Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-03 15:18:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
zeek/scripts/base/protocols/dhcpv6
History
Arne Welzel d7899e9d09 DHCPv6 stash some notes
2025-05-26 10:02:39 +02:00
..
__load__.zeek dhcpv6: WIP 2025-05-25 16:31:53 +02:00
consts.zeek dhcpv6: WIP 2025-05-25 16:31:53 +02:00
dpd.sig DHCPv6 stash some notes 2025-05-26 10:02:39 +02:00
main.zeek dhcpv6: WIP 2025-05-25 16:31:53 +02:00
README DHCPv6 stash some notes 2025-05-26 10:02:39 +02:00

README 

Support for Dynamic Host Configuration Protocol (DHCP) analysis.


Log structure:

DHCPv4 logs transactions


We could also go [txid, iaid] and produce a log for each entry, but that'd
be the correct thing to do!

Probably overthinking if there's only ever a single IAID per transaction,
but in theory this is possible.

# What if there's no IAID? That's okay, too.

So... pivot on IAID?

State:

   transaction_id: count
   ianas: vector of IA_NA

   # Common stuff


# Log entry

txid, ia_na.aid, iaaddr