osmocom
/
wireshark
11
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

IPv4: Implementation of conversations with stream identifiers

This commit is contained in:
Eugène Adell 2023-12-05 14:36:01 +00:00 committed by AndersBroman
parent 0e01240e78
commit 01796d6f2e
10 changed files with 240 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

84
epan/conversation.c
View File

@ -59,6 +59,7 @@ enum {
PORT2_IDX,
ENDP_EXACT_IDX,
EXACT_IDX_COUNT,
ADDRS_IDX_COUNT = PORT2_IDX,
PORT2_NO_ADDR2_IDX = ADDR2_IDX,
ENDP_NO_ADDR2_IDX = PORT2_IDX,
ENDP_NO_PORT2_IDX = PORT2_IDX,
@ -66,6 +67,7 @@ enum {
NO_ADDR2_IDX_COUNT = ENDP_EXACT_IDX,
NO_PORT2_IDX_COUNT = ENDP_EXACT_IDX,
NO_ADDR2_PORT2_IDX_COUNT = PORT2_IDX,
ENDP_NO_PORTS_IDX = ADDR2_IDX
};
/*
@ -73,6 +75,11 @@ enum {
*/
static wmem_map_t *conversation_hashtable_element_list = NULL;
/*
* Hash table for conversations based on addresses only
*/
static wmem_map_t *conversation_hashtable_exact_addr = NULL;
/*
* Hash table for conversations with no wildcards.
*/
@ -486,6 +493,18 @@ conversation_init(void)
wmem_map_insert(conversation_hashtable_element_list, wmem_strdup(wmem_epan_scope(), exact_map_key),
conversation_hashtable_exact_addr_port);
conversation_element_t addrs_elements[ADDRS_IDX_COUNT] = {
{ CE_ADDRESS, .addr_val = ADDRESS_INIT_NONE },
{ CE_ADDRESS, .addr_val = ADDRESS_INIT_NONE },
{ CE_CONVERSATION_TYPE, .conversation_type_val = CONVERSATION_NONE }
};
char *addrs_map_key = conversation_element_list_name(wmem_epan_scope(), addrs_elements);
conversation_hashtable_exact_addr = wmem_map_new_autoreset(wmem_epan_scope(), wmem_file_scope(),
conversation_hash_element_list,
conversation_match_element_list);
wmem_map_insert(conversation_hashtable_element_list, wmem_strdup(wmem_epan_scope(), addrs_map_key),
conversation_hashtable_exact_addr);
conversation_element_t no_addr2_elements[NO_ADDR2_IDX_COUNT] = {
{ CE_ADDRESS, .addr_val = ADDRESS_INIT_NONE },
{ CE_PORT, .port_val = 0 },
@ -799,6 +818,13 @@ conversation_new(const guint32 setup_frame, const address *addr1, const address
*/
DPRINT(("creating conversation for frame #%u: %s:%u -> %s (ctype=%d)",
setup_frame, addr1_str, port1, addr2_str, ctype));
} else if (options & NO_PORTS) {
/*
* No Ports.
*/
DPRINT(("creating conversation for frame #%u: %s -> %s (ctype=%d)",
setup_frame, addr1_str, addr2_str, ctype));
} else {
/*
* Ports 1 and 2.
@ -825,8 +851,11 @@ conversation_new(const guint32 setup_frame, const address *addr1, const address
} else {
clear_address(&new_key[ADDR1_IDX].addr_val);
}
new_key[PORT1_IDX].type = CE_PORT;
new_key[PORT1_IDX].port_val = port1;
if (!(options & NO_PORTS)) {
new_key[PORT1_IDX].type = CE_PORT;
new_key[PORT1_IDX].port_val = port1;
}
if (options & NO_ADDR2) {
if (options & (NO_PORT2|NO_PORT2_FORCE)) {
@ -838,12 +867,17 @@ conversation_new(const guint32 setup_frame, const address *addr1, const address
endp_idx = ENDP_NO_ADDR2_IDX;
}
} else {
addr2_idx = ADDR2_IDX;
if (options & (NO_PORT2|NO_PORT2_FORCE)) {
hashtable = conversation_hashtable_no_port2;
addr2_idx = ADDR2_IDX;
endp_idx = ENDP_NO_PORT2_IDX;
} else if (options & NO_PORTS) {
hashtable = conversation_hashtable_exact_addr;
addr2_idx = PORT1_IDX;
endp_idx = ENDP_NO_PORTS_IDX;
} else {
hashtable = conversation_hashtable_exact_addr_port;
addr2_idx = ADDR2_IDX;
port2_idx = PORT2_IDX;
endp_idx = ENDP_EXACT_IDX;
}
@ -1107,6 +1141,22 @@ conversation_lookup_no_addr2_or_port2(const guint32 frame_num, const address *ad
return conversation_lookup_hashtable(conversation_hashtable_no_addr2_or_port2, frame_num, key);
}
/*
* Search a particular hash table for a conversation with the specified
* {addr1, addr2} and set up before frame_num.
*/
static conversation_t *
conversation_lookup_no_ports(const guint32 frame_num, const address *addr1,
const address *addr2, const conversation_type ctype)
{
conversation_element_t key[ADDRS_IDX_COUNT] = {
{ CE_ADDRESS, .addr_val = *addr1 },
{ CE_ADDRESS, .addr_val = *addr2 },
{ CE_CONVERSATION_TYPE, .conversation_type_val = ctype },
};
return conversation_lookup_hashtable(conversation_hashtable_exact_addr, frame_num, key);
}
/*
* Given two address/port pairs for a packet, search for a conversation
* containing packets between those address/port pairs. Returns NULL if
@ -1166,7 +1216,7 @@ find_conversation(const guint32 frame_num, const address *addr_a, const address
/*
* First try an exact match, if we have two addresses and ports.
*/
if (!(options & (NO_ADDR_B|NO_PORT_B))) {
if (!(options & (NO_ADDR_B|NO_PORT_B|NO_PORTS))) {
/*
* Neither search address B nor search port B are wildcarded,
* start out with an exact match.
@ -1213,7 +1263,7 @@ find_conversation(const guint32 frame_num, const address *addr_a, const address
* Well, that didn't find anything. Try matches that wildcard
* one of the addresses, if we have two ports.
*/
if (!(options & NO_PORT_B)) {
if (!(options & (NO_PORT_B|NO_PORTS))) {
/*
* Search port B isn't wildcarded.
*
@ -1306,7 +1356,7 @@ find_conversation(const guint32 frame_num, const address *addr_a, const address
* Well, that didn't find anything. Try matches that wildcard
* one of the ports, if we have two addresses.
*/
if (!(options & NO_ADDR_B)) {
if (!(options & (NO_ADDR_B|NO_PORTS))) {
/*
* Search address B isn't wildcarded.
*
@ -1489,6 +1539,28 @@ find_conversation(const guint32 frame_num, const address *addr_a, const address
goto end;
}
}
if (options & NO_PORT_X) {
/*
* Search for conversations between two addresses, strictly
*/
DPRINT(("trying exact match: %s -> %s",
addr_a_str, addr_b_str));
conversation = conversation_lookup_no_ports(frame_num, addr_a, addr_b, ctype);
if (conversation != NULL) {
DPRINT(("match found"));
goto end;
}
else {
conversation = conversation_lookup_no_ports(frame_num, addr_b, addr_a, ctype);
if (conversation != NULL) {
DPRINT(("match found"));
goto end;
}
}
}
DPRINT(("no matches found"));
/*

5
epan/conversation.h
View File

@ -42,6 +42,7 @@ extern "C" {
#define NO_PORT2 0x02
#define NO_PORT2_FORCE 0x04
#define CONVERSATION_TEMPLATE 0x08
#define NO_PORTS 0x010
/**
* Flags to pass to "find_conversation()" to indicate that the address B
@ -50,6 +51,7 @@ extern "C" {
#define NO_MASK_B 0xFFFF0000
#define NO_ADDR_B 0x00010000
#define NO_PORT_B 0x00020000
#define NO_PORT_X 0x00040000
/** Flags to handle endpoints */
#define USE_LAST_ENDPOINT 0x08 /**< Use last endpoint created, regardless of type */
@ -99,6 +101,7 @@ typedef enum {
CONVERSATION_SNMP, /* SNMP */
CONVERSATION_QUIC, /* QUIC */
CONVERSATION_IDN,
CONVERSATION_IP, /* IP */
} conversation_type;
/*
@ -240,7 +243,7 @@ typedef struct conversation {
* type specifying the protocol for the conversation. Now we use an
* array of elements, with a CE_UINT value for the integer followed
* by a CE_CONVERSATION_TYPE value specifying the protocol for the
* converation.
* conversation.
*
* XXX - is there any reason why we shouldn't use an array of conversation
* elements, with the appropriate addresses and ports, instead of this

85
epan/dissectors/packet-ip.c
View File

@ -126,6 +126,7 @@ static int hf_ip_proto;
static int hf_ip_checksum;
static int hf_ip_checksum_calculated;
static int hf_ip_checksum_status;
static int hf_ip_stream;
/* IP option fields */
static int hf_ip_opt_type;
@ -268,6 +269,8 @@ static dissector_table_t ip_option_table;
static gint ett_geoip_info;
static guint32 ip_stream_count;
static const fragment_items ip_frag_items = {
&ett_ip_fragment,
&ett_ip_fragments,
@ -509,7 +512,9 @@ ip_conversation_packet(void *pct, packet_info *pinfo, epan_dissect_t *edt _U_, c
hash->flags = flags;
const ws_ip4 *iph=(const ws_ip4 *)vip;
add_conversation_table_data(hash, &iph->ip_src, &iph->ip_dst, 0, 0, 1, pinfo->fd->pkt_len, &pinfo->rel_ts, &pinfo->abs_ts, &ip_ct_dissector_info, CONVERSATION_NONE);
add_conversation_table_data_with_conv_id(hash, &iph->ip_src, &iph->ip_dst, 0, 0, (conv_id_t)iph->ip_stream, 1, pinfo->fd->pkt_len,
&pinfo->rel_ts, &pinfo->abs_ts, &ip_ct_dissector_info, CONVERSATION_IP);
return TAP_PACKET_REDRAW;
}
@ -1846,6 +1851,46 @@ export_pdu(tvbuff_t *tvb, packet_info *pinfo)
}
}
static struct ip_analysis *
init_ip_conversation_data(packet_info *pinfo)
{
struct ip_analysis *ipd;
/* Initialize the ip protocol data structure to add to the ip conversation */
ipd=wmem_new0(wmem_file_scope(), struct ip_analysis);
ipd->initial_frame = pinfo->num;
ipd->stream = 0;
ipd->stream = ip_stream_count++;
return ipd;
}
struct ip_analysis *
get_ip_conversation_data(conversation_t *conv, packet_info *pinfo)
{
struct ip_analysis *ipd;
/* Did the caller supply the conversation pointer? */
if( conv==NULL ) {
return NULL;
}
/* Get the data for this conversation */
ipd=(struct ip_analysis *)conversation_get_proto_data(conv, proto_ip);
if (!ipd) {
ipd = init_ip_conversation_data(pinfo);
conversation_add_proto_data(conv, proto_ip, ipd);
}
if (!ipd) {
return NULL;
}
return ipd;
}
static int
dissect_ip_v4(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void* data _U_)
{
@ -1864,6 +1909,7 @@ dissect_ip_v4(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void*
proto_tree *tree;
proto_item *item = NULL, *ttl_item;
guint16 ttl_valid;
struct ip_analysis *ipd=NULL;
tree = parent_tree;
iph = wmem_new0(pinfo->pool, ws_ip4);
@ -2300,6 +2346,31 @@ dissect_ip_v4(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void*
}
}
conversation_t *conv = find_conversation(pinfo->num, &pinfo->src, &pinfo->dst, CONVERSATION_IP, 0, 0, NO_PORT_X);
if(!conv) {
conv = conversation_new(pinfo->num, &pinfo->src, &pinfo->dst, CONVERSATION_IP, 0, 0, NO_PORTS);
}
else {
/*
* while not strictly necessary because there is only 1
* conversation between 2 IPs, we still move the last frame
* indicator as being a usual practice.
*/
if (!(pinfo->fd->visited)) {
if (pinfo->num > conv->last_frame) {
conv->last_frame = pinfo->num;
}
}
}
ipd = get_ip_conversation_data(conv, pinfo);
if(ipd) {
iph->ip_stream = ipd->stream;
item = proto_tree_add_uint(ip_tree, hf_ip_stream, tvb, offset, 0, ipd->stream);
proto_item_set_generated(item);
}
if (next_tvb == NULL) {
/* Just show this as a fragment. */
col_add_fstr(pinfo->cinfo, COL_INFO,
@ -2459,6 +2530,12 @@ dissect_ip_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data
return TRUE;
}
static void
ip_init(void)
{
ip_stream_count = 0;
}
void
proto_register_ip(void)
{
@ -2541,6 +2618,10 @@ proto_register_ip(void)
{ "Source or Destination Host", "ip.host", FT_STRING, BASE_NONE,
NULL, 0x0, NULL, HFILL }},
{ &hf_ip_stream,
{ "Stream index", "ip.stream", FT_UINT32, BASE_DEC,
NULL, 0x0, NULL, HFILL }},
{ &hf_geoip_country,
{ "Source or Destination GeoIP Country", "ip.geoip.country",
FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
@ -3007,6 +3088,8 @@ proto_register_ip(void)
"IP geolocation settings can be changed in the Name Resolution preferences",
"IP geolocation settings can be changed in the Name Resolution preferences");
register_init_routine(ip_init);
ip_handle = register_dissector("ip", dissect_ip, proto_ip);
reassembly_table_register(&ip_reassembly_table,
&addresses_reassembly_table_functions);

14
epan/dissectors/packet-ip.h
View File

@ -14,6 +14,7 @@
#include "ws_symbol_export.h"
#include "packet-ipv6.h"
#include <epan/conversation.h>
/*
* IP Version numbers, from
@ -42,6 +43,7 @@ typedef struct _ws_ip4
guint16 ip_sum; /* checksum */
address ip_src; /* source address */
address ip_dst; /* destination address */
guint32 ip_stream; /* track conversations */
} ws_ip4;
#define WS_IP4_PTR(p) ((ws_ip4 *)(((p) && *(guint8 *)(p) == 4) ? (p) : NULL))
@ -130,6 +132,18 @@ ws_ip_protocol(void *iph)
return -1;
}
struct ip_analysis {
/* Initial frame starting this conversation
*/
guint32 initial_frame;
guint32 stream;
};
WS_DLL_PUBLIC struct ip_analysis *get_ip_conversation_data(conversation_t *conv,
packet_info *pinfo);
#endif /* __PACKET_IP_H__ */
/*

8
test/baseline/dhcp-raw.ek
View File

File diff suppressed because one or more lines are too long

8
test/baseline/dhcp.ek
View File

@ -1,8 +1,8 @@
{"index":{"_index":"packets-2004-12-05","_type":"doc"}}
{"timestamp":"1102274184317","layers":{"dhcp":{"dhcp_dhcp_option_requested_ip_address":"0.0.0.0","dhcp_dhcp_hw_type":["0x01","0x01"],"dhcp_dhcp_ip_your":"0.0.0.0","dhcp_dhcp_flags":"0x0000","dhcp_dhcp_option_value":["01","01:00:0b:82:01:fc:42","00:00:00:00","01:03:06:2a"],"dhcp_dhcp_hw_len":"6","dhcp_dhcp_option_length":["1","7","4","4"],"dhcp_dhcp_flags_bc":false,"dhcp_dhcp_id":"0x00003d1d","dhcp_dhcp_hw_mac_addr":["00:0b:82:01:fc:42","00:0b:82:01:fc:42"],"dhcp_dhcp_ip_client":"0.0.0.0","dhcp_dhcp_secs":"0","dhcp_dhcp_server":"","dhcp_dhcp_hw_addr_padding":"00:00:00:00:00:00:00:00:00:00","dhcp_dhcp_option_type":["53","61","50","55","0"],"dhcp_dhcp_hops":"0","dhcp_dhcp_file":"","dhcp_dhcp_ip_server":"0.0.0.0","dhcp_dhcp_option_dhcp":"1","dhcp_dhcp_option_request_list_item":["1","3","6","42"],"dhcp_dhcp_cookie":"99.130.83.99","dhcp_dhcp_option_padding":"00:00:00:00:00:00:00","dhcp_dhcp_ip_relay":"0.0.0.0","dhcp_dhcp_type":"1","dhcp_dhcp_flags_reserved":"0x0000","dhcp_dhcp_option_end":"255"},"udp":{"udp_udp_time_delta":"0.000000000","udp_udp_dstport":"67","udp_udp_checksum":"0x591f","udp_udp_port":["68","67"],"udp_udp_checksum_status":"2","udp_udp_stream":"0","udp_udp_length":"280","text":"Timestamps","udp_udp_srcport":"68","udp_udp_payload":"01:01:06:00:00:00:3d:1d:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:0b:82:01:fc:42:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:63:82:53:63:35:01:01:3d:07:01:00:0b:82:01:fc:42:32:04:00:00:00:00:37:04:01:03:06:2a:ff:00:00:00:00:00:00:00","udp_udp_time_relative":"0.000000000"},"ip":{"ip_ip_flags_rb":false,"ip_ip_addr":["0.0.0.0","255.255.255.255"],"ip_ip_dsfield_ecn":"0","ip_ip_frag_offset":"0","ip_ip_hdr_len":"20","ip_ip_id":"0xa836","ip_ip_version":"4","ip_ip_dst":"255.255.255.255","ip_ip_host":["0.0.0.0","255.255.255.255"],"ip_ip_flags":"0x00","ip_ip_src_host":"0.0.0.0","ip_ip_flags_df":false,"ip_ip_len":"300","ip_ip_checksum_status":"2","ip_ip_dst_host":"255.255.255.255","ip_ip_src":"0.0.0.0","ip_ip_ttl":"250","ip_ip_flags_mf":false,"ip_ip_checksum":"0x178b","ip_ip_proto":"17","ip_ip_dsfield_dscp":"0","ip_ip_dsfield":"0x00"},"frame":{"frame_frame_len":"314","frame_frame_marked":false,"frame_frame_number":"1","frame_frame_time_epoch":"2004-12-05T19:16:24.317453000Z","frame_frame_time":"2004-12-05T19:16:24.317453000Z","frame_frame_time_relative":"0.000000000","frame_frame_encap_type":"1","frame_frame_offset_shift":"0.000000000","frame_frame_time_delta_displayed":"0.000000000","frame_frame_time_utc":"2004-12-05T19:16:24.317453000Z","frame_frame_ignored":false,"frame_frame_cap_len":"314","frame_frame_time_delta":"0.000000000","frame_frame_protocols":"eth:ethertype:ip:udp:dhcp"},"eth":{"eth_eth_src_lg":false,"eth_eth_dst":"ff:ff:ff:ff:ff:ff","eth_eth_lg":[true,false],"eth_eth_dst_oui":"16777215","eth_eth_addr_oui":["16777215","2946"],"eth_eth_src_resolved":"GrandstreamN_01:fc:42","eth_eth_addr_oui_resolved":"Grandstream Networks, Inc.","eth_eth_src_oui_resolved":"Grandstream Networks, Inc.","eth_eth_src_oui":"2946","eth_eth_addr_resolved":["Broadcast","GrandstreamN_01:fc:42"],"eth_eth_type":"0x0800","eth_eth_src":"00:0b:82:01:fc:42","eth_eth_addr":["ff:ff:ff:ff:ff:ff","00:0b:82:01:fc:42"],"eth_eth_dst_ig":true,"eth_eth_dst_lg":true,"eth_eth_src_ig":false,"eth_eth_ig":[true,false],"eth_eth_dst_resolved":"Broadcast"}}}
{"timestamp":"1102274184317","layers":{"dhcp":{"dhcp_dhcp_option_requested_ip_address":"0.0.0.0","dhcp_dhcp_hw_type":["0x01","0x01"],"dhcp_dhcp_ip_your":"0.0.0.0","dhcp_dhcp_flags":"0x0000","dhcp_dhcp_option_value":["01","01:00:0b:82:01:fc:42","00:00:00:00","01:03:06:2a"],"dhcp_dhcp_hw_len":"6","dhcp_dhcp_option_length":["1","7","4","4"],"dhcp_dhcp_flags_bc":false,"dhcp_dhcp_id":"0x00003d1d","dhcp_dhcp_hw_mac_addr":["00:0b:82:01:fc:42","00:0b:82:01:fc:42"],"dhcp_dhcp_ip_client":"0.0.0.0","dhcp_dhcp_secs":"0","dhcp_dhcp_server":"","dhcp_dhcp_hw_addr_padding":"00:00:00:00:00:00:00:00:00:00","dhcp_dhcp_option_type":["53","61","50","55","0"],"dhcp_dhcp_hops":"0","dhcp_dhcp_file":"","dhcp_dhcp_ip_server":"0.0.0.0","dhcp_dhcp_option_dhcp":"1","dhcp_dhcp_option_request_list_item":["1","3","6","42"],"dhcp_dhcp_cookie":"99.130.83.99","dhcp_dhcp_option_padding":"00:00:00:00:00:00:00","dhcp_dhcp_ip_relay":"0.0.0.0","dhcp_dhcp_type":"1","dhcp_dhcp_flags_reserved":"0x0000","dhcp_dhcp_option_end":"255"},"udp":{"udp_udp_time_delta":"0.000000000","udp_udp_dstport":"67","udp_udp_checksum":"0x591f","udp_udp_port":["68","67"],"udp_udp_checksum_status":"2","udp_udp_stream":"0","udp_udp_length":"280","text":"Timestamps","udp_udp_srcport":"68","udp_udp_payload":"01:01:06:00:00:00:3d:1d:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:0b:82:01:fc:42:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:63:82:53:63:35:01:01:3d:07:01:00:0b:82:01:fc:42:32:04:00:00:00:00:37:04:01:03:06:2a:ff:00:00:00:00:00:00:00","udp_udp_time_relative":"0.000000000"},"ip":{"ip_ip_flags_rb":false,"ip_ip_addr":["0.0.0.0","255.255.255.255"],"ip_ip_dsfield_ecn":"0","ip_ip_frag_offset":"0","ip_ip_hdr_len":"20","ip_ip_id":"0xa836","ip_ip_version":"4","ip_ip_dst":"255.255.255.255","ip_ip_host":["0.0.0.0","255.255.255.255"],"ip_ip_flags":"0x00","ip_ip_src_host":"0.0.0.0","ip_ip_flags_df":false,"ip_ip_stream":"0","ip_ip_len":"300","ip_ip_checksum_status":"2","ip_ip_dst_host":"255.255.255.255","ip_ip_src":"0.0.0.0","ip_ip_ttl":"250","ip_ip_flags_mf":false,"ip_ip_checksum":"0x178b","ip_ip_proto":"17","ip_ip_dsfield_dscp":"0","ip_ip_dsfield":"0x00"},"frame":{"frame_frame_len":"314","frame_frame_marked":false,"frame_frame_number":"1","frame_frame_time_epoch":"2004-12-05T19:16:24.317453000Z","frame_frame_time":"2004-12-05T19:16:24.317453000Z","frame_frame_time_relative":"0.000000000","frame_frame_encap_type":"1","frame_frame_offset_shift":"0.000000000","frame_frame_time_delta_displayed":"0.000000000","frame_frame_time_utc":"2004-12-05T19:16:24.317453000Z","frame_frame_ignored":false,"frame_frame_cap_len":"314","frame_frame_time_delta":"0.000000000","frame_frame_protocols":"eth:ethertype:ip:udp:dhcp"},"eth":{"eth_eth_src_lg":false,"eth_eth_dst":"ff:ff:ff:ff:ff:ff","eth_eth_lg":[true,false],"eth_eth_dst_oui":"16777215","eth_eth_addr_oui":["16777215","2946"],"eth_eth_src_resolved":"GrandstreamN_01:fc:42","eth_eth_addr_oui_resolved":"Grandstream Networks, Inc.","eth_eth_src_oui_resolved":"Grandstream Networks, Inc.","eth_eth_src_oui":"2946","eth_eth_addr_resolved":["Broadcast","GrandstreamN_01:fc:42"],"eth_eth_type":"0x0800","eth_eth_src":"00:0b:82:01:fc:42","eth_eth_addr":["ff:ff:ff:ff:ff:ff","00:0b:82:01:fc:42"],"eth_eth_dst_ig":true,"eth_eth_dst_lg":true,"eth_eth_src_ig":false,"eth_eth_ig":[true,false],"eth_eth_dst_resolved":"Broadcast"}}}
{"index":{"_index":"packets-2004-12-05","_type":"doc"}}
{"timestamp":"1102274184317","layers":{"dhcp":{"dhcp_dhcp_option_dhcp_server_id":"192.168.0.1","dhcp_dhcp_hw_type":"0x01","dhcp_dhcp_ip_your":"192.168.0.10","dhcp_dhcp_flags":"0x0000","dhcp_dhcp_option_ip_address_lease_time":"3600","dhcp_dhcp_option_value":["02","ff:ff:ff:00","00:00:07:08","00:00:0c:4e","00:00:0e:10","c0:a8:00:01"],"dhcp_dhcp_hw_len":"6","dhcp_dhcp_option_length":["1","4","4","4","4","4"],"dhcp_dhcp_flags_bc":false,"dhcp_dhcp_id":"0x00003d1d","dhcp_dhcp_hw_mac_addr":"00:0b:82:01:fc:42","dhcp_dhcp_ip_client":"0.0.0.0","dhcp_dhcp_secs":"0","dhcp_dhcp_server":"","dhcp_dhcp_option_end":"255","dhcp_dhcp_hw_addr_padding":"00:00:00:00:00:00:00:00:00:00","dhcp_dhcp_option_type":["53","1","58","59","51","54","0"],"dhcp_dhcp_hops":"0","dhcp_dhcp_file":"","dhcp_dhcp_ip_server":"192.168.0.1","dhcp_dhcp_option_dhcp":"2","dhcp_dhcp_option_subnet_mask":"255.255.255.0","dhcp_dhcp_cookie":"99.130.83.99","dhcp_dhcp_option_renewal_time_value":"1800","dhcp_dhcp_ip_relay":"0.0.0.0","dhcp_dhcp_type":"2","dhcp_dhcp_flags_reserved":"0x0000","dhcp_dhcp_option_padding":"00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00","dhcp_dhcp_option_rebinding_time_value":"3150"},"udp":{"udp_udp_time_delta":"0.000000000","udp_udp_dstport":"68","udp_udp_checksum":"0x2233","udp_udp_port":["67","68"],"udp_udp_checksum_status":"2","udp_udp_stream":"1","udp_udp_length":"308","text":"Timestamps","udp_udp_srcport":"67","udp_udp_payload":"02:01:06:00:00:00:3d:1d:00:00:00:00:00:00:00:00:c0:a8:00:0a:c0:a8:00:01:00:00:00:00:00:0b:82:01:fc:42:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:63:82:53:63:35:01:02:01:04:ff:ff:ff:00:3a:04:00:00:07:08:3b:04:00:00:0c:4e:33:04:00:00:0e:10:36:04:c0:a8:00:01:ff:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00","udp_udp_time_relative":"0.000000000"},"ip":{"ip_ip_flags_rb":false,"ip_ip_addr":["192.168.0.1","192.168.0.10"],"ip_ip_dsfield_ecn":"0","ip_ip_frag_offset":"0","ip_ip_hdr_len":"20","ip_ip_id":"0x0445","ip_ip_version":"4","ip_ip_dst":"192.168.0.10","ip_ip_host":["192.168.0.1","192.168.0.10"],"ip_ip_flags":"0x00","ip_ip_src_host":"192.168.0.1","ip_ip_flags_df":false,"ip_ip_len":"328","ip_ip_checksum_status":"2","ip_ip_dst_host":"192.168.0.10","ip_ip_src":"192.168.0.1","ip_ip_ttl":"128","ip_ip_flags_mf":false,"ip_ip_checksum":"0x0000","ip_ip_proto":"17","ip_ip_dsfield_dscp":"0","ip_ip_dsfield":"0x00"},"frame":{"frame_frame_len":"342","frame_frame_marked":false,"frame_frame_number":"2","frame_frame_time_epoch":"2004-12-05T19:16:24.317748000Z","frame_frame_time":"2004-12-05T19:16:24.317748000Z","frame_frame_time_relative":"0.000295000","frame_frame_encap_type":"1","frame_frame_offset_shift":"0.000000000","frame_frame_time_delta_displayed":"0.000295000","frame_frame_time_utc":"2004-12-05T19:16:24.317748000Z","frame_frame_ignored":false,"frame_frame_cap_len":"342","frame_frame_time_delta":"0.000295000","frame_frame_protocols":"eth:ethertype:ip:udp:dhcp"},"eth":{"eth_eth_src_lg":false,"eth_eth_dst":"00:0b:82:01:fc:42","eth_eth_lg":[false,false],"eth_eth_dst_resolved":"GrandstreamN_01:fc:42","eth_eth_addr_oui":["2946","2164"],"eth_eth_src_ig":false,"eth_eth_src_resolved":"Dell_ad:f1:9b","eth_eth_addr_oui_resolved":["Grandstream Networks, Inc.","Dell Inc."],"eth_eth_src_oui":"2164","eth_eth_src_oui_resolved":"Dell Inc.","eth_eth_addr_resolved":["GrandstreamN_01:fc:42","Dell_ad:f1:9b"],"eth_eth_type":"0x0800","eth_eth_src":"00:08:74:ad:f1:9b","eth_eth_addr":["00:0b:82:01:fc:42","00:08:74:ad:f1:9b"],"eth_eth_dst_ig":false,"eth_eth_dst_oui_resolved":"Grandstream Networks, Inc.","eth_eth_dst_lg":false,"eth_eth_ig":[false,false],"eth_eth_dst_oui":"2946"}}}
{"timestamp":"1102274184317","layers":{"dhcp":{"dhcp_dhcp_option_dhcp_server_id":"192.168.0.1","dhcp_dhcp_hw_type":"0x01","dhcp_dhcp_ip_your":"192.168.0.10","dhcp_dhcp_flags":"0x0000","dhcp_dhcp_option_ip_address_lease_time":"3600","dhcp_dhcp_option_value":["02","ff:ff:ff:00","00:00:07:08","00:00:0c:4e","00:00:0e:10","c0:a8:00:01"],"dhcp_dhcp_hw_len":"6","dhcp_dhcp_option_length":["1","4","4","4","4","4"],"dhcp_dhcp_flags_bc":false,"dhcp_dhcp_id":"0x00003d1d","dhcp_dhcp_hw_mac_addr":"00:0b:82:01:fc:42","dhcp_dhcp_ip_client":"0.0.0.0","dhcp_dhcp_secs":"0","dhcp_dhcp_server":"","dhcp_dhcp_option_end":"255","dhcp_dhcp_hw_addr_padding":"00:00:00:00:00:00:00:00:00:00","dhcp_dhcp_option_type":["53","1","58","59","51","54","0"],"dhcp_dhcp_hops":"0","dhcp_dhcp_file":"","dhcp_dhcp_ip_server":"192.168.0.1","dhcp_dhcp_option_dhcp":"2","dhcp_dhcp_option_subnet_mask":"255.255.255.0","dhcp_dhcp_cookie":"99.130.83.99","dhcp_dhcp_option_renewal_time_value":"1800","dhcp_dhcp_ip_relay":"0.0.0.0","dhcp_dhcp_type":"2","dhcp_dhcp_flags_reserved":"0x0000","dhcp_dhcp_option_padding":"00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00","dhcp_dhcp_option_rebinding_time_value":"3150"},"udp":{"udp_udp_time_delta":"0.000000000","udp_udp_dstport":"68","udp_udp_checksum":"0x2233","udp_udp_port":["67","68"],"udp_udp_checksum_status":"2","udp_udp_stream":"1","udp_udp_length":"308","text":"Timestamps","udp_udp_srcport":"67","udp_udp_payload":"02:01:06:00:00:00:3d:1d:00:00:00:00:00:00:00:00:c0:a8:00:0a:c0:a8:00:01:00:00:00:00:00:0b:82:01:fc:42:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:63:82:53:63:35:01:02:01:04:ff:ff:ff:00:3a:04:00:00:07:08:3b:04:00:00:0c:4e:33:04:00:00:0e:10:36:04:c0:a8:00:01:ff:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00","udp_udp_time_relative":"0.000000000"},"ip":{"ip_ip_flags_rb":false,"ip_ip_addr":["192.168.0.1","192.168.0.10"],"ip_ip_dsfield_ecn":"0","ip_ip_frag_offset":"0","ip_ip_hdr_len":"20","ip_ip_id":"0x0445","ip_ip_version":"4","ip_ip_dst":"192.168.0.10","ip_ip_host":["192.168.0.1","192.168.0.10"],"ip_ip_flags":"0x00","ip_ip_src_host":"192.168.0.1","ip_ip_flags_df":false,"ip_ip_stream":"1","ip_ip_len":"328","ip_ip_checksum_status":"2","ip_ip_dst_host":"192.168.0.10","ip_ip_src":"192.168.0.1","ip_ip_ttl":"128","ip_ip_flags_mf":false,"ip_ip_checksum":"0x0000","ip_ip_proto":"17","ip_ip_dsfield_dscp":"0","ip_ip_dsfield":"0x00"},"frame":{"frame_frame_len":"342","frame_frame_marked":false,"frame_frame_number":"2","frame_frame_time_epoch":"2004-12-05T19:16:24.317748000Z","frame_frame_time":"2004-12-05T19:16:24.317748000Z","frame_frame_time_relative":"0.000295000","frame_frame_encap_type":"1","frame_frame_offset_shift":"0.000000000","frame_frame_time_delta_displayed":"0.000295000","frame_frame_time_utc":"2004-12-05T19:16:24.317748000Z","frame_frame_ignored":false,"frame_frame_cap_len":"342","frame_frame_time_delta":"0.000295000","frame_frame_protocols":"eth:ethertype:ip:udp:dhcp"},"eth":{"eth_eth_src_lg":false,"eth_eth_dst":"00:0b:82:01:fc:42","eth_eth_lg":[false,false],"eth_eth_dst_resolved":"GrandstreamN_01:fc:42","eth_eth_addr_oui":["2946","2164"],"eth_eth_src_ig":false,"eth_eth_src_resolved":"Dell_ad:f1:9b","eth_eth_addr_oui_resolved":["Grandstream Networks, Inc.","Dell Inc."],"eth_eth_src_oui":"2164","eth_eth_src_oui_resolved":"Dell Inc.","eth_eth_addr_resolved":["GrandstreamN_01:fc:42","Dell_ad:f1:9b"],"eth_eth_type":"0x0800","eth_eth_src":"00:08:74:ad:f1:9b","eth_eth_addr":["00:0b:82:01:fc:42","00:08:74:ad:f1:9b"],"eth_eth_dst_ig":false,"eth_eth_dst_oui_resolved":"Grandstream Networks, Inc.","eth_eth_dst_lg":false,"eth_eth_ig":[false,false],"eth_eth_dst_oui":"2946"}}}
{"index":{"_index":"packets-2004-12-05","_type":"doc"}}
{"timestamp":"1102274184387","layers":{"dhcp":{"dhcp_dhcp_option_requested_ip_address":"192.168.0.10","dhcp_dhcp_hw_type":["0x01","0x01"],"dhcp_dhcp_ip_your":"0.0.0.0","dhcp_dhcp_flags":"0x0000","dhcp_dhcp_option_value":["03","01:00:0b:82:01:fc:42","c0:a8:00:0a","c0:a8:00:01","01:03:06:2a"],"dhcp_dhcp_hw_len":"6","dhcp_dhcp_option_length":["1","7","4","4","4"],"dhcp_dhcp_flags_bc":false,"dhcp_dhcp_id":"0x00003d1e","dhcp_dhcp_option_dhcp_server_id":"192.168.0.1","dhcp_dhcp_hw_mac_addr":["00:0b:82:01:fc:42","00:0b:82:01:fc:42"],"dhcp_dhcp_ip_client":"0.0.0.0","dhcp_dhcp_secs":"0","dhcp_dhcp_server":"","dhcp_dhcp_hw_addr_padding":"00:00:00:00:00:00:00:00:00:00","dhcp_dhcp_option_type":["53","61","50","54","55","0"],"dhcp_dhcp_hops":"0","dhcp_dhcp_file":"","dhcp_dhcp_ip_server":"0.0.0.0","dhcp_dhcp_option_dhcp":"3","dhcp_dhcp_option_request_list_item":["1","3","6","42"],"dhcp_dhcp_cookie":"99.130.83.99","dhcp_dhcp_option_padding":"00","dhcp_dhcp_ip_relay":"0.0.0.0","dhcp_dhcp_type":"1","dhcp_dhcp_flags_reserved":"0x0000","dhcp_dhcp_option_end":"255"},"udp":{"udp_udp_time_delta":"0.070031000","udp_udp_dstport":"67","udp_udp_checksum":"0x9fbd","udp_udp_port":["68","67"],"udp_udp_checksum_status":"2","udp_udp_stream":"0","udp_udp_length":"280","text":"Timestamps","udp_udp_srcport":"68","udp_udp_payload":"01:01:06:00:00:00:3d:1e:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:0b:82:01:fc:42:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:63:82:53:63:35:01:03:3d:07:01:00:0b:82:01:fc:42:32:04:c0:a8:00:0a:36:04:c0:a8:00:01:37:04:01:03:06:2a:ff:00","udp_udp_time_relative":"0.070031000"},"ip":{"ip_ip_flags_rb":false,"ip_ip_addr":["0.0.0.0","255.255.255.255"],"ip_ip_dsfield_ecn":"0","ip_ip_frag_offset":"0","ip_ip_hdr_len":"20","ip_ip_id":"0xa837","ip_ip_version":"4","ip_ip_dst":"255.255.255.255","ip_ip_host":["0.0.0.0","255.255.255.255"],"ip_ip_flags":"0x00","ip_ip_src_host":"0.0.0.0","ip_ip_flags_df":false,"ip_ip_len":"300","ip_ip_checksum_status":"2","ip_ip_dst_host":"255.255.255.255","ip_ip_src":"0.0.0.0","ip_ip_ttl":"250","ip_ip_flags_mf":false,"ip_ip_checksum":"0x178a","ip_ip_proto":"17","ip_ip_dsfield_dscp":"0","ip_ip_dsfield":"0x00"},"frame":{"frame_frame_len":"314","frame_frame_marked":false,"frame_frame_number":"3","frame_frame_time_epoch":"2004-12-05T19:16:24.387484000Z","frame_frame_time":"2004-12-05T19:16:24.387484000Z","frame_frame_time_relative":"0.070031000","frame_frame_encap_type":"1","frame_frame_offset_shift":"0.000000000","frame_frame_time_delta_displayed":"0.069736000","frame_frame_time_utc":"2004-12-05T19:16:24.387484000Z","frame_frame_ignored":false,"frame_frame_cap_len":"314","frame_frame_time_delta":"0.069736000","frame_frame_protocols":"eth:ethertype:ip:udp:dhcp"},"eth":{"eth_eth_src_lg":false,"eth_eth_dst":"ff:ff:ff:ff:ff:ff","eth_eth_lg":[true,false],"eth_eth_dst_oui":"16777215","eth_eth_addr_oui":["16777215","2946"],"eth_eth_src_resolved":"GrandstreamN_01:fc:42","eth_eth_addr_oui_resolved":"Grandstream Networks, Inc.","eth_eth_src_oui_resolved":"Grandstream Networks, Inc.","eth_eth_src_oui":"2946","eth_eth_addr_resolved":["Broadcast","GrandstreamN_01:fc:42"],"eth_eth_type":"0x0800","eth_eth_src":"00:0b:82:01:fc:42","eth_eth_addr":["ff:ff:ff:ff:ff:ff","00:0b:82:01:fc:42"],"eth_eth_dst_ig":true,"eth_eth_dst_lg":true,"eth_eth_src_ig":false,"eth_eth_ig":[true,false],"eth_eth_dst_resolved":"Broadcast"}}}
{"timestamp":"1102274184387","layers":{"dhcp":{"dhcp_dhcp_option_requested_ip_address":"192.168.0.10","dhcp_dhcp_hw_type":["0x01","0x01"],"dhcp_dhcp_ip_your":"0.0.0.0","dhcp_dhcp_flags":"0x0000","dhcp_dhcp_option_value":["03","01:00:0b:82:01:fc:42","c0:a8:00:0a","c0:a8:00:01","01:03:06:2a"],"dhcp_dhcp_hw_len":"6","dhcp_dhcp_option_length":["1","7","4","4","4"],"dhcp_dhcp_flags_bc":false,"dhcp_dhcp_id":"0x00003d1e","dhcp_dhcp_option_dhcp_server_id":"192.168.0.1","dhcp_dhcp_hw_mac_addr":["00:0b:82:01:fc:42","00:0b:82:01:fc:42"],"dhcp_dhcp_ip_client":"0.0.0.0","dhcp_dhcp_secs":"0","dhcp_dhcp_server":"","dhcp_dhcp_hw_addr_padding":"00:00:00:00:00:00:00:00:00:00","dhcp_dhcp_option_type":["53","61","50","54","55","0"],"dhcp_dhcp_hops":"0","dhcp_dhcp_file":"","dhcp_dhcp_ip_server":"0.0.0.0","dhcp_dhcp_option_dhcp":"3","dhcp_dhcp_option_request_list_item":["1","3","6","42"],"dhcp_dhcp_cookie":"99.130.83.99","dhcp_dhcp_option_padding":"00","dhcp_dhcp_ip_relay":"0.0.0.0","dhcp_dhcp_type":"1","dhcp_dhcp_flags_reserved":"0x0000","dhcp_dhcp_option_end":"255"},"udp":{"udp_udp_time_delta":"0.070031000","udp_udp_dstport":"67","udp_udp_checksum":"0x9fbd","udp_udp_port":["68","67"],"udp_udp_checksum_status":"2","udp_udp_stream":"0","udp_udp_length":"280","text":"Timestamps","udp_udp_srcport":"68","udp_udp_payload":"01:01:06:00:00:00:3d:1e:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:0b:82:01:fc:42:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:63:82:53:63:35:01:03:3d:07:01:00:0b:82:01:fc:42:32:04:c0:a8:00:0a:36:04:c0:a8:00:01:37:04:01:03:06:2a:ff:00","udp_udp_time_relative":"0.070031000"},"ip":{"ip_ip_flags_rb":false,"ip_ip_addr":["0.0.0.0","255.255.255.255"],"ip_ip_dsfield_ecn":"0","ip_ip_frag_offset":"0","ip_ip_hdr_len":"20","ip_ip_id":"0xa837","ip_ip_version":"4","ip_ip_dst":"255.255.255.255","ip_ip_host":["0.0.0.0","255.255.255.255"],"ip_ip_flags":"0x00","ip_ip_src_host":"0.0.0.0","ip_ip_flags_df":false,"ip_ip_stream":"0","ip_ip_len":"300","ip_ip_checksum_status":"2","ip_ip_dst_host":"255.255.255.255","ip_ip_src":"0.0.0.0","ip_ip_ttl":"250","ip_ip_flags_mf":false,"ip_ip_checksum":"0x178a","ip_ip_proto":"17","ip_ip_dsfield_dscp":"0","ip_ip_dsfield":"0x00"},"frame":{"frame_frame_len":"314","frame_frame_marked":false,"frame_frame_number":"3","frame_frame_time_epoch":"2004-12-05T19:16:24.387484000Z","frame_frame_time":"2004-12-05T19:16:24.387484000Z","frame_frame_time_relative":"0.070031000","frame_frame_encap_type":"1","frame_frame_offset_shift":"0.000000000","frame_frame_time_delta_displayed":"0.069736000","frame_frame_time_utc":"2004-12-05T19:16:24.387484000Z","frame_frame_ignored":false,"frame_frame_cap_len":"314","frame_frame_time_delta":"0.069736000","frame_frame_protocols":"eth:ethertype:ip:udp:dhcp"},"eth":{"eth_eth_src_lg":false,"eth_eth_dst":"ff:ff:ff:ff:ff:ff","eth_eth_lg":[true,false],"eth_eth_dst_oui":"16777215","eth_eth_addr_oui":["16777215","2946"],"eth_eth_src_resolved":"GrandstreamN_01:fc:42","eth_eth_addr_oui_resolved":"Grandstream Networks, Inc.","eth_eth_src_oui_resolved":"Grandstream Networks, Inc.","eth_eth_src_oui":"2946","eth_eth_addr_resolved":["Broadcast","GrandstreamN_01:fc:42"],"eth_eth_type":"0x0800","eth_eth_src":"00:0b:82:01:fc:42","eth_eth_addr":["ff:ff:ff:ff:ff:ff","00:0b:82:01:fc:42"],"eth_eth_dst_ig":true,"eth_eth_dst_lg":true,"eth_eth_src_ig":false,"eth_eth_ig":[true,false],"eth_eth_dst_resolved":"Broadcast"}}}
{"index":{"_index":"packets-2004-12-05","_type":"doc"}}
{"timestamp":"1102274184387","layers":{"dhcp":{"dhcp_dhcp_option_dhcp_server_id":"192.168.0.1","dhcp_dhcp_hw_type":"0x01","dhcp_dhcp_ip_your":"192.168.0.10","dhcp_dhcp_flags":"0x0000","dhcp_dhcp_option_ip_address_lease_time":"3600","dhcp_dhcp_option_value":["05","00:00:07:08","00:00:0c:4e","00:00:0e:10","c0:a8:00:01","ff:ff:ff:00"],"dhcp_dhcp_hw_len":"6","dhcp_dhcp_option_length":["1","4","4","4","4","4"],"dhcp_dhcp_flags_bc":false,"dhcp_dhcp_id":"0x00003d1e","dhcp_dhcp_hw_mac_addr":"00:0b:82:01:fc:42","dhcp_dhcp_ip_client":"0.0.0.0","dhcp_dhcp_secs":"0","dhcp_dhcp_server":"","dhcp_dhcp_option_end":"255","dhcp_dhcp_hw_addr_padding":"00:00:00:00:00:00:00:00:00:00","dhcp_dhcp_option_type":["53","58","59","51","54","1","0"],"dhcp_dhcp_hops":"0","dhcp_dhcp_file":"","dhcp_dhcp_ip_server":"0.0.0.0","dhcp_dhcp_option_dhcp":"5","dhcp_dhcp_option_subnet_mask":"255.255.255.0","dhcp_dhcp_cookie":"99.130.83.99","dhcp_dhcp_option_renewal_time_value":"1800","dhcp_dhcp_ip_relay":"0.0.0.0","dhcp_dhcp_type":"2","dhcp_dhcp_flags_reserved":"0x0000","dhcp_dhcp_option_padding":"00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00","dhcp_dhcp_option_rebinding_time_value":"3150"},"udp":{"udp_udp_time_delta":"0.070050000","udp_udp_dstport":"68","udp_udp_checksum":"0xdfdb","udp_udp_port":["67","68"],"udp_udp_checksum_status":"2","udp_udp_stream":"1","udp_udp_length":"308","text":"Timestamps","udp_udp_srcport":"67","udp_udp_payload":"02:01:06:00:00:00:3d:1e:00:00:00:00:00:00:00:00:c0:a8:00:0a:00:00:00:00:00:00:00:00:00:0b:82:01:fc:42:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:63:82:53:63:35:01:05:3a:04:00:00:07:08:3b:04:00:00:0c:4e:33:04:00:00:0e:10:36:04:c0:a8:00:01:01:04:ff:ff:ff:00:ff:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00","udp_udp_time_relative":"0.070050000"},"ip":{"ip_ip_flags_rb":false,"ip_ip_addr":["192.168.0.1","192.168.0.10"],"ip_ip_dsfield_ecn":"0","ip_ip_frag_offset":"0","ip_ip_hdr_len":"20","ip_ip_id":"0x0446","ip_ip_version":"4","ip_ip_dst":"192.168.0.10","ip_ip_host":["192.168.0.1","192.168.0.10"],"ip_ip_flags":"0x00","ip_ip_src_host":"192.168.0.1","ip_ip_flags_df":false,"ip_ip_len":"328","ip_ip_checksum_status":"2","ip_ip_dst_host":"192.168.0.10","ip_ip_src":"192.168.0.1","ip_ip_ttl":"128","ip_ip_flags_mf":false,"ip_ip_checksum":"0x0000","ip_ip_proto":"17","ip_ip_dsfield_dscp":"0","ip_ip_dsfield":"0x00"},"frame":{"frame_frame_len":"342","frame_frame_marked":false,"frame_frame_number":"4","frame_frame_time_epoch":"2004-12-05T19:16:24.387798000Z","frame_frame_time":"2004-12-05T19:16:24.387798000Z","frame_frame_time_relative":"0.070345000","frame_frame_encap_type":"1","frame_frame_offset_shift":"0.000000000","frame_frame_time_delta_displayed":"0.000314000","frame_frame_time_utc":"2004-12-05T19:16:24.387798000Z","frame_frame_ignored":false,"frame_frame_cap_len":"342","frame_frame_time_delta":"0.000314000","frame_frame_protocols":"eth:ethertype:ip:udp:dhcp"},"eth":{"eth_eth_src_lg":false,"eth_eth_dst":"00:0b:82:01:fc:42","eth_eth_lg":[false,false],"eth_eth_dst_resolved":"GrandstreamN_01:fc:42","eth_eth_addr_oui":["2946","2164"],"eth_eth_src_ig":false,"eth_eth_src_resolved":"Dell_ad:f1:9b","eth_eth_addr_oui_resolved":["Grandstream Networks, Inc.","Dell Inc."],"eth_eth_src_oui":"2164","eth_eth_src_oui_resolved":"Dell Inc.","eth_eth_addr_resolved":["GrandstreamN_01:fc:42","Dell_ad:f1:9b"],"eth_eth_type":"0x0800","eth_eth_src":"00:08:74:ad:f1:9b","eth_eth_addr":["00:0b:82:01:fc:42","00:08:74:ad:f1:9b"],"eth_eth_dst_ig":false,"eth_eth_dst_oui_resolved":"Grandstream Networks, Inc.","eth_eth_dst_lg":false,"eth_eth_ig":[false,false],"eth_eth_dst_oui":"2946"}}}
{"timestamp":"1102274184387","layers":{"dhcp":{"dhcp_dhcp_option_dhcp_server_id":"192.168.0.1","dhcp_dhcp_hw_type":"0x01","dhcp_dhcp_ip_your":"192.168.0.10","dhcp_dhcp_flags":"0x0000","dhcp_dhcp_option_ip_address_lease_time":"3600","dhcp_dhcp_option_value":["05","00:00:07:08","00:00:0c:4e","00:00:0e:10","c0:a8:00:01","ff:ff:ff:00"],"dhcp_dhcp_hw_len":"6","dhcp_dhcp_option_length":["1","4","4","4","4","4"],"dhcp_dhcp_flags_bc":false,"dhcp_dhcp_id":"0x00003d1e","dhcp_dhcp_hw_mac_addr":"00:0b:82:01:fc:42","dhcp_dhcp_ip_client":"0.0.0.0","dhcp_dhcp_secs":"0","dhcp_dhcp_server":"","dhcp_dhcp_option_end":"255","dhcp_dhcp_hw_addr_padding":"00:00:00:00:00:00:00:00:00:00","dhcp_dhcp_option_type":["53","58","59","51","54","1","0"],"dhcp_dhcp_hops":"0","dhcp_dhcp_file":"","dhcp_dhcp_ip_server":"0.0.0.0","dhcp_dhcp_option_dhcp":"5","dhcp_dhcp_option_subnet_mask":"255.255.255.0","dhcp_dhcp_cookie":"99.130.83.99","dhcp_dhcp_option_renewal_time_value":"1800","dhcp_dhcp_ip_relay":"0.0.0.0","dhcp_dhcp_type":"2","dhcp_dhcp_flags_reserved":"0x0000","dhcp_dhcp_option_padding":"00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00","dhcp_dhcp_option_rebinding_time_value":"3150"},"udp":{"udp_udp_time_delta":"0.070050000","udp_udp_dstport":"68","udp_udp_checksum":"0xdfdb","udp_udp_port":["67","68"],"udp_udp_checksum_status":"2","udp_udp_stream":"1","udp_udp_length":"308","text":"Timestamps","udp_udp_srcport":"67","udp_udp_payload":"02:01:06:00:00:00:3d:1e:00:00:00:00:00:00:00:00:c0:a8:00:0a:00:00:00:00:00:00:00:00:00:0b:82:01:fc:42:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:63:82:53:63:35:01:05:3a:04:00:00:07:08:3b:04:00:00:0c:4e:33:04:00:00:0e:10:36:04:c0:a8:00:01:01:04:ff:ff:ff:00:ff:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00","udp_udp_time_relative":"0.070050000"},"ip":{"ip_ip_flags_rb":false,"ip_ip_addr":["192.168.0.1","192.168.0.10"],"ip_ip_dsfield_ecn":"0","ip_ip_frag_offset":"0","ip_ip_hdr_len":"20","ip_ip_id":"0x0446","ip_ip_version":"4","ip_ip_dst":"192.168.0.10","ip_ip_host":["192.168.0.1","192.168.0.10"],"ip_ip_flags":"0x00","ip_ip_src_host":"192.168.0.1","ip_ip_flags_df":false,"ip_ip_stream":"1","ip_ip_len":"328","ip_ip_checksum_status":"2","ip_ip_dst_host":"192.168.0.10","ip_ip_src":"192.168.0.1","ip_ip_ttl":"128","ip_ip_flags_mf":false,"ip_ip_checksum":"0x0000","ip_ip_proto":"17","ip_ip_dsfield_dscp":"0","ip_ip_dsfield":"0x00"},"frame":{"frame_frame_len":"342","frame_frame_marked":false,"frame_frame_number":"4","frame_frame_time_epoch":"2004-12-05T19:16:24.387798000Z","frame_frame_time":"2004-12-05T19:16:24.387798000Z","frame_frame_time_relative":"0.070345000","frame_frame_encap_type":"1","frame_frame_offset_shift":"0.000000000","frame_frame_time_delta_displayed":"0.000314000","frame_frame_time_utc":"2004-12-05T19:16:24.387798000Z","frame_frame_ignored":false,"frame_frame_cap_len":"342","frame_frame_time_delta":"0.000314000","frame_frame_protocols":"eth:ethertype:ip:udp:dhcp"},"eth":{"eth_eth_src_lg":false,"eth_eth_dst":"00:0b:82:01:fc:42","eth_eth_lg":[false,false],"eth_eth_dst_resolved":"GrandstreamN_01:fc:42","eth_eth_addr_oui":["2946","2164"],"eth_eth_src_ig":false,"eth_eth_src_resolved":"Dell_ad:f1:9b","eth_eth_addr_oui_resolved":["Grandstream Networks, Inc.","Dell Inc."],"eth_eth_src_oui":"2164","eth_eth_src_oui_resolved":"Dell Inc.","eth_eth_addr_resolved":["GrandstreamN_01:fc:42","Dell_ad:f1:9b"],"eth_eth_type":"0x0800","eth_eth_src":"00:08:74:ad:f1:9b","eth_eth_addr":["00:0b:82:01:fc:42","00:08:74:ad:f1:9b"],"eth_eth_dst_ig":false,"eth_eth_dst_oui_resolved":"Grandstream Networks, Inc.","eth_eth_dst_lg":false,"eth_eth_ig":[false,false],"eth_eth_dst_oui":"2946"}}}

12
test/baseline/dhcp.json
View File

@ -78,7 +78,8 @@
"ip.dst": "255.255.255.255",
"ip.addr": "255.255.255.255",
"ip.dst_host": "255.255.255.255",
"ip.host": "255.255.255.255"
"ip.host": "255.255.255.255",
"ip.stream": "0"
},
"udp": {
"udp.srcport": "68",
@ -234,7 +235,8 @@
"ip.dst": "192.168.0.10",
"ip.addr": "192.168.0.10",
"ip.dst_host": "192.168.0.10",
"ip.host": "192.168.0.10"
"ip.host": "192.168.0.10",
"ip.stream": "1"
},
"udp": {
"udp.srcport": "67",
@ -396,7 +398,8 @@
"ip.dst": "255.255.255.255",
"ip.addr": "255.255.255.255",
"ip.dst_host": "255.255.255.255",
"ip.host": "255.255.255.255"
"ip.host": "255.255.255.255",
"ip.stream": "0"
},
"udp": {
"udp.srcport": "68",
@ -558,7 +561,8 @@
"ip.dst": "192.168.0.10",
"ip.addr": "192.168.0.10",
"ip.dst_host": "192.168.0.10",
"ip.host": "192.168.0.10"
"ip.host": "192.168.0.10",
"ip.stream": "1"
},
"udp": {
"udp.srcport": "67",

28
test/baseline/dhcp.jsonraw
View File

@ -465,6 +465,13 @@
4,
0,
26
],
"ip.stream_raw": [
"",
34,
0,
0,
7
]
},
"udp_raw": [
@ -1346,6 +1353,13 @@
4,
0,
26
],
"ip.stream_raw": [
"",
34,
0,
0,
7
]
},
"udp_raw": [
@ -2245,6 +2259,13 @@
4,
0,
26
],
"ip.stream_raw": [
"",
34,
0,
0,
7
]
},
"udp_raw": [
@ -3156,6 +3177,13 @@
4,
0,
26
],
"ip.stream_raw": [
"",
34,
0,
0,
7
]
},
"udp_raw": [

4
ui/qt/models/atap_data_model.cpp
View File

@ -844,7 +844,9 @@ bool ConversationDataModel::showConversationId(int row) const
return false;
conv_item_t *conv_item = (conv_item_t *)&g_array_index(storage_, conv_item_t, row);
if (conv_item && (conv_item->ctype == CONVERSATION_TCP || conv_item->ctype == CONVERSATION_UDP))
if (conv_item && (conv_item->ctype == CONVERSATION_TCP ||
conv_item->ctype == CONVERSATION_UDP ||
conv_item->ctype == CONVERSATION_IP))
return true;
return false;
}

14
ui/qt/widgets/traffic_tree.cpp
View File

@ -694,7 +694,19 @@ QMenu * TrafficTree::createActionSubMenu(FilterAction::Action cur_action, QModel
if (isConversation && conv_item) {
QMenu *subsubmenu = subMenu->addMenu(FilterAction::actionTypeName(at));
if (hasConvId && (cur_action == FilterAction::ActionApply || cur_action == FilterAction::ActionPrepare)) {
QString filter = QString("%1.stream eq %2").arg(conv_item->ctype == CONVERSATION_TCP ? "tcp" : "udp").arg(conv_item->conv_id);
QString filter;
switch (conv_item->ctype) {
case CONVERSATION_TCP:
filter = QString("%1.stream eq %2").arg("tcp").arg(conv_item->conv_id);
break;
case CONVERSATION_UDP:
filter = QString("%1.stream eq %2").arg("udp").arg(conv_item->conv_id);
break;
case CONVERSATION_IP:
default:
filter = QString("%1.stream eq %2").arg("ip").arg(conv_item->conv_id);
break;
}
FilterAction * act = new FilterAction(subsubmenu, cur_action, at, tr("Filter on stream id"));
act->setProperty("filter", filter);
subsubmenu->addAction(act);