hadrielk / pcapng-test-generator Goto Github PK
View Code? Open in Web Editor NEWWireshark Lua plugin to generate pcapng test capture files
License: MIT License
pcapng-test-generator's People
Contributors
Stargazers
Watchers
pcapng-test-generator's Issues
Possible error in test202, both endians, in second segment header block
I think you have an error in the second segment header block in difficult test202 with the fourth option (291?) starting at byte 126 which has a length 0.
Not only does my parser crash on it, wireshark crashes on it!
Here's each octet of the test202 little endian segment header with a manual decode.
(lldb) po data[0 ..< 50]
▿ 50 bytes
- count : 50
▿ pointer : 0x0000000102824000
- pointerValue : 4337057792
▿ bytes : 50 elements
- 0 : 10 block type SHB
- 1 : 13
- 2 : 13
- 3 : 10
- 4 : 0 block total length 124
- 5 : 0
- 6 : 0
- 7 : 124
- 8 : 26 byte order magic (little endian)
- 9 : 43
- 10 : 60
- 11 : 77
- 12 : 0 major version 1
- 13 : 1
- 14 : 0 minor version 0
- 15 : 0
- 16 : 255 section length -1
- 17 : 255
- 18 : 255
- 19 : 255
- 20 : 255
- 21 : 255
- 22 : 255
- 23 : 255
- 24 : 0 first option 2 (hardware)
- 25 : 2
- 26 : 0 first option length 9 + 3 padding
- 27 : 9
- 28 : 65 start of first option value
- 29 : 112
- 30 : 112
- 31 : 108
- 32 : 101
- 33 : 32
- 34 : 77
- 35 : 66
- 36 : 80 end of first option value
- 37 : 0
- 38 : 0
- 39 : 0 end of first option padding
- 40 : 0 second option 3 (shb_os)
- 41 : 3
- 42 : 0 second option length 12 + 0 padding
- 43 : 12
- 44 : 79 start of second option value
- 45 : 83
- 46 : 45
- 47 : 88
- 48 : 32
- 49 : 49
(lldb) po data[50 ..< 100]
▿ 50 bytes
- count : 50
▿ pointer : 0x0000000102824032
- pointerValue : 4337057842
▿ bytes : 50 elements
- 0 : 48
- 1 : 46
- 2 : 49
- 3 : 48
- 4 : 46
- 5 : 53 end of second option value (no padding)
- 6 : 0 third option 4 (shb_userappl)
- 7 : 4
- 8 : 0 third option length 15 + 1 padding
- 9 : 15
- 10 : 112 start of third option value
- 11 : 99
- 12 : 97
- 13 : 112
- 14 : 95
- 15 : 119
- 16 : 114
- 17 : 105
- 18 : 116
- 19 : 101
- 20 : 114
- 21 : 46
- 22 : 108
- 23 : 117
- 24 : 97 end of third option value
- 25 : 0 third option padding
- 26 : 1 fourth option 291 (what?)
- 27 : 35
- 28 : 0 fourth option length 0
- 29 : 0
- 30 : 129 now my decoder is totally confused
- 31 : 35
- 32 : 0
- 33 : 11
- 34 : 116
- 35 : 101
- 36 : 115
- 37 : 116
- 38 : 50
- 39 : 48
- 40 : 50
- 41 : 32
- 42 : 78
- 43 : 82
- 44 : 66
- 45 : 0
- 46 : 0
- 47 : 1
- 48 : 0
- 49 : 13
Custom options need to include PEN
https://www.ietf.org/archive/id/draft-tuexen-opsawg-pcapng-03.html#name-options
1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Option Code | Option Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
/ Option Value /
/ variable length, padded to 32 bits /
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
/ /
/ . . . other options . . . /
/ /
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Option Code == opt_endofopt | Option Length == 0 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 7: Options Format
1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Custom Option Code | Option Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Private Enterprise Number (PEN) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
/ Custom Data /
/ variable length, padded to 32 bits /
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 8: Custom Options Format
Error in test008.pcapng
Hello,
First of all thank you for your work, I'm using it to test my pcapng parsing library.
There are some errors in test008.pcapng, in both endianness.
Multiple options don't have the right length, I think it comes from this function: :addOption( block.OptionHex ('if_EUIaddr', "02 34 56 FF FE 78 9A BC") ) in test008.lua.
And the custom options lack the Private Enterprise Number field.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.