mirror of
https://github.com/zeek/zeek.git
synced 2025-10-04 23:58:20 +00:00
DHCPv6 stash some notes
This commit is contained in:
Arne Welzel
parent
67caf581da
commit
d7899e9d09
3 changed files with 95 additions and 0 deletions
29
scripts/base/protocols/dhcpv6/README
Normal file
29
scripts/base/protocols/dhcpv6/README
Normal file
|
|
@ -0,0 +1,29 @@
|
|||
Support for Dynamic Host Configuration Protocol (DHCP) analysis.
|
||||
|
||||
|
||||
Log structure:
|
||||
|
||||
DHCPv4 logs transactions
|
||||
|
||||
|
||||
We could also go [txid, iaid] and produce a log for each entry, but that'd
|
||||
be the correct thing to do!
|
||||
|
||||
Probably overthinking if there's only ever a single IAID per transaction,
|
||||
but in theory this is possible.
|
||||
|
||||
# What if there's no IAID? That's okay, too.
|
||||
|
||||
So... pivot on IAID?
|
||||
|
||||
State:
|
||||
|
||||
transaction_id: count
|
||||
ianas: vector of IA_NA
|
||||
|
||||
# Common stuff
|
||||
|
||||
|
||||
# Log entry
|
||||
|
||||
txid, ia_na.aid, iaaddr
|
||||
5
scripts/base/protocols/dhcpv6/dpd.sig
Normal file
5
scripts/base/protocols/dhcpv6/dpd.sig
Normal file
|
|
@ -0,0 +1,5 @@
|
|||
# signature dhcpv6_todo {
|
||||
# ip-proto == udp
|
||||
# payload /^.{236}\x63\x82\x53\x63/
|
||||
# enable "dhcpv6"
|
||||
#}
|
||||
Loading…
Add table
Add a link
Reference in a new issue