by2 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +20 -0
- data/Gemfile +4 -0
- data/LICENSE.txt +22 -0
- data/README.md +50 -0
- data/Rakefile +98 -0
- data/bin/by2 +16 -0
- data/by2.gemspec +32 -0
- data/config/database.yml.example +11 -0
- data/config/setup.sql +9 -0
- data/db/migrate/20140205014806_init_db.rb +147 -0
- data/db/schema.rb +160 -0
- data/lib/by2.rb +69 -0
- data/lib/by2/client.rb +109 -0
- data/lib/by2/config_loader.rb +34 -0
- data/lib/by2/ext/active_record.rb +105 -0
- data/lib/by2/models.rb +10 -0
- data/lib/by2/models/event.rb +50 -0
- data/lib/by2/models/icmphdr.rb +10 -0
- data/lib/by2/models/iphdr.rb +38 -0
- data/lib/by2/models/payload.rb +16 -0
- data/lib/by2/models/tcphdr.rb +30 -0
- data/lib/by2/models/udphdr.rb +30 -0
- data/lib/by2/options.rb +77 -0
- data/lib/by2/utils.rb +22 -0
- data/lib/by2/version.rb +3 -0
- data/man/by2.1 +105 -0
- data/man/by2.1.ronn +98 -0
- data/man/by2.1.txt +107 -0
- data/spec/by2/client_spec.rb +157 -0
- data/spec/by2/models/event_spec.rb +14 -0
- data/spec/by2/options_spec.rb +107 -0
- data/spec/by2/utils_spec.rb +19 -0
- data/spec/fixtures/data.yml +19 -0
- data/spec/fixtures/event.yml +36 -0
- data/spec/fixtures/icmphdr.yml +7 -0
- data/spec/fixtures/iphdr.yml +108 -0
- data/spec/fixtures/tcphdr.yml +55 -0
- data/spec/fixtures/udphdr.yml +7 -0
- data/spec/spec_helper.rb +55 -0
- metadata +235 -0
@@ -0,0 +1,157 @@
|
|
1
|
+
require_relative "../spec_helper"
|
2
|
+
|
3
|
+
|
4
|
+
describe By2::Client do
|
5
|
+
context("finding records by src or dst ip") do
|
6
|
+
it "finds entries that match src ip" do
|
7
|
+
records = By2::Client.new(["-i", "0.0.0.1"]).find_records
|
8
|
+
|
9
|
+
records.count.should eql(1)
|
10
|
+
records.first.ip_src.should eql("0.0.0.1")
|
11
|
+
end
|
12
|
+
|
13
|
+
it "finds entries that match src ip and src port" do
|
14
|
+
records = By2::Client.new(["-i", "0.0.0.1:80"]).find_records
|
15
|
+
|
16
|
+
records.count.should eql(1)
|
17
|
+
records.first.ip_src.should eql("0.0.0.1")
|
18
|
+
records.first.sport.should eql(80)
|
19
|
+
end
|
20
|
+
|
21
|
+
it "finds entries that match dst ip" do
|
22
|
+
records = By2::Client.new(["-i", "0.0.0.4"]).find_records
|
23
|
+
|
24
|
+
records.count.should eql(1)
|
25
|
+
records.first.ip_dst.should eql("0.0.0.4")
|
26
|
+
end
|
27
|
+
|
28
|
+
it "finds entries that match dst ip and dst port" do
|
29
|
+
records = By2::Client.new(["-i", "0.0.0.4:85"]).find_records
|
30
|
+
|
31
|
+
records.count.should eql(1)
|
32
|
+
records.first.ip_dst.should eql("0.0.0.4")
|
33
|
+
records.first.dport.should eql(85)
|
34
|
+
end
|
35
|
+
|
36
|
+
it "finds entries that match dst or src ip" do
|
37
|
+
records = By2::Client.new(["-i", "0.0.0.2"]).find_records
|
38
|
+
|
39
|
+
records.count.should eql(2)
|
40
|
+
records.all? do |r|
|
41
|
+
((r.ip_dst.eql?("0.0.0.2")) || (r.ip_src.eql?("0.0.0.2"))).should be_true
|
42
|
+
end
|
43
|
+
end
|
44
|
+
|
45
|
+
it "finds entries that match dst ip and port or src ip and port" do
|
46
|
+
records = By2::Client.new(["-i", "0.0.0.2:82"]).find_records
|
47
|
+
records.count.should eql(1)
|
48
|
+
records.first.sport.should eql(82)
|
49
|
+
|
50
|
+
records = By2::Client.new(["-i", "0.0.0.2:81"]).find_records
|
51
|
+
records.count.should eql(1)
|
52
|
+
records.first.dport.should eql(81)
|
53
|
+
end
|
54
|
+
end
|
55
|
+
|
56
|
+
context("finding records by src and dst ip") do
|
57
|
+
it "finds entries that match src ip" do
|
58
|
+
records = By2::Client.new(["-s", "0.0.0.1"]).find_records
|
59
|
+
|
60
|
+
records.count.should eql(1)
|
61
|
+
records.first.ip_src.should eql("0.0.0.1")
|
62
|
+
end
|
63
|
+
|
64
|
+
it "finds entries that match src ip and src port" do
|
65
|
+
records = By2::Client.new(["-s", "0.0.0.1:80"]).find_records
|
66
|
+
|
67
|
+
records.count.should eql(1)
|
68
|
+
records.first.ip_src.should eql("0.0.0.1")
|
69
|
+
records.first.sport.should eql(80)
|
70
|
+
end
|
71
|
+
|
72
|
+
it "finds entries that match dst ip" do
|
73
|
+
records = By2::Client.new(["-d", "0.0.0.2"]).find_records
|
74
|
+
|
75
|
+
records.count.should eql(1)
|
76
|
+
records.first.ip_dst.should eql("0.0.0.2")
|
77
|
+
end
|
78
|
+
|
79
|
+
it "finds entries that match dst ip and dst port" do
|
80
|
+
records = By2::Client.new(["-d", "0.0.0.2:81"]).find_records
|
81
|
+
|
82
|
+
records.count.should eql(1)
|
83
|
+
records.first.ip_dst.should eql("0.0.0.2")
|
84
|
+
records.first.dport.should eql(81)
|
85
|
+
end
|
86
|
+
|
87
|
+
it "finds entries that match src ip and dst ip" do
|
88
|
+
records = By2::Client.new(["-s", "0.0.0.1", "-d", "0.0.0.2"]).find_records
|
89
|
+
|
90
|
+
records.count.should eql(1)
|
91
|
+
records.first.ip_src.should eql("0.0.0.1")
|
92
|
+
records.first.ip_dst.should eql("0.0.0.2")
|
93
|
+
end
|
94
|
+
|
95
|
+
it "finds entries that match src ip/port and dst ip/port" do
|
96
|
+
records = By2::Client.new(["-s", "0.0.0.1:80", "-d", "0.0.0.2:81"]).find_records
|
97
|
+
|
98
|
+
records.count.should eql(1)
|
99
|
+
records.first.ip_src.should eql("0.0.0.1")
|
100
|
+
records.first.ip_dst.should eql("0.0.0.2")
|
101
|
+
records.first.sport.should eql(80)
|
102
|
+
records.first.dport.should eql(81)
|
103
|
+
end
|
104
|
+
end
|
105
|
+
|
106
|
+
context("by2 -n SRC_IP:SRC_PORT -> DST_IP:DST_PORT") do
|
107
|
+
it "finds entries that match src ip/port and dst ip/port" do
|
108
|
+
records = By2::Client.new(["-m", "0.0.0.1:80 -> 0.0.0.2:81"]).find_records
|
109
|
+
|
110
|
+
records.count.should eql(1)
|
111
|
+
records.first.ip_src.should eql("0.0.0.1")
|
112
|
+
records.first.ip_dst.should eql("0.0.0.2")
|
113
|
+
records.first.sport.should eql(80)
|
114
|
+
records.first.dport.should eql(81)
|
115
|
+
end
|
116
|
+
end
|
117
|
+
|
118
|
+
context("finding records by date") do
|
119
|
+
it "finds on specific day" do
|
120
|
+
today = By2::Utils.fdate(Date.today)
|
121
|
+
|
122
|
+
records = By2::Client.new(["-t", "#{today}"]).find_records
|
123
|
+
records.count.should eql(1)
|
124
|
+
end
|
125
|
+
|
126
|
+
it "finds on and after specific date" do
|
127
|
+
four_days_ago = By2::Utils.fdate(4.days.ago)
|
128
|
+
|
129
|
+
records = By2::Client.new(["-t", "#{four_days_ago}:"]).find_records
|
130
|
+
records.count.should eql(3)
|
131
|
+
end
|
132
|
+
|
133
|
+
it "finds within date range" do
|
134
|
+
today = By2::Utils.fdate(Date.today)
|
135
|
+
four_days_ago = By2::Utils.fdate(4.days.ago)
|
136
|
+
|
137
|
+
records = By2::Client.new(["-t", "#{four_days_ago}:#{today}"]).find_records
|
138
|
+
records.count.should eql(3)
|
139
|
+
end
|
140
|
+
end
|
141
|
+
|
142
|
+
context("finding records with combined options") do
|
143
|
+
it "finds src or dst ip within date range" do
|
144
|
+
four_days_ago = By2::Utils.fdate(4.days.ago)
|
145
|
+
|
146
|
+
records = By2::Client.new(["-i", "0.0.0.3", "-t", "#{four_days_ago}:"]).find_records
|
147
|
+
records.count.should eql(2)
|
148
|
+
end
|
149
|
+
|
150
|
+
it "finds src or dst ip/port within date range" do
|
151
|
+
four_days_ago = By2::Utils.fdate(4.days.ago)
|
152
|
+
|
153
|
+
records = By2::Client.new(["-i", "0.0.0.3:82", "-t", "#{four_days_ago}:"]).find_records
|
154
|
+
records.count.should eql(1)
|
155
|
+
end
|
156
|
+
end
|
157
|
+
end
|
@@ -0,0 +1,14 @@
|
|
1
|
+
require_relative "../../spec_helper"
|
2
|
+
|
3
|
+
|
4
|
+
describe By2::Models::Event do
|
5
|
+
let(:event) { By2::Models::Event.find(1,1) }
|
6
|
+
|
7
|
+
it "knows its #ip_src" do
|
8
|
+
event.ip_src.should eql("0.0.0.1")
|
9
|
+
end
|
10
|
+
|
11
|
+
it "knows its #ip_dst" do
|
12
|
+
event.ip_dst.should eql("0.0.0.2")
|
13
|
+
end
|
14
|
+
end
|
@@ -0,0 +1,107 @@
|
|
1
|
+
require_relative "../spec_helper"
|
2
|
+
|
3
|
+
|
4
|
+
describe By2::Options do
|
5
|
+
context("by2") do
|
6
|
+
it "outputs help options" do
|
7
|
+
pending
|
8
|
+
end
|
9
|
+
end
|
10
|
+
|
11
|
+
context("by2 -i IP") do
|
12
|
+
it "parses ip option" do
|
13
|
+
options = By2::Options.parse(["-i", "128.32.72.190"])
|
14
|
+
options[:ip].should eql("128.32.72.190")
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
18
|
+
context("by2 -s SRC_IP -d DST_IP") do
|
19
|
+
it "parses src_ip" do
|
20
|
+
options = By2::Options.parse(["-s", "128.32.72.190"])
|
21
|
+
options[:src_ip].should eql("128.32.72.190")
|
22
|
+
end
|
23
|
+
|
24
|
+
it "parses dst_ip" do
|
25
|
+
options = By2::Options.parse(["-d", "128.32.72.190"])
|
26
|
+
options[:dst_ip].should eql("128.32.72.190")
|
27
|
+
end
|
28
|
+
|
29
|
+
it "parses src and dst ips" do
|
30
|
+
options = By2::Options.parse(["-d", "128.32.72.191", "-s", "128.32.72.190"])
|
31
|
+
|
32
|
+
options[:src_ip].should eql("128.32.72.190")
|
33
|
+
options[:dst_ip].should eql("128.32.72.191")
|
34
|
+
end
|
35
|
+
end
|
36
|
+
|
37
|
+
context("by2 -s SRC_IP:SRC_PORT -d DST_IP:DST_PORT") do
|
38
|
+
it "ip parses src_ip with port" do
|
39
|
+
options = By2::Options.parse(["-s", "128.32.72.190:80"])
|
40
|
+
|
41
|
+
options[:src_ip].should eql("128.32.72.190")
|
42
|
+
options[:src_port].should eql("80")
|
43
|
+
end
|
44
|
+
|
45
|
+
it "ip parses dst_ip with port" do
|
46
|
+
options = By2::Options.parse(["-d", "128.32.72.190:80"])
|
47
|
+
|
48
|
+
options[:dst_ip].should eql("128.32.72.190")
|
49
|
+
options[:dst_port].should eql("80")
|
50
|
+
end
|
51
|
+
|
52
|
+
it "ip parses src and dst ips with port" do
|
53
|
+
options = By2::Options.parse(["-s", "128.32.72.190:80", "-d", "128.32.72.191:81"])
|
54
|
+
|
55
|
+
options[:src_ip].should eql("128.32.72.190")
|
56
|
+
options[:src_port].should eql("80")
|
57
|
+
options[:dst_ip].should eql("128.32.72.191")
|
58
|
+
options[:dst_port].should eql("81")
|
59
|
+
end
|
60
|
+
end
|
61
|
+
|
62
|
+
context("by2 -m SRC_IP -> DST_IP") do
|
63
|
+
it "parses src and dst ips in -> format" do
|
64
|
+
options = By2::Options.parse(["-m", "128.32.72.190 -> 128.32.72.191"])
|
65
|
+
|
66
|
+
options[:src_ip].should eql("128.32.72.190")
|
67
|
+
options[:dst_ip].should eql("128.32.72.191")
|
68
|
+
options[:src_port].should be_nil
|
69
|
+
options[:dst_port].should be_nil
|
70
|
+
end
|
71
|
+
end
|
72
|
+
|
73
|
+
context("by2 -m SRC_IP:SRC_PORT -> DST_IP:DST_PORT") do
|
74
|
+
it "parses src and dst ips and ports in -> format" do
|
75
|
+
options = By2::Options.parse(["-m", "128.32.72.190:80 -> 128.32.72.191:81"])
|
76
|
+
|
77
|
+
options[:src_ip].should eql("128.32.72.190")
|
78
|
+
options[:src_port].should eql("80")
|
79
|
+
options[:dst_ip].should eql("128.32.72.191")
|
80
|
+
options[:dst_port].should eql("81")
|
81
|
+
end
|
82
|
+
end
|
83
|
+
|
84
|
+
context("by2 -t DATE") do
|
85
|
+
it "parses date" do
|
86
|
+
options = By2::Options.parse(["-t", "2014-02-01"])
|
87
|
+
options[:date].should eql("2014-02-01")
|
88
|
+
|
89
|
+
options[:start_date].should be_nil
|
90
|
+
options[:end_date].should be_nil
|
91
|
+
end
|
92
|
+
end
|
93
|
+
|
94
|
+
context("by2 -t START_DATE:END_DATE") do
|
95
|
+
it "parses date with a range" do
|
96
|
+
options = By2::Options.parse(["-t", "2014-02-01:"])
|
97
|
+
options[:start_date].should eql("2014-02-01")
|
98
|
+
options[:end_date].should be_nil
|
99
|
+
options[:date].should be_nil
|
100
|
+
|
101
|
+
options = By2::Options.parse(["-t", "2014-02-01:2014-02-07"])
|
102
|
+
options[:start_date].should eql("2014-02-01")
|
103
|
+
options[:end_date].should eql("2014-02-07")
|
104
|
+
options[:date].should be_nil
|
105
|
+
end
|
106
|
+
end
|
107
|
+
end
|
@@ -0,0 +1,19 @@
|
|
1
|
+
require_relative "../spec_helper"
|
2
|
+
|
3
|
+
|
4
|
+
describe By2::Utils do
|
5
|
+
it "converts an integer to an ip for .int32_to_ip(int32)" do
|
6
|
+
By2::Utils.int32_to_ip(2147615233).should eql("128.2.2.1")
|
7
|
+
By2::Utils.int32_to_ip(2).should eql("0.0.0.2")
|
8
|
+
end
|
9
|
+
|
10
|
+
it "converts an ip to an integer for .ip_to_int32(ip)" do
|
11
|
+
By2::Utils.ip_to_int32("128.2.2.1").should eql(2147615233)
|
12
|
+
By2::Utils.ip_to_int32("0.0.0.2").should eql(2)
|
13
|
+
end
|
14
|
+
|
15
|
+
it "converts hex to ascii text for .hex_to_ascii(hex)" do
|
16
|
+
hex = "4c6f6f6b206d6f6d2c206e6f2068616e6473"
|
17
|
+
By2::Utils.hex_to_ascii(hex).should eql("Look mom, no hands")
|
18
|
+
end
|
19
|
+
end
|
@@ -0,0 +1,19 @@
|
|
1
|
+
payload1:
|
2
|
+
sid: 1
|
3
|
+
cid: 1
|
4
|
+
data_payload: 48454144202F20485454502F312E310D0A557365722D4167656E743A204A6176612F312E372E305F32310D0A486F73743A206177732E616D617A6F6E2E636F6D0D0A4163636570743A20746578742F68746D6C2C20696D6167652F6769662C20696D6167652F6A7065672C202A3B20713D2E322C202A2F2A3B20713D2E320D0A5669613A20312E31206C6F63616C686F7374202873717569642F332E312E3134290D0A582D466F727761726465642D466F723A203132372E302E302E310D0A43616368652D436F6E74726F6C3A206D61782D6167653D3235393230300D0A436F6E6E656374696F6E3A206B6565702D616C6976650D0A0D0A
|
5
|
+
|
6
|
+
payload2:
|
7
|
+
sid: 1
|
8
|
+
cid: 2
|
9
|
+
data_payload: 474554202F7469636B65723F6D6F64653D6865617274626561742669643D303030393646414234303438266865696768743D323426747A3D2D3432302672657169643D3133383233383736383336343420485454502F312E310D0A557365722D4167656E743A204A6176612F312E372E305F32310D0A486F73743A20726973657469636B65722E61707073706F742E636F6D0D0A4163636570743A20746578742F68746D6C2C20696D6167652F6769662C20696D6167652F6A7065672C202A3B20713D2E322C202A2F2A3B20713D2E320D0A436F6E6E656374696F6E3A206B6565702D616C6976650D0A0D0A
|
10
|
+
|
11
|
+
payload3:
|
12
|
+
sid: 1
|
13
|
+
cid: 3
|
14
|
+
data_payload: 48454144202F20485454502F312E310D0A557365722D4167656E743A204A6176612F312E372E305F32310D0A486F73743A206177732E616D617A6F6E2E636F6D0D0A4163636570743A20746578742F68746D6C2C20696D6167652F6769662C20696D6167652F6A7065672C202A3B20713D2E322C202A2F2A3B20713D2E320D0A5669613A20312E31206C6F63616C686F7374202873717569642F332E312E3134290D0A582D466F727761726465642D466F723A203132372E302E302E310D0A43616368652D436F6E74726F6C3A206D61782D6167653D3235393230300D0A436F6E6E656374696F6E3A206B6565702D616C6976650D0A0D0A
|
15
|
+
|
16
|
+
payload4:
|
17
|
+
sid: 1
|
18
|
+
cid: 4
|
19
|
+
data_payload: 474554202F7469636B65723F6D6F64653D6865617274626561742669643D303030393646414234303438266865696768743D323426747A3D2D3432302672657169643D3133383233383736383336343420485454502F312E310D0A557365722D4167656E743A204A6176612F312E372E305F32310D0A486F73743A20726973657469636B65722E61707073706F742E636F6D0D0A4163636570743A20746578742F68746D6C2C20696D6167652F6769662C20696D6167652F6A7065672C202A3B20713D2E322C202A2F2A3B20713D2E320D0A436F6E6E656374696F6E3A206B6565702D616C6976650D0A0D0A
|
@@ -0,0 +1,36 @@
|
|
1
|
+
event1_tcp:
|
2
|
+
sid: 1
|
3
|
+
cid: 1
|
4
|
+
signature: 493
|
5
|
+
timestamp: <%= Time.now.strftime("%Y-%m-%d") %>
|
6
|
+
|
7
|
+
event2_tcp:
|
8
|
+
sid: 1
|
9
|
+
cid: 2
|
10
|
+
signature: 493
|
11
|
+
timestamp: <%= 2.days.ago %>
|
12
|
+
|
13
|
+
event3_tcp:
|
14
|
+
sid: 1
|
15
|
+
cid: 3
|
16
|
+
signature: 493
|
17
|
+
timestamp: <%= 4.days.ago %>
|
18
|
+
|
19
|
+
event4_tcp:
|
20
|
+
sid: 1
|
21
|
+
cid: 4
|
22
|
+
signature: 493
|
23
|
+
timestamp: <%= 6.days.ago %>
|
24
|
+
|
25
|
+
event5_icmp:
|
26
|
+
sid: 1
|
27
|
+
cid: 5
|
28
|
+
signature: 493
|
29
|
+
timestamp: <%= 8.days.ago %>
|
30
|
+
|
31
|
+
event6_udp:
|
32
|
+
sid: 1
|
33
|
+
cid: 6
|
34
|
+
signature: 494
|
35
|
+
timestamp: <%= 8.days.ago %>
|
36
|
+
|
@@ -0,0 +1,108 @@
|
|
1
|
+
# ip_src: 0.0.0.1
|
2
|
+
# ip_dst: 0.0.0.2
|
3
|
+
iphdr1:
|
4
|
+
sid: 1
|
5
|
+
cid: 1
|
6
|
+
ip_src: 1
|
7
|
+
ip_dst: 2
|
8
|
+
ip_ver: 4
|
9
|
+
ip_hlen: 5
|
10
|
+
ip_tos: 0
|
11
|
+
ip_len: 288
|
12
|
+
ip_id: 41846
|
13
|
+
ip_flags: 0
|
14
|
+
ip_off: 0
|
15
|
+
ip_ttl: 62
|
16
|
+
ip_proto: 6
|
17
|
+
ip_csum: 47934
|
18
|
+
|
19
|
+
# ip_src: 0.0.0.2
|
20
|
+
# ip_dst: 0.0.0.3
|
21
|
+
iphdr2:
|
22
|
+
sid: 1
|
23
|
+
cid: 2
|
24
|
+
ip_src: 2
|
25
|
+
ip_dst: 3
|
26
|
+
ip_ver: 4
|
27
|
+
ip_hlen: 5
|
28
|
+
ip_tos: 0
|
29
|
+
ip_len: 288
|
30
|
+
ip_id: 50886
|
31
|
+
ip_flags: 0
|
32
|
+
ip_off: 0
|
33
|
+
ip_ttl: 62
|
34
|
+
ip_proto: 6
|
35
|
+
ip_csum: 17705
|
36
|
+
|
37
|
+
|
38
|
+
# ip_src: 0.0.0.3
|
39
|
+
# ip_dst: 0.0.0.4
|
40
|
+
iphdr3:
|
41
|
+
sid: 1
|
42
|
+
cid: 3
|
43
|
+
ip_src: 3
|
44
|
+
ip_dst: 4
|
45
|
+
ip_ver: 4
|
46
|
+
ip_hlen: 5
|
47
|
+
ip_tos: 0
|
48
|
+
ip_len: 288
|
49
|
+
ip_id: 41856
|
50
|
+
ip_flags: 0
|
51
|
+
ip_off: 0
|
52
|
+
ip_ttl: 62
|
53
|
+
ip_proto: 6
|
54
|
+
ip_csum: 47924
|
55
|
+
|
56
|
+
# ip_src: 0.0.0.5
|
57
|
+
# ip_dst: 0.0.0.6
|
58
|
+
iphdr4:
|
59
|
+
sid: 1
|
60
|
+
cid: 4
|
61
|
+
ip_src: 5
|
62
|
+
ip_dst: 6
|
63
|
+
ip_ver: 4
|
64
|
+
ip_hlen: 5
|
65
|
+
ip_tos: 0
|
66
|
+
ip_len: 288
|
67
|
+
ip_id: 959
|
68
|
+
ip_flags: 0
|
69
|
+
ip_off: 0
|
70
|
+
ip_ttl: 62
|
71
|
+
ip_proto: 6
|
72
|
+
ip_csum: 2097
|
73
|
+
|
74
|
+
# ip_src: 0.0.0.6
|
75
|
+
# ip_dst: 0.0.0.7
|
76
|
+
iphdr5:
|
77
|
+
sid: 1
|
78
|
+
cid: 5
|
79
|
+
ip_src: 6
|
80
|
+
ip_dst: 7
|
81
|
+
ip_ver: 4
|
82
|
+
ip_hlen: 5
|
83
|
+
ip_tos: 0
|
84
|
+
ip_len: 223
|
85
|
+
ip_id: 29257
|
86
|
+
ip_flags: 0
|
87
|
+
ip_off: 0
|
88
|
+
ip_ttl: 62
|
89
|
+
ip_proto: 6
|
90
|
+
ip_csum: 25578
|
91
|
+
|
92
|
+
# ip_src: 0.0.0.7
|
93
|
+
# ip_dst: 0.0.0.8
|
94
|
+
iphdr6:
|
95
|
+
sid: 1
|
96
|
+
cid: 6
|
97
|
+
ip_src: 7
|
98
|
+
ip_dst: 8
|
99
|
+
ip_ver: 4
|
100
|
+
ip_hlen: 5
|
101
|
+
ip_tos: 0
|
102
|
+
ip_len: 223
|
103
|
+
ip_id: 29257
|
104
|
+
ip_flags: 0
|
105
|
+
ip_off: 0
|
106
|
+
ip_ttl: 62
|
107
|
+
ip_proto: 6
|
108
|
+
ip_csum: 25578
|