# from https://wiki.wireshark.org/SampleCaptures $ fq -d pcap dv ipv4frags.pcap |00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef|.{}: ipv4frags.pcap (pcap) 0x0-0xbad.7 (2990) | | | header{}: 0x0-0x17.7 (24) 0x00000|d4 c3 b2 a1 |.... | magic: "little_endian" (0xd4c3b2a1) (valid) 0x0-0x3.7 (4) 0x00000| 02 00 | .. | version_major: 2 0x4-0x5.7 (2) 0x00000| 04 00 | .. | version_minor: 4 0x6-0x7.7 (2) 0x00000| 00 00 00 00 | .... | thiszone: 0 0x8-0xb.7 (4) 0x00000| 00 00 00 00| ....| sigfigs: 0 0xc-0xf.7 (4) 0x00010|d0 07 00 00 |.... | snaplen: 2000 0x10-0x13.7 (4) 0x00010| 01 00 00 00 | .... | network: "ethernet" (1) (IEEE 802.3 Ethernet) 0x14-0x17.7 (4) | | | packets[0:3]: 0x18-0xbad.7 (2966) | | | [0]{}: packet 0x18-0x419.7 (1026) 0x00010| 14 2b d2 59 | .+.Y | ts_sec: 1506945812 0x18-0x1b.7 (4) 0x00010| 5c 2a 08 00| \*..| ts_usec: 535132 0x1c-0x1f.7 (4) 0x00020|f2 03 00 00 |.... | incl_len: 1010 0x20-0x23.7 (4) 0x00020| f2 03 00 00 | .... | orig_len: 1010 0x24-0x27.7 (4) |00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef| packet{}: (ether8023_frame) 0x28-0x419.7 (1010) 0x00020| 08 00 27 e2 9f a6 | ..'... | destination: "08:00:27:e2:9f:a6" (0x80027e29fa6) 0x28-0x2d.7 (6) 0x00020| 08 00| ..| source: "08:00:27:fc:6a:c9" (0x80027fc6ac9) 0x2e-0x33.7 (6) 0x00030|27 fc 6a c9 |'.j. | 0x00030| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x34-0x35.7 (2) |00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef| payload{}: (ipv4_packet) 0x36-0x419.7 (996) 0x00030| 45 | E | version: 4 0x36-0x36.3 (0.4) 0x00030| 45 | E | ihl: 5 0x36.4-0x36.7 (0.4) 0x00030| 00 | . | dscp: 0 0x37-0x37.5 (0.6) 0x00030| 00 | . | ecn: 0 0x37.6-0x37.7 (0.2) 0x00030| 03 e4 | .. | total_length: 996 0x38-0x39.7 (2) 0x00030| b5 d0 | .. | identification: 46544 0x3a-0x3b.7 (2) 0x00030| 20 | | reserved: 0 0x3c-0x3c (0.1) 0x00030| 20 | | dont_fragment: false 0x3c.1-0x3c.1 (0.1) 0x00030| 20 | | more_fragments: true 0x3c.2-0x3c.2 (0.1) 0x00030| 20 00 | . | fragment_offset: 0 0x3c.3-0x3d.7 (1.5) 0x00030| 40 | @ | ttl: 64 0x3e-0x3e.7 (1) 0x00030| 01| .| protocol: "icmp" (1) (Internet control message protocol) 0x3f-0x3f.7 (1) 0x00040|9b 44 |.D | header_checksum: 0x9b44 (valid) 0x40-0x41.7 (2) 0x00040| 02 01 01 02 | .... | source_ip: "2.1.1.2" (0x2010102) 0x42-0x45.7 (4) 0x00040| 02 01 01 01 | .... | destination_ip: "2.1.1.1" (0x2010101) 0x46-0x49.7 (4) 0x00040| 08 00 4d 71 13 c2| ..Mq..| payload: raw bits 0x4a-0x419.7 (976) 0x00050|00 01 14 2b d2 59 00 00 00 00 3d 2a 08 00 00 00|...+.Y....=*....| * |until 0x419.7 (976) | | | | | [1]{}: packet 0x41a-0x5fb.7 (482) 0x00410| 14 2b d2 59 | .+.Y | ts_sec: 1506945812 0x41a-0x41d.7 (4) 0x00410| 9d 2a| .*| ts_usec: 535197 0x41e-0x421.7 (4) 0x00420|08 00 |.. | 0x00420| d2 01 00 00 | .... | incl_len: 466 0x422-0x425.7 (4) 0x00420| d2 01 00 00 | .... | orig_len: 466 0x426-0x429.7 (4) |00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef| packet{}: (ether8023_frame) 0x42a-0x5fb.7 (466) 0x00420| 08 00 27 e2 9f a6| ..'...| destination: "08:00:27:e2:9f:a6" (0x80027e29fa6) 0x42a-0x42f.7 (6) 0x00430|08 00 27 fc 6a c9 |..'.j. | source: "08:00:27:fc:6a:c9" (0x80027fc6ac9) 0x430-0x435.7 (6) 0x00430| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x436-0x437.7 (2) |00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef| payload{}: (ipv4_packet) 0x438-0x5fb.7 (452) 0x00430| 45 | E | version: 4 0x438-0x438.3 (0.4) 0x00430| 45 | E | ihl: 5 0x438.4-0x438.7 (0.4) 0x00430| 00 | . | dscp: 0 0x439-0x439.5 (0.6) 0x00430| 00 | . | ecn: 0 0x439.6-0x439.7 (0.2) 0x00430| 01 c4 | .. | total_length: 452 0x43a-0x43b.7 (2) 0x00430| b5 d0 | .. | identification: 46544 0x43c-0x43d.7 (2) 0x00430| 00 | . | reserved: 0 0x43e-0x43e (0.1) 0x00430| 00 | . | dont_fragment: false 0x43e.1-0x43e.1 (0.1) 0x00430| 00 | . | more_fragments: false 0x43e.2-0x43e.2 (0.1) 0x00430| 00 7a| .z| fragment_offset: 122 0x43e.3-0x43f.7 (1.5) 0x00440|40 |@ | ttl: 64 0x440-0x440.7 (1) 0x00440| 01 | . | protocol: "icmp" (1) (Internet control message protocol) 0x441-0x441.7 (1) 0x00440| bc ea | .. | header_checksum: 0xbcea (valid) 0x442-0x443.7 (2) 0x00440| 02 01 01 02 | .... | source_ip: "2.1.1.2" (0x2010102) 0x444-0x447.7 (4) 0x00440| 02 01 01 01 | .... | destination_ip: "2.1.1.1" (0x2010101) 0x448-0x44b.7 (4) 0x00440| c8 c9 ca cb| ....| payload: raw bits 0x44c-0x5fb.7 (432) 0x00450|cc cd ce cf d0 d1 d2 d3 d4 d5 d6 d7 d8 d9 da db|................| * |until 0x5fb.7 (432) | | | | | [2]{}: packet 0x5fc-0xbad.7 (1458) 0x005f0| 14 2b d2 59| .+.Y| ts_sec: 1506945812 0x5fc-0x5ff.7 (4) 0x00600|59 2c 08 00 |Y,.. | ts_usec: 535641 0x600-0x603.7 (4) 0x00600| a2 05 00 00 | .... | incl_len: 1442 0x604-0x607.7 (4) 0x00600| a2 05 00 00 | .... | orig_len: 1442 0x608-0x60b.7 (4) |00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef| packet{}: (ether8023_frame) 0x60c-0xbad.7 (1442) 0x00600| 08 00 27 fc| ..'.| destination: "08:00:27:fc:6a:c9" (0x80027fc6ac9) 0x60c-0x611.7 (6) 0x00610|6a c9 |j. | 0x00610| 08 00 27 e2 9f a6 | ..'... | source: "08:00:27:e2:9f:a6" (0x80027e29fa6) 0x612-0x617.7 (6) 0x00610| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x618-0x619.7 (2) |00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef| payload{}: (ipv4_packet) 0x61a-0xbad.7 (1428) 0x00610| 45 | E | version: 4 0x61a-0x61a.3 (0.4) 0x00610| 45 | E | ihl: 5 0x61a.4-0x61a.7 (0.4) 0x00610| 00 | . | dscp: 0 0x61b-0x61b.5 (0.6) 0x00610| 00 | . | ecn: 0 0x61b.6-0x61b.7 (0.2) 0x00610| 05 94 | .. | total_length: 1428 0x61c-0x61d.7 (2) 0x00610| 83 f6| ..| identification: 33782 0x61e-0x61f.7 (2) 0x00620|00 |. | reserved: 0 0x620-0x620 (0.1) 0x00620|00 |. | dont_fragment: false 0x620.1-0x620.1 (0.1) 0x00620|00 |. | more_fragments: false 0x620.2-0x620.2 (0.1) 0x00620|00 00 |.. | fragment_offset: 0 0x620.3-0x621.7 (1.5) 0x00620| 40 | @ | ttl: 64 0x622-0x622.7 (1) 0x00620| 01 | . | protocol: "icmp" (1) (Internet control message protocol) 0x623-0x623.7 (1) 0x00620| eb 6e | .n | header_checksum: 0xeb6e (valid) 0x624-0x625.7 (2) 0x00620| 02 01 01 01 | .... | source_ip: "2.1.1.1" (0x2010101) 0x626-0x629.7 (4) 0x00620| 02 01 01 02 | .... | destination_ip: "2.1.1.2" (0x2010102) 0x62a-0x62d.7 (4) |00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef| payload{}: (icmp) 0x62e-0xbad.7 (1408) 0x00620| 00 | . | type: "echo_reply" (0) (Echo reply) 0x62e-0x62e.7 (1) 0x00620| 00| .| code: 0 0x62f-0x62f.7 (1) 0x00630|55 71 |Uq | checksum: 21873 0x630-0x631.7 (2) 0x00630| 13 c2 00 01 14 2b d2 59 00 00 00 00 3d 2a| .....+.Y....=*| content: raw bits 0x632-0xbad.7 (1404) 0x00640|08 00 00 00 00 00 10 11 12 13 14 15 16 17 18 19|................| * |until 0xbad.7 (end) (1404) | | | | | ipv4_reassembled[0:1]: 0xbae-NA (0) |00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef| [0]{}: ipv4_packet (ipv4_packet) 0x0-0x593.7 (1428) 0x000|45 |E | version: 4 0x0-0x0.3 (0.4) 0x000|45 |E | ihl: 5 0x0.4-0x0.7 (0.4) 0x000| 00 | . | dscp: 0 0x1-0x1.5 (0.6) 0x000| 00 | . | ecn: 0 0x1.6-0x1.7 (0.2) 0x000| 05 94 | .. | total_length: 1428 0x2-0x3.7 (2) 0x000| b5 d0 | .. | identification: 46544 0x4-0x5.7 (2) 0x000| 00 | . | reserved: 0 0x6-0x6 (0.1) 0x000| 00 | . | dont_fragment: false 0x6.1-0x6.1 (0.1) 0x000| 00 | . | more_fragments: false 0x6.2-0x6.2 (0.1) 0x000| 00 00 | .. | fragment_offset: 0 0x6.3-0x7.7 (1.5) 0x000| 40 | @ | ttl: 64 0x8-0x8.7 (1) 0x000| 01 | . | protocol: "icmp" (1) (Internet control message protocol) 0x9-0x9.7 (1) 0x000| b9 94 | .. | header_checksum: 0xb994 (valid) 0xa-0xb.7 (2) 0x000| 02 01 01 02| ....| source_ip: "2.1.1.2" (0x2010102) 0xc-0xf.7 (4) 0x001|02 01 01 01 |.... | destination_ip: "2.1.1.1" (0x2010101) 0x10-0x13.7 (4) |00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef| payload{}: (icmp) 0x14-0x593.7 (1408) 0x001| 08 | . | type: "echo_request" (8) (Echo request) 0x14-0x14.7 (1) 0x001| 00 | . | code: 0 0x15-0x15.7 (1) 0x001| 4d 71 | Mq | checksum: 19825 0x16-0x17.7 (2) 0x001| 13 c2 00 01 14 2b d2 59| .....+.Y| content: raw bits 0x18-0x593.7 (1404) 0x002|00 00 00 00 3d 2a 08 00 00 00 00 00 10 11 12 13|....=*..........| * |until 0x593.7 (end) (1404) | | | | | tcp_connections[0:0]: 0xbae-NA (0)