1
1
mirror of https://github.com/wader/fq.git synced 2024-12-26 15:02:28 +03:00
fq/format/pcap/testdata/dhcp_little_endian.fqtest
Mattias Wadman f55b1af6ac inet: Add tcp and ipv4 reassembly
Also add tcp_stream and udp_payload to decode content
2021-11-29 18:42:18 +01:00

205 lines
24 KiB
Plaintext

# from https://wiki.wireshark.org/Development/PcapNg
$ fq -d pcapng verbose /dhcp_little_endian.pcapng
|00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef|.: [1] /dhcp_little_endian.pcapng (pcapng) 0x0-0x5fb.7 (1532)
| | | [0]: section {} 0x0-0x5fb.7 (1532)
| | | blocks: [7] 0x0-0x5fb.7 (1532)
| | | [0]: block {} 0x0-0x1b.7 (28)
0x000|0a 0d 0d 0a |.... | type: "section_header" (0xa0d0d0a) (Section Header Block) 0x0-0x3.7 (4)
0x000| 1c 00 00 00 | .... | length: 28 0x4-0x7.7 (4)
0x000| 4d 3c 2b 1a | M<+. | byte_order_magic: "little_endian" (0x4d3c2b1a) 0x8-0xb.7 (4)
0x000| 01 00 | .. | major_version: 1 0xc-0xd.7 (2)
0x000| 00 00| ..| minor_version: 0 0xe-0xf.7 (2)
0x010|ff ff ff ff ff ff ff ff |........ | section_length: -1 0x10-0x17.7 (8)
| | | options: [0] 0x18-NA (0)
0x010| 1c 00 00 00 | .... | footer_total_length: 28 0x18-0x1b.7 (4)
| | | [1]: block {} 0x1c-0x2f.7 (20)
0x010| 01 00 00 00| ....| type: "interface_description" (0x1) (Interface Description Block) 0x1c-0x1f.7 (4)
0x020|14 00 00 00 |.... | length: 20 0x20-0x23.7 (4)
0x020| 01 00 | .. | link_type: "ethernet" (1) (IEEE 802.3 Ethernet) 0x24-0x25.7 (2)
0x020| 00 00 | .. | reserved: 0 0x26-0x27.7 (2)
0x020| 00 00 04 00 | .... | snap_len: 262144 0x28-0x2b.7 (4)
| | | options: [0] 0x2c-NA (0)
0x020| 14 00 00 00| ....| footer_length: 20 0x2c-0x2f.7 (4)
| | | [2]: block {} 0x30-0x53.7 (36)
0x030|04 00 00 00 |.... | type: "name_resolution" (0x4) (Name Resolution Block) 0x30-0x33.7 (4)
0x030| 24 00 00 00 | $... | length: 36 0x34-0x37.7 (4)
| | | records: [2] 0x38-0x4f.7 (24)
| | | [0]: record {} 0x38-0x4b.7 (20)
0x030| 01 00 | .. | type: "ipv4" (1) 0x38-0x39.7 (2)
0x030| 0e 00 | .. | length: 14 0x3a-0x3b.7 (2)
0x030| 7f 00 00 01| ....| address: "127.0.0.1" (0x7f000001) 0x3c-0x3f.7 (4)
| | | entries: [1] 0x40-0x49.7 (10)
0x040|6c 6f 63 61 6c 68 6f 73 74 00 |localhost. | [0]: string "localhost" 0x40-0x49.7 (10)
0x040| 00 00 | .. | padding: raw bits 0x4a-0x4b.7 (2)
| | | [1]: record {} 0x4c-0x4f.7 (4)
0x040| 00 00 | .. | type: "end" (0) 0x4c-0x4d.7 (2)
0x040| 00 00| ..| length: 0 0x4e-0x4f.7 (2)
| | | options: [0] 0x50-NA (0)
0x050|24 00 00 00 |$... | footer_length: 36 0x50-0x53.7 (4)
| | | [3]: block {} 0x54-0x1af.7 (348)
0x050| 06 00 00 00 | .... | type: "enhanced_packet" (0x6) (Enhanced Packet Block) 0x54-0x57.7 (4)
0x050| 5c 01 00 00 | \... | length: 348 0x58-0x5b.7 (4)
0x050| 00 00 00 00| ....| interface_id: 0 0x5c-0x5f.7 (4)
0x060|88 5e b3 41 |.^.A | timestamp_high: 1102274184 0x60-0x63.7 (4)
0x060| c8 f2 eb 12 | .... | timestamp_low: 317453000 0x64-0x67.7 (4)
0x060| 3a 01 00 00 | :... | capture_packet_length: 314 0x68-0x6b.7 (4)
0x060| 3a 01 00 00| :...| original_packet_length: 314 0x6c-0x6f.7 (4)
| | | packet: {} (ether8023_frame) 0x70-0x1a9.7 (314)
0x070|ff ff ff ff ff ff |...... | destination: "ff:ff:ff:ff:ff:ff" (0xffffffffffff) 0x70-0x75.7 (6)
0x070| 00 0b 82 01 fc 42 | .....B | source: "00:0b:82:01:fc:42" (0xb8201fc42) 0x76-0x7b.7 (6)
0x070| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x7c-0x7d.7 (2)
| | | packet: {} (ipv4_packet) 0x7e-0x1a9.7 (300)
0x070| 45 | E | version: 4 0x7e-0x7e.3 (0.4)
0x070| 45 | E | ihl: 5 0x7e.4-0x7e.7 (0.4)
0x070| 00| .| dscp: 0 0x7f-0x7f.5 (0.6)
0x070| 00| .| ecn: 0 0x7f.6-0x7f.7 (0.2)
0x080|01 2c |., | total_length: 300 0x80-0x81.7 (2)
0x080| a8 36 | .6 | identification: 43062 0x82-0x83.7 (2)
0x080| 00 | . | reserved: 0 0x84-0x84 (0.1)
0x080| 00 | . | dont_fragment: false 0x84.1-0x84.1 (0.1)
0x080| 00 | . | more_fragments: false 0x84.2-0x84.2 (0.1)
0x080| 00 00 | .. | fragment_offset: 0 0x84.3-0x85.7 (1.5)
0x080| fa | . | ttl: 250 0x86-0x86.7 (1)
0x080| 11 | . | protocol: "udp" (17) (User datagram protocol) 0x87-0x87.7 (1)
0x080| 17 8b | .. | header_checksum: 0x178b (valid) 0x88-0x89.7 (2)
0x080| 00 00 00 00 | .... | source_ip: "0.0.0.0" (0x0) 0x8a-0x8d.7 (4)
0x080| ff ff| ..| destination_ip: "255.255.255.255" (0xffffffff) 0x8e-0x91.7 (4)
0x090|ff ff |.. |
| | | data: {} (udp_datagram) 0x92-0x1a9.7 (280)
0x090| 00 44 | .D | source_port: "bootpc" (68) (Bootstrap Protocol Client) 0x92-0x93.7 (2)
0x090| 00 43 | .C | destination_port: "bootps" (67) (Bootstrap Protocol Server) 0x94-0x95.7 (2)
0x090| 01 18 | .. | length: 280 0x96-0x97.7 (2)
0x090| 59 1f | Y. | checksum: 0x591f 0x98-0x99.7 (2)
0x090| 01 01 06 00 00 00| ......| data: raw bits 0x9a-0x1a9.7 (272)
0x0a0|3d 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 00|=...............|
* |until 0x1a9.7 (272) | |
| | | capture_padding: raw bits 0x1aa-NA (0)
0x1a0| 00 00 | .. | padding: raw bits 0x1aa-0x1ab.7 (2)
| | | options: [0] 0x1ac-NA (0)
0x1a0| 5c 01 00 00| \...| footer_length: 348 0x1ac-0x1af.7 (4)
| | | [4]: block {} 0x1b0-0x327.7 (376)
0x1b0|06 00 00 00 |.... | type: "enhanced_packet" (0x6) (Enhanced Packet Block) 0x1b0-0x1b3.7 (4)
0x1b0| 78 01 00 00 | x... | length: 376 0x1b4-0x1b7.7 (4)
0x1b0| 00 00 00 00 | .... | interface_id: 0 0x1b8-0x1bb.7 (4)
0x1b0| 88 5e b3 41| .^.A| timestamp_high: 1102274184 0x1bc-0x1bf.7 (4)
0x1c0|20 73 f0 12 | s.. | timestamp_low: 317748000 0x1c0-0x1c3.7 (4)
0x1c0| 56 01 00 00 | V... | capture_packet_length: 342 0x1c4-0x1c7.7 (4)
0x1c0| 56 01 00 00 | V... | original_packet_length: 342 0x1c8-0x1cb.7 (4)
| | | packet: {} (ether8023_frame) 0x1cc-0x321.7 (342)
0x1c0| 00 0b 82 01| ....| destination: "00:0b:82:01:fc:42" (0xb8201fc42) 0x1cc-0x1d1.7 (6)
0x1d0|fc 42 |.B |
0x1d0| 00 08 74 ad f1 9b | ..t... | source: "00:08:74:ad:f1:9b" (0x874adf19b) 0x1d2-0x1d7.7 (6)
0x1d0| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x1d8-0x1d9.7 (2)
| | | packet: {} (ipv4_packet) 0x1da-0x321.7 (328)
0x1d0| 45 | E | version: 4 0x1da-0x1da.3 (0.4)
0x1d0| 45 | E | ihl: 5 0x1da.4-0x1da.7 (0.4)
0x1d0| 00 | . | dscp: 0 0x1db-0x1db.5 (0.6)
0x1d0| 00 | . | ecn: 0 0x1db.6-0x1db.7 (0.2)
0x1d0| 01 48 | .H | total_length: 328 0x1dc-0x1dd.7 (2)
0x1d0| 04 45| .E| identification: 1093 0x1de-0x1df.7 (2)
0x1e0|00 |. | reserved: 0 0x1e0-0x1e0 (0.1)
0x1e0|00 |. | dont_fragment: false 0x1e0.1-0x1e0.1 (0.1)
0x1e0|00 |. | more_fragments: false 0x1e0.2-0x1e0.2 (0.1)
0x1e0|00 00 |.. | fragment_offset: 0 0x1e0.3-0x1e1.7 (1.5)
0x1e0| 80 | . | ttl: 128 0x1e2-0x1e2.7 (1)
0x1e0| 11 | . | protocol: "udp" (17) (User datagram protocol) 0x1e3-0x1e3.7 (1)
0x1e0| 00 00 | .. | header_checksum: 0x0 (invalid) 0x1e4-0x1e5.7 (2)
0x1e0| c0 a8 00 01 | .... | source_ip: "192.168.0.1" (0xc0a80001) 0x1e6-0x1e9.7 (4)
0x1e0| c0 a8 00 0a | .... | destination_ip: "192.168.0.10" (0xc0a8000a) 0x1ea-0x1ed.7 (4)
| | | data: {} (udp_datagram) 0x1ee-0x321.7 (308)
0x1e0| 00 43| .C| source_port: "bootps" (67) (Bootstrap Protocol Server) 0x1ee-0x1ef.7 (2)
0x1f0|00 44 |.D | destination_port: "bootpc" (68) (Bootstrap Protocol Client) 0x1f0-0x1f1.7 (2)
0x1f0| 01 34 | .4 | length: 308 0x1f2-0x1f3.7 (2)
0x1f0| 22 33 | "3 | checksum: 0x2233 0x1f4-0x1f5.7 (2)
0x1f0| 02 01 06 00 00 00 3d 1d 00 00| ......=...| data: raw bits 0x1f6-0x321.7 (300)
0x200|00 00 00 00 00 00 c0 a8 00 0a c0 a8 00 01 00 00|................|
* |until 0x321.7 (300) | |
| | | capture_padding: raw bits 0x322-NA (0)
0x320| 00 00 | .. | padding: raw bits 0x322-0x323.7 (2)
| | | options: [0] 0x324-NA (0)
0x320| 78 01 00 00 | x... | footer_length: 376 0x324-0x327.7 (4)
| | | [5]: block {} 0x328-0x483.7 (348)
0x320| 06 00 00 00 | .... | type: "enhanced_packet" (0x6) (Enhanced Packet Block) 0x328-0x32b.7 (4)
0x320| 5c 01 00 00| \...| length: 348 0x32c-0x32f.7 (4)
0x330|00 00 00 00 |.... | interface_id: 0 0x330-0x333.7 (4)
0x330| 88 5e b3 41 | .^.A | timestamp_high: 1102274184 0x334-0x337.7 (4)
0x330| 60 89 18 17 | `... | timestamp_low: 387484000 0x338-0x33b.7 (4)
0x330| 3a 01 00 00| :...| capture_packet_length: 314 0x33c-0x33f.7 (4)
0x340|3a 01 00 00 |:... | original_packet_length: 314 0x340-0x343.7 (4)
| | | packet: {} (ether8023_frame) 0x344-0x47d.7 (314)
0x340| ff ff ff ff ff ff | ...... | destination: "ff:ff:ff:ff:ff:ff" (0xffffffffffff) 0x344-0x349.7 (6)
0x340| 00 0b 82 01 fc 42| .....B| source: "00:0b:82:01:fc:42" (0xb8201fc42) 0x34a-0x34f.7 (6)
0x350|08 00 |.. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x350-0x351.7 (2)
| | | packet: {} (ipv4_packet) 0x352-0x47d.7 (300)
0x350| 45 | E | version: 4 0x352-0x352.3 (0.4)
0x350| 45 | E | ihl: 5 0x352.4-0x352.7 (0.4)
0x350| 00 | . | dscp: 0 0x353-0x353.5 (0.6)
0x350| 00 | . | ecn: 0 0x353.6-0x353.7 (0.2)
0x350| 01 2c | ., | total_length: 300 0x354-0x355.7 (2)
0x350| a8 37 | .7 | identification: 43063 0x356-0x357.7 (2)
0x350| 00 | . | reserved: 0 0x358-0x358 (0.1)
0x350| 00 | . | dont_fragment: false 0x358.1-0x358.1 (0.1)
0x350| 00 | . | more_fragments: false 0x358.2-0x358.2 (0.1)
0x350| 00 00 | .. | fragment_offset: 0 0x358.3-0x359.7 (1.5)
0x350| fa | . | ttl: 250 0x35a-0x35a.7 (1)
0x350| 11 | . | protocol: "udp" (17) (User datagram protocol) 0x35b-0x35b.7 (1)
0x350| 17 8a | .. | header_checksum: 0x178a (valid) 0x35c-0x35d.7 (2)
0x350| 00 00| ..| source_ip: "0.0.0.0" (0x0) 0x35e-0x361.7 (4)
0x360|00 00 |.. |
0x360| ff ff ff ff | .... | destination_ip: "255.255.255.255" (0xffffffff) 0x362-0x365.7 (4)
| | | data: {} (udp_datagram) 0x366-0x47d.7 (280)
0x360| 00 44 | .D | source_port: "bootpc" (68) (Bootstrap Protocol Client) 0x366-0x367.7 (2)
0x360| 00 43 | .C | destination_port: "bootps" (67) (Bootstrap Protocol Server) 0x368-0x369.7 (2)
0x360| 01 18 | .. | length: 280 0x36a-0x36b.7 (2)
0x360| 9f bd | .. | checksum: 0x9fbd 0x36c-0x36d.7 (2)
0x360| 01 01| ..| data: raw bits 0x36e-0x47d.7 (272)
0x370|06 00 00 00 3d 1e 00 00 00 00 00 00 00 00 00 00|....=...........|
* |until 0x47d.7 (272) | |
| | | capture_padding: raw bits 0x47e-NA (0)
0x470| 00 00| ..| padding: raw bits 0x47e-0x47f.7 (2)
| | | options: [0] 0x480-NA (0)
0x480|5c 01 00 00 |\... | footer_length: 348 0x480-0x483.7 (4)
| | | [6]: block {} 0x484-0x5fb.7 (376)
0x480| 06 00 00 00 | .... | type: "enhanced_packet" (0x6) (Enhanced Packet Block) 0x484-0x487.7 (4)
0x480| 78 01 00 00 | x... | length: 376 0x488-0x48b.7 (4)
0x480| 00 00 00 00| ....| interface_id: 0 0x48c-0x48f.7 (4)
0x490|88 5e b3 41 |.^.A | timestamp_high: 1102274184 0x490-0x493.7 (4)
0x490| f0 53 1d 17 | .S.. | timestamp_low: 387798000 0x494-0x497.7 (4)
0x490| 56 01 00 00 | V... | capture_packet_length: 342 0x498-0x49b.7 (4)
0x490| 56 01 00 00| V...| original_packet_length: 342 0x49c-0x49f.7 (4)
| | | packet: {} (ether8023_frame) 0x4a0-0x5f5.7 (342)
0x4a0|00 0b 82 01 fc 42 |.....B | destination: "00:0b:82:01:fc:42" (0xb8201fc42) 0x4a0-0x4a5.7 (6)
0x4a0| 00 08 74 ad f1 9b | ..t... | source: "00:08:74:ad:f1:9b" (0x874adf19b) 0x4a6-0x4ab.7 (6)
0x4a0| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x4ac-0x4ad.7 (2)
| | | packet: {} (ipv4_packet) 0x4ae-0x5f5.7 (328)
0x4a0| 45 | E | version: 4 0x4ae-0x4ae.3 (0.4)
0x4a0| 45 | E | ihl: 5 0x4ae.4-0x4ae.7 (0.4)
0x4a0| 00| .| dscp: 0 0x4af-0x4af.5 (0.6)
0x4a0| 00| .| ecn: 0 0x4af.6-0x4af.7 (0.2)
0x4b0|01 48 |.H | total_length: 328 0x4b0-0x4b1.7 (2)
0x4b0| 04 46 | .F | identification: 1094 0x4b2-0x4b3.7 (2)
0x4b0| 00 | . | reserved: 0 0x4b4-0x4b4 (0.1)
0x4b0| 00 | . | dont_fragment: false 0x4b4.1-0x4b4.1 (0.1)
0x4b0| 00 | . | more_fragments: false 0x4b4.2-0x4b4.2 (0.1)
0x4b0| 00 00 | .. | fragment_offset: 0 0x4b4.3-0x4b5.7 (1.5)
0x4b0| 80 | . | ttl: 128 0x4b6-0x4b6.7 (1)
0x4b0| 11 | . | protocol: "udp" (17) (User datagram protocol) 0x4b7-0x4b7.7 (1)
0x4b0| 00 00 | .. | header_checksum: 0x0 (invalid) 0x4b8-0x4b9.7 (2)
0x4b0| c0 a8 00 01 | .... | source_ip: "192.168.0.1" (0xc0a80001) 0x4ba-0x4bd.7 (4)
0x4b0| c0 a8| ..| destination_ip: "192.168.0.10" (0xc0a8000a) 0x4be-0x4c1.7 (4)
0x4c0|00 0a |.. |
| | | data: {} (udp_datagram) 0x4c2-0x5f5.7 (308)
0x4c0| 00 43 | .C | source_port: "bootps" (67) (Bootstrap Protocol Server) 0x4c2-0x4c3.7 (2)
0x4c0| 00 44 | .D | destination_port: "bootpc" (68) (Bootstrap Protocol Client) 0x4c4-0x4c5.7 (2)
0x4c0| 01 34 | .4 | length: 308 0x4c6-0x4c7.7 (2)
0x4c0| df db | .. | checksum: 0xdfdb 0x4c8-0x4c9.7 (2)
0x4c0| 02 01 06 00 00 00| ......| data: raw bits 0x4ca-0x5f5.7 (300)
0x4d0|3d 1e 00 00 00 00 00 00 00 00 c0 a8 00 0a 00 00|=...............|
* |until 0x5f5.7 (300) | |
| | | capture_padding: raw bits 0x5f6-NA (0)
0x5f0| 00 00 | .. | padding: raw bits 0x5f6-0x5f7.7 (2)
| | | options: [0] 0x5f8-NA (0)
0x5f0| 78 01 00 00| | x...| | footer_length: 376 0x5f8-0x5fb.7 (4)
| | | ipv4_reassembled: [0] 0x5fc-NA (0)
| | | tcp_connections: [0] 0x5fc-NA (0)