mirror of
https://github.com/wader/fq.git
synced 2024-12-26 15:02:28 +03:00
2dc509ab2f
Causes address bar to not be shown in some cases. Will have to rethink and redo the whole dump thing somehow.
212 lines
24 KiB
Plaintext
212 lines
24 KiB
Plaintext
# from https://wiki.wireshark.org/Development/PcapNg
|
|
# TODO: move once we can have decode value tests somehow
|
|
$ fq '.[0].blocks[0]' /dhcp_little_endian.pcapng
|
|
|00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef|.[0].blocks[0]{}: block
|
|
0x00|0a 0d 0d 0a |.... | type: "section_header" (0xa0d0d0a) (Section Header Block)
|
|
0x00| 1c 00 00 00 | .... | length: 28
|
|
0x00| 4d 3c 2b 1a | M<+. | byte_order_magic: "little_endian" (0x4d3c2b1a)
|
|
0x00| 01 00 | .. | major_version: 1
|
|
0x00| 00 00| ..| minor_version: 0
|
|
0x10|ff ff ff ff ff ff ff ff |........ | section_length: -1
|
|
| | | options[0:0]:
|
|
0x10| 1c 00 00 00 | .... | footer_total_length: 28
|
|
$ fq dv /dhcp_little_endian.pcapng
|
|
|00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef|.[0:1]: /dhcp_little_endian.pcapng (pcapng) 0x0-0x5fb.7 (1532)
|
|
| | | [0]{}: section 0x0-0x5fb.7 (1532)
|
|
| | | blocks[0:7]: 0x0-0x5fb.7 (1532)
|
|
| | | [0]{}: block 0x0-0x1b.7 (28)
|
|
0x000|0a 0d 0d 0a |.... | type: "section_header" (0xa0d0d0a) (Section Header Block) 0x0-0x3.7 (4)
|
|
0x000| 1c 00 00 00 | .... | length: 28 0x4-0x7.7 (4)
|
|
0x000| 4d 3c 2b 1a | M<+. | byte_order_magic: "little_endian" (0x4d3c2b1a) 0x8-0xb.7 (4)
|
|
0x000| 01 00 | .. | major_version: 1 0xc-0xd.7 (2)
|
|
0x000| 00 00| ..| minor_version: 0 0xe-0xf.7 (2)
|
|
0x010|ff ff ff ff ff ff ff ff |........ | section_length: -1 0x10-0x17.7 (8)
|
|
| | | options[0:0]: 0x18-NA (0)
|
|
0x010| 1c 00 00 00 | .... | footer_total_length: 28 0x18-0x1b.7 (4)
|
|
| | | [1]{}: block 0x1c-0x2f.7 (20)
|
|
0x010| 01 00 00 00| ....| type: "interface_description" (0x1) (Interface Description Block) 0x1c-0x1f.7 (4)
|
|
0x020|14 00 00 00 |.... | length: 20 0x20-0x23.7 (4)
|
|
0x020| 01 00 | .. | link_type: "ethernet" (1) (IEEE 802.3 Ethernet) 0x24-0x25.7 (2)
|
|
0x020| 00 00 | .. | reserved: 0 0x26-0x27.7 (2)
|
|
0x020| 00 00 04 00 | .... | snap_len: 262144 0x28-0x2b.7 (4)
|
|
| | | options[0:0]: 0x2c-NA (0)
|
|
0x020| 14 00 00 00| ....| footer_length: 20 0x2c-0x2f.7 (4)
|
|
| | | [2]{}: block 0x30-0x53.7 (36)
|
|
0x030|04 00 00 00 |.... | type: "name_resolution" (0x4) (Name Resolution Block) 0x30-0x33.7 (4)
|
|
0x030| 24 00 00 00 | $... | length: 36 0x34-0x37.7 (4)
|
|
| | | records[0:2]: 0x38-0x4f.7 (24)
|
|
| | | [0]{}: record 0x38-0x4b.7 (20)
|
|
0x030| 01 00 | .. | type: "ipv4" (1) 0x38-0x39.7 (2)
|
|
0x030| 0e 00 | .. | length: 14 0x3a-0x3b.7 (2)
|
|
0x030| 7f 00 00 01| ....| address: "127.0.0.1" (0x7f000001) 0x3c-0x3f.7 (4)
|
|
| | | entries[0:1]: 0x40-0x49.7 (10)
|
|
0x040|6c 6f 63 61 6c 68 6f 73 74 00 |localhost. | [0]: "localhost" string 0x40-0x49.7 (10)
|
|
0x040| 00 00 | .. | padding: raw bits 0x4a-0x4b.7 (2)
|
|
| | | [1]{}: record 0x4c-0x4f.7 (4)
|
|
0x040| 00 00 | .. | type: "end" (0) 0x4c-0x4d.7 (2)
|
|
0x040| 00 00| ..| length: 0 0x4e-0x4f.7 (2)
|
|
| | | options[0:0]: 0x50-NA (0)
|
|
0x050|24 00 00 00 |$... | footer_length: 36 0x50-0x53.7 (4)
|
|
| | | [3]{}: block 0x54-0x1af.7 (348)
|
|
0x050| 06 00 00 00 | .... | type: "enhanced_packet" (0x6) (Enhanced Packet Block) 0x54-0x57.7 (4)
|
|
0x050| 5c 01 00 00 | \... | length: 348 0x58-0x5b.7 (4)
|
|
0x050| 00 00 00 00| ....| interface_id: 0 0x5c-0x5f.7 (4)
|
|
0x060|88 5e b3 41 |.^.A | timestamp_high: 1102274184 0x60-0x63.7 (4)
|
|
0x060| c8 f2 eb 12 | .... | timestamp_low: 317453000 0x64-0x67.7 (4)
|
|
0x060| 3a 01 00 00 | :... | capture_packet_length: 314 0x68-0x6b.7 (4)
|
|
0x060| 3a 01 00 00| :...| original_packet_length: 314 0x6c-0x6f.7 (4)
|
|
| | | packet{}: (ether8023_frame) 0x70-0x1a9.7 (314)
|
|
0x070|ff ff ff ff ff ff |...... | destination: "ff:ff:ff:ff:ff:ff" (0xffffffffffff) 0x70-0x75.7 (6)
|
|
0x070| 00 0b 82 01 fc 42 | .....B | source: "00:0b:82:01:fc:42" (0xb8201fc42) 0x76-0x7b.7 (6)
|
|
0x070| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x7c-0x7d.7 (2)
|
|
| | | payload{}: (ipv4_packet) 0x7e-0x1a9.7 (300)
|
|
0x070| 45 | E | version: 4 0x7e-0x7e.3 (0.4)
|
|
0x070| 45 | E | ihl: 5 0x7e.4-0x7e.7 (0.4)
|
|
0x070| 00| .| dscp: 0 0x7f-0x7f.5 (0.6)
|
|
0x070| 00| .| ecn: 0 0x7f.6-0x7f.7 (0.2)
|
|
0x080|01 2c |., | total_length: 300 0x80-0x81.7 (2)
|
|
0x080| a8 36 | .6 | identification: 43062 0x82-0x83.7 (2)
|
|
0x080| 00 | . | reserved: 0 0x84-0x84 (0.1)
|
|
0x080| 00 | . | dont_fragment: false 0x84.1-0x84.1 (0.1)
|
|
0x080| 00 | . | more_fragments: false 0x84.2-0x84.2 (0.1)
|
|
0x080| 00 00 | .. | fragment_offset: 0 0x84.3-0x85.7 (1.5)
|
|
0x080| fa | . | ttl: 250 0x86-0x86.7 (1)
|
|
0x080| 11 | . | protocol: "udp" (17) (User datagram protocol) 0x87-0x87.7 (1)
|
|
0x080| 17 8b | .. | header_checksum: 0x178b (valid) 0x88-0x89.7 (2)
|
|
0x080| 00 00 00 00 | .... | source_ip: "0.0.0.0" (0x0) 0x8a-0x8d.7 (4)
|
|
0x080| ff ff| ..| destination_ip: "255.255.255.255" (0xffffffff) 0x8e-0x91.7 (4)
|
|
0x090|ff ff |.. |
|
|
| | | payload{}: (udp_datagram) 0x92-0x1a9.7 (280)
|
|
0x090| 00 44 | .D | source_port: "bootpc" (68) (Bootstrap Protocol Client) 0x92-0x93.7 (2)
|
|
0x090| 00 43 | .C | destination_port: "bootps" (67) (Bootstrap Protocol Server) 0x94-0x95.7 (2)
|
|
0x090| 01 18 | .. | length: 280 0x96-0x97.7 (2)
|
|
0x090| 59 1f | Y. | checksum: 0x591f 0x98-0x99.7 (2)
|
|
0x090| 01 01 06 00 00 00| ......| payload: raw bits 0x9a-0x1a9.7 (272)
|
|
0x0a0|3d 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 00|=...............|
|
|
* |until 0x1a9.7 (272) | |
|
|
0x1a0| 00 00 | .. | padding: raw bits 0x1aa-0x1ab.7 (2)
|
|
| | | options[0:0]: 0x1ac-NA (0)
|
|
0x1a0| 5c 01 00 00| \...| footer_length: 348 0x1ac-0x1af.7 (4)
|
|
| | | [4]{}: block 0x1b0-0x327.7 (376)
|
|
0x1b0|06 00 00 00 |.... | type: "enhanced_packet" (0x6) (Enhanced Packet Block) 0x1b0-0x1b3.7 (4)
|
|
0x1b0| 78 01 00 00 | x... | length: 376 0x1b4-0x1b7.7 (4)
|
|
0x1b0| 00 00 00 00 | .... | interface_id: 0 0x1b8-0x1bb.7 (4)
|
|
0x1b0| 88 5e b3 41| .^.A| timestamp_high: 1102274184 0x1bc-0x1bf.7 (4)
|
|
0x1c0|20 73 f0 12 | s.. | timestamp_low: 317748000 0x1c0-0x1c3.7 (4)
|
|
0x1c0| 56 01 00 00 | V... | capture_packet_length: 342 0x1c4-0x1c7.7 (4)
|
|
0x1c0| 56 01 00 00 | V... | original_packet_length: 342 0x1c8-0x1cb.7 (4)
|
|
| | | packet{}: (ether8023_frame) 0x1cc-0x321.7 (342)
|
|
0x1c0| 00 0b 82 01| ....| destination: "00:0b:82:01:fc:42" (0xb8201fc42) 0x1cc-0x1d1.7 (6)
|
|
0x1d0|fc 42 |.B |
|
|
0x1d0| 00 08 74 ad f1 9b | ..t... | source: "00:08:74:ad:f1:9b" (0x874adf19b) 0x1d2-0x1d7.7 (6)
|
|
0x1d0| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x1d8-0x1d9.7 (2)
|
|
| | | payload{}: (ipv4_packet) 0x1da-0x321.7 (328)
|
|
0x1d0| 45 | E | version: 4 0x1da-0x1da.3 (0.4)
|
|
0x1d0| 45 | E | ihl: 5 0x1da.4-0x1da.7 (0.4)
|
|
0x1d0| 00 | . | dscp: 0 0x1db-0x1db.5 (0.6)
|
|
0x1d0| 00 | . | ecn: 0 0x1db.6-0x1db.7 (0.2)
|
|
0x1d0| 01 48 | .H | total_length: 328 0x1dc-0x1dd.7 (2)
|
|
0x1d0| 04 45| .E| identification: 1093 0x1de-0x1df.7 (2)
|
|
0x1e0|00 |. | reserved: 0 0x1e0-0x1e0 (0.1)
|
|
0x1e0|00 |. | dont_fragment: false 0x1e0.1-0x1e0.1 (0.1)
|
|
0x1e0|00 |. | more_fragments: false 0x1e0.2-0x1e0.2 (0.1)
|
|
0x1e0|00 00 |.. | fragment_offset: 0 0x1e0.3-0x1e1.7 (1.5)
|
|
0x1e0| 80 | . | ttl: 128 0x1e2-0x1e2.7 (1)
|
|
0x1e0| 11 | . | protocol: "udp" (17) (User datagram protocol) 0x1e3-0x1e3.7 (1)
|
|
0x1e0| 00 00 | .. | header_checksum: 0x0 (invalid) 0x1e4-0x1e5.7 (2)
|
|
0x1e0| c0 a8 00 01 | .... | source_ip: "192.168.0.1" (0xc0a80001) 0x1e6-0x1e9.7 (4)
|
|
0x1e0| c0 a8 00 0a | .... | destination_ip: "192.168.0.10" (0xc0a8000a) 0x1ea-0x1ed.7 (4)
|
|
| | | payload{}: (udp_datagram) 0x1ee-0x321.7 (308)
|
|
0x1e0| 00 43| .C| source_port: "bootps" (67) (Bootstrap Protocol Server) 0x1ee-0x1ef.7 (2)
|
|
0x1f0|00 44 |.D | destination_port: "bootpc" (68) (Bootstrap Protocol Client) 0x1f0-0x1f1.7 (2)
|
|
0x1f0| 01 34 | .4 | length: 308 0x1f2-0x1f3.7 (2)
|
|
0x1f0| 22 33 | "3 | checksum: 0x2233 0x1f4-0x1f5.7 (2)
|
|
0x1f0| 02 01 06 00 00 00 3d 1d 00 00| ......=...| payload: raw bits 0x1f6-0x321.7 (300)
|
|
0x200|00 00 00 00 00 00 c0 a8 00 0a c0 a8 00 01 00 00|................|
|
|
* |until 0x321.7 (300) | |
|
|
0x320| 00 00 | .. | padding: raw bits 0x322-0x323.7 (2)
|
|
| | | options[0:0]: 0x324-NA (0)
|
|
0x320| 78 01 00 00 | x... | footer_length: 376 0x324-0x327.7 (4)
|
|
| | | [5]{}: block 0x328-0x483.7 (348)
|
|
0x320| 06 00 00 00 | .... | type: "enhanced_packet" (0x6) (Enhanced Packet Block) 0x328-0x32b.7 (4)
|
|
0x320| 5c 01 00 00| \...| length: 348 0x32c-0x32f.7 (4)
|
|
0x330|00 00 00 00 |.... | interface_id: 0 0x330-0x333.7 (4)
|
|
0x330| 88 5e b3 41 | .^.A | timestamp_high: 1102274184 0x334-0x337.7 (4)
|
|
0x330| 60 89 18 17 | `... | timestamp_low: 387484000 0x338-0x33b.7 (4)
|
|
0x330| 3a 01 00 00| :...| capture_packet_length: 314 0x33c-0x33f.7 (4)
|
|
0x340|3a 01 00 00 |:... | original_packet_length: 314 0x340-0x343.7 (4)
|
|
| | | packet{}: (ether8023_frame) 0x344-0x47d.7 (314)
|
|
0x340| ff ff ff ff ff ff | ...... | destination: "ff:ff:ff:ff:ff:ff" (0xffffffffffff) 0x344-0x349.7 (6)
|
|
0x340| 00 0b 82 01 fc 42| .....B| source: "00:0b:82:01:fc:42" (0xb8201fc42) 0x34a-0x34f.7 (6)
|
|
0x350|08 00 |.. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x350-0x351.7 (2)
|
|
| | | payload{}: (ipv4_packet) 0x352-0x47d.7 (300)
|
|
0x350| 45 | E | version: 4 0x352-0x352.3 (0.4)
|
|
0x350| 45 | E | ihl: 5 0x352.4-0x352.7 (0.4)
|
|
0x350| 00 | . | dscp: 0 0x353-0x353.5 (0.6)
|
|
0x350| 00 | . | ecn: 0 0x353.6-0x353.7 (0.2)
|
|
0x350| 01 2c | ., | total_length: 300 0x354-0x355.7 (2)
|
|
0x350| a8 37 | .7 | identification: 43063 0x356-0x357.7 (2)
|
|
0x350| 00 | . | reserved: 0 0x358-0x358 (0.1)
|
|
0x350| 00 | . | dont_fragment: false 0x358.1-0x358.1 (0.1)
|
|
0x350| 00 | . | more_fragments: false 0x358.2-0x358.2 (0.1)
|
|
0x350| 00 00 | .. | fragment_offset: 0 0x358.3-0x359.7 (1.5)
|
|
0x350| fa | . | ttl: 250 0x35a-0x35a.7 (1)
|
|
0x350| 11 | . | protocol: "udp" (17) (User datagram protocol) 0x35b-0x35b.7 (1)
|
|
0x350| 17 8a | .. | header_checksum: 0x178a (valid) 0x35c-0x35d.7 (2)
|
|
0x350| 00 00| ..| source_ip: "0.0.0.0" (0x0) 0x35e-0x361.7 (4)
|
|
0x360|00 00 |.. |
|
|
0x360| ff ff ff ff | .... | destination_ip: "255.255.255.255" (0xffffffff) 0x362-0x365.7 (4)
|
|
| | | payload{}: (udp_datagram) 0x366-0x47d.7 (280)
|
|
0x360| 00 44 | .D | source_port: "bootpc" (68) (Bootstrap Protocol Client) 0x366-0x367.7 (2)
|
|
0x360| 00 43 | .C | destination_port: "bootps" (67) (Bootstrap Protocol Server) 0x368-0x369.7 (2)
|
|
0x360| 01 18 | .. | length: 280 0x36a-0x36b.7 (2)
|
|
0x360| 9f bd | .. | checksum: 0x9fbd 0x36c-0x36d.7 (2)
|
|
0x360| 01 01| ..| payload: raw bits 0x36e-0x47d.7 (272)
|
|
0x370|06 00 00 00 3d 1e 00 00 00 00 00 00 00 00 00 00|....=...........|
|
|
* |until 0x47d.7 (272) | |
|
|
0x470| 00 00| ..| padding: raw bits 0x47e-0x47f.7 (2)
|
|
| | | options[0:0]: 0x480-NA (0)
|
|
0x480|5c 01 00 00 |\... | footer_length: 348 0x480-0x483.7 (4)
|
|
| | | [6]{}: block 0x484-0x5fb.7 (376)
|
|
0x480| 06 00 00 00 | .... | type: "enhanced_packet" (0x6) (Enhanced Packet Block) 0x484-0x487.7 (4)
|
|
0x480| 78 01 00 00 | x... | length: 376 0x488-0x48b.7 (4)
|
|
0x480| 00 00 00 00| ....| interface_id: 0 0x48c-0x48f.7 (4)
|
|
0x490|88 5e b3 41 |.^.A | timestamp_high: 1102274184 0x490-0x493.7 (4)
|
|
0x490| f0 53 1d 17 | .S.. | timestamp_low: 387798000 0x494-0x497.7 (4)
|
|
0x490| 56 01 00 00 | V... | capture_packet_length: 342 0x498-0x49b.7 (4)
|
|
0x490| 56 01 00 00| V...| original_packet_length: 342 0x49c-0x49f.7 (4)
|
|
| | | packet{}: (ether8023_frame) 0x4a0-0x5f5.7 (342)
|
|
0x4a0|00 0b 82 01 fc 42 |.....B | destination: "00:0b:82:01:fc:42" (0xb8201fc42) 0x4a0-0x4a5.7 (6)
|
|
0x4a0| 00 08 74 ad f1 9b | ..t... | source: "00:08:74:ad:f1:9b" (0x874adf19b) 0x4a6-0x4ab.7 (6)
|
|
0x4a0| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x4ac-0x4ad.7 (2)
|
|
| | | payload{}: (ipv4_packet) 0x4ae-0x5f5.7 (328)
|
|
0x4a0| 45 | E | version: 4 0x4ae-0x4ae.3 (0.4)
|
|
0x4a0| 45 | E | ihl: 5 0x4ae.4-0x4ae.7 (0.4)
|
|
0x4a0| 00| .| dscp: 0 0x4af-0x4af.5 (0.6)
|
|
0x4a0| 00| .| ecn: 0 0x4af.6-0x4af.7 (0.2)
|
|
0x4b0|01 48 |.H | total_length: 328 0x4b0-0x4b1.7 (2)
|
|
0x4b0| 04 46 | .F | identification: 1094 0x4b2-0x4b3.7 (2)
|
|
0x4b0| 00 | . | reserved: 0 0x4b4-0x4b4 (0.1)
|
|
0x4b0| 00 | . | dont_fragment: false 0x4b4.1-0x4b4.1 (0.1)
|
|
0x4b0| 00 | . | more_fragments: false 0x4b4.2-0x4b4.2 (0.1)
|
|
0x4b0| 00 00 | .. | fragment_offset: 0 0x4b4.3-0x4b5.7 (1.5)
|
|
0x4b0| 80 | . | ttl: 128 0x4b6-0x4b6.7 (1)
|
|
0x4b0| 11 | . | protocol: "udp" (17) (User datagram protocol) 0x4b7-0x4b7.7 (1)
|
|
0x4b0| 00 00 | .. | header_checksum: 0x0 (invalid) 0x4b8-0x4b9.7 (2)
|
|
0x4b0| c0 a8 00 01 | .... | source_ip: "192.168.0.1" (0xc0a80001) 0x4ba-0x4bd.7 (4)
|
|
0x4b0| c0 a8| ..| destination_ip: "192.168.0.10" (0xc0a8000a) 0x4be-0x4c1.7 (4)
|
|
0x4c0|00 0a |.. |
|
|
| | | payload{}: (udp_datagram) 0x4c2-0x5f5.7 (308)
|
|
0x4c0| 00 43 | .C | source_port: "bootps" (67) (Bootstrap Protocol Server) 0x4c2-0x4c3.7 (2)
|
|
0x4c0| 00 44 | .D | destination_port: "bootpc" (68) (Bootstrap Protocol Client) 0x4c4-0x4c5.7 (2)
|
|
0x4c0| 01 34 | .4 | length: 308 0x4c6-0x4c7.7 (2)
|
|
0x4c0| df db | .. | checksum: 0xdfdb 0x4c8-0x4c9.7 (2)
|
|
0x4c0| 02 01 06 00 00 00| ......| payload: raw bits 0x4ca-0x5f5.7 (300)
|
|
0x4d0|3d 1e 00 00 00 00 00 00 00 00 c0 a8 00 0a 00 00|=...............|
|
|
* |until 0x5f5.7 (300) | |
|
|
0x5f0| 00 00 | .. | padding: raw bits 0x5f6-0x5f7.7 (2)
|
|
| | | options[0:0]: 0x5f8-NA (0)
|
|
0x5f0| 78 01 00 00| | x...| | footer_length: 376 0x5f8-0x5fb.7 (4)
|
|
| | | ipv4_reassembled[0:0]: 0x5fc-NA (0)
|
|
| | | tcp_connections[0:0]: 0x5fc-NA (0)
|