0.1) +0x050| 02 | . | fin: false 0x5d.7-0x5d.7 (0.1) +0x050| ff d7| ..| window_size: 65495 0x5e-0x5f.7 (2) +0x060|fe 30 |.0 | checksum: 0xfe30 0x60-0x61.7 (2) +0x060| 00 00 | .. | urgent_pointer: 0 0x62-0x63.7 (2) + | | | options: [5] 0x64-0x77.7 (20) + | | | [0]: option {} 0x64-0x67.7 (4) +0x060| 02 | . | kind: "maxseg" (2) (Maximum segment size) 0x64-0x64.7 (1) +0x060| 04 | . | length: 4 0x65-0x65.7 (1) +0x060| ff d7 | .. | data: raw bits 0x66-0x67.7 (2) + | | | [1]: option {} 0x68-0x69.7 (2) +0x060| 04 | . | kind: "sack_permitted" (4) (Selective Acknowledgement permitted) 0x68-0x68.7 (1) +0x060| 02 | . | length: 2 0x69-0x69.7 (1) + | | | data: raw bits 0x6a-NA (0) + | | | [2]: option {} 0x6a-0x73.7 (10) +0x060| 08 | . | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x6a-0x6a.7 (1) +0x060| 0a | . | length: 10 0x6b-0x6b.7 (1) +0x060| e4 67 f5 17| .g..| data: raw bits 0x6c-0x73.7 (8) +0x070|00 00 00 00 |.... | + | | | [3]: option {} 0x74-0x74.7 (1) +0x070| 01 | . | kind: "nop" (1) (No operation) 0x74-0x74.7 (1) + | | | [4]: option {} 0x75-0x77.7 (3) +0x070| 03 | . | kind: "winscale" (3) (Window scale) 0x75-0x75.7 (1) +0x070| 03 | . | length: 3 0x76-0x76.7 (1) +0x070| 07 | . | data: raw bits 0x77-0x77.7 (1) + | | | data: raw bits 0x78-NA (0) + | | | capture_padding: raw bits 0x78-NA (0) + | | | [1]: packet {} 0x78-0xd7.7 (96) +0x070| 44 08 a5 61 | D..a | ts_sec: 1638205508 0x78-0x7b.7 (4) +0x070| 40 c1 0b 00| @...| ts_usec: 770368 0x7c-0x7f.7 (4) +0x080|50 00 00 00 |P... | incl_len: 80 0x80-0x83.7 (4) +0x080| 50 00 00 00 | P... | orig_len: 80 0x84-0x87.7 (4) + | | | packet: {} (sll2_packet) 0x88-0xd7.7 (80) +0x080| 08 00 | .. | protocol_type: "ipv4" (0x800) (Internet Protocol version 4) 0x88-0x89.7 (2) +0x080| 00 00 | .. | reserved: 0 0x8a-0x8b.7 (2) +0x080| 00 00 00 01| ....| interface_index: 1 0x8c-0x8f.7 (4) +0x090|03 04 |.. | arphdr_type: "loopback" (772) (Loopback device) 0x90-0x91.7 (2) +0x090| 00 | . | packet_type: "to_us" (0) (Sent to us) 0x92-0x92.7 (1) +0x090| 06 | . | link_address_length: 6 0x93-0x93.7 (1) +0x090| 00 00 00 00 00 00 | ...... | link_address: "00:00:00:00:00:00" (0x0) 0x94-0x99.7 (6) +0x090| 00 00 | .. | padding: raw bits 0x9a-0x9b.7 (2) + | | | data: {} (ipv4_packet) 0x9c-0xd7.7 (60) +0x090| 45 | E | version: 4 0x9c-0x9c.3 (0.4) +0x090| 45 | E | ihl: 5 0x9c.4-0x9c.7 (0.4) +0x090| 00 | . | dscp: 0 0x9d-0x9d.5 (0.6) +0x090| 00 | . | ecn: 0 0x9d.6-0x9d.7 (0.2) +0x090| 00 3c| .<| total_length: 60 0x9e-0x9f.7 (2) +0x0a0|00 00 |.. | identification: 0 0xa0-0xa1.7 (2) +0x0a0| 40 | @ | reserved: 0 0xa2-0xa2 (0.1) +0x0a0| 40 | @ | dont_fragment: true 0xa2.1-0xa2.1 (0.1) +0x0a0| 40 | @ | more_fragments: false 0xa2.2-0xa2.2 (0.1) +0x0a0| 40 00 | @. | fragment_offset: 0 0xa2.3-0xa3.7 (1.5) +0x0a0| 40 | @ | ttl: 64 0xa4-0xa4.7 (1) +0x0a0| 06 | . | protocol: "tcp" (6) (Transmission control protocol) 0xa5-0xa5.7 (1) +0x0a0| 3c ba | <. | header_checksum: 0x3cba (valid) 0xa6-0xa7.7 (2) +0x0a0| 7f 00 00 01 | .... | source_ip: "127.0.0.1" (0x7f000001) 0xa8-0xab.7 (4) +0x0a0| 7f 00 00 01| ....| destination_ip: "127.0.0.1" (0x7f000001) 0xac-0xaf.7 (4) + | | | data: {} (tcp_segment) 0xb0-0xd7.7 (40) +0x0b0|04 d2 |.. | source_port: 1234 0xb0-0xb1.7 (2) +0x0b0| b8 46 | .F | destination_port: 47174 0xb2-0xb3.7 (2) +0x0b0| ce 52 26 de | .R&. | sequence_number: 3461490398 0xb4-0xb7.7 (4) +0x0b0| 4e 2a 3f db | N*?. | acknowledgment_number: 1311391707 0xb8-0xbb.7 (4) +0x0b0| a0 | . | data_offset: 10 0xbc-0xbc.3 (0.4) +0x0b0| a0 | . | reserved: 0 0xbc.4-0xbc.6 (0.3) +0x0b0| a0 | . | ns: false 0xbc.7-0xbc.7 (0.1) +0x0b0| 12 | . | cwr: false 0xbd-0xbd (0.1) +0x0b0| 12 | . | ece: false 0xbd.1-0xbd.1 (0.1) +0x0b0| 12 | . | urg: false 0xbd.2-0xbd.2 (0.1) +0x0b0| 12 | . | ack: true 0xbd.3-0xbd.3 (0.1) +0x0b0| 12 | . | psh: false 0xbd.4-0xbd.4 (0.1) +0x0b0| 12 | . | rst: false 0xbd.5-0xbd.5 (0.1) +0x0b0| 12 | . | syn: true 0xbd.6-0xbd.6 (0.1) +0x0b0| 12 | . | fin: false 0xbd.7-0xbd.7 (0.1) +0x0b0| ff cb| ..| window_size: 65483 0xbe-0xbf.7 (2) +0x0c0|fe 30 |.0 | checksum: 0xfe30 0xc0-0xc1.7 (2) +0x0c0| 00 00 | .. | urgent_pointer: 0 0xc2-0xc3.7 (2) + | | | options: [5] 0xc4-0xd7.7 (20) + | | | [0]: option {} 0xc4-0xc7.7 (4) +0x0c0| 02 | . | kind: "maxseg" (2) (Maximum segment size) 0xc4-0xc4.7 (1) +0x0c0| 04 | . | length: 4 0xc5-0xc5.7 (1) +0x0c0| ff d7 | .. | data: raw bits 0xc6-0xc7.7 (2) + | | | [1]: option {} 0xc8-0xc9.7 (2) +0x0c0| 04 | . | kind: "sack_permitted" (4) (Selective Acknowledgement permitted) 0xc8-0xc8.7 (1) +0x0c0| 02 | . | length: 2 0xc9-0xc9.7 (1) + | | | data: raw bits 0xca-NA (0) + | | | [2]: option {} 0xca-0xd3.7 (10) +0x0c0| 08 | . | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0xca-0xca.7 (1) +0x0c0| 0a | . | length: 10 0xcb-0xcb.7 (1) +0x0c0| e4 67 f5 17| .g..| data: raw bits 0xcc-0xd3.7 (8) +0x0d0|e4 67 f5 17 |.g.. | + | | | [3]: option {} 0xd4-0xd4.7 (1) +0x0d0| 01 | . | kind: "nop" (1) (No operation) 0xd4-0xd4.7 (1) + | | | [4]: option {} 0xd5-0xd7.7 (3) +0x0d0| 03 | . | kind: "winscale" (3) (Window scale) 0xd5-0xd5.7 (1) +0x0d0| 03 | . | length: 3 0xd6-0xd6.7 (1) +0x0d0| 07 | . | data: raw bits 0xd7-0xd7.7 (1) + | | | data: raw bits 0xd8-NA (0) + | | | capture_padding: raw bits 0xd8-NA (0) + | | | [2]: packet {} 0xd8-0x12f.7 (88) +0x0d0| 44 08 a5 61 | D..a | ts_sec: 1638205508 0xd8-0xdb.7 (4) +0x0d0| 51 c1 0b 00| Q...| ts_usec: 770385 0xdc-0xdf.7 (4) +0x0e0|48 00 00 00 |H... | incl_len: 72 0xe0-0xe3.7 (4) +0x0e0| 48 00 00 00 | H... | orig_len: 72 0xe4-0xe7.7 (4) + | | | packet: {} (sll2_packet) 0xe8-0x12f.7 (72) +0x0e0| 08 00 | .. | protocol_type: "ipv4" (0x800) (Internet Protocol version 4) 0xe8-0xe9.7 (2) +0x0e0| 00 00 | .. | reserved: 0 0xea-0xeb.7 (2) +0x0e0| 00 00 00 01| ....| interface_index: 1 0xec-0xef.7 (4) +0x0f0|03 04 |.. | arphdr_type: "loopback" (772) (Loopback device) 0xf0-0xf1.7 (2) +0x0f0| 00 | . | packet_type: "to_us" (0) (Sent to us) 0xf2-0xf2.7 (1) +0x0f0| 06 | . | link_address_length: 6 0xf3-0xf3.7 (1) +0x0f0| 00 00 00 00 00 00 | ...... | link_address: "00:00:00:00:00:00" (0x0) 0xf4-0xf9.7 (6) +0x0f0| 00 00 | .. | padding: raw bits 0xfa-0xfb.7 (2) + | | | data: {} (ipv4_packet) 0xfc-0x12f.7 (52) +0x0f0| 45 | E | version: 4 0xfc-0xfc.3 (0.4) +0x0f0| 45 | E | ihl: 5 0xfc.4-0xfc.7 (0.4) +0x0f0| 00 | . | dscp: 0 0xfd-0xfd.5 (0.6) +0x0f0| 00 | . | ecn: 0 0xfd.6-0xfd.7 (0.2) +0x0f0| 00 34| .4| total_length: 52 0xfe-0xff.7 (2) +0x100|af 94 |.. | identification: 44948 0x100-0x101.7 (2) +0x100| 40 | @ | reserved: 0 0x102-0x102 (0.1) +0x100| 40 | @ | dont_fragment: true 0x102.1-0x102.1 (0.1) +0x100| 40 | @ | more_fragments: false 0x102.2-0x102.2 (0.1) +0x100| 40 00 | @. | fragment_offset: 0 0x102.3-0x103.7 (1.5) +0x100| 40 | @ | ttl: 64 0x104-0x104.7 (1) +0x100| 06 | . | protocol: "tcp" (6) (Transmission control protocol) 0x105-0x105.7 (1) +0x100| 8d 2d | .- | header_checksum: 0x8d2d (valid) 0x106-0x107.7 (2) +0x100| 7f 00 00 01 | .... | source_ip: "127.0.0.1" (0x7f000001) 0x108-0x10b.7 (4) +0x100| 7f 00 00 01| ....| destination_ip: "127.0.0.1" (0x7f000001) 0x10c-0x10f.7 (4) + | | | data: {} (tcp_segment) 0x110-0x12f.7 (32) +0x110|b8 46 |.F | source_port: 47174 0x110-0x111.7 (2) +0x110| 04 d2 | .. | destination_port: 1234 0x112-0x113.7 (2) +0x110| 4e 2a 3f db | N*?. | sequence_number: 1311391707 0x114-0x117.7 (4) +0x110| ce 52 26 df | .R&. | acknowledgment_number: 3461490399 0x118-0x11b.7 (4) +0x110| 80 | . | data_offset: 8 0x11c-0x11c.3 (0.4) +0x110| 80 | . | reserved: 0 0x11c.4-0x11c.6 (0.3) +0x110| 80 | . | ns: false 0x11c.7-0x11c.7 (0.1) +0x110| 10 | . | cwr: false 0x11d-0x11d (0.1) +0x110| 10 | . | ece: false 0x11d.1-0x11d.1 (0.1) +0x110| 10 | . | urg: false 0x11d.2-0x11d.2 (0.1) +0x110| 10 | . | ack: true 0x11d.3-0x11d.3 (0.1) +0x110| 10 | . | psh: false 0x11d.4-0x11d.4 (0.1) +0x110| 10 | . | rst: false 0x11d.5-0x11d.5 (0.1) +0x110| 10 | . | syn: false 0x11d.6-0x11d.6 (0.1) +0x110| 10 | . | fin: false 0x11d.7-0x11d.7 (0.1) +0x110| 02 00| ..| window_size: 512 0x11e-0x11f.7 (2) +0x120|fe 28 |.( | checksum: 0xfe28 0x120-0x121.7 (2) +0x120| 00 00 | .. | urgent_pointer: 0 0x122-0x123.7 (2) + | | | options: [3] 0x124-0x12f.7 (12) + | | | [0]: option {} 0x124-0x124.7 (1) +0x120| 01 | . | kind: "nop" (1) (No operation) 0x124-0x124.7 (1) + | | | [1]: option {} 0x125-0x125.7 (1) +0x120| 01 | . | kind: "nop" (1) (No operation) 0x125-0x125.7 (1) + | | | [2]: option {} 0x126-0x12f.7 (10) +0x120| 08 | . | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x126-0x126.7 (1) +0x120| 0a | . | length: 10 0x127-0x127.7 (1) +0x120| e4 67 f5 17 e4 67 f5 17| .g...g..| data: raw bits 0x128-0x12f.7 (8) + | | | data: raw bits 0x130-NA (0) + | | | capture_padding: raw bits 0x130-NA (0) + | | | [3]: packet {} 0x130-0x18c.7 (93) +0x130|44 08 a5 61 |D..a | ts_sec: 1638205508 0x130-0x133.7 (4) +0x130| d0 c1 0b 00 | .... | ts_usec: 770512 0x134-0x137.7 (4) +0x130| 4d 00 00 00 | M... | incl_len: 77 0x138-0x13b.7 (4) +0x130| 4d 00 00 00| M...| orig_len: 77 0x13c-0x13f.7 (4) + | | | packet: {} (sll2_packet) 0x140-0x18c.7 (77) +0x140|08 00 |.. | protocol_type: "ipv4" (0x800) (Internet Protocol version 4) 0x140-0x141.7 (2) +0x140| 00 00 | .. | reserved: 0 0x142-0x143.7 (2) +0x140| 00 00 00 01 | .... | interface_index: 1 0x144-0x147.7 (4) +0x140| 03 04 | .. | arphdr_type: "loopback" (772) (Loopback device) 0x148-0x149.7 (2) +0x140| 00 | . | packet_type: "to_us" (0) (Sent to us) 0x14a-0x14a.7 (1) +0x140| 06 | . | link_address_length: 6 0x14b-0x14b.7 (1) +0x140| 00 00 00 00| ....| link_address: "00:00:00:00:00:00" (0x0) 0x14c-0x151.7 (6) +0x150|00 00 |.. | +0x150| 00 00 | .. | padding: raw bits 0x152-0x153.7 (2) + | | | data: {} (ipv4_packet) 0x154-0x18c.7 (57) +0x150| 45 | E | version: 4 0x154-0x154.3 (0.4) +0x150| 45 | E | ihl: 5 0x154.4-0x154.7 (0.4) +0x150| 00 | . | dscp: 0 0x155-0x155.5 (0.6) +0x150| 00 | . | ecn: 0 0x155.6-0x155.7 (0.2) +0x150| 00 39 | .9 | total_length: 57 0x156-0x157.7 (2) +0x150| af 95 | .. | identification: 44949 0x158-0x159.7 (2) +0x150| 40 | @ | reserved: 0 0x15a-0x15a (0.1) +0x150| 40 | @ | dont_fragment: true 0x15a.1-0x15a.1 (0.1) +0x150| 40 | @ | more_fragments: false 0x15a.2-0x15a.2 (0.1) +0x150| 40 00 | @. | fragment_offset: 0 0x15a.3-0x15b.7 (1.5) +0x150| 40 | @ | ttl: 64 0x15c-0x15c.7 (1) +0x150| 06 | . | protocol: "tcp" (6) (Transmission control protocol) 0x15d-0x15d.7 (1) +0x150| 8d 27| .'| header_checksum: 0x8d27 (valid) 0x15e-0x15f.7 (2) +0x160|7f 00 00 01 |.... | source_ip: "127.0.0.1" (0x7f000001) 0x160-0x163.7 (4) +0x160| 7f 00 00 01 | .... | destination_ip: "127.0.0.1" (0x7f000001) 0x164-0x167.7 (4) + | | | data: {} (tcp_segment) 0x168-0x18c.7 (37) +0x160| b8 46 | .F | source_port: 47174 0x168-0x169.7 (2) +0x160| 04 d2 | .. | destination_port: 1234 0x16a-0x16b.7 (2) +0x160| 4e 2a 3f db| N*?.| sequence_number: 1311391707 0x16c-0x16f.7 (4) +0x170|ce 52 26 df |.R&. | acknowledgment_number: 3461490399 0x170-0x173.7 (4) +0x170| 80 | . | data_offset: 8 0x174-0x174.3 (0.4) +0x170| 80 | . | reserved: 0 0x174.4-0x174.6 (0.3) +0x170| 80 | . | ns: false 0x174.7-0x174.7 (0.1) +0x170| 18 | . | cwr: false 0x175-0x175 (0.1) +0x170| 18 | . | ece: false 0x175.1-0x175.1 (0.1) +0x170| 18 | . | urg: false 0x175.2-0x175.2 (0.1) +0x170| 18 | . | ack: true 0x175.3-0x175.3 (0.1) +0x170| 18 | . | psh: true 0x175.4-0x175.4 (0.1) +0x170| 18 | . | rst: false 0x175.5-0x175.5 (0.1) +0x170| 18 | . | syn: false 0x175.6-0x175.6 (0.1) +0x170| 18 | . | fin: false 0x175.7-0x175.7 (0.1) +0x170| 02 00 | .. | window_size: 512 0x176-0x177.7 (2) +0x170| fe 2d | .- | checksum: 0xfe2d 0x178-0x179.7 (2) +0x170| 00 00 | .. | urgent_pointer: 0 0x17a-0x17b.7 (2) + | | | options: [3] 0x17c-0x187.7 (12) + | | | [0]: option {} 0x17c-0x17c.7 (1) +0x170| 01 | . | kind: "nop" (1) (No operation) 0x17c-0x17c.7 (1) + | | | [1]: option {} 0x17d-0x17d.7 (1) +0x170| 01 | . | kind: "nop" (1) (No operation) 0x17d-0x17d.7 (1) + | | | [2]: option {} 0x17e-0x187.7 (10) +0x170| 08 | . | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x17e-0x17e.7 (1) +0x170| 0a| .| length: 10 0x17f-0x17f.7 (1) +0x180|e4 67 f5 17 e4 67 f5 17 |.g...g.. | data: raw bits 0x180-0x187.7 (8) +0x180| 74 65 73 74 0a | test. | data: raw bits 0x188-0x18c.7 (5) + | | | capture_padding: raw bits 0x18d-NA (0) + | | | [4]: packet {} 0x18d-0x1e4.7 (88) +0x180| 44 08 a5| D..| ts_sec: 1638205508 0x18d-0x190.7 (4) +0x190|61 |a | +0x190| d7 c1 0b 00 | .... | ts_usec: 770519 0x191-0x194.7 (4) +0x190| 48 00 00 00 | H... | incl_len: 72 0x195-0x198.7 (4) +0x190| 48 00 00 00 | H... | orig_len: 72 0x199-0x19c.7 (4) + | | | packet: {} (sll2_packet) 0x19d-0x1e4.7 (72) +0x190| 08 00 | .. | protocol_type: "ipv4" (0x800) (Internet Protocol version 4) 0x19d-0x19e.7 (2) +0x190| 00| .| reserved: 0 0x19f-0x1a0.7 (2) +0x1a0|00 |. | +0x1a0| 00 00 00 01 | .... | interface_index: 1 0x1a1-0x1a4.7 (4) +0x1a0| 03 04 | .. | arphdr_type: "loopback" (772) (Loopback device) 0x1a5-0x1a6.7 (2) +0x1a0| 00 | . | packet_type: "to_us" (0) (Sent to us) 0x1a7-0x1a7.7 (1) +0x1a0| 06 | . | link_address_length: 6 0x1a8-0x1a8.7 (1) +0x1a0| 00 00 00 00 00 00 | ...... | link_address: "00:00:00:00:00:00" (0x0) 0x1a9-0x1ae.7 (6) +0x1a0| 00| .| padding: raw bits 0x1af-0x1b0.7 (2) +0x1b0|00 |. | + | | | data: {} (ipv4_packet) 0x1b1-0x1e4.7 (52) +0x1b0| 45 | E | version: 4 0x1b1-0x1b1.3 (0.4) +0x1b0| 45 | E | ihl: 5 0x1b1.4-0x1b1.7 (0.4) +0x1b0| 00 | . | dscp: 0 0x1b2-0x1b2.5 (0.6) +0x1b0| 00 | . | ecn: 0 0x1b2.6-0x1b2.7 (0.2) +0x1b0| 00 34 | .4 | total_length: 52 0x1b3-0x1b4.7 (2) +0x1b0| 17 00 | .. | identification: 5888 0x1b5-0x1b6.7 (2) +0x1b0| 40 | @ | reserved: 0 0x1b7-0x1b7 (0.1) +0x1b0| 40 | @ | dont_fragment: true 0x1b7.1-0x1b7.1 (0.1) +0x1b0| 40 | @ | more_fragments: false 0x1b7.2-0x1b7.2 (0.1) +0x1b0| 40 00 | @. | fragment_offset: 0 0x1b7.3-0x1b8.7 (1.5) +0x1b0| 40 | @ | ttl: 64 0x1b9-0x1b9.7 (1) +0x1b0| 06 | . | protocol: "tcp" (6) (Transmission control protocol) 0x1ba-0x1ba.7 (1) +0x1b0| 25 c2 | %. | header_checksum: 0x25c2 (valid) 0x1bb-0x1bc.7 (2) +0x1b0| 7f 00 00| ...| source_ip: "127.0.0.1" (0x7f000001) 0x1bd-0x1c0.7 (4) +0x1c0|01 |. | +0x1c0| 7f 00 00 01 | .... | destination_ip: "127.0.0.1" (0x7f000001) 0x1c1-0x1c4.7 (4) + | | | data: {} (tcp_segment) 0x1c5-0x1e4.7 (32) +0x1c0| 04 d2 | .. | source_port: 1234 0x1c5-0x1c6.7 (2) +0x1c0| b8 46 | .F | destination_port: 47174 0x1c7-0x1c8.7 (2) +0x1c0| ce 52 26 df | .R&. | sequence_number: 3461490399 0x1c9-0x1cc.7 (4) +0x1c0| 4e 2a 3f| N*?| acknowledgment_number: 1311391712 0x1cd-0x1d0.7 (4) +0x1d0|e0 |. | +0x1d0| 80 | . | data_offset: 8 0x1d1-0x1d1.3 (0.4) +0x1d0| 80 | . | reserved: 0 0x1d1.4-0x1d1.6 (0.3) +0x1d0| 80 | . | ns: false 0x1d1.7-0x1d1.7 (0.1) +0x1d0| 10 | . | cwr: false 0x1d2-0x1d2 (0.1) +0x1d0| 10 | . | ece: false 0x1d2.1-0x1d2.1 (0.1) +0x1d0| 10 | . | urg: false 0x1d2.2-0x1d2.2 (0.1) +0x1d0| 10 | . | ack: true 0x1d2.3-0x1d2.3 (0.1) +0x1d0| 10 | . | psh: false 0x1d2.4-0x1d2.4 (0.1) +0x1d0| 10 | . | rst: false 0x1d2.5-0x1d2.5 (0.1) +0x1d0| 10 | . | syn: false 0x1d2.6-0x1d2.6 (0.1) +0x1d0| 10 | . | fin: false 0x1d2.7-0x1d2.7 (0.1) +0x1d0| 02 00 | .. | window_size: 512 0x1d3-0x1d4.7 (2) +0x1d0| fe 28 | .( | checksum: 0xfe28 0x1d5-0x1d6.7 (2) +0x1d0| 00 00 | .. | urgent_pointer: 0 0x1d7-0x1d8.7 (2) + | | | options: [3] 0x1d9-0x1e4.7 (12) + | | | [0]: option {} 0x1d9-0x1d9.7 (1) +0x1d0| 01 | . | kind: "nop" (1) (No operation) 0x1d9-0x1d9.7 (1) + | | | [1]: option {} 0x1da-0x1da.7 (1) +0x1d0| 01 | . | kind: "nop" (1) (No operation) 0x1da-0x1da.7 (1) + | | | [2]: option {} 0x1db-0x1e4.7 (10) +0x1d0| 08 | . | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x1db-0x1db.7 (1) +0x1d0| 0a | . | length: 10 0x1dc-0x1dc.7 (1) +0x1d0| e4 67 f5| .g.| data: raw bits 0x1dd-0x1e4.7 (8) +0x1e0|17 e4 67 f5 17| |..g..| | + | | | data: raw bits 0x1e5-NA (0) + | | | capture_padding: raw bits 0x1e5-NA (0) + | | | ipv4_reassembled: [0] 0x1e5-NA (0) + | | | tcp_connections: [1] 0x1e5-NA (0) + | | | [0]: flow {} 0x1e5-NA (0) + | | | source_ip: "127.0.0.1" 0x1e5-NA (0) + | | | source_port: 47174 0x1e5-NA (0) + | | | destination_ip: "127.0.0.1" 0x1e5-NA (0) + | | | destination_port: 1234 0x1e5-NA (0) + 0x00|74 65 73 74 0a| |test.| | client_stream: raw bits 0x0-0x4.7 (5) + | | | server_stream: raw bits 0x0-NA (0) diff --git a/format/pcap/testdata/sll2_tcp.pcap b/format/pcap/testdata/sll2_tcp.pcap new file mode 100644 index 0000000000000000000000000000000000000000..52b40d095e175836270d015460c6ca64a598c122 GIT binary patch literal 485 zcmca|c+)~A1{MYcU||qpWMFXNSemGLkeeX@C;`G85Cx3PEDUTgwXO^dHtQ!lFgURF zs?{?vFoN(7HB+P0Nu+7aXZLtkh?Dc&GiME3BowcwOl_HY_2+1b0vW0>Y|!kl3HBC1v30P Y5snrI2a4(;nBmYsxepAK2iP190N;sbiU0rr literal 0 HcmV?d00001 diff --git a/format/tar/tar.go b/format/tar/tar.go index 5a69fda8..b8beedc6 100644 --- a/format/tar/tar.go +++ b/format/tar/tar.go @@ -85,7 +85,7 @@ func tarDecode(d *decode.D, in interface{}) interface{} { fieldStr(d, "prefix", 155) fieldBlockPadding(d, "header_block_padding") if size > 0 { - dv, _, _ := d.FieldTryFormatLen("data", int64(size)*8, probeFormat, nil) + dv, _, _ := d.TryFieldFormatLen("data", int64(size)*8, probeFormat, nil) if dv == nil { d.FieldRawLen("data", int64(size)*8) } diff --git a/format/zip/zip.go b/format/zip/zip.go index bd99129f..6b4b8b8b 100644 --- a/format/zip/zip.go +++ b/format/zip/zip.go @@ -276,7 +276,7 @@ func zipDecode(d *decode.D, in interface{}) interface{} { } if compressionMethod == compressionMethodNone { - if dv, _, _ := d.FieldTryFormatLen("uncompressed", compressedSize, probeFormat, nil); dv == nil { + if dv, _, _ := d.TryFieldFormatLen("uncompressed", compressedSize, probeFormat, nil); dv == nil { d.FieldRawLen("uncompressed", compressedSize) } } else { diff --git a/go.mod b/go.mod index dfe33319..ad4e30cb 100644 --- a/go.mod +++ b/go.mod @@ -3,21 +3,25 @@ module github.com/wader/fq go 1.17 require ( - // bump: gomod-mapstructure /github.com\/mitchellh\/mapstructure v(.*)/ git://github.com/mitchellh/mapstructure|^1 + // bump: gomod-gopacket /github\.com\/google\/gopacket v(.*)/ https://github.com/google/gopacket.git|^1 + // bump: gomod-gopacket command go get -d github.com/google/gopacket@v$LATEST && go mod tidy + github.com/google/gopacket v1.1.19 + // bump: gomod-mapstructure /github.com\/mitchellh\/mapstructure v(.*)/ https://github.com/mitchellh/mapstructure.git|^1 // bump: gomod-mapstructure command go get -d github.com/mitchellh/mapstructure@v$LATEST && go mod tidy github.com/mitchellh/mapstructure v1.4.2 - // bump: gomod-go-difflib /github.com\/pmezard\/go-difflib v(.*)/ git://github.com/pmezard/go-difflib|^1 + // bump: gomod-go-difflib /github.com\/pmezard\/go-difflib v(.*)/ https://github.com/pmezard/go-difflib.git|^1 // bump: gomod-go-difflib command go get -d github.com/pmezard/go-difflib@v$LATEST && go mod tidy github.com/pmezard/go-difflib v1.0.0 + // bump: gomod-golang/text /golang\.org\/x\/text v(.*)/ https://github.com/golang/text.git|^0 + // bump: gomod-golang/text command go get -d golang.org/x/text@v$LATEST && go mod tidy + golang.org/x/text v0.3.7 +) +require ( // fork of github.com/itchyny/gojq, see github.com/wader/gojq fq branch github.com/wader/gojq v0.12.1-0.20211105163429-4313a117784f // fork of github.com/chzyer/readline, see github.com/wader/readline fq branch github.com/wader/readline v0.0.0-20210920124728-5a81f7707bac - - // bump: gomod-golang/text /golang\.org\/x\/text v(.*)/ git://github.com/golang/text|^0 - // bump: gomod-golang/text command go get -d golang.org/x/text@v$LATEST && go mod tidy - golang.org/x/text v0.3.7 ) require ( diff --git a/go.sum b/go.sum index 204863c7..8f745bc5 100644 --- a/go.sum +++ b/go.sum @@ -4,6 +4,8 @@ github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1 h1:q763qf9huN11kDQavWs github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/gopacket v1.1.19 h1:ves8RnFZPGiFnTS0uPQStjwru6uO6h+nlr9j6fL7kF8= +github.com/google/gopacket v1.1.19/go.mod h1:iJ8V8n6KS+z2U1A8pUwu8bW5SyEMkXJB8Yo/Vo+TKTo= github.com/itchyny/timefmt-go v0.1.3 h1:7M3LGVDsqcd0VZH2U+x393obrzZisp7C0uEe921iRkU= github.com/itchyny/timefmt-go v0.1.3/go.mod h1:0osSSCQSASBJMsIZnhAaF1C2fCBTJZXrnj37mG8/c+A= github.com/mattn/go-isatty v0.0.13/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= @@ -18,13 +20,25 @@ github.com/wader/gojq v0.12.1-0.20211105163429-4313a117784f h1:va5DRs9mQ50oyL/MB github.com/wader/gojq v0.12.1-0.20211105163429-4313a117784f/go.mod h1:INvGGy+u9oDIoekNbgd2udgWKPwTEBt1KCmB65E8zeU= github.com/wader/readline v0.0.0-20210920124728-5a81f7707bac h1:F5x54dwg6vGyf+8XhujiyXr651E3tKpcL1mqGmS7/MU= github.com/wader/readline v0.0.0-20210920124728-5a81f7707bac/go.mod h1:jYXyt9wQg3DifxQ8FM5M/ZoskO23GIwmo05QLHtO9CQ= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= +golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e h1:XMgFehsDnnLGtjvjOfqWSUzt0alpTR1RSEuznObga2c= golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/pkg/crc/crc.go b/pkg/checksum/crc.go similarity index 97% rename from pkg/crc/crc.go rename to pkg/checksum/crc.go index aa229898..bcf48898 100644 --- a/pkg/crc/crc.go +++ b/pkg/checksum/crc.go @@ -1,6 +1,8 @@ -package crc +package checksum -import "fmt" +import ( + "fmt" +) // TODO: lazy make table? diff --git a/pkg/checksum/ipv4.go b/pkg/checksum/ipv4.go new file mode 100644 index 00000000..6897904e --- /dev/null +++ b/pkg/checksum/ipv4.go @@ -0,0 +1,39 @@ +package checksum + +// IPv4 implements hash.Hash +type IPv4 struct { + sum uint + odd bool +} + +func (c *IPv4) Write(p []byte) (n int, err error) { + for _, b := range p { + if c.odd { + c.sum += uint(b) + if c.sum > 0xffff { + c.sum++ + c.sum &= 0xffff + } + } else { + c.sum += uint(b) << 8 + } + c.odd = !c.odd + } + return len(p), nil +} + +func (c *IPv4) Sum(b []byte) []byte { + s := c.sum + if c.odd { + if s > 0xffff { + s++ + s &= 0xffff + } + + } + s ^= 0xffff + return append(b, byte(s>>8), byte(s)) +} +func (c *IPv4) Reset() { c.sum = 0 } +func (c *IPv4) Size() int { return 2 } +func (c *IPv4) BlockSize() int { return 2 } diff --git a/pkg/decode/decode.go b/pkg/decode/decode.go index fb6dbe65..0902a8d4 100644 --- a/pkg/decode/decode.go +++ b/pkg/decode/decode.go @@ -191,7 +191,7 @@ func (d *D) Copy(r io.Writer, w io.Reader) (int64, error) { func (d *D) MustCopy(r io.Writer, w io.Reader) int64 { n, err := d.Copy(r, w) if err != nil { - panic(IOError{Err: err, Op: "MustCopyBuffer"}) + d.IOPanic(err, "MustCopy") } return n } @@ -268,8 +268,8 @@ func (d *D) Fatalf(format string, a ...interface{}) { panic(DecoderError{Reason: fmt.Sprintf(format, a...), Pos: d.Pos()}) } -func (d *D) IOPanic(err error) { - panic(IOError{Err: err, Pos: d.Pos()}) +func (d *D) IOPanic(err error, op string) { + panic(IOError{Err: err, Pos: d.Pos(), Op: op}) } // Bits reads nBits bits from buffer @@ -755,7 +755,7 @@ func (d *D) FieldFormat(name string, group Group, inArg interface{}) (*Value, in return dv, v } -func (d *D) FieldTryFormatLen(name string, nBits int64, group Group, inArg interface{}) (*Value, interface{}, error) { +func (d *D) TryFieldFormatLen(name string, nBits int64, group Group, inArg interface{}) (*Value, interface{}, error) { dv, v, err := decode(d.Ctx, d.bitBuf, group, Options{ Name: name, Force: d.Options.Force, @@ -778,7 +778,7 @@ func (d *D) FieldTryFormatLen(name string, nBits int64, group Group, inArg inter } func (d *D) FieldFormatLen(name string, nBits int64, group Group, inArg interface{}) (*Value, interface{}) { - dv, v, err := d.FieldTryFormatLen(name, nBits, group, inArg) + dv, v, err := d.TryFieldFormatLen(name, nBits, group, inArg) if dv == nil || dv.Errors() != nil { panic(err) } @@ -915,7 +915,7 @@ func (d *D) TryFieldReaderRangeFormat(name string, startBit int64, nBits int64, func (d *D) FieldReaderRangeFormat(name string, startBit int64, nBits int64, fn func(r io.Reader) io.Reader, group Group, inArg interface{}) (int64, *bitio.Buffer, *Value, interface{}) { cz, rbb, dv, v, err := d.TryFieldReaderRangeFormat(name, startBit, nBits, fn, group, inArg) if err != nil { - d.IOPanic(err) + d.IOPanic(err, "TryFieldReaderRangeFormat") } return cz, rbb, dv, v } diff --git a/pkg/interp/repl.jq b/pkg/interp/repl.jq index 5b41455d..51995159 100644 --- a/pkg/interp/repl.jq +++ b/pkg/interp/repl.jq @@ -182,7 +182,7 @@ def _repl($opts): #:: a|(Opts) => @ def _read_expr: _repeat_break( # both _prompt and _complete want input arrays - ( _readline(_prompt; {complete: "_complete", timeout: 0.5}) + ( _readline(_prompt; {complete: "_complete", timeout: 1}) | if trim == "" then empty else (., error("break")) end diff --git a/pkg/interp/testdata/args.fqtest b/pkg/interp/testdata/args.fqtest index 68dfec0f..d04459d7 100644 --- a/pkg/interp/testdata/args.fqtest +++ b/pkg/interp/testdata/args.fqtest @@ -69,8 +69,9 @@ avc_sei H.264/AVC Supplemental Enhancement Information avc_sps H.264/AVC Sequence Parameter Set bzip2 bzip2 compression dns DNS packet +dns_tcp DNS packet (TCP) elf Executable and Linkable Format -ether8023 Ethernet 802.3 +ether8023_frame Ethernet 802.3 frame exif Exchangeable Image File Format flac Free Lossless Audio Codec file flac_frame FLAC frame @@ -85,10 +86,11 @@ hevc_au H.265/HEVC Access Unit hevc_dcr H.265/HEVC Decoder Configuration Record hevc_nalu H.265/HEVC Network Access Layer Unit icc_profile International Color Consortium profile +icmp Internet Control Message Protocol id3v1 ID3v1 metadata id3v11 ID3v1.1 metadata id3v2 ID3v2 metadata -ipv4 Internet protocol v4 +ipv4_packet Internet protocol v4 packet jpeg Joint Photographic Experts Group file json JSON matroska Matroska file @@ -111,10 +113,12 @@ protobuf Protobuf protobuf_widevine Widevine protobuf pssh_playready PlayReady PSSH raw Raw bits +sll2_packet Linux cooked capture encapsulation v2 +sll_packet Linux cooked capture encapsulation tar Tar archive -tcp Transmission Control Protocol +tcp_segment Transmission control protocol segment tiff Tag Image File Format -udp User datagram protocol +udp_datagram User datagram protocol vorbis_comment Vorbis comment vorbis_packet Vorbis packet vp8_frame VP8 frame