osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

Add new filters for Ethernet src and dst OUI's as well as their resolved OUI's 

Bug: 15393
Change-Id: I931813ce3492557a5673e6bbd0269d34c0d550b2
Reviewed-on: https://code.wireshark.org/review/31416
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
This commit is contained in:
Michael Mann 2019-01-06 12:10:48 -05:00
parent 4853fb93b2
commit e90b2401be
4 changed files with 368 additions and 119 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

255
epan/dissectors/packet-eth.c
View File

@ -57,13 +57,19 @@ static gboolean ccsds_heuristic_bit = FALSE;
static int proto_eth = -1;
static int hf_eth_dst = -1;
static int hf_eth_dst_resolved = -1;
static int hf_eth_dst_oui = -1;
static int hf_eth_dst_oui_resolved = -1;
static int hf_eth_src = -1;
static int hf_eth_src_resolved = -1;
static int hf_eth_src_oui = -1;
static int hf_eth_src_oui_resolved = -1;
static int hf_eth_len = -1;
static int hf_eth_type = -1;
static int hf_eth_invalid_lentype = -1;
static int hf_eth_addr = -1;
static int hf_eth_addr_resolved = -1;
static int hf_eth_addr_oui = -1;
static int hf_eth_addr_oui_resolved = -1;
static int hf_eth_dst_lg = -1;
static int hf_eth_dst_ig = -1;
static int hf_eth_src_lg = -1;
@ -279,6 +285,110 @@ capture_eth(const guchar *pd, int offset, int len, capture_packet_info_t *cpinfo
static gboolean check_is_802_2(tvbuff_t *tvb, int fcs_len);
static void
dissect_address_data(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gboolean check_group)
{
const guint8 *src_addr, *dst_addr;
const char *src_addr_name, *dst_addr_name;
const gchar *src_oui_name, *dst_oui_name;
proto_item *addr_item;
proto_tree *addr_tree;
dst_addr = (const guint8*)pinfo->dst.data;
dst_addr_name = get_ether_name(dst_addr);
src_addr = (const guint8*)pinfo->src.data;
src_addr_name = get_ether_name(src_addr);
addr_item = proto_tree_add_ether(tree, hf_eth_dst, tvb, 0, 6, dst_addr);
addr_tree = proto_item_add_subtree(addr_item, ett_addr);
addr_item = proto_tree_add_string(addr_tree, hf_eth_dst_resolved, tvb, 0, 6,
dst_addr_name);
proto_item_set_generated(addr_item);
proto_item_set_hidden(addr_item);
addr_item = proto_tree_add_item(addr_tree, hf_eth_dst_oui, tvb, 0, 3, ENC_NA);
PROTO_ITEM_SET_GENERATED(addr_item);
PROTO_ITEM_SET_HIDDEN(addr_item);
dst_oui_name = tvb_get_manuf_name_if_known(tvb, 0);
if (dst_oui_name != NULL) {
addr_item = proto_tree_add_string(addr_tree, hf_eth_dst_oui_resolved, tvb, 0, 6, dst_oui_name);
PROTO_ITEM_SET_GENERATED(addr_item);
PROTO_ITEM_SET_HIDDEN(addr_item);
}
proto_tree_add_ether(addr_tree, hf_eth_addr, tvb, 0, 6, dst_addr);
addr_item = proto_tree_add_string(addr_tree, hf_eth_addr_resolved, tvb, 0, 6,
dst_addr_name);
proto_item_set_generated(addr_item);
proto_item_set_hidden(addr_item);
addr_item = proto_tree_add_item(addr_tree, hf_eth_addr_oui, tvb, 0, 3, ENC_NA);
PROTO_ITEM_SET_GENERATED(addr_item);
PROTO_ITEM_SET_HIDDEN(addr_item);
if (dst_oui_name != NULL) {
addr_item = proto_tree_add_string(addr_tree, hf_eth_addr_oui_resolved, tvb, 0, 6, dst_oui_name);
PROTO_ITEM_SET_GENERATED(addr_item);
PROTO_ITEM_SET_HIDDEN(addr_item);
}
proto_tree_add_item(addr_tree, hf_eth_dst_lg, tvb, 0, 3, ENC_BIG_ENDIAN);
addr_item = proto_tree_add_item(addr_tree, hf_eth_lg, tvb, 0, 3, ENC_BIG_ENDIAN);
proto_item_set_hidden(addr_item);
proto_tree_add_item(addr_tree, hf_eth_dst_ig, tvb, 0, 3, ENC_BIG_ENDIAN);
addr_item = proto_tree_add_item(addr_tree, hf_eth_ig, tvb, 0, 3, ENC_BIG_ENDIAN);
proto_item_set_hidden(addr_item);
addr_item = proto_tree_add_ether(tree, hf_eth_src, tvb, 6, 6, src_addr);
addr_tree = proto_item_add_subtree(addr_item, ett_addr);
if (check_group) {
if (tvb_get_guint8(tvb, 6) & 0x01) {
expert_add_info(pinfo, addr_item, &ei_eth_src_not_group);
}
}
addr_item = proto_tree_add_string(addr_tree, hf_eth_src_resolved, tvb, 6, 6,
src_addr_name);
proto_item_set_generated(addr_item);
proto_item_set_hidden(addr_item);
addr_item = proto_tree_add_item(addr_tree, hf_eth_src_oui, tvb, 6, 3, ENC_NA);
PROTO_ITEM_SET_GENERATED(addr_item);
PROTO_ITEM_SET_HIDDEN(addr_item);
src_oui_name = tvb_get_manuf_name_if_known(tvb, 6);
if (src_oui_name != NULL) {
addr_item = proto_tree_add_string(addr_tree, hf_eth_src_oui_resolved, tvb, 6, 6, src_oui_name);
PROTO_ITEM_SET_GENERATED(addr_item);
PROTO_ITEM_SET_HIDDEN(addr_item);
}
proto_tree_add_ether(addr_tree, hf_eth_addr, tvb, 6, 6, src_addr);
addr_item = proto_tree_add_string(addr_tree, hf_eth_addr_resolved, tvb, 6, 6,
src_addr_name);
proto_item_set_generated(addr_item);
proto_item_set_hidden(addr_item);
addr_item = proto_tree_add_item(addr_tree, hf_eth_addr_oui, tvb, 6, 3, ENC_NA);
PROTO_ITEM_SET_GENERATED(addr_item);
PROTO_ITEM_SET_HIDDEN(addr_item);
if (src_oui_name != NULL) {
addr_item = proto_tree_add_string(addr_tree, hf_eth_addr_oui_resolved, tvb, 6, 6, src_oui_name);
PROTO_ITEM_SET_GENERATED(addr_item);
PROTO_ITEM_SET_HIDDEN(addr_item);
}
proto_tree_add_item(addr_tree, hf_eth_src_lg, tvb, 6, 3, ENC_BIG_ENDIAN);
addr_item = proto_tree_add_item(addr_tree, hf_eth_lg, tvb, 6, 3, ENC_BIG_ENDIAN);
proto_item_set_hidden(addr_item);
proto_tree_add_item(addr_tree, hf_eth_src_ig, tvb, 6, 3, ENC_BIG_ENDIAN);
addr_item = proto_tree_add_item(addr_tree, hf_eth_ig, tvb, 6, 3, ENC_BIG_ENDIAN);
proto_item_set_hidden(addr_item);
}
static proto_tree *
dissect_eth_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree,
int fcs_len)
@ -287,13 +397,9 @@ dissect_eth_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree,
eth_hdr *ehdr;
gboolean is_802_2;
proto_tree *fh_tree = NULL;
const guint8 *src_addr, *dst_addr;
const char *src_addr_name, *dst_addr_name;
static eth_hdr ehdrs[4];
static int ehdr_num=0;
proto_tree *tree;
proto_item *addr_item;
proto_tree *addr_tree=NULL;
ethertype_data_t ethertype_data;
heur_dtbl_entry_t *hdtbl_entry = NULL;
@ -310,14 +416,10 @@ dissect_eth_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree,
set_address_tvb(&pinfo->dl_dst, AT_ETHER, 6, tvb, 0);
copy_address_shallow(&pinfo->dst, &pinfo->dl_dst);
copy_address_shallow(&ehdr->dst, &pinfo->dl_dst);
dst_addr = (const guint8*)pinfo->dst.data;
dst_addr_name = get_ether_name(dst_addr);
set_address_tvb(&pinfo->dl_src, AT_ETHER, 6, tvb, 6);
copy_address_shallow(&pinfo->src, &pinfo->dl_src);
copy_address_shallow(&ehdr->src, &pinfo->dl_src);
src_addr = (const guint8*)pinfo->src.data;
src_addr_name = get_ether_name(src_addr);
ehdr->type = tvb_get_ntohs(tvb, 12);
@ -378,41 +480,8 @@ dissect_eth_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree,
address_with_resolution_to_str(wmem_packet_scope(), &pinfo->src),
address_with_resolution_to_str(wmem_packet_scope(), &pinfo->dst));
fh_tree = proto_item_add_subtree(ti, ett_ether);
addr_item = proto_tree_add_ether(fh_tree, hf_eth_dst, tvb, 0, 6, dst_addr);
addr_tree = proto_item_add_subtree(addr_item, ett_addr);
addr_item=proto_tree_add_string(addr_tree, hf_eth_dst_resolved, tvb, 0, 6,
dst_addr_name);
proto_item_set_generated(addr_item);
proto_item_set_hidden(addr_item);
proto_tree_add_ether(addr_tree, hf_eth_addr, tvb, 0, 6, dst_addr);
addr_item=proto_tree_add_string(addr_tree, hf_eth_addr_resolved, tvb, 0, 6,
dst_addr_name);
proto_item_set_generated(addr_item);
proto_item_set_hidden(addr_item);
proto_tree_add_item(addr_tree, hf_eth_dst_lg, tvb, 0, 3, ENC_BIG_ENDIAN);
addr_item = proto_tree_add_item(addr_tree, hf_eth_lg, tvb, 0, 3, ENC_BIG_ENDIAN);
proto_item_set_hidden(addr_item);
proto_tree_add_item(addr_tree, hf_eth_dst_ig, tvb, 0, 3, ENC_BIG_ENDIAN);
addr_item = proto_tree_add_item(addr_tree, hf_eth_ig, tvb, 0, 3, ENC_BIG_ENDIAN);
proto_item_set_hidden(addr_item);
addr_item = proto_tree_add_ether(fh_tree, hf_eth_src, tvb, 6, 6, src_addr);
addr_tree = proto_item_add_subtree(addr_item, ett_addr);
addr_item=proto_tree_add_string(addr_tree, hf_eth_src_resolved, tvb, 6, 6,
src_addr_name);
proto_item_set_generated(addr_item);
proto_item_set_hidden(addr_item);
proto_tree_add_ether(addr_tree, hf_eth_addr, tvb, 6, 6, src_addr);
addr_item=proto_tree_add_string(addr_tree, hf_eth_addr_resolved, tvb, 6, 6,
src_addr_name);
proto_item_set_generated(addr_item);
proto_item_set_hidden(addr_item);
proto_tree_add_item(addr_tree, hf_eth_src_lg, tvb, 6, 3, ENC_BIG_ENDIAN);
addr_item = proto_tree_add_item(addr_tree, hf_eth_lg, tvb, 6, 3, ENC_BIG_ENDIAN);
proto_item_set_hidden(addr_item);
proto_tree_add_item(addr_tree, hf_eth_src_ig, tvb, 6, 3, ENC_BIG_ENDIAN);
addr_item = proto_tree_add_item(addr_tree, hf_eth_ig, tvb, 6, 3, ENC_BIG_ENDIAN);
proto_item_set_hidden(addr_item);
dissect_address_data(tvb, pinfo, fh_tree, FALSE);
ti = proto_tree_add_item(fh_tree, hf_eth_invalid_lentype, tvb, 12, 2, ENC_BIG_ENDIAN);
expert_add_info_format(pinfo, ti, &ei_eth_invalid_lentype,
@ -444,46 +513,14 @@ dissect_eth_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree,
fh_tree=NULL;
}
addr_item = proto_tree_add_ether(fh_tree, hf_eth_dst, tvb, 0, 6, dst_addr);
addr_tree = proto_item_add_subtree(addr_item, ett_addr);
addr_item=proto_tree_add_string(addr_tree, hf_eth_dst_resolved, tvb, 0, 6,
dst_addr_name);
proto_item_set_generated(addr_item);
proto_item_set_hidden(addr_item);
proto_tree_add_ether(addr_tree, hf_eth_addr, tvb, 0, 6, dst_addr);
addr_item=proto_tree_add_string(addr_tree, hf_eth_addr_resolved, tvb, 0, 6,
dst_addr_name);
proto_item_set_generated(addr_item);
proto_item_set_hidden(addr_item);
proto_tree_add_item(addr_tree, hf_eth_dst_lg, tvb, 0, 3, ENC_BIG_ENDIAN);
addr_item = proto_tree_add_item(addr_tree, hf_eth_lg, tvb, 0, 3, ENC_BIG_ENDIAN);
proto_item_set_hidden(addr_item);
proto_tree_add_item(addr_tree, hf_eth_dst_ig, tvb, 0, 3, ENC_BIG_ENDIAN);
addr_item = proto_tree_add_item(addr_tree, hf_eth_ig, tvb, 0, 3, ENC_BIG_ENDIAN);
proto_item_set_hidden(addr_item);
addr_item = proto_tree_add_ether(fh_tree, hf_eth_src, tvb, 6, 6, src_addr);
addr_tree = proto_item_add_subtree(addr_item, ett_addr);
addr_item=proto_tree_add_string(addr_tree, hf_eth_src_resolved, tvb, 6, 6,
src_addr_name);
proto_item_set_generated(addr_item);
proto_item_set_hidden(addr_item);
proto_tree_add_ether(addr_tree, hf_eth_addr, tvb, 6, 6, src_addr);
addr_item=proto_tree_add_string(addr_tree, hf_eth_addr_resolved, tvb, 6, 6,
src_addr_name);
proto_item_set_generated(addr_item);
proto_item_set_hidden(addr_item);
proto_tree_add_item(addr_tree, hf_eth_src_lg, tvb, 6, 3, ENC_BIG_ENDIAN);
addr_item = proto_tree_add_item(addr_tree, hf_eth_lg, tvb, 6, 3, ENC_BIG_ENDIAN);
proto_item_set_hidden(addr_item);
proto_tree_add_item(addr_tree, hf_eth_src_ig, tvb, 6, 3, ENC_BIG_ENDIAN);
addr_item = proto_tree_add_item(addr_tree, hf_eth_ig, tvb, 6, 3, ENC_BIG_ENDIAN);
proto_item_set_hidden(addr_item);
dissect_address_data(tvb, pinfo, fh_tree, FALSE);
dissect_802_3(ehdr->type, is_802_2, tvb, ETH_HEADER_SIZE, pinfo,
parent_tree, fh_tree, hf_eth_len, hf_eth_trailer, &ei_eth_len, fcs_len);
} else {
if (eth_interpret_as_fw1_monitor) {
const guint8 *dst_addr = (const guint8*)pinfo->dst.data;
if ((dst_addr[0] == 'i') || (dst_addr[0] == 'I') ||
(dst_addr[0] == 'o') || (dst_addr[0] == 'O') ||
(dst_addr[0] == 'e') || (dst_addr[0] == 'E')) {
@ -506,44 +543,7 @@ dissect_eth_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree,
fh_tree = proto_item_add_subtree(ti, ett_ether2);
}
addr_item = proto_tree_add_ether(fh_tree, hf_eth_dst, tvb, 0, 6, dst_addr);
addr_tree = proto_item_add_subtree(addr_item, ett_addr);
addr_item = proto_tree_add_string(addr_tree, hf_eth_dst_resolved, tvb, 0, 6,
dst_addr_name);
proto_item_set_generated(addr_item);
proto_item_set_hidden(addr_item);
proto_tree_add_ether(addr_tree, hf_eth_addr, tvb, 0, 6, dst_addr);
addr_item=proto_tree_add_string(addr_tree, hf_eth_addr_resolved, tvb, 0, 6,
dst_addr_name);
proto_item_set_generated(addr_item);
proto_item_set_hidden(addr_item);
proto_tree_add_item(addr_tree, hf_eth_dst_lg, tvb, 0, 3, ENC_BIG_ENDIAN);
addr_item = proto_tree_add_item(addr_tree, hf_eth_lg, tvb, 0, 3, ENC_BIG_ENDIAN);
proto_item_set_hidden(addr_item);
proto_tree_add_item(addr_tree, hf_eth_dst_ig, tvb, 0, 3, ENC_BIG_ENDIAN);
addr_item = proto_tree_add_item(addr_tree, hf_eth_ig, tvb, 0, 3, ENC_BIG_ENDIAN);
proto_item_set_hidden(addr_item);
addr_item = proto_tree_add_ether(fh_tree, hf_eth_src, tvb, 6, 6, src_addr);
addr_tree = proto_item_add_subtree(addr_item, ett_addr);
if (tvb_get_guint8(tvb, 6) & 0x01) {
expert_add_info(pinfo, addr_item, &ei_eth_src_not_group);
}
addr_item=proto_tree_add_string(addr_tree, hf_eth_src_resolved, tvb, 6, 6,
src_addr_name);
proto_item_set_generated(addr_item);
proto_item_set_hidden(addr_item);
proto_tree_add_ether(addr_tree, hf_eth_addr, tvb, 6, 6, src_addr);
addr_item=proto_tree_add_string(addr_tree, hf_eth_addr_resolved, tvb, 6, 6,
src_addr_name);
proto_item_set_generated(addr_item);
proto_item_set_hidden(addr_item);
proto_tree_add_item(addr_tree, hf_eth_src_lg, tvb, 6, 3, ENC_BIG_ENDIAN);
addr_item = proto_tree_add_item(addr_tree, hf_eth_lg, tvb, 6, 3, ENC_BIG_ENDIAN);
proto_item_set_hidden(addr_item);
proto_tree_add_item(addr_tree, hf_eth_src_ig, tvb, 6, 3, ENC_BIG_ENDIAN);
addr_item = proto_tree_add_item(addr_tree, hf_eth_ig, tvb, 6, 3, ENC_BIG_ENDIAN);
proto_item_set_hidden(addr_item);
dissect_address_data(tvb, pinfo, fh_tree, TRUE);
ethertype_data.etype = ehdr->type;
ethertype_data.offset_after_ethertype = ETH_HEADER_SIZE;
@ -871,6 +871,14 @@ proto_register_eth(void)
{ "Destination (resolved)", "eth.dst_resolved", FT_STRING, BASE_NONE,
NULL, 0x0, "Destination Hardware Address (resolved)", HFILL }},
{ &hf_eth_dst_oui,
{ "Destination OUI", "eth.dst.oui", FT_UINT24, BASE_OUI,
NULL, 0x0, "Destination Organizationally Unique Identifier", HFILL } },
{ &hf_eth_dst_oui_resolved,
{ "Destination OUI (resolved)", "eth.dst.oui_resolved", FT_STRING, BASE_NONE,
NULL, 0x0, "Destination Organizationally Unique Identifier (resolved)", HFILL } },
{ &hf_eth_src,
{ "Source", "eth.src", FT_ETHER, BASE_NONE, NULL, 0x0,
"Source Hardware Address", HFILL }},
@ -879,6 +887,15 @@ proto_register_eth(void)
{ "Source (resolved)", "eth.src_resolved", FT_STRING, BASE_NONE,
NULL, 0x0, "Source Hardware Address (resolved)", HFILL }},
{ &hf_eth_src_oui,
{ "Source OUI", "eth.src.oui", FT_UINT24, BASE_OUI,
NULL, 0x0, "Source Organizationally Unique Identifier", HFILL } },
{ &hf_eth_src_oui_resolved,
{ "Source OUI (resolved)", "eth.src.oui_resolved", FT_STRING, BASE_NONE,
NULL, 0x0, "Source Organizationally Unique Identifier (resolved)", HFILL } },
{ &hf_eth_len,
{ "Length", "eth.len", FT_UINT16, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
@ -901,6 +918,14 @@ proto_register_eth(void)
NULL, 0x0, "Source or Destination Hardware Address (resolved)",
HFILL }},
{ &hf_eth_addr_oui,
{ "Address OUI", "eth.addr.oui", FT_UINT24, BASE_OUI,
NULL, 0x0, "Address Organizationally Unique Identifier", HFILL } },
{ &hf_eth_addr_oui_resolved,
{ "Address OUI (resolved)", "eth.addr.oui_resolved", FT_STRING, BASE_NONE,
NULL, 0x0, "Address Organizationally Unique Identifier (resolved)", HFILL } },
{ &hf_eth_padding,
{ "Padding", "eth.padding", FT_BYTES, BASE_NONE, NULL, 0x0,
"Ethernet Padding", HFILL }},

8
test/baseline/dhcp.ek
View File

@ -1,8 +1,8 @@
{"index":{"_index":"packets-2004-12-05","_type":"doc"}}
{"timestamp":"1102274184317","layers":{"frame":{"frame_frame_encap_type":"1","frame_frame_time":"Dec 5, 2004 19:16:24.317453000 UTC","frame_frame_offset_shift":"0.000000000","frame_frame_time_epoch":"1102274184.317453000","frame_frame_time_delta":"0.000000000","frame_frame_time_delta_displayed":"0.000000000","frame_frame_time_relative":"0.000000000","frame_frame_number":"1","frame_frame_len":"314","frame_frame_cap_len":"314","frame_frame_marked":false,"frame_frame_ignored":false,"frame_frame_protocols":"eth:ethertype:ip:udp:dhcp"},"eth":{"eth_eth_dst":"ff:ff:ff:ff:ff:ff","eth_eth_dst_resolved":"Broadcast","eth_eth_addr":"ff:ff:ff:ff:ff:ff","eth_eth_addr_resolved":"Broadcast","eth_eth_dst_lg":true,"eth_eth_lg":true,"eth_eth_dst_ig":true,"eth_eth_ig":true,"eth_eth_src":"00:0b:82:01:fc:42","eth_eth_src_resolved":"Grandstr_01:fc:42","eth_eth_addr":"00:0b:82:01:fc:42","eth_eth_addr_resolved":"Grandstr_01:fc:42","eth_eth_src_lg":false,"eth_eth_lg":false,"eth_eth_src_ig":false,"eth_eth_ig":false,"eth_eth_type":"0x00000800"},"ip":{"ip_ip_version":"4","ip_ip_hdr_len":"20","ip_ip_dsfield":"0x00000000","ip_ip_dsfield_dscp":"0","ip_ip_dsfield_ecn":"0","ip_ip_len":"300","ip_ip_id":"0x0000a836","ip_ip_flags":"0x00000000","ip_ip_flags_rb":false,"ip_ip_flags_df":false,"ip_ip_flags_mf":false,"ip_ip_frag_offset":"0","ip_ip_ttl":"250","ip_ip_proto":"17","ip_ip_checksum":"0x0000178b","ip_ip_checksum_status":"2","ip_ip_src":"0.0.0.0","ip_ip_addr":["0.0.0.0","255.255.255.255"],"ip_ip_src_host":"0.0.0.0","ip_ip_host":["0.0.0.0","255.255.255.255"],"ip_ip_dst":"255.255.255.255","ip_ip_dst_host":"255.255.255.255"},"udp":{"udp_udp_srcport":"68","udp_udp_dstport":"67","udp_udp_port":["68","67"],"udp_udp_length":"280","udp_udp_checksum":"0x0000591f","udp_udp_checksum_status":"2","udp_udp_stream":"0","text":"Timestamps","udp_udp_time_relative":"0.000000000","udp_udp_time_delta":"0.000000000"},"dhcp":{"dhcp_dhcp_type":"1","dhcp_dhcp_hw_type":"0x00000001","dhcp_dhcp_hw_len":"6","dhcp_dhcp_hops":"0","dhcp_dhcp_id":"0x00003d1d","dhcp_dhcp_secs":"0","dhcp_dhcp_flags":"0x00000000","dhcp_dhcp_flags_bc":false,"dhcp_dhcp_flags_reserved":"0x00000000","dhcp_dhcp_ip_client":"0.0.0.0","dhcp_dhcp_ip_your":"0.0.0.0","dhcp_dhcp_ip_server":"0.0.0.0","dhcp_dhcp_ip_relay":"0.0.0.0","dhcp_dhcp_hw_mac_addr":"00:0b:82:01:fc:42","dhcp_dhcp_hw_addr_padding":"00:00:00:00:00:00:00:00:00:00","dhcp_dhcp_server":"","dhcp_dhcp_file":"","dhcp_dhcp_cookie":"99.130.83.99","dhcp_dhcp_option_type":["53","61","50","55","0"],"dhcp_dhcp_option_length":["1","7","4","4"],"dhcp_dhcp_option_value":["01","01:00:0b:82:01:fc:42","00:00:00:00","01:03:06:2a"],"dhcp_dhcp_option_dhcp":"1","dhcp_dhcp_hw_type":"0x00000001","dhcp_dhcp_hw_mac_addr":"00:0b:82:01:fc:42","dhcp_dhcp_option_requested_ip_address":"0.0.0.0","dhcp_dhcp_option_request_list_item":["1","3","6","42"],"dhcp_dhcp_option_end":"255","dhcp_dhcp_option_padding":"00:00:00:00:00:00:00"}}}
{"timestamp":"1102274184317","layers":{"frame":{"frame_frame_encap_type":"1","frame_frame_time":"Dec 5, 2004 19:16:24.317453000 UTC","frame_frame_offset_shift":"0.000000000","frame_frame_time_epoch":"1102274184.317453000","frame_frame_time_delta":"0.000000000","frame_frame_time_delta_displayed":"0.000000000","frame_frame_time_relative":"0.000000000","frame_frame_number":"1","frame_frame_len":"314","frame_frame_cap_len":"314","frame_frame_marked":false,"frame_frame_ignored":false,"frame_frame_protocols":"eth:ethertype:ip:udp:dhcp"},"eth":{"eth_eth_dst":"ff:ff:ff:ff:ff:ff","eth_eth_dst_resolved":"Broadcast","eth_eth_dst_oui":"16777215","eth_eth_addr":"ff:ff:ff:ff:ff:ff","eth_eth_addr_resolved":"Broadcast","eth_eth_addr_oui":"16777215","eth_eth_dst_lg":true,"eth_eth_lg":true,"eth_eth_dst_ig":true,"eth_eth_ig":true,"eth_eth_src":"00:0b:82:01:fc:42","eth_eth_src_resolved":"Grandstr_01:fc:42","eth_eth_src_oui":"2946","eth_eth_src_oui_resolved":"Grandstream Networks, Inc.","eth_eth_addr":"00:0b:82:01:fc:42","eth_eth_addr_resolved":"Grandstr_01:fc:42","eth_eth_addr_oui":"2946","eth_eth_addr_oui_resolved":"Grandstream Networks, Inc.","eth_eth_src_lg":false,"eth_eth_lg":false,"eth_eth_src_ig":false,"eth_eth_ig":false,"eth_eth_type":"0x00000800"},"ip":{"ip_ip_version":"4","ip_ip_hdr_len":"20","ip_ip_dsfield":"0x00000000","ip_ip_dsfield_dscp":"0","ip_ip_dsfield_ecn":"0","ip_ip_len":"300","ip_ip_id":"0x0000a836","ip_ip_flags":"0x00000000","ip_ip_flags_rb":false,"ip_ip_flags_df":false,"ip_ip_flags_mf":false,"ip_ip_frag_offset":"0","ip_ip_ttl":"250","ip_ip_proto":"17","ip_ip_checksum":"0x0000178b","ip_ip_checksum_status":"2","ip_ip_src":"0.0.0.0","ip_ip_addr":["0.0.0.0","255.255.255.255"],"ip_ip_src_host":"0.0.0.0","ip_ip_host":["0.0.0.0","255.255.255.255"],"ip_ip_dst":"255.255.255.255","ip_ip_dst_host":"255.255.255.255"},"udp":{"udp_udp_srcport":"68","udp_udp_dstport":"67","udp_udp_port":["68","67"],"udp_udp_length":"280","udp_udp_checksum":"0x0000591f","udp_udp_checksum_status":"2","udp_udp_stream":"0","text":"Timestamps","udp_udp_time_relative":"0.000000000","udp_udp_time_delta":"0.000000000"},"dhcp":{"dhcp_dhcp_type":"1","dhcp_dhcp_hw_type":"0x00000001","dhcp_dhcp_hw_len":"6","dhcp_dhcp_hops":"0","dhcp_dhcp_id":"0x00003d1d","dhcp_dhcp_secs":"0","dhcp_dhcp_flags":"0x00000000","dhcp_dhcp_flags_bc":false,"dhcp_dhcp_flags_reserved":"0x00000000","dhcp_dhcp_ip_client":"0.0.0.0","dhcp_dhcp_ip_your":"0.0.0.0","dhcp_dhcp_ip_server":"0.0.0.0","dhcp_dhcp_ip_relay":"0.0.0.0","dhcp_dhcp_hw_mac_addr":"00:0b:82:01:fc:42","dhcp_dhcp_hw_addr_padding":"00:00:00:00:00:00:00:00:00:00","dhcp_dhcp_server":"","dhcp_dhcp_file":"","dhcp_dhcp_cookie":"99.130.83.99","dhcp_dhcp_option_type":["53","61","50","55","0"],"dhcp_dhcp_option_length":["1","7","4","4"],"dhcp_dhcp_option_value":["01","01:00:0b:82:01:fc:42","00:00:00:00","01:03:06:2a"],"dhcp_dhcp_option_dhcp":"1","dhcp_dhcp_hw_type":"0x00000001","dhcp_dhcp_hw_mac_addr":"00:0b:82:01:fc:42","dhcp_dhcp_option_requested_ip_address":"0.0.0.0","dhcp_dhcp_option_request_list_item":["1","3","6","42"],"dhcp_dhcp_option_end":"255","dhcp_dhcp_option_padding":"00:00:00:00:00:00:00"}}}
{"index":{"_index":"packets-2004-12-05","_type":"doc"}}
{"timestamp":"1102274184317","layers":{"frame":{"frame_frame_encap_type":"1","frame_frame_time":"Dec 5, 2004 19:16:24.317748000 UTC","frame_frame_offset_shift":"0.000000000","frame_frame_time_epoch":"1102274184.317748000","frame_frame_time_delta":"0.000295000","frame_frame_time_delta_displayed":"0.000295000","frame_frame_time_relative":"0.000295000","frame_frame_number":"2","frame_frame_len":"342","frame_frame_cap_len":"342","frame_frame_marked":false,"frame_frame_ignored":false,"frame_frame_protocols":"eth:ethertype:ip:udp:dhcp"},"eth":{"eth_eth_dst":"00:0b:82:01:fc:42","eth_eth_dst_resolved":"Grandstr_01:fc:42","eth_eth_addr":"00:0b:82:01:fc:42","eth_eth_addr_resolved":"Grandstr_01:fc:42","eth_eth_dst_lg":false,"eth_eth_lg":false,"eth_eth_dst_ig":false,"eth_eth_ig":false,"eth_eth_src":"00:08:74:ad:f1:9b","eth_eth_src_resolved":"Dell_ad:f1:9b","eth_eth_addr":"00:08:74:ad:f1:9b","eth_eth_addr_resolved":"Dell_ad:f1:9b","eth_eth_src_lg":false,"eth_eth_lg":false,"eth_eth_src_ig":false,"eth_eth_ig":false,"eth_eth_type":"0x00000800"},"ip":{"ip_ip_version":"4","ip_ip_hdr_len":"20","ip_ip_dsfield":"0x00000000","ip_ip_dsfield_dscp":"0","ip_ip_dsfield_ecn":"0","ip_ip_len":"328","ip_ip_id":"0x00000445","ip_ip_flags":"0x00000000","ip_ip_flags_rb":false,"ip_ip_flags_df":false,"ip_ip_flags_mf":false,"ip_ip_frag_offset":"0","ip_ip_ttl":"128","ip_ip_proto":"17","ip_ip_checksum":"0x00000000","ip_ip_checksum_status":"2","ip_ip_src":"192.168.0.1","ip_ip_addr":["192.168.0.1","192.168.0.10"],"ip_ip_src_host":"192.168.0.1","ip_ip_host":["192.168.0.1","192.168.0.10"],"ip_ip_dst":"192.168.0.10","ip_ip_dst_host":"192.168.0.10"},"udp":{"udp_udp_srcport":"67","udp_udp_dstport":"68","udp_udp_port":["67","68"],"udp_udp_length":"308","udp_udp_checksum":"0x00002233","udp_udp_checksum_status":"2","udp_udp_stream":"1","text":"Timestamps","udp_udp_time_relative":"0.000000000","udp_udp_time_delta":"0.000000000"},"dhcp":{"dhcp_dhcp_type":"2","dhcp_dhcp_hw_type":"0x00000001","dhcp_dhcp_hw_len":"6","dhcp_dhcp_hops":"0","dhcp_dhcp_id":"0x00003d1d","dhcp_dhcp_secs":"0","dhcp_dhcp_flags":"0x00000000","dhcp_dhcp_flags_bc":false,"dhcp_dhcp_flags_reserved":"0x00000000","dhcp_dhcp_ip_client":"0.0.0.0","dhcp_dhcp_ip_your":"192.168.0.10","dhcp_dhcp_ip_server":"192.168.0.1","dhcp_dhcp_ip_relay":"0.0.0.0","dhcp_dhcp_hw_mac_addr":"00:0b:82:01:fc:42","dhcp_dhcp_hw_addr_padding":"00:00:00:00:00:00:00:00:00:00","dhcp_dhcp_server":"","dhcp_dhcp_file":"","dhcp_dhcp_cookie":"99.130.83.99","dhcp_dhcp_option_type":["53","1","58","59","51","54","0"],"dhcp_dhcp_option_length":["1","4","4","4","4","4"],"dhcp_dhcp_option_value":["02","ff:ff:ff:00","00:00:07:08","00:00:0c:4e","00:00:0e:10","c0:a8:00:01"],"dhcp_dhcp_option_dhcp":"2","dhcp_dhcp_option_subnet_mask":"255.255.255.0","dhcp_dhcp_option_renewal_time_value":"1800","dhcp_dhcp_option_rebinding_time_value":"3150","dhcp_dhcp_option_ip_address_lease_time":"3600","dhcp_dhcp_option_dhcp_server_id":"192.168.0.1","dhcp_dhcp_option_end":"255","dhcp_dhcp_option_padding":"00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00"}}}
{"timestamp":"1102274184317","layers":{"frame":{"frame_frame_encap_type":"1","frame_frame_time":"Dec 5, 2004 19:16:24.317748000 UTC","frame_frame_offset_shift":"0.000000000","frame_frame_time_epoch":"1102274184.317748000","frame_frame_time_delta":"0.000295000","frame_frame_time_delta_displayed":"0.000295000","frame_frame_time_relative":"0.000295000","frame_frame_number":"2","frame_frame_len":"342","frame_frame_cap_len":"342","frame_frame_marked":false,"frame_frame_ignored":false,"frame_frame_protocols":"eth:ethertype:ip:udp:dhcp"},"eth":{"eth_eth_dst":"00:0b:82:01:fc:42","eth_eth_dst_resolved":"Grandstr_01:fc:42","eth_eth_dst_oui":"2946","eth_eth_dst_oui_resolved":"Grandstream Networks, Inc.","eth_eth_addr":"00:0b:82:01:fc:42","eth_eth_addr_resolved":"Grandstr_01:fc:42","eth_eth_addr_oui":"2946","eth_eth_addr_oui_resolved":"Grandstream Networks, Inc.","eth_eth_dst_lg":false,"eth_eth_lg":false,"eth_eth_dst_ig":false,"eth_eth_ig":false,"eth_eth_src":"00:08:74:ad:f1:9b","eth_eth_src_resolved":"Dell_ad:f1:9b","eth_eth_src_oui":"2164","eth_eth_src_oui_resolved":"Dell Inc.","eth_eth_addr":"00:08:74:ad:f1:9b","eth_eth_addr_resolved":"Dell_ad:f1:9b","eth_eth_addr_oui":"2164","eth_eth_addr_oui_resolved":"Dell Inc.","eth_eth_src_lg":false,"eth_eth_lg":false,"eth_eth_src_ig":false,"eth_eth_ig":false,"eth_eth_type":"0x00000800"},"ip":{"ip_ip_version":"4","ip_ip_hdr_len":"20","ip_ip_dsfield":"0x00000000","ip_ip_dsfield_dscp":"0","ip_ip_dsfield_ecn":"0","ip_ip_len":"328","ip_ip_id":"0x00000445","ip_ip_flags":"0x00000000","ip_ip_flags_rb":false,"ip_ip_flags_df":false,"ip_ip_flags_mf":false,"ip_ip_frag_offset":"0","ip_ip_ttl":"128","ip_ip_proto":"17","ip_ip_checksum":"0x00000000","ip_ip_checksum_status":"2","ip_ip_src":"192.168.0.1","ip_ip_addr":["192.168.0.1","192.168.0.10"],"ip_ip_src_host":"192.168.0.1","ip_ip_host":["192.168.0.1","192.168.0.10"],"ip_ip_dst":"192.168.0.10","ip_ip_dst_host":"192.168.0.10"},"udp":{"udp_udp_srcport":"67","udp_udp_dstport":"68","udp_udp_port":["67","68"],"udp_udp_length":"308","udp_udp_checksum":"0x00002233","udp_udp_checksum_status":"2","udp_udp_stream":"1","text":"Timestamps","udp_udp_time_relative":"0.000000000","udp_udp_time_delta":"0.000000000"},"dhcp":{"dhcp_dhcp_type":"2","dhcp_dhcp_hw_type":"0x00000001","dhcp_dhcp_hw_len":"6","dhcp_dhcp_hops":"0","dhcp_dhcp_id":"0x00003d1d","dhcp_dhcp_secs":"0","dhcp_dhcp_flags":"0x00000000","dhcp_dhcp_flags_bc":false,"dhcp_dhcp_flags_reserved":"0x00000000","dhcp_dhcp_ip_client":"0.0.0.0","dhcp_dhcp_ip_your":"192.168.0.10","dhcp_dhcp_ip_server":"192.168.0.1","dhcp_dhcp_ip_relay":"0.0.0.0","dhcp_dhcp_hw_mac_addr":"00:0b:82:01:fc:42","dhcp_dhcp_hw_addr_padding":"00:00:00:00:00:00:00:00:00:00","dhcp_dhcp_server":"","dhcp_dhcp_file":"","dhcp_dhcp_cookie":"99.130.83.99","dhcp_dhcp_option_type":["53","1","58","59","51","54","0"],"dhcp_dhcp_option_length":["1","4","4","4","4","4"],"dhcp_dhcp_option_value":["02","ff:ff:ff:00","00:00:07:08","00:00:0c:4e","00:00:0e:10","c0:a8:00:01"],"dhcp_dhcp_option_dhcp":"2","dhcp_dhcp_option_subnet_mask":"255.255.255.0","dhcp_dhcp_option_renewal_time_value":"1800","dhcp_dhcp_option_rebinding_time_value":"3150","dhcp_dhcp_option_ip_address_lease_time":"3600","dhcp_dhcp_option_dhcp_server_id":"192.168.0.1","dhcp_dhcp_option_end":"255","dhcp_dhcp_option_padding":"00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00"}}}
{"index":{"_index":"packets-2004-12-05","_type":"doc"}}
{"timestamp":"1102274184387","layers":{"frame":{"frame_frame_encap_type":"1","frame_frame_time":"Dec 5, 2004 19:16:24.387484000 UTC","frame_frame_offset_shift":"0.000000000","frame_frame_time_epoch":"1102274184.387484000","frame_frame_time_delta":"0.069736000","frame_frame_time_delta_displayed":"0.069736000","frame_frame_time_relative":"0.070031000","frame_frame_number":"3","frame_frame_len":"314","frame_frame_cap_len":"314","frame_frame_marked":false,"frame_frame_ignored":false,"frame_frame_protocols":"eth:ethertype:ip:udp:dhcp"},"eth":{"eth_eth_dst":"ff:ff:ff:ff:ff:ff","eth_eth_dst_resolved":"Broadcast","eth_eth_addr":"ff:ff:ff:ff:ff:ff","eth_eth_addr_resolved":"Broadcast","eth_eth_dst_lg":true,"eth_eth_lg":true,"eth_eth_dst_ig":true,"eth_eth_ig":true,"eth_eth_src":"00:0b:82:01:fc:42","eth_eth_src_resolved":"Grandstr_01:fc:42","eth_eth_addr":"00:0b:82:01:fc:42","eth_eth_addr_resolved":"Grandstr_01:fc:42","eth_eth_src_lg":false,"eth_eth_lg":false,"eth_eth_src_ig":false,"eth_eth_ig":false,"eth_eth_type":"0x00000800"},"ip":{"ip_ip_version":"4","ip_ip_hdr_len":"20","ip_ip_dsfield":"0x00000000","ip_ip_dsfield_dscp":"0","ip_ip_dsfield_ecn":"0","ip_ip_len":"300","ip_ip_id":"0x0000a837","ip_ip_flags":"0x00000000","ip_ip_flags_rb":false,"ip_ip_flags_df":false,"ip_ip_flags_mf":false,"ip_ip_frag_offset":"0","ip_ip_ttl":"250","ip_ip_proto":"17","ip_ip_checksum":"0x0000178a","ip_ip_checksum_status":"2","ip_ip_src":"0.0.0.0","ip_ip_addr":["0.0.0.0","255.255.255.255"],"ip_ip_src_host":"0.0.0.0","ip_ip_host":["0.0.0.0","255.255.255.255"],"ip_ip_dst":"255.255.255.255","ip_ip_dst_host":"255.255.255.255"},"udp":{"udp_udp_srcport":"68","udp_udp_dstport":"67","udp_udp_port":["68","67"],"udp_udp_length":"280","udp_udp_checksum":"0x00009fbd","udp_udp_checksum_status":"2","udp_udp_stream":"0","text":"Timestamps","udp_udp_time_relative":"0.070031000","udp_udp_time_delta":"0.070031000"},"dhcp":{"dhcp_dhcp_type":"1","dhcp_dhcp_hw_type":"0x00000001","dhcp_dhcp_hw_len":"6","dhcp_dhcp_hops":"0","dhcp_dhcp_id":"0x00003d1e","dhcp_dhcp_secs":"0","dhcp_dhcp_flags":"0x00000000","dhcp_dhcp_flags_bc":false,"dhcp_dhcp_flags_reserved":"0x00000000","dhcp_dhcp_ip_client":"0.0.0.0","dhcp_dhcp_ip_your":"0.0.0.0","dhcp_dhcp_ip_server":"0.0.0.0","dhcp_dhcp_ip_relay":"0.0.0.0","dhcp_dhcp_hw_mac_addr":"00:0b:82:01:fc:42","dhcp_dhcp_hw_addr_padding":"00:00:00:00:00:00:00:00:00:00","dhcp_dhcp_server":"","dhcp_dhcp_file":"","dhcp_dhcp_cookie":"99.130.83.99","dhcp_dhcp_option_type":["53","61","50","54","55","0"],"dhcp_dhcp_option_length":["1","7","4","4","4"],"dhcp_dhcp_option_value":["03","01:00:0b:82:01:fc:42","c0:a8:00:0a","c0:a8:00:01","01:03:06:2a"],"dhcp_dhcp_option_dhcp":"3","dhcp_dhcp_hw_type":"0x00000001","dhcp_dhcp_hw_mac_addr":"00:0b:82:01:fc:42","dhcp_dhcp_option_requested_ip_address":"192.168.0.10","dhcp_dhcp_option_dhcp_server_id":"192.168.0.1","dhcp_dhcp_option_request_list_item":["1","3","6","42"],"dhcp_dhcp_option_end":"255","dhcp_dhcp_option_padding":"00"}}}
{"timestamp":"1102274184387","layers":{"frame":{"frame_frame_encap_type":"1","frame_frame_time":"Dec 5, 2004 19:16:24.387484000 UTC","frame_frame_offset_shift":"0.000000000","frame_frame_time_epoch":"1102274184.387484000","frame_frame_time_delta":"0.069736000","frame_frame_time_delta_displayed":"0.069736000","frame_frame_time_relative":"0.070031000","frame_frame_number":"3","frame_frame_len":"314","frame_frame_cap_len":"314","frame_frame_marked":false,"frame_frame_ignored":false,"frame_frame_protocols":"eth:ethertype:ip:udp:dhcp"},"eth":{"eth_eth_dst":"ff:ff:ff:ff:ff:ff","eth_eth_dst_resolved":"Broadcast","eth_eth_dst_oui":"16777215","eth_eth_addr":"ff:ff:ff:ff:ff:ff","eth_eth_addr_resolved":"Broadcast","eth_eth_addr_oui":"16777215","eth_eth_dst_lg":true,"eth_eth_lg":true,"eth_eth_dst_ig":true,"eth_eth_ig":true,"eth_eth_src":"00:0b:82:01:fc:42","eth_eth_src_resolved":"Grandstr_01:fc:42","eth_eth_src_oui":"2946","eth_eth_src_oui_resolved":"Grandstream Networks, Inc.","eth_eth_addr":"00:0b:82:01:fc:42","eth_eth_addr_resolved":"Grandstr_01:fc:42","eth_eth_addr_oui":"2946","eth_eth_addr_oui_resolved":"Grandstream Networks, Inc.","eth_eth_src_lg":false,"eth_eth_lg":false,"eth_eth_src_ig":false,"eth_eth_ig":false,"eth_eth_type":"0x00000800"},"ip":{"ip_ip_version":"4","ip_ip_hdr_len":"20","ip_ip_dsfield":"0x00000000","ip_ip_dsfield_dscp":"0","ip_ip_dsfield_ecn":"0","ip_ip_len":"300","ip_ip_id":"0x0000a837","ip_ip_flags":"0x00000000","ip_ip_flags_rb":false,"ip_ip_flags_df":false,"ip_ip_flags_mf":false,"ip_ip_frag_offset":"0","ip_ip_ttl":"250","ip_ip_proto":"17","ip_ip_checksum":"0x0000178a","ip_ip_checksum_status":"2","ip_ip_src":"0.0.0.0","ip_ip_addr":["0.0.0.0","255.255.255.255"],"ip_ip_src_host":"0.0.0.0","ip_ip_host":["0.0.0.0","255.255.255.255"],"ip_ip_dst":"255.255.255.255","ip_ip_dst_host":"255.255.255.255"},"udp":{"udp_udp_srcport":"68","udp_udp_dstport":"67","udp_udp_port":["68","67"],"udp_udp_length":"280","udp_udp_checksum":"0x00009fbd","udp_udp_checksum_status":"2","udp_udp_stream":"0","text":"Timestamps","udp_udp_time_relative":"0.070031000","udp_udp_time_delta":"0.070031000"},"dhcp":{"dhcp_dhcp_type":"1","dhcp_dhcp_hw_type":"0x00000001","dhcp_dhcp_hw_len":"6","dhcp_dhcp_hops":"0","dhcp_dhcp_id":"0x00003d1e","dhcp_dhcp_secs":"0","dhcp_dhcp_flags":"0x00000000","dhcp_dhcp_flags_bc":false,"dhcp_dhcp_flags_reserved":"0x00000000","dhcp_dhcp_ip_client":"0.0.0.0","dhcp_dhcp_ip_your":"0.0.0.0","dhcp_dhcp_ip_server":"0.0.0.0","dhcp_dhcp_ip_relay":"0.0.0.0","dhcp_dhcp_hw_mac_addr":"00:0b:82:01:fc:42","dhcp_dhcp_hw_addr_padding":"00:00:00:00:00:00:00:00:00:00","dhcp_dhcp_server":"","dhcp_dhcp_file":"","dhcp_dhcp_cookie":"99.130.83.99","dhcp_dhcp_option_type":["53","61","50","54","55","0"],"dhcp_dhcp_option_length":["1","7","4","4","4"],"dhcp_dhcp_option_value":["03","01:00:0b:82:01:fc:42","c0:a8:00:0a","c0:a8:00:01","01:03:06:2a"],"dhcp_dhcp_option_dhcp":"3","dhcp_dhcp_hw_type":"0x00000001","dhcp_dhcp_hw_mac_addr":"00:0b:82:01:fc:42","dhcp_dhcp_option_requested_ip_address":"192.168.0.10","dhcp_dhcp_option_dhcp_server_id":"192.168.0.1","dhcp_dhcp_option_request_list_item":["1","3","6","42"],"dhcp_dhcp_option_end":"255","dhcp_dhcp_option_padding":"00"}}}
{"index":{"_index":"packets-2004-12-05","_type":"doc"}}
{"timestamp":"1102274184387","layers":{"frame":{"frame_frame_encap_type":"1","frame_frame_time":"Dec 5, 2004 19:16:24.387798000 UTC","frame_frame_offset_shift":"0.000000000","frame_frame_time_epoch":"1102274184.387798000","frame_frame_time_delta":"0.000314000","frame_frame_time_delta_displayed":"0.000314000","frame_frame_time_relative":"0.070345000","frame_frame_number":"4","frame_frame_len":"342","frame_frame_cap_len":"342","frame_frame_marked":false,"frame_frame_ignored":false,"frame_frame_protocols":"eth:ethertype:ip:udp:dhcp"},"eth":{"eth_eth_dst":"00:0b:82:01:fc:42","eth_eth_dst_resolved":"Grandstr_01:fc:42","eth_eth_addr":"00:0b:82:01:fc:42","eth_eth_addr_resolved":"Grandstr_01:fc:42","eth_eth_dst_lg":false,"eth_eth_lg":false,"eth_eth_dst_ig":false,"eth_eth_ig":false,"eth_eth_src":"00:08:74:ad:f1:9b","eth_eth_src_resolved":"Dell_ad:f1:9b","eth_eth_addr":"00:08:74:ad:f1:9b","eth_eth_addr_resolved":"Dell_ad:f1:9b","eth_eth_src_lg":false,"eth_eth_lg":false,"eth_eth_src_ig":false,"eth_eth_ig":false,"eth_eth_type":"0x00000800"},"ip":{"ip_ip_version":"4","ip_ip_hdr_len":"20","ip_ip_dsfield":"0x00000000","ip_ip_dsfield_dscp":"0","ip_ip_dsfield_ecn":"0","ip_ip_len":"328","ip_ip_id":"0x00000446","ip_ip_flags":"0x00000000","ip_ip_flags_rb":false,"ip_ip_flags_df":false,"ip_ip_flags_mf":false,"ip_ip_frag_offset":"0","ip_ip_ttl":"128","ip_ip_proto":"17","ip_ip_checksum":"0x00000000","ip_ip_checksum_status":"2","ip_ip_src":"192.168.0.1","ip_ip_addr":["192.168.0.1","192.168.0.10"],"ip_ip_src_host":"192.168.0.1","ip_ip_host":["192.168.0.1","192.168.0.10"],"ip_ip_dst":"192.168.0.10","ip_ip_dst_host":"192.168.0.10"},"udp":{"udp_udp_srcport":"67","udp_udp_dstport":"68","udp_udp_port":["67","68"],"udp_udp_length":"308","udp_udp_checksum":"0x0000dfdb","udp_udp_checksum_status":"2","udp_udp_stream":"1","text":"Timestamps","udp_udp_time_relative":"0.070050000","udp_udp_time_delta":"0.070050000"},"dhcp":{"dhcp_dhcp_type":"2","dhcp_dhcp_hw_type":"0x00000001","dhcp_dhcp_hw_len":"6","dhcp_dhcp_hops":"0","dhcp_dhcp_id":"0x00003d1e","dhcp_dhcp_secs":"0","dhcp_dhcp_flags":"0x00000000","dhcp_dhcp_flags_bc":false,"dhcp_dhcp_flags_reserved":"0x00000000","dhcp_dhcp_ip_client":"0.0.0.0","dhcp_dhcp_ip_your":"192.168.0.10","dhcp_dhcp_ip_server":"0.0.0.0","dhcp_dhcp_ip_relay":"0.0.0.0","dhcp_dhcp_hw_mac_addr":"00:0b:82:01:fc:42","dhcp_dhcp_hw_addr_padding":"00:00:00:00:00:00:00:00:00:00","dhcp_dhcp_server":"","dhcp_dhcp_file":"","dhcp_dhcp_cookie":"99.130.83.99","dhcp_dhcp_option_type":["53","58","59","51","54","1","0"],"dhcp_dhcp_option_length":["1","4","4","4","4","4"],"dhcp_dhcp_option_value":["05","00:00:07:08","00:00:0c:4e","00:00:0e:10","c0:a8:00:01","ff:ff:ff:00"],"dhcp_dhcp_option_dhcp":"5","dhcp_dhcp_option_renewal_time_value":"1800","dhcp_dhcp_option_rebinding_time_value":"3150","dhcp_dhcp_option_ip_address_lease_time":"3600","dhcp_dhcp_option_dhcp_server_id":"192.168.0.1","dhcp_dhcp_option_subnet_mask":"255.255.255.0","dhcp_dhcp_option_end":"255","dhcp_dhcp_option_padding":"00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00"}}}
{"timestamp":"1102274184387","layers":{"frame":{"frame_frame_encap_type":"1","frame_frame_time":"Dec 5, 2004 19:16:24.387798000 UTC","frame_frame_offset_shift":"0.000000000","frame_frame_time_epoch":"1102274184.387798000","frame_frame_time_delta":"0.000314000","frame_frame_time_delta_displayed":"0.000314000","frame_frame_time_relative":"0.070345000","frame_frame_number":"4","frame_frame_len":"342","frame_frame_cap_len":"342","frame_frame_marked":false,"frame_frame_ignored":false,"frame_frame_protocols":"eth:ethertype:ip:udp:dhcp"},"eth":{"eth_eth_dst":"00:0b:82:01:fc:42","eth_eth_dst_resolved":"Grandstr_01:fc:42","eth_eth_dst_oui":"2946","eth_eth_dst_oui_resolved":"Grandstream Networks, Inc.","eth_eth_addr":"00:0b:82:01:fc:42","eth_eth_addr_resolved":"Grandstr_01:fc:42","eth_eth_addr_oui":"2946","eth_eth_addr_oui_resolved":"Grandstream Networks, Inc.","eth_eth_dst_lg":false,"eth_eth_lg":false,"eth_eth_dst_ig":false,"eth_eth_ig":false,"eth_eth_src":"00:08:74:ad:f1:9b","eth_eth_src_resolved":"Dell_ad:f1:9b","eth_eth_src_oui":"2164","eth_eth_src_oui_resolved":"Dell Inc.","eth_eth_addr":"00:08:74:ad:f1:9b","eth_eth_addr_resolved":"Dell_ad:f1:9b","eth_eth_addr_oui":"2164","eth_eth_addr_oui_resolved":"Dell Inc.","eth_eth_src_lg":false,"eth_eth_lg":false,"eth_eth_src_ig":false,"eth_eth_ig":false,"eth_eth_type":"0x00000800"},"ip":{"ip_ip_version":"4","ip_ip_hdr_len":"20","ip_ip_dsfield":"0x00000000","ip_ip_dsfield_dscp":"0","ip_ip_dsfield_ecn":"0","ip_ip_len":"328","ip_ip_id":"0x00000446","ip_ip_flags":"0x00000000","ip_ip_flags_rb":false,"ip_ip_flags_df":false,"ip_ip_flags_mf":false,"ip_ip_frag_offset":"0","ip_ip_ttl":"128","ip_ip_proto":"17","ip_ip_checksum":"0x00000000","ip_ip_checksum_status":"2","ip_ip_src":"192.168.0.1","ip_ip_addr":["192.168.0.1","192.168.0.10"],"ip_ip_src_host":"192.168.0.1","ip_ip_host":["192.168.0.1","192.168.0.10"],"ip_ip_dst":"192.168.0.10","ip_ip_dst_host":"192.168.0.10"},"udp":{"udp_udp_srcport":"67","udp_udp_dstport":"68","udp_udp_port":["67","68"],"udp_udp_length":"308","udp_udp_checksum":"0x0000dfdb","udp_udp_checksum_status":"2","udp_udp_stream":"1","text":"Timestamps","udp_udp_time_relative":"0.070050000","udp_udp_time_delta":"0.070050000"},"dhcp":{"dhcp_dhcp_type":"2","dhcp_dhcp_hw_type":"0x00000001","dhcp_dhcp_hw_len":"6","dhcp_dhcp_hops":"0","dhcp_dhcp_id":"0x00003d1e","dhcp_dhcp_secs":"0","dhcp_dhcp_flags":"0x00000000","dhcp_dhcp_flags_bc":false,"dhcp_dhcp_flags_reserved":"0x00000000","dhcp_dhcp_ip_client":"0.0.0.0","dhcp_dhcp_ip_your":"192.168.0.10","dhcp_dhcp_ip_server":"0.0.0.0","dhcp_dhcp_ip_relay":"0.0.0.0","dhcp_dhcp_hw_mac_addr":"00:0b:82:01:fc:42","dhcp_dhcp_hw_addr_padding":"00:00:00:00:00:00:00:00:00:00","dhcp_dhcp_server":"","dhcp_dhcp_file":"","dhcp_dhcp_cookie":"99.130.83.99","dhcp_dhcp_option_type":["53","58","59","51","54","1","0"],"dhcp_dhcp_option_length":["1","4","4","4","4","4"],"dhcp_dhcp_option_value":["05","00:00:07:08","00:00:0c:4e","00:00:0e:10","c0:a8:00:01","ff:ff:ff:00"],"dhcp_dhcp_option_dhcp":"5","dhcp_dhcp_option_renewal_time_value":"1800","dhcp_dhcp_option_rebinding_time_value":"3150","dhcp_dhcp_option_ip_address_lease_time":"3600","dhcp_dhcp_option_dhcp_server_id":"192.168.0.1","dhcp_dhcp_option_subnet_mask":"255.255.255.0","dhcp_dhcp_option_end":"255","dhcp_dhcp_option_padding":"00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00"}}}

28
test/baseline/dhcp.json
View File

@ -24,8 +24,10 @@
"eth.dst": "ff:ff:ff:ff:ff:ff",
"eth.dst_tree": {
"eth.dst_resolved": "Broadcast",
"eth.dst.oui": "16777215",
"eth.addr": "ff:ff:ff:ff:ff:ff",
"eth.addr_resolved": "Broadcast",
"eth.addr.oui": "16777215",
"eth.dst.lg": "1",
"eth.lg": "1",
"eth.dst.ig": "1",
@ -34,8 +36,12 @@
"eth.src": "00:0b:82:01:fc:42",
"eth.src_tree": {
"eth.src_resolved": "Grandstr_01:fc:42",
"eth.src.oui": "2946",
"eth.src.oui_resolved": "Grandstream Networks, Inc.",
"eth.addr": "00:0b:82:01:fc:42",
"eth.addr_resolved": "Grandstr_01:fc:42",
"eth.addr.oui": "2946",
"eth.addr.oui_resolved": "Grandstream Networks, Inc.",
"eth.src.lg": "0",
"eth.lg": "0",
"eth.src.ig": "0",
@ -170,8 +176,12 @@
"eth.dst": "00:0b:82:01:fc:42",
"eth.dst_tree": {
"eth.dst_resolved": "Grandstr_01:fc:42",
"eth.dst.oui": "2946",
"eth.dst.oui_resolved": "Grandstream Networks, Inc.",
"eth.addr": "00:0b:82:01:fc:42",
"eth.addr_resolved": "Grandstr_01:fc:42",
"eth.addr.oui": "2946",
"eth.addr.oui_resolved": "Grandstream Networks, Inc.",
"eth.dst.lg": "0",
"eth.lg": "0",
"eth.dst.ig": "0",
@ -180,8 +190,12 @@
"eth.src": "00:08:74:ad:f1:9b",
"eth.src_tree": {
"eth.src_resolved": "Dell_ad:f1:9b",
"eth.src.oui": "2164",
"eth.src.oui_resolved": "Dell Inc.",
"eth.addr": "00:08:74:ad:f1:9b",
"eth.addr_resolved": "Dell_ad:f1:9b",
"eth.addr.oui": "2164",
"eth.addr.oui_resolved": "Dell Inc.",
"eth.src.lg": "0",
"eth.lg": "0",
"eth.src.ig": "0",
@ -324,8 +338,10 @@
"eth.dst": "ff:ff:ff:ff:ff:ff",
"eth.dst_tree": {
"eth.dst_resolved": "Broadcast",
"eth.dst.oui": "16777215",
"eth.addr": "ff:ff:ff:ff:ff:ff",
"eth.addr_resolved": "Broadcast",
"eth.addr.oui": "16777215",
"eth.dst.lg": "1",
"eth.lg": "1",
"eth.dst.ig": "1",
@ -334,8 +350,12 @@
"eth.src": "00:0b:82:01:fc:42",
"eth.src_tree": {
"eth.src_resolved": "Grandstr_01:fc:42",
"eth.src.oui": "2946",
"eth.src.oui_resolved": "Grandstream Networks, Inc.",
"eth.addr": "00:0b:82:01:fc:42",
"eth.addr_resolved": "Grandstr_01:fc:42",
"eth.addr.oui": "2946",
"eth.addr.oui_resolved": "Grandstream Networks, Inc.",
"eth.src.lg": "0",
"eth.lg": "0",
"eth.src.ig": "0",
@ -476,8 +496,12 @@
"eth.dst": "00:0b:82:01:fc:42",
"eth.dst_tree": {
"eth.dst_resolved": "Grandstr_01:fc:42",
"eth.dst.oui": "2946",
"eth.dst.oui_resolved": "Grandstream Networks, Inc.",
"eth.addr": "00:0b:82:01:fc:42",
"eth.addr_resolved": "Grandstr_01:fc:42",
"eth.addr.oui": "2946",
"eth.addr.oui_resolved": "Grandstream Networks, Inc.",
"eth.dst.lg": "0",
"eth.lg": "0",
"eth.dst.ig": "0",
@ -486,8 +510,12 @@
"eth.src": "00:08:74:ad:f1:9b",
"eth.src_tree": {
"eth.src_resolved": "Dell_ad:f1:9b",
"eth.src.oui": "2164",
"eth.src.oui_resolved": "Dell Inc.",
"eth.addr": "00:08:74:ad:f1:9b",
"eth.addr_resolved": "Dell_ad:f1:9b",
"eth.addr.oui": "2164",
"eth.addr.oui_resolved": "Dell Inc.",
"eth.src.lg": "0",
"eth.lg": "0",
"eth.src.ig": "0",

196
test/baseline/dhcp.jsonraw
View File

@ -128,6 +128,13 @@
0,
26
],
"eth.dst.oui_raw": [
"ffffff",
0,
3,
0,
6
],
"eth.addr_raw": [
"ffffffffffff",
0,
@ -142,6 +149,13 @@
0,
26
],
"eth.addr.oui_raw": [
"ffffff",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
@ -186,6 +200,20 @@
0,
26
],
"eth.src.oui_raw": [
"000b82",
6,
3,
0,
6
],
"eth.src.oui_resolved_raw": [
"000b8201fc42",
6,
6,
0,
26
],
"eth.addr_raw": [
"000b8201fc42",
6,
@ -200,6 +228,20 @@
0,
26
],
"eth.addr.oui_raw": [
"000b82",
6,
3,
0,
6
],
"eth.addr.oui_resolved_raw": [
"000b8201fc42",
6,
6,
0,
26
],
"eth.src.lg_raw": [
"0",
6,
@ -939,6 +981,20 @@
0,
26
],
"eth.dst.oui_raw": [
"000b82",
0,
3,
0,
6
],
"eth.dst.oui_resolved_raw": [
"000b8201fc42",
0,
6,
0,
26
],
"eth.addr_raw": [
"000b8201fc42",
0,
@ -953,6 +1009,20 @@
0,
26
],
"eth.addr.oui_raw": [
"000b82",
0,
3,
0,
6
],
"eth.addr.oui_resolved_raw": [
"000b8201fc42",
0,
6,
0,
26
],
"eth.dst.lg_raw": [
"0",
0,
@ -997,6 +1067,20 @@
0,
26
],
"eth.src.oui_raw": [
"000874",
6,
3,
0,
6
],
"eth.src.oui_resolved_raw": [
"000874adf19b",
6,
6,
0,
26
],
"eth.addr_raw": [
"000874adf19b",
6,
@ -1011,6 +1095,20 @@
0,
26
],
"eth.addr.oui_raw": [
"000874",
6,
3,
0,
6
],
"eth.addr.oui_resolved_raw": [
"000874adf19b",
6,
6,
0,
26
],
"eth.src.lg_raw": [
"0",
6,
@ -1782,6 +1880,13 @@
0,
26
],
"eth.dst.oui_raw": [
"ffffff",
0,
3,
0,
6
],
"eth.addr_raw": [
"ffffffffffff",
0,
@ -1796,6 +1901,13 @@
0,
26
],
"eth.addr.oui_raw": [
"ffffff",
0,
3,
0,
6
],
"eth.dst.lg_raw": [
"1",
0,
@ -1840,6 +1952,20 @@
0,
26
],
"eth.src.oui_raw": [
"000b82",
6,
3,
0,
6
],
"eth.src.oui_resolved_raw": [
"000b8201fc42",
6,
6,
0,
26
],
"eth.addr_raw": [
"000b8201fc42",
6,
@ -1854,6 +1980,20 @@
0,
26
],
"eth.addr.oui_raw": [
"000b82",
6,
3,
0,
6
],
"eth.addr.oui_resolved_raw": [
"000b8201fc42",
6,
6,
0,
26
],
"eth.src.lg_raw": [
"0",
6,
@ -2623,6 +2763,20 @@
0,
26
],
"eth.dst.oui_raw": [
"000b82",
0,
3,
0,
6
],
"eth.dst.oui_resolved_raw": [
"000b8201fc42",
0,
6,
0,
26
],
"eth.addr_raw": [
"000b8201fc42",
0,
@ -2637,6 +2791,20 @@
0,
26
],
"eth.addr.oui_raw": [
"000b82",
0,
3,
0,
6
],
"eth.addr.oui_resolved_raw": [
"000b8201fc42",
0,
6,
0,
26
],
"eth.dst.lg_raw": [
"0",
0,
@ -2681,6 +2849,20 @@
0,
26
],
"eth.src.oui_raw": [
"000874",
6,
3,
0,
6
],
"eth.src.oui_resolved_raw": [
"000874adf19b",
6,
6,
0,
26
],
"eth.addr_raw": [
"000874adf19b",
6,
@ -2695,6 +2877,20 @@
0,
26
],
"eth.addr.oui_raw": [
"000874",
6,
3,
0,
6
],
"eth.addr.oui_resolved_raw": [
"000874adf19b",
6,
6,
0,
26
],
"eth.src.lg_raw": [
"0",
6,