mirror of
https://github.com/the-tcpdump-group/tcpdump.git
synced 2024-11-23 18:14:29 +08:00
0e2f72760d
This change adds new code to decode ZeroMQ datagrams, couples it with the PGM decoder and extends the -T option to make all this work. There are two new test cases based on existing captures of ZMTP/1.0 inside [E]PGM to decode the ZMTP/1.0 part of these. This functionality enables decoding of the traffic zeromq library produces for "pgm://" and "epgm://" protocol schemas.
80 lines
5.8 KiB
Plaintext
80 lines
5.8 KiB
Plaintext
IP (tos 0xb8, ttl 16, id 0, offset 0, flags [DF], proto UDP (17), length 64)
|
|
10.0.0.45.33280 > 239.255.0.16.5563: 39236 > 5563: PGM, length 0 0x47e3fdad9a9c SPM seq 471 trail 0 lead 281 nla 10.0.0.45 [36]
|
|
IP (tos 0xb8, ttl 16, id 0, offset 0, flags [DF], proto UDP (17), length 64)
|
|
10.0.0.45.33280 > 239.255.0.16.5563: 39236 > 5563: PGM, length 0 0x47e3fdad9a9c SPM seq 472 trail 0 lead 281 nla 10.0.0.45 [36]
|
|
IP (tos 0xb8, ttl 16, id 0, offset 0, flags [DF], proto UDP (17), length 64)
|
|
10.0.0.45.33280 > 239.255.0.16.5563: 39236 > 5563: PGM, length 0 0x47e3fdad9a9c SPM seq 473 trail 0 lead 281 nla 10.0.0.45 [36]
|
|
IP (tos 0xb8, ttl 16, id 0, offset 0, flags [DF], proto UDP (17), length 64)
|
|
10.0.0.45.33280 > 239.255.0.16.5563: 39236 > 5563: PGM, length 0 0x47e3fdad9a9c SPM seq 474 trail 0 lead 281 nla 10.0.0.45 [36]
|
|
IP (tos 0xb8, ttl 16, id 0, offset 0, flags [DF], proto UDP (17), length 64)
|
|
10.0.0.45.33280 > 239.255.0.16.5563: 39236 > 5563: PGM, length 0 0x47e3fdad9a9c SPM seq 475 trail 0 lead 281 nla 10.0.0.45 [36]
|
|
IP (tos 0xb8, ttl 16, id 0, offset 0, flags [DF], proto UDP (17), length 1480)
|
|
10.0.0.45.40251 > 239.255.0.16.5563: 39236 > 5563: PGM, length 1428 0x47e3fdad9a9c ODATA trail 0 seq 282 [1452]
|
|
frame offset 0x0000
|
|
frame flags+body (8-bit) length 116, flags 0x00 (-|-|-|-|-|-|-|-), first 115 byte(s) of body:
|
|
0x0000: 5468 6973 2069 7320 6120 7368 6f72 7420 This.is.a.short.
|
|
0x0010: 4153 4349 4920 6d65 7373 6167 6520 666f ASCII.message.fo
|
|
0x0020: 6c6c 6f77 6564 2062 7920 6120 7368 6f72 llowed.by.a.shor
|
|
0x0030: 7420 6269 6e61 7279 206d 6573 7361 6765 t.binary.message
|
|
0x0040: 2c20 6120 6c6f 6e67 6572 2041 5343 4949 ,.a.longer.ASCII
|
|
0x0050: 206d 6573 7361 6765 2061 6e64 2061 2073 .message.and.a.s
|
|
0x0060: 686f 7274 2041 5343 4949 206d 6573 7361 hort.ASCII.messa
|
|
0x0070: 6765 2e ge.
|
|
|
|
frame flags+body (8-bit) length 17, flags 0x00 (-|-|-|-|-|-|-|-), first 16 byte(s) of body:
|
|
0x0000: 0001 0203 0405 0607 0809 0a0b 0c0d 0e0f ................
|
|
|
|
frame flags+body (64-bit) length 2790 (1282 captured), flags 0x00 (-|-|-|-|-|-|-|-), first 128 byte(s) of body:
|
|
0x0000: 5468 6520 7175 6963 6b20 6272 6f77 6e20 The.quick.brown.
|
|
0x0010: 666f 7820 6a75 6d70 7320 6f76 6572 2074 fox.jumps.over.t
|
|
0x0020: 6865 206c 617a 7920 646f 672e 2054 6865 he.lazy.dog..The
|
|
0x0030: 2071 7569 636b 2062 726f 776e 2066 6f78 .quick.brown.fox
|
|
0x0040: 206a 756d 7073 206f 7665 7220 7468 6520 .jumps.over.the.
|
|
0x0050: 6c61 7a79 2064 6f67 2e20 5468 6520 7175 lazy.dog..The.qu
|
|
0x0060: 6963 6b20 6272 6f77 6e20 666f 7820 6a75 ick.brown.fox.ju
|
|
0x0070: 6d70 7320 6f76 6572 2074 6865 206c 617a mps.over.the.laz
|
|
[|zmtp1]
|
|
IP (tos 0xb8, ttl 16, id 0, offset 0, flags [DF], proto UDP (17), length 1480)
|
|
10.0.0.45.40251 > 239.255.0.16.5563: 39236 > 5563: PGM, length 1428 0x47e3fdad9a9c ODATA trail 0 seq 283 [1452]
|
|
frame offset 0xffff
|
|
frame intermediate part, 1426 bytes, first 128 byte(s):
|
|
0x0000: 756d 7073 206f 7665 7220 7468 6520 6c61 umps.over.the.la
|
|
0x0010: 7a79 2064 6f67 2e20 5468 6520 7175 6963 zy.dog..The.quic
|
|
0x0020: 6b20 6272 6f77 6e20 666f 7820 6a75 6d70 k.brown.fox.jump
|
|
0x0030: 7320 6f76 6572 2074 6865 206c 617a 7920 s.over.the.lazy.
|
|
0x0040: 646f 672e 2054 6865 2071 7569 636b 2062 dog..The.quick.b
|
|
0x0050: 726f 776e 2066 6f78 206a 756d 7073 206f rown.fox.jumps.o
|
|
0x0060: 7665 7220 7468 6520 6c61 7a79 2064 6f67 ver.the.lazy.dog
|
|
0x0070: 2e20 5468 6520 7175 6963 6b20 6272 6f77 ..The.quick.brow
|
|
|
|
IP (tos 0xb8, ttl 16, id 0, offset 0, flags [DF], proto UDP (17), length 173)
|
|
10.0.0.45.40251 > 239.255.0.16.5563: 39236 > 5563: PGM, length 121 0x47e3fdad9a9c ODATA trail 0 seq 284 [145]
|
|
frame offset 0x0052
|
|
frame intermediate part, 82 bytes, first 82 byte(s):
|
|
0x0000: 636b 2062 726f 776e 2066 6f78 206a 756d ck.brown.fox.jum
|
|
0x0010: 7073 206f 7665 7220 7468 6520 6c61 7a79 ps.over.the.lazy
|
|
0x0020: 2064 6f67 2e20 5468 6520 7175 6963 6b20 .dog..The.quick.
|
|
0x0030: 6272 6f77 6e20 666f 7820 6a75 6d70 7320 brown.fox.jumps.
|
|
0x0040: 6f76 6572 2074 6865 206c 617a 7920 646f over.the.lazy.do
|
|
0x0050: 672e g.
|
|
|
|
frame flags+body (8-bit) length 36, flags 0x00 (-|-|-|-|-|-|-|-), first 35 byte(s) of body:
|
|
0x0000: 5468 6973 2069 7320 7468 6520 7472 6169 This.is.the.trai
|
|
0x0010: 6c69 6e67 2041 5343 4949 206d 6573 7361 ling.ASCII.messa
|
|
0x0020: 6765 2e ge.
|
|
|
|
IP (tos 0xb8, ttl 16, id 0, offset 0, flags [DF], proto UDP (17), length 64)
|
|
10.0.0.45.33280 > 239.255.0.16.5563: 39236 > 5563: PGM, length 0 0x47e3fdad9a9c SPM seq 476 trail 0 lead 284 nla 10.0.0.45 [36]
|
|
IP (tos 0xb8, ttl 1, id 0, offset 0, flags [DF], proto UDP (17), length 44)
|
|
10.0.0.45.46357 > 239.255.0.16.5563: 5563 > 39236: PGM, length 0 0x47e3fdad9a9c SPMR [16]
|
|
IP (tos 0xb8, ttl 16, id 0, offset 0, flags [DF], proto UDP (17), length 64)
|
|
10.0.0.45.33280 > 239.255.0.16.5563: 39236 > 5563: PGM, length 0 0x47e3fdad9a9c SPM seq 477 trail 0 lead 284 nla 10.0.0.45 [36]
|
|
IP (tos 0xb8, ttl 16, id 0, offset 0, flags [DF], proto UDP (17), length 64)
|
|
10.0.0.45.33280 > 239.255.0.16.5563: 39236 > 5563: PGM, length 0 0x47e3fdad9a9c SPM seq 478 trail 0 lead 284 nla 10.0.0.45 [36]
|
|
IP (tos 0xb8, ttl 16, id 0, offset 0, flags [DF], proto UDP (17), length 64)
|
|
10.0.0.45.33280 > 239.255.0.16.5563: 39236 > 5563: PGM, length 0 0x47e3fdad9a9c SPM seq 479 trail 0 lead 284 nla 10.0.0.45 [36]
|
|
IP (tos 0xb8, ttl 16, id 0, offset 0, flags [DF], proto UDP (17), length 64)
|
|
10.0.0.45.33280 > 239.255.0.16.5563: 39236 > 5563: PGM, length 0 0x47e3fdad9a9c SPM seq 480 trail 0 lead 284 nla 10.0.0.45 [36]
|
|
IP (tos 0xb8, ttl 16, id 0, offset 0, flags [DF], proto UDP (17), length 64)
|
|
10.0.0.45.33280 > 239.255.0.16.5563: 39236 > 5563: PGM, length 0 0x47e3fdad9a9c SPM seq 481 trail 0 lead 284 nla 10.0.0.45 [36]
|