mirror of
https://github.com/wader/fq.git
synced 2024-12-25 06:12:30 +03:00
fc0aacb654
Think it makes sense to have them all start with d. Also f is often used as function argument name.
128 lines
14 KiB
Plaintext
128 lines
14 KiB
Plaintext
# from https://wiki.wireshark.org/SampleCaptures
|
|
$ fq -d pcap dv /ipv4frags.pcap
|
|
|00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef|.{}: /ipv4frags.pcap (pcap) 0x0-0xbad.7 (2990)
|
|
0x0000|d4 c3 b2 a1 |.... | magic: "little_endian" (0xd4c3b2a1) (valid) 0x0-0x3.7 (4)
|
|
0x0000| 02 00 | .. | version_major: 2 0x4-0x5.7 (2)
|
|
0x0000| 04 00 | .. | version_minor: 4 0x6-0x7.7 (2)
|
|
0x0000| 00 00 00 00 | .... | thiszone: 0 0x8-0xb.7 (4)
|
|
0x0000| 00 00 00 00| ....| sigfigs: 0 0xc-0xf.7 (4)
|
|
0x0010|d0 07 00 00 |.... | snaplen: 2000 0x10-0x13.7 (4)
|
|
0x0010| 01 00 00 00 | .... | network: "ethernet" (1) (IEEE 802.3 Ethernet) 0x14-0x17.7 (4)
|
|
| | | packets[0:3]: 0x18-0xbad.7 (2966)
|
|
| | | [0]{}: packet 0x18-0x419.7 (1026)
|
|
0x0010| 14 2b d2 59 | .+.Y | ts_sec: 1506945812 0x18-0x1b.7 (4)
|
|
0x0010| 5c 2a 08 00| \*..| ts_usec: 535132 0x1c-0x1f.7 (4)
|
|
0x0020|f2 03 00 00 |.... | incl_len: 1010 0x20-0x23.7 (4)
|
|
0x0020| f2 03 00 00 | .... | orig_len: 1010 0x24-0x27.7 (4)
|
|
| | | packet{}: (ether8023_frame) 0x28-0x419.7 (1010)
|
|
0x0020| 08 00 27 e2 9f a6 | ..'... | destination: "08:00:27:e2:9f:a6" (0x80027e29fa6) 0x28-0x2d.7 (6)
|
|
0x0020| 08 00| ..| source: "08:00:27:fc:6a:c9" (0x80027fc6ac9) 0x2e-0x33.7 (6)
|
|
0x0030|27 fc 6a c9 |'.j. |
|
|
0x0030| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x34-0x35.7 (2)
|
|
| | | packet{}: (ipv4_packet) 0x36-0x419.7 (996)
|
|
0x0030| 45 | E | version: 4 0x36-0x36.3 (0.4)
|
|
0x0030| 45 | E | ihl: 5 0x36.4-0x36.7 (0.4)
|
|
0x0030| 00 | . | dscp: 0 0x37-0x37.5 (0.6)
|
|
0x0030| 00 | . | ecn: 0 0x37.6-0x37.7 (0.2)
|
|
0x0030| 03 e4 | .. | total_length: 996 0x38-0x39.7 (2)
|
|
0x0030| b5 d0 | .. | identification: 46544 0x3a-0x3b.7 (2)
|
|
0x0030| 20 | | reserved: 0 0x3c-0x3c (0.1)
|
|
0x0030| 20 | | dont_fragment: false 0x3c.1-0x3c.1 (0.1)
|
|
0x0030| 20 | | more_fragments: true 0x3c.2-0x3c.2 (0.1)
|
|
0x0030| 20 00 | . | fragment_offset: 0 0x3c.3-0x3d.7 (1.5)
|
|
0x0030| 40 | @ | ttl: 64 0x3e-0x3e.7 (1)
|
|
0x0030| 01| .| protocol: "icmp" (1) (Internet control message protocol) 0x3f-0x3f.7 (1)
|
|
0x0040|9b 44 |.D | header_checksum: 0x9b44 (valid) 0x40-0x41.7 (2)
|
|
0x0040| 02 01 01 02 | .... | source_ip: "2.1.1.2" (0x2010102) 0x42-0x45.7 (4)
|
|
0x0040| 02 01 01 01 | .... | destination_ip: "2.1.1.1" (0x2010101) 0x46-0x49.7 (4)
|
|
0x0040| 08 00 4d 71 13 c2| ..Mq..| data: raw bits 0x4a-0x419.7 (976)
|
|
0x0050|00 01 14 2b d2 59 00 00 00 00 3d 2a 08 00 00 00|...+.Y....=*....|
|
|
* |until 0x419.7 (976) | |
|
|
| | | [1]{}: packet 0x41a-0x5fb.7 (482)
|
|
0x0410| 14 2b d2 59 | .+.Y | ts_sec: 1506945812 0x41a-0x41d.7 (4)
|
|
0x0410| 9d 2a| .*| ts_usec: 535197 0x41e-0x421.7 (4)
|
|
0x0420|08 00 |.. |
|
|
0x0420| d2 01 00 00 | .... | incl_len: 466 0x422-0x425.7 (4)
|
|
0x0420| d2 01 00 00 | .... | orig_len: 466 0x426-0x429.7 (4)
|
|
| | | packet{}: (ether8023_frame) 0x42a-0x5fb.7 (466)
|
|
0x0420| 08 00 27 e2 9f a6| ..'...| destination: "08:00:27:e2:9f:a6" (0x80027e29fa6) 0x42a-0x42f.7 (6)
|
|
0x0430|08 00 27 fc 6a c9 |..'.j. | source: "08:00:27:fc:6a:c9" (0x80027fc6ac9) 0x430-0x435.7 (6)
|
|
0x0430| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x436-0x437.7 (2)
|
|
| | | packet{}: (ipv4_packet) 0x438-0x5fb.7 (452)
|
|
0x0430| 45 | E | version: 4 0x438-0x438.3 (0.4)
|
|
0x0430| 45 | E | ihl: 5 0x438.4-0x438.7 (0.4)
|
|
0x0430| 00 | . | dscp: 0 0x439-0x439.5 (0.6)
|
|
0x0430| 00 | . | ecn: 0 0x439.6-0x439.7 (0.2)
|
|
0x0430| 01 c4 | .. | total_length: 452 0x43a-0x43b.7 (2)
|
|
0x0430| b5 d0 | .. | identification: 46544 0x43c-0x43d.7 (2)
|
|
0x0430| 00 | . | reserved: 0 0x43e-0x43e (0.1)
|
|
0x0430| 00 | . | dont_fragment: false 0x43e.1-0x43e.1 (0.1)
|
|
0x0430| 00 | . | more_fragments: false 0x43e.2-0x43e.2 (0.1)
|
|
0x0430| 00 7a| .z| fragment_offset: 122 0x43e.3-0x43f.7 (1.5)
|
|
0x0440|40 |@ | ttl: 64 0x440-0x440.7 (1)
|
|
0x0440| 01 | . | protocol: "icmp" (1) (Internet control message protocol) 0x441-0x441.7 (1)
|
|
0x0440| bc ea | .. | header_checksum: 0xbcea (valid) 0x442-0x443.7 (2)
|
|
0x0440| 02 01 01 02 | .... | source_ip: "2.1.1.2" (0x2010102) 0x444-0x447.7 (4)
|
|
0x0440| 02 01 01 01 | .... | destination_ip: "2.1.1.1" (0x2010101) 0x448-0x44b.7 (4)
|
|
0x0440| c8 c9 ca cb| ....| data: raw bits 0x44c-0x5fb.7 (432)
|
|
0x0450|cc cd ce cf d0 d1 d2 d3 d4 d5 d6 d7 d8 d9 da db|................|
|
|
* |until 0x5fb.7 (432) | |
|
|
| | | [2]{}: packet 0x5fc-0xbad.7 (1458)
|
|
0x05f0| 14 2b d2 59| .+.Y| ts_sec: 1506945812 0x5fc-0x5ff.7 (4)
|
|
0x0600|59 2c 08 00 |Y,.. | ts_usec: 535641 0x600-0x603.7 (4)
|
|
0x0600| a2 05 00 00 | .... | incl_len: 1442 0x604-0x607.7 (4)
|
|
0x0600| a2 05 00 00 | .... | orig_len: 1442 0x608-0x60b.7 (4)
|
|
| | | packet{}: (ether8023_frame) 0x60c-0xbad.7 (1442)
|
|
0x0600| 08 00 27 fc| ..'.| destination: "08:00:27:fc:6a:c9" (0x80027fc6ac9) 0x60c-0x611.7 (6)
|
|
0x0610|6a c9 |j. |
|
|
0x0610| 08 00 27 e2 9f a6 | ..'... | source: "08:00:27:e2:9f:a6" (0x80027e29fa6) 0x612-0x617.7 (6)
|
|
0x0610| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x618-0x619.7 (2)
|
|
| | | packet{}: (ipv4_packet) 0x61a-0xbad.7 (1428)
|
|
0x0610| 45 | E | version: 4 0x61a-0x61a.3 (0.4)
|
|
0x0610| 45 | E | ihl: 5 0x61a.4-0x61a.7 (0.4)
|
|
0x0610| 00 | . | dscp: 0 0x61b-0x61b.5 (0.6)
|
|
0x0610| 00 | . | ecn: 0 0x61b.6-0x61b.7 (0.2)
|
|
0x0610| 05 94 | .. | total_length: 1428 0x61c-0x61d.7 (2)
|
|
0x0610| 83 f6| ..| identification: 33782 0x61e-0x61f.7 (2)
|
|
0x0620|00 |. | reserved: 0 0x620-0x620 (0.1)
|
|
0x0620|00 |. | dont_fragment: false 0x620.1-0x620.1 (0.1)
|
|
0x0620|00 |. | more_fragments: false 0x620.2-0x620.2 (0.1)
|
|
0x0620|00 00 |.. | fragment_offset: 0 0x620.3-0x621.7 (1.5)
|
|
0x0620| 40 | @ | ttl: 64 0x622-0x622.7 (1)
|
|
0x0620| 01 | . | protocol: "icmp" (1) (Internet control message protocol) 0x623-0x623.7 (1)
|
|
0x0620| eb 6e | .n | header_checksum: 0xeb6e (valid) 0x624-0x625.7 (2)
|
|
0x0620| 02 01 01 01 | .... | source_ip: "2.1.1.1" (0x2010101) 0x626-0x629.7 (4)
|
|
0x0620| 02 01 01 02 | .... | destination_ip: "2.1.1.2" (0x2010102) 0x62a-0x62d.7 (4)
|
|
| | | data{}: (icmp) 0x62e-0xbad.7 (1408)
|
|
0x0620| 00 | . | type: "echo_reply" (0) (Echo reply) 0x62e-0x62e.7 (1)
|
|
0x0620| 00| .| code: 0 0x62f-0x62f.7 (1)
|
|
0x0630|55 71 |Uq | checksum: 21873 0x630-0x631.7 (2)
|
|
0x0630| 13 c2 00 01 14 2b d2 59 00 00 00 00 3d 2a| .....+.Y....=*| content: raw bits 0x632-0xbad.7 (1404)
|
|
0x0640|08 00 00 00 00 00 10 11 12 13 14 15 16 17 18 19|................|
|
|
* |until 0xbad.7 (end) (1404) | |
|
|
| | | ipv4_reassembled[0:1]: 0xbae-NA (0)
|
|
| | | [0]{}: ipv4_packet (ipv4_packet) 0x0-0x593.7 (1428)
|
|
0x000|45 |E | version: 4 0x0-0x0.3 (0.4)
|
|
0x000|45 |E | ihl: 5 0x0.4-0x0.7 (0.4)
|
|
0x000| 00 | . | dscp: 0 0x1-0x1.5 (0.6)
|
|
0x000| 00 | . | ecn: 0 0x1.6-0x1.7 (0.2)
|
|
0x000| 05 94 | .. | total_length: 1428 0x2-0x3.7 (2)
|
|
0x000| b5 d0 | .. | identification: 46544 0x4-0x5.7 (2)
|
|
0x000| 00 | . | reserved: 0 0x6-0x6 (0.1)
|
|
0x000| 00 | . | dont_fragment: false 0x6.1-0x6.1 (0.1)
|
|
0x000| 00 | . | more_fragments: false 0x6.2-0x6.2 (0.1)
|
|
0x000| 00 00 | .. | fragment_offset: 0 0x6.3-0x7.7 (1.5)
|
|
0x000| 40 | @ | ttl: 64 0x8-0x8.7 (1)
|
|
0x000| 01 | . | protocol: "icmp" (1) (Internet control message protocol) 0x9-0x9.7 (1)
|
|
0x000| b9 94 | .. | header_checksum: 0xb994 (valid) 0xa-0xb.7 (2)
|
|
0x000| 02 01 01 02| ....| source_ip: "2.1.1.2" (0x2010102) 0xc-0xf.7 (4)
|
|
0x010|02 01 01 01 |.... | destination_ip: "2.1.1.1" (0x2010101) 0x10-0x13.7 (4)
|
|
| | | data{}: (icmp) 0x14-0x593.7 (1408)
|
|
0x010| 08 | . | type: "echo_request" (8) (Echo request) 0x14-0x14.7 (1)
|
|
0x010| 00 | . | code: 0 0x15-0x15.7 (1)
|
|
0x010| 4d 71 | Mq | checksum: 19825 0x16-0x17.7 (2)
|
|
0x010| 13 c2 00 01 14 2b d2 59| .....+.Y| content: raw bits 0x18-0x593.7 (1404)
|
|
0x020|00 00 00 00 3d 2a 08 00 00 00 00 00 10 11 12 13|....=*..........|
|
|
* |until 0x593.7 (end) (1404) | |
|
|
| | | tcp_connections[0:0]: 0xbae-NA (0)
|