-
Notifications
You must be signed in to change notification settings - Fork 227
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #590 from wader/pcap-ipv45-link-frame
ipv4_packet,ipv6_packet,sll_packet,sll2_packet: Support ipv4/ipv6 lin…
- Loading branch information
Showing
9 changed files
with
135 additions
and
13 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Binary file not shown.
100 changes: 100 additions & 0 deletions
100
format/inet/testdata/tls12-ipv4-linkframe-keylog.pcapng.fqtest
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,100 @@ | ||
# tls12-dsb.pcapng from https://gitlab.com/wireshark/wireshark/-/tree/master/test/captures | ||
$ fq 'first(grep_by(.type=="enhanced_packet")), .[0].tcp_connections | dv' tls12-ipv4-linkframe-keylog.pcapng | ||
|00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef|.[0].blocks[3]{}: block 0x12c-0x267.7 (316) | ||
0x120| 06 00 00 00| ....| type: "enhanced_packet" (0x6) (Enhanced Packet Block) 0x12c-0x12f.7 (4) | ||
0x130|3c 01 00 00 |<... | length: 316 0x130-0x133.7 (4) | ||
0x130| 00 00 00 00 | .... | interface_id: 0 0x134-0x137.7 (4) | ||
0x130| dd 7a 05 00 | .z.. | timestamp_high: 359133 0x138-0x13b.7 (4) | ||
0x130| a3 2d 60 23| .-`#| timestamp_low: 593505699 0x13c-0x13f.7 (4) | ||
0x140|19 01 00 00 |.... | capture_packet_length: 281 0x140-0x143.7 (4) | ||
0x140| 19 01 00 00 | .... | original_packet_length: 281 0x144-0x147.7 (4) | ||
|00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef| packet{}: (ipv4_packet) 0x148-0x260.7 (281) | ||
0x140| 45 | E | version: 4 0x148-0x148.3 (0.4) | ||
0x140| 45 | E | ihl: 5 0x148.4-0x148.7 (0.4) | ||
0x140| 00 | . | dscp: 0 0x149-0x149.5 (0.6) | ||
0x140| 00 | . | ecn: 0 0x149.6-0x149.7 (0.2) | ||
0x140| 01 19 | .. | total_length: 281 0x14a-0x14b.7 (2) | ||
0x140| e1 ea | .. | identification: 57834 0x14c-0x14d.7 (2) | ||
0x140| 40 | @ | reserved: 0 0x14e-0x14e (0.1) | ||
0x140| 40 | @ | dont_fragment: true 0x14e.1-0x14e.1 (0.1) | ||
0x140| 40 | @ | more_fragments: false 0x14e.2-0x14e.2 (0.1) | ||
0x140| 40 00| @.| fragment_offset: 0 0x14e.3-0x14f.7 (1.5) | ||
0x150|40 |@ | ttl: 64 0x150-0x150.7 (1) | ||
0x150| 06 | . | protocol: "tcp" (6) (Transmission control protocol) 0x151-0x151.7 (1) | ||
0x150| 18 0f | .. | header_checksum: 0x180f (valid) 0x152-0x153.7 (2) | ||
0x150| 0a 09 00 02 | .... | source_ip: "10.9.0.2" (0xa090002) 0x154-0x157.7 (4) | ||
0x150| 5d b8 d8 22 | ].." | destination_ip: "93.184.216.34" (0x5db8d822) 0x158-0x15b.7 (4) | ||
|00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef| payload{}: (tcp_segment) 0x15c-0x260.7 (261) | ||
0x150| b6 d0 | .. | source_port: 46800 0x15c-0x15d.7 (2) | ||
0x150| 01 bb| ..| destination_port: "https" (443) (http protocol over TLS/SSL) 0x15e-0x15f.7 (2) | ||
0x160|fb c2 e0 52 |...R | sequence_number: 4223852626 0x160-0x163.7 (4) | ||
0x160| de 55 1a e0 | .U.. | acknowledgment_number: 3730119392 0x164-0x167.7 (4) | ||
0x160| 80 | . | data_offset: 8 0x168-0x168.3 (0.4) | ||
0x160| 80 | . | reserved: 0 0x168.4-0x168.6 (0.3) | ||
0x160| 80 | . | ns: false 0x168.7-0x168.7 (0.1) | ||
0x160| 18 | . | cwr: false 0x169-0x169 (0.1) | ||
0x160| 18 | . | ece: false 0x169.1-0x169.1 (0.1) | ||
0x160| 18 | . | urg: false 0x169.2-0x169.2 (0.1) | ||
0x160| 18 | . | ack: true 0x169.3-0x169.3 (0.1) | ||
0x160| 18 | . | psh: true 0x169.4-0x169.4 (0.1) | ||
0x160| 18 | . | rst: false 0x169.5-0x169.5 (0.1) | ||
0x160| 18 | . | syn: false 0x169.6-0x169.6 (0.1) | ||
0x160| 18 | . | fin: false 0x169.7-0x169.7 (0.1) | ||
0x160| 00 e5 | .. | window_size: 229 0x16a-0x16b.7 (2) | ||
0x160| 40 f1 | @. | checksum: 0x40f1 0x16c-0x16d.7 (2) | ||
0x160| 00 00| ..| urgent_pointer: 0 0x16e-0x16f.7 (2) | ||
| | | options[0:3]: 0x170-0x17b.7 (12) | ||
| | | [0]{}: option 0x170-0x170.7 (1) | ||
0x170|01 |. | kind: "nop" (1) (No operation) 0x170-0x170.7 (1) | ||
| | | [1]{}: option 0x171-0x171.7 (1) | ||
0x170| 01 | . | kind: "nop" (1) (No operation) 0x171-0x171.7 (1) | ||
| | | [2]{}: option 0x172-0x17b.7 (10) | ||
0x170| 08 | . | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x172-0x172.7 (1) | ||
0x170| 0a | . | length: 10 0x173-0x173.7 (1) | ||
0x170| c8 fa fa 0d | .... | value: 3371891213 0x174-0x177.7 (4) | ||
0x170| 88 06 26 a6 | ..&. | echo_reply: 2282104486 0x178-0x17b.7 (4) | ||
0x170| 16 03 01 00| ....| payload: raw bits 0x17c-0x260.7 (229) | ||
0x180|e0 01 00 00 dc 03 03 f6 7a 28 b3 86 b3 1c 62 0d|........z(....b.| | ||
* |until 0x260.7 (229) | | | ||
0x260| 00 00 00 | ... | padding: raw bits 0x261-0x263.7 (3) | ||
| | | options[0:0]: 0x264-NA (0) | ||
0x260| 3c 01 00 00 | <... | footer_length: 316 0x264-0x267.7 (4) | ||
|00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef|.[0].tcp_connections[0:2]: 0x2814-NA (0) | ||
| | | [0]{}: tcp_connection 0x2814-NA (0) | ||
| | | client{}: 0x2814-NA (0) | ||
| | | ip: "10.9.0.2" 0x2814-NA (0) | ||
| | | port: 46800 0x2814-NA (0) | ||
| | | has_start: false 0x2814-NA (0) | ||
| | | has_end: false 0x2814-NA (0) | ||
| | | skipped_bytes: 0 0x2814-NA (0) | ||
|00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef| | ||
0x000|16 03 01 00 e0 01 00 00 dc 03 03 f6 7a 28 b3 86|............z(..| stream: raw bits 0x0-0x1ea.7 (491) | ||
* |until 0x1ea.7 (end) (491) | | | ||
| | | server{}: 0x2814-NA (0) | ||
| | | ip: "93.184.216.34" 0x2814-NA (0) | ||
| | | port: "https" (443) (http protocol over TLS/SSL) 0x2814-NA (0) | ||
| | | has_start: false 0x2814-NA (0) | ||
| | | has_end: false 0x2814-NA (0) | ||
| | | skipped_bytes: 0 0x2814-NA (0) | ||
|00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef| | ||
0x000|16 03 03 00 70 02 00 00 6c 03 03 75 d0 16 e2 3a|....p...l..u...:| stream: raw bits 0x0-0xe4d.7 (3662) | ||
* |until 0xe4d.7 (end) (3662) | | | ||
| | | [1]{}: tcp_connection 0x2814-NA (0) | ||
| | | client{}: 0x2814-NA (0) | ||
| | | ip: "10.9.0.2" 0x2814-NA (0) | ||
| | | port: 46802 0x2814-NA (0) | ||
| | | has_start: false 0x2814-NA (0) | ||
| | | has_end: false 0x2814-NA (0) | ||
| | | skipped_bytes: 0 0x2814-NA (0) | ||
|00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef| | ||
0x000|16 03 01 00 e0 01 00 00 dc 03 03 1e 0d 63 b4 1d|.............c..| stream: raw bits 0x0-0x1ea.7 (491) | ||
* |until 0x1ea.7 (end) (491) | | | ||
| | | server{}: 0x2814-NA (0) | ||
| | | ip: "93.184.216.34" 0x2814-NA (0) | ||
| | | port: "https" (443) (http protocol over TLS/SSL) 0x2814-NA (0) | ||
| | | has_start: false 0x2814-NA (0) | ||
| | | has_end: false 0x2814-NA (0) | ||
| | | skipped_bytes: 0 0x2814-NA (0) | ||
|00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef| | ||
0x000|16 03 03 00 70 02 00 00 6c 03 03 2e af a1 24 6f|....p...l.....$o| stream: raw bits 0x0-0xe4d.7 (3662) | ||
* |until 0xe4d.7 (end) (3662) | | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters