Scribd
Upload
134 views24 pages

RPCAP

This document defines a protocol decode script for Remote Packet Capture (RPCAP). Some key points: - RPCAP is a remote packet capture system that allows capturing packet data on a target computer remotely. - The document includes definitions for struct fields, fields, and parsers to extract data from RPCAP packets. - It extracts information like message type, payload length, timestamps, captured packet data, authentication information, and more. - Parsers are defined to extract values from different RPCAP opcode types and messages like start of capture requests, captured packets, and device listing responses.

Uploaded by

ololo lolo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
134 views24 pages

RPCAP

This document defines a protocol decode script for Remote Packet Capture (RPCAP). Some key points: - RPCAP is a remote packet capture system that allows capturing packet data on a target computer remotely. - The document includes definitions for struct fields, fields, and parsers to extract data from RPCAP packets. - It extracts information like message type, payload length, timestamps, captured packet data, authentication information, and more. - Parsers are defined to extract values from different RPCAP opcode types and messages like start of capture requests, captured packets, and device listing responses.

Uploaded by

ololo lolo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 24

[colasoft protocol decode script ver 2.

0]
proto_abbr=RPCAP
proto_full=Remote Packet Capture
layer=APPLICATION
color=#0x66669A
auther=xin.he
tester=tao.li
description_en=RPCAP is a remote packet capture system, enabling users to run
remote packet capture program on the target computer
description_zh=RPCAP 是一个远程抓包系统,使用户能够在目标计算机上运行远程抓包程序
#remarks:
#1.根据 wireshark 源码解码.
#2.数据包长度必须大于 8 个字节
#3.版本必须为 0
#4.UDP 之上只可能为 rpcap 的 msg_type=7 类型数据
#5.msg_type=11,131,132 时,Payload length 必须为 8
#6.msg_type=137 时,Payload length 必须为 16
#7.msg_type=7 时,Payload length 必须大于等于 20
#8.msg_type=4 或者 5 时,Opcode 的标志位根据本身的值有不同的含义.这里不做判断.
#9.测试添加 TCP 识别端口:1921-2002
[struct]
structfield Promiscuousmode = Flags[1:7,1],int;
structfield UseDatagram = Flags[1:6,1],int;
structfield Serveropen = Flags[1:5,1],int;
structfield Inbound = Flags[1:4,1],int;
structfield Outbound = Flags[1:3,1],int;

structfield Class = Opcode6[1:5,3],int;


structfield Rval = Opcode6[1:3,2],int;

structfield Class = Opcode0[1:5,3],int;


structfield Size = Opcode0[1:3,2],int;
structfield Mode = Opcode0[1:0,3],int;

structfield Class = Opcode1[1:5,3],int;


structfield Size = Opcode1[1:3,2],int;
structfield Mode = Opcode1[1:0,3],int;

structfield Class = Opcode7[1:5,3],int;


structfield Op7 = Opcode7[1:0,5],int;

structfield Class = Opcode4[1:5,3],int;


structfield Src = Opcode4[1:4,1],int;
structfield Op4 = Opcode4[1:0,4],int;

structfield Class = Opcode5[1:5,3],int;


structfield Src = Opcode5[1:4,1],int;
structfield Op5 = Opcode5[1:0,4],int;

structfield Class = Opcode2_3[1:5,3],int;


structfield Fields = Opcode2_3[1:0,5],int;

field Version = int;


field Messagetype = int;
field Messagevalue = int,N2H;
field Payloadlength = int,N2H;
field Errorvalue = int,N2H;
field Arrivaltime = string,HEX;
field Capturelength = int,N2H;
field Framelength = int,N2H;
field Framenumber = int,N2H;
field Framedata = string,HEX;
field ErrorData = string;
field OpenRequest = string;
field Snaplength = int,N2H;
field Readtimeout = int,N2H;
field ClientPort = int,N2H;
field Filtertype = int,N2H;
field Dummy = int,N2H;
field Numberofitems = int,N2H;
field JT = int;
field JF = int;
field Instructionvalue = int,N2H;
field Authenticationtype = int,N2H;
field AIL1 = int,N2H;
field AIL2 = int,N2H;
field Username = string;
field Password = string;
field Method = int;
field Dummy1 = int;
field Dummy2 = int,N2H;
field Value = int,N2H;
field Namelength = int,N2H;
field Descriptionlength = int,N2H;
field Interfaceflags = int,N2H;
field Numberofaddresses = int,N2H;
field Name = string;
field Description = string;
field Addressfamily = int,N2H;
field Port = int,N2H;
field IPaddress = string,IPADDR;
field Padding = string,HEX;
field Unknownaddress = string,HEX;
field Linktype = int,N2H;
field Timezoneoffset = int,N2H;
field Buffersize = int,N2H;
field Serverport = int,N2H;
field RBKF = int,N2H;
field DBNI = int,N2H;
field DBKF = int,N2H;
field CBR = int,N2H;
field Opcode6 = int,N2H;
field Opcode0 = int,N2H;
field Opcode1 = int,N2H;
field Opcode7 = int,N2H;
field Opcode4 = int,N2H;
field Opcode5 = int,N2H;

groupfield FilterbpfINSN;
groupfield Filter;
groupfield Flags;
groupfield Interface;
groupfield Interfaceaddress;
groupfield Address;
groupfield Netmask;
groupfield Broadcast;
groupfield P2Pdestinationaddress;
groupfield StartcapReq;
groupfield Packet;
groupfield Authentcation;
groupfield Samplings;
groupfield Findalldevices;
groupfield Openreply;
groupfield Startcapturereply;
groupfield Statistics;
groupfield Opcodes;
int AuthentcationDataLen = Payloadlength - 8;
int InformationdataLen = Payloadlength - 8 - AIL1 - AIL2;
int StartCRDLen = Payloadlength - 20 - Numberofitems * 8;
struct Messagetype 1;
struct Messagevalue 2;
struct Payloadlength 4;
struct Errorvalue 2;
struct Arrivaltime 8;
struct Capturelength 4;
struct Framelength 4;
struct Framenumber 4;
struct ErrorData Payloadlength;
struct OpenRequest Payloadlength;
struct Snaplength 4;
struct Readtimeout 4;
struct Flags 2;
struct ClientPort 2;
struct Filtertype 2;
struct Dummy 2;
struct Numberofitems 4;
struct JT 1;
struct JF 1;
struct Instructionvalue 4;
struct Framedata Framelength;
struct AuthentcationData AuthentcationDataLen;
struct Authenticationtype 2;
struct AIL1 2;
struct AIL2 2;
struct Username AIL1;
struct Password AIL2;
struct Informationdata InformationdataLen;
struct Method 1;
struct Dummy1 1;
struct Dummy2 2;
struct Value 4;
struct Namelength 2;
struct Descriptionlength 2;
struct Interfaceflags 4;
struct Numberofaddresses 2;
struct Name Namelength;
struct Description Descriptionlength;
struct Addressfamily 2;
struct Port 2;
struct IPaddress 4;
struct Padding 120;
struct Unknownaddress 126;
struct Linktype 4;
struct Timezoneoffset 4;
struct Buffersize 4;
struct Serverport 2;
struct RBKF 4;
struct DBNI 4;
struct DBKF 4;
struct CBR 4;
struct StartcapReqData StartCRDLen;
struct Opcode2_3 2;

parser Version = regex(\x00);


parser Opcode0 = regex((.\x00)|(.\x10)|(.\x20)|(.\x30)|(.\x40)|
(.\x50)|(.\x60)|(.\x70)|(.\x80)|(.\x90)|(.\xa0)|(.\xb0)|(.\xc0)|(.\xd0)|(.\xe0)|
(.\xf0)|(.\x08)|(.\x18)|(.\x28)|(.\x38)|(.\x48)|(.\x58)|(.\x68)|(.\x78)|(.\x88)|
(.\x98)|(.\xa8)|(.\xb8)|(.\xc8)|(.\xd8)|(.\xe8)|(.\xf8));
parser Opcode1 = regex((.\x01)|(.\x11)|(.\x21)|(.\x31)|(.\x41)|
(.\x51)|(.\x61)|(.\x71)|(.\x81)|(.\x91)|(.\xa1)|(.\xb1)|(.\xc1)|(.\xd1)|(.\xe1)|
(.\xf1)|(.\x09)|(.\x19)|(.\x29)|(.\x39)|(.\x49)|(.\x59)|(.\x69)|(.\x79)|(.\x89)|
(.\x99)|(.\xa9)|(.\xb9)|(.\xc9)|(.\xd9)|(.\xe9)|(.\xf9));
parser Opcode4 = regex((.\x04)|(.\x14)|(.\x24)|(.\x34)|(.\x44)|
(.\x54)|(.\x64)|(.\x74)|(.\x84)|(.\x94)|(.\xa4)|(.\xb4)|(.\xc4)|(.\xd4)|(.\xe4)|
(.\xf4)|(.\x0c)|(.\x1c)|(.\x2c)|(.\x3c)|(.\x4c)|(.\x5c)|(.\x6c)|(.\x7c)|(.\x8c)|
(.\x9c)|(.\xac)|(.\xbc)|(.\xcc)|(.\xdc)|(.\xec)|(.\xfc));
parser Opcode5 = regex((.\x05)|(.\x15)|(.\x25)|(.\x35)|(.\x45)|
(.\x55)|(.\x65)|(.\x75)|(.\x85)|(.\x95)|(.\xa5)|(.\xb5)|(.\xc5)|(.\xd5)|(.\xe5)|
(.\xf5)|(.\x0d)|(.\x1d)|(.\x2d)|(.\x3d)|(.\x4d)|(.\x5d)|(.\x6d)|(.\x7d)|(.\x8d)|
(.\x9d)|(.\xad)|(.\xbd)|(.\xcd)|(.\xdd)|(.\xed)|(.\xfd));
parser Opcode6 = regex((.\x06)|(.\x16)|(.\x26)|(.\x36)|(.\x46)|
(.\x56)|(.\x66)|(.\x76)|(.\x86)|(.\x96)|(.\xa6)|(.\xb6)|(.\xc6)|(.\xd6)|(.\xe6)|
(.\xf6)|(.\x0e)|(.\x1e)|(.\x2e)|(.\x3e)|(.\x4e)|(.\x5e)|(.\x6e)|(.\x7e)|(.\x8e)|
(.\x9e)|(.\xae)|(.\xbe)|(.\xce)|(.\xde)|(.\xee)|(.\xfe));
parser Opcode7 = regex((.\x07)|(.\x17)|(.\x27)|(.\x37)|(.\x47)|
(.\x57)|(.\x67)|(.\x77)|(.\x87)|(.\x97)|(.\xa7)|(.\xb7)|(.\xc7)|(.\xd7)|(.\xe7)|
(.\xf7)|(.\x0f)|(.\x1f)|(.\x2f)|(.\x3f)|(.\x4f)|(.\x5f)|(.\x6f)|(.\x7f)|(.\x8f)|
(.\x9f)|(.\xaf)|(.\xbf)|(.\xcf)|(.\xdf)|(.\xef)|(.\xff));
parser Opcodes = Opcode0 | Opcode1 | Opcode4 | Opcode5 |
Opcode6 | Opcode7 | Opcode2_3;
parser FilterbpfINSN = Opcodes JT JF Instructionvalue;
parser Filter = Filtertype Dummy Numberofitems
FilterbpfINSN{Numberofitems};
parser StartcapReq = Snaplength Readtimeout Flags ClientPort Filter
StartcapReqData;
parser Packet = Arrivaltime Capturelength Framelength
Framenumber Framedata;
parser Information = Username Password Informationdata;
relatedparser Optional = if(Authenticationtype = 1) Information
else AuthentcationData;
parser Authentcation = Authenticationtype Dummy AIL1 AIL2 Optional;
parser Sampling = Method Dummy1 Dummy2 Value;
relatedparser Samplings = if(Payloadlength = 8) Sampling
else ignoretoend;
parser IAOption = Port IPaddress Padding;
relatedparser IAOptional = if(Addressfamily = 2) IAOption
else Unknownaddress;
parser Address = Addressfamily IAOptional;
parser Netmask = Addressfamily IAOptional;
parser Broadcast = Addressfamily IAOptional;
parser P2Pdestinationaddress = Addressfamily IAOptional;
parser Interfaceaddress = Address Netmask Broadcast
P2Pdestinationaddress;
parser Interface = Namelength Descriptionlength Interfaceflags
Numberofaddresses Dummy Name Description Interfaceaddress{Numberofaddresses};
parser Findalldevices = Interface{Messagevalue};
parser Openreply = Linktype Timezoneoffset;
relatedparser Openreplys = if(Payloadlength = 8) Openreply
else ignoretoend;
parser Startcapturereply = Buffersize Serverport Dummy;
relatedparser Startcapturereplys = if(Payloadlength = 8) Startcapturereply
else ignoretoend;
parser Statistics = RBKF DBNI DBKF CBR;
relatedparser StatisticsT = if(Payloadlength = 16) Statistics
else ignoretoend;
relatedparser Option = if(Messagetype = 1) ErrorData
else if(Messagetype = 3)
OpenRequest
else if(Messagetype = 4)
StartcapReq
else if(Messagetype = 5)
Filter
else if(Messagetype = 7)
Packet
else if(Messagetype = 8)
Authentcation
else if(Messagetype =
11) Samplings
else if(Messagetype =
130) Findalldevices
else if(Messagetype =
131) Openreplys
else if(Messagetype =
132) Startcapturereplys
else if(Messagetype =
137) StatisticsT
else nop;
relatedparser Values = if(Messagetype = 1) Errorvalue
else Messagevalue;
parser rpcaphdr = Version Messagetype Values Payloadlength;
parser RPCAP = rpcaphdr Option ignoretoend;
root = RPCAP;
[display]
_PROTO={}
_PROTO.showtype={
Outbound = 'bin',
Inbound = 'bin',
Serveropen = 'bin',
UseDatagram = 'bin',
Promiscuousmode = 'bin',
Class = 'bin',
Rval = 'bin',
Mode = 'bin',
Size = 'bin',
Op7 = 'bin',
Op4 = 'bin',
Op5 = 'bin',
Src = 'bin',
Fields = 'bin',
Version = 'dec',
Messagetype = 'dec',
Messagevalue = 'netdec',
Payloadlength = 'netdec',
Errorvalue = 'netdec',
Arrivaltime = 'nethex',
Capturelength = 'netdec',
Framelength = 'netdec',
Framenumber = 'netdec',
Framedata = 'nethex',
ErrorData = 'string',
OpenRequest = 'string',
Snaplength = 'netdec',
Readtimeout = 'netdec',
ClientPort = 'netdec',
Filtertype = 'netdec',
Dummy = 'netdec',
Numberofitems = 'netdec',
JT = 'dec',
JF = 'dec',
Instructionvalue = 'netdec',
Authenticationtype = 'netdec',
AIL1 = 'netdec',
AIL2 = 'netdec',
Username = 'string',
Password = 'string',
Method = 'dec',
Dummy1 = 'dec',
Dummy2 = 'netdec',
Value = 'netdec',
Namelength = 'netdec',
Descriptionlength = 'netdec',
Interfaceflags = 'netdec',
Numberofaddresses = 'netdec',
Name = 'string',
Description = 'string',
Addressfamily = 'nethex',
Port = 'netdec',
IPaddress = 'ipv4_addr',
Padding = 'nethex',
Unknownaddress = 'nethex',
Linktype = 'netdec',
Timezoneoffset = 'netdec',
Buffersize = 'netdec',
Serverport = 'netdec',
RBKF = 'netdec',
DBNI = 'netdec',
DBKF = 'netdec',
CBR = 'netdec',
Opcodes = 'group',
FilterbpfINSN = 'group',
Filter = 'group',
Flags = 'group',
Interface = 'group',
Interfaceaddress = 'group',
Address = 'group',
Netmask = 'group',
Broadcast = 'group',
P2Pdestinationaddress = 'group',
StartcapReq = 'group',
Packet = 'group',
Authentcation = 'group',
Samplings = 'group',
Findalldevices = 'group',
Openreply = 'group',
Startcapturereply = 'group',
Statistics = 'group',
};
_PROTO.comment={
Unknownaddress = 'if(Addressfamily ~= 0) then return "Unknown
address family" end',
Messagetype = 'if(Messagetype == 1) then return
_CST("RPCAP_MSG_ERROR") \
elseif(Messagetype == 2)
then return _CST("RPCAP_MSG_FINDALLIF_REQ") \
elseif(Messagetype == 3)
then return _CST("RPCAP_MSG_OPEN_REQ") \
elseif(Messagetype == 4)
then return _CST("RPCAP_MSG_STARTCAP_REQ") \
elseif(Messagetype == 5)
then return _CST("RPCAP_MSG_UPDATEFILTER_REQ") \
elseif(Messagetype == 6)
then return _CST("RPCAP_MSG_CLOSE") \
elseif(Messagetype == 7)
then return _CST("RPCAP_MSG_PACKET") \
elseif(Messagetype == 8)
then return _CST("RPCAP_MSG_AUTH_REQ") \
elseif(Messagetype == 9)
then return _CST("RPCAP_MSG_STATS_REQ") \
elseif(Messagetype ==
10) then return _CST("RPCAP_MSG_ENDCAP_REQ") \
elseif(Messagetype ==
11) then return _CST("RPCAP_MSG_SETSAMPLING_REQ") \
elseif(Messagetype ==
130) then return _CST("RPCAP_MSG_FINDALLIF_REPLY") \
elseif(Messagetype ==
131) then return _CST("RPCAP_MSG_OPEN_REPLY") \
elseif(Messagetype ==
132) then return _CST("RPCAP_MSG_STARTCAP_REPLY") \
elseif(Messagetype ==
133) then return _CST("RPCAP_MSG_UPDATEFILTER_REPLY") \
elseif(Messagetype ==
136) then return _CST("RPCAP_MSG_AUTH_REPLY") \
elseif(Messagetype ==
137) then return _CST("RPCAP_MSG_STATS_REPLY") \
elseif(Messagetype ==
138) then return _CST("RPCAP_MSG_ENDCAP_REPLY") \
elseif(Messagetype ==
139) then return _CST("RPCAP_MSG_SETSAMPLING_REPLY") \
else return
_CST("Unknown") end',
Errorvalue = 'if(Errorvalue == 1) then return
_CST("RPCAP_ERR_NETW") \
elseif(Errorvalue == 2)
then return _CST("RPCAP_ERR_INITTIMEOUT") \
elseif(Errorvalue == 3)
then return _CST("RPCAP_ERR_AUTH") \
elseif(Errorvalue == 4)
then return _CST("RPCAP_ERR_FINDALLIF") \
elseif(Errorvalue == 5)
then return _CST("RPCAP_ERR_NOREMOTEIF") \
elseif(Errorvalue == 6)
then return _CST("RPCAP_ERR_OPEN") \
elseif(Errorvalue == 7)
then return _CST("RPCAP_ERR_UPDATEFILTER") \
elseif(Errorvalue == 8)
then return _CST("RPCAP_ERR_GETSTATS") \
elseif(Errorvalue == 9)
then return _CST("RPCAP_ERR_READEX") \
elseif(Errorvalue == 10)
then return _CST("RPCAP_ERR_HOSTNOAUTH") \
elseif(Errorvalue == 11)
then return _CST("RPCAP_ERR_REMOTEACCEPT") \
elseif(Errorvalue == 12)
then return _CST("RPCAP_ERR_STARTCAPTURE") \
elseif(Errorvalue == 13)
then return _CST("RPCAP_ERR_ENDCAPTURE") \
elseif(Errorvalue == 14)
then return _CST("RPCAP_ERR_RUNTIMETIMEOUT") \
elseif(Errorvalue == 15)
then return _CST("RPCAP_ERR_SETSAMPLING") \
elseif(Errorvalue == 16)
then return _CST("RPCAP_ERR_WRONGMSG") \
elseif(Errorvalue == 17)
then return _CST("RPCAP_ERR_WRONGVER") \
else return
_CST("Unknown") end',
Method = 'if(Method == 0) then return "No sampling" \
elseif(Method == 1) then
return "1 every N" \
elseif(Method == 2) then
return "First after N ms" \
else return
_CST("Unknown") end',
Authenticationtype = 'if(Authenticationtype == 0) then return
"None" \

elseif(Authenticationtype == 1) then return "Password" \


else return
_CST("Unknown") end',
Addressfamily = 'if(Addressfamily == 0) then return
"AF_UNSPEC" \
elseif(Addressfamily ==
2) then return "AF_INET" \
else return
_CST("Unknown") end',
Class = 'if(Class == 0) then return "ld" \
elseif(Class == 1) then
return "ldx" \
elseif(Class == 2) then
return "st" \
elseif(Class == 3) then
return "stx" \
elseif(Class == 4) then
return "alu" \
elseif(Class == 5) then
return "jmp" \
elseif(Class == 6) then
return "ret" \
elseif(Class == 7) then
return "misc" \
else return
_CST("Unknown") end',
Rval = 'if(Rval == 0) then return "k" \
elseif(Rval == 1) then
return "x" \
elseif(Rval == 2) then
return "a" \
else return
_CST("Unknown") end',
Mode = 'if(Mode == 0) then return "imm" \
elseif(Mode == 1) then
return "abs" \
elseif(Mode == 2) then
return "ind" \
elseif(Mode == 3) then
return "mem" \
elseif(Mode == 4) then
return "len" \
elseif(Mode == 5) then
return "msh" \
else return
_CST("Unknown") end',
Size = 'if(Size == 0) then return "w" \
elseif(Size == 1) then
return "h" \
elseif(Size == 2) then
return "b" \
else return
_CST("Unknown") end',
Op7 = 'if(Op7 == 0) then return "tax" \
elseif(Op7 == 1) then
return "txa" \
else return
_CST("Unknown") end',
Op4 = 'if(Op4 == 0) then return "add" \
elseif(Op4 == 1) then
return "sub" \
elseif(Op4 == 2) then
return "mul" \
elseif(Op4 == 3) then
return "div" \
elseif(Op4 == 4) then
return "or" \
elseif(Op4 == 5) then
return "and" \
elseif(Op4 == 6) then
return "lsh" \
elseif(Op4 == 7) then
return "rsh" \
elseif(Op4 == 8) then
return "neg" \
else return
_CST("Unknown") end',
Op5 = 'if(Op5 == 0) then return "ja" \
elseif(Op5 == 1) then
return "jeq" \
elseif(Op5 == 2) then
return "jgt" \
elseif(Op5 == 3) then
return "jge" \
elseif(Op5 == 4) then
return "jset" \
else return
_CST("Unknown") end',
Src = 'if(Src == 0) then return "k" \
elseif(Src == 1) then
return "x" \
else return
_CST("Unknown") end',
Promiscuousmode = 'if(Promiscuousmode == 1) then return
"Enabled" \
else return "Disabled"
end',
Serveropen = 'if(Serveropen == 1) then return "Open" \
else return "Closed"
end',
Outbound = 'if(Outbound == 1) then return "Yes" \
else return "No" end',
Inbound = 'if(Inbound == 1) then return "Yes" \
else return "No" end',
UseDatagram = 'if(UseDatagram == 1) then return "Yes" \
else return "No" end',
Linktype = 'if(Linktype == 1) then return "ETHERNET" \
elseif(Linktype == 2)
then return "EXP_ETHERNET" \
elseif(Linktype == 3)
then return "AX25" \
elseif(Linktype == 4)
then return "PRONET" \
elseif(Linktype == 5)
then return "CHAOS" \
elseif(Linktype == 6)
then return "IEEE802_5" \
elseif(Linktype == 7)
then return "ARCNET_BSD" \
elseif(Linktype == 8)
then return "SLIP" \
elseif(Linktype == 9)
then return "PPP" \
elseif(Linktype == 10)
then return "FDDI" \
elseif(Linktype == 32)
then return "REDBACK" \
elseif(Linktype == 50)
then return "PPP_HDLC" \
elseif(Linktype == 51)
then return "PPP_ETHER" \
elseif(Linktype == 99)
then return "SYMANTEC_FIREWALL" \
elseif(Linktype == 100)
then return "ATM_RFC1483" \
elseif(Linktype == 101)
then return "RAW" \
elseif(Linktype == 102)
then return "BSD/OS SLIP" \
elseif(Linktype == 103)
then return "BSD/OS PPP" \
elseif(Linktype == 104)
then return "C_HDLC" \
elseif(Linktype == 105)
then return "IEEE802_11" \
elseif(Linktype == 106)
then return "LINUX_ATM_CLIP" \
elseif(Linktype == 107)
then return "FRELAY" \
elseif(Linktype == 108)
then return "LOOP" \
elseif(Linktype == 109)
then return "ENC" \
elseif(Linktype == 110)
then return "LANE8023" \
elseif(Linktype == 111)
then return "HIPPI" \
elseif(Linktype == 112)
then return "HDLC" \
elseif(Linktype == 113)
then return "LINUX_SLL" \
elseif(Linktype == 114)
then return "LTALK" \
elseif(Linktype == 115)
then return "ECONET" \
elseif(Linktype == 116)
then return "IPFILTER" \
elseif(Linktype == 117)
then return "PFLOG" \
elseif(Linktype == 118)
then return "CISCO_IOS" \
elseif(Linktype == 119)
then return "IEEE802_11_PRISM" \
elseif(Linktype == 120)
then return "IEEE802_11_AIRONET" \
elseif(Linktype == 121)
then return "HHDLC" \
elseif(Linktype == 122)
then return "IP_OVER_FC" \
elseif(Linktype == 123)
then return "SUNATM" \
elseif(Linktype == 124)
then return "RIO" \
elseif(Linktype == 125)
then return "PCI_EXP" \
elseif(Linktype == 126)
then return "AURORA" \
elseif(Linktype == 127)
then return "IEEE802_11_RADIOTAP" \
elseif(Linktype == 128)
then return "TZSP" \
elseif(Linktype == 129)
then return "ARCNET_LINUX" \
elseif(Linktype == 130)
then return "JUNIPER_MLPPP" \
elseif(Linktype == 131)
then return "JUNIPER_MLFR" \
elseif(Linktype == 132)
then return "JUNIPER_ES" \
elseif(Linktype == 133)
then return "JUNIPER_GGSN" \
elseif(Linktype == 134)
then return "JUNIPER_MFR" \
elseif(Linktype == 135)
then return "JUNIPER_ATM2" \
elseif(Linktype == 136)
then return "JUNIPER_SVCS" \
elseif(Linktype == 137)
then return "JUNIPER_ATM1" \
elseif(Linktype == 138)
then return "APPLE_IP_OVER_IEEE1394" \
elseif(Linktype == 139)
then return "MTP2_WITH_PHDR" \
elseif(Linktype == 140)
then return "MTP2" \
elseif(Linktype == 141)
then return "MTP3" \
elseif(Linktype == 142)
then return "SCCP" \
elseif(Linktype == 143)
then return "DOCSIS" \
elseif(Linktype == 144)
then return "LINUX_IRDA" \
elseif(Linktype == 145)
then return "IBM_SP" \
elseif(Linktype == 146)
then return "IBM_SN" \
elseif(Linktype == 147)
then return "USER_0" \
elseif(Linktype == 148)
then return "USER_1" \
elseif(Linktype == 149)
then return "USER_2" \
elseif(Linktype == 150)
then return "USER_3" \
elseif(Linktype == 151)
then return "USER_4" \
elseif(Linktype == 152)
then return "USER_5" \
elseif(Linktype == 153)
then return "USER_6" \
elseif(Linktype == 154)
then return "USER_7" \
elseif(Linktype == 155)
then return "USER_8" \
elseif(Linktype == 156)
then return "USER_9" \
elseif(Linktype == 157)
then return "USER_10" \
elseif(Linktype == 158)
then return "USER_11" \
elseif(Linktype == 159)
then return "USER_12" \
elseif(Linktype == 160)
then return "USER_13" \
elseif(Linktype == 161)
then return "USER_14" \
elseif(Linktype == 162)
then return "USER_15" \
elseif(Linktype == 163)
then return "IEEE802_11_AVS" \
elseif(Linktype == 164)
then return "JUNIPER_MONITOR" \
elseif(Linktype == 165)
then return "BACNET_MS_TP" \
elseif(Linktype == 166)
then return "PPP_PPPD" \
elseif(Linktype == 167)
then return "JUNIPER_PPPOE" \
elseif(Linktype == 168)
then return "JUNIPER_PPPOE_ATM" \
elseif(Linktype == 169)
then return "GPRS_LLC" \
elseif(Linktype == 170)
then return "GPF_T" \
elseif(Linktype == 171)
then return "GPF_F" \
elseif(Linktype == 172)
then return "GCOM_TIE1" \
elseif(Linktype == 173)
then return "GCOM_SERIAL" \
elseif(Linktype == 174)
then return "JUNIPER_PIC_PEER" \
elseif(Linktype == 175)
then return "ERF_ETH" \
elseif(Linktype == 176)
then return "ERF_POS" \
elseif(Linktype == 177)
then return "LINUX_LAPD" \
elseif(Linktype == 178)
then return "JUNIPER_ETHER" \
elseif(Linktype == 179)
then return "JUNIPER_PPP" \
elseif(Linktype == 180)
then return "JUNIPER_FRELAY" \
elseif(Linktype == 181)
then return "JUNIPER_CHDLC" \
elseif(Linktype == 182)
then return "MFR" \
elseif(Linktype == 183)
then return "JUNIPER_VP" \
elseif(Linktype == 184)
then return "A429" \
elseif(Linktype == 185)
then return "A653_ICM" \
elseif(Linktype == 186)
then return "USB" \
elseif(Linktype == 187)
then return "BLUETOOTH_HCI_H4" \
elseif(Linktype == 188)
then return "IEEE802_16_MAC_CPS" \
elseif(Linktype == 189)
then return "USB_LINUX" \
elseif(Linktype == 190)
then return "CAN20B" \
elseif(Linktype == 191)
then return "IEEE802_15_4_LINUX" \
elseif(Linktype == 192)
then return "PPI" \
elseif(Linktype == 193)
then return "IEEE802_16_MAC_CPS_RADIO" \
elseif(Linktype == 194)
then return "JUNIPER_ISM" \
elseif(Linktype == 195)
then return "IEEE802_15_4" \
elseif(Linktype == 196)
then return "SITA" \
elseif(Linktype == 197)
then return "ERF" \
elseif(Linktype == 198)
then return "RAIF1" \
elseif(Linktype == 199)
then return "IPMB" \
elseif(Linktype == 200)
then return "JUNIPER_ST" \
elseif(Linktype == 201)
then return "BLUETOOTH_HCI_H4_WITH_PHDR" \
elseif(Linktype == 202)
then return "AX25_KISS" \
elseif(Linktype == 203)
then return "LAPD" \
elseif(Linktype == 204)
then return "PPP_WITH_DIR" \
elseif(Linktype == 205)
then return "C_HDLC_WITH_DIR" \
elseif(Linktype == 206)
then return "FRELAY_WITH_DIR" \
elseif(Linktype == 207)
then return "LAPB_WITH_DIR" \
elseif(Linktype == 209)
then return "IPMB_LINUX" \
elseif(Linktype == 210)
then return "FLEXRAY" \
elseif(Linktype == 211)
then return "MOST" \
elseif(Linktype == 212)
then return "LIN" \
elseif(Linktype == 213)
then return "X2E_SERIAL" \
elseif(Linktype == 214)
then return "X2E_XORAYA" \
elseif(Linktype == 215)
then return "IEEE802_15_4_NONASK_PHY" \
elseif(Linktype == 216)
then return "LINUX_EVDEV" \
elseif(Linktype == 217)
then return "GSMTAP_UM" \
elseif(Linktype == 218)
then return "GSMTAP_UM" \
elseif(Linktype == 219)
then return "MPLS" \
elseif(Linktype == 220)
then return "USB_LINUX_MMAPPED" \
elseif(Linktype == 221)
then return "DECT" \
elseif(Linktype == 222)
then return "AOS" \
elseif(Linktype == 223)
then return "WIHART" \
elseif(Linktype == 224)
then return "FC_2" \
elseif(Linktype == 225)
then return "FC_2_WITH_FRAME_DELIMS" \
elseif(Linktype == 226)
then return "IPNET" \
elseif(Linktype == 227)
then return "CAN_SOCKETCAN" \
elseif(Linktype == 228)
then return "IPV4" \
elseif(Linktype == 229)
then return "IPV6" \
elseif(Linktype == 230)
then return "IEEE802_15_4_NOFCS" \
elseif(Linktype == 231)
then return "DBUS" \
elseif(Linktype == 232)
then return "JUNIPER_VS" \
elseif(Linktype == 233)
then return "JUNIPER_SRX_E2E" \
elseif(Linktype == 234)
then return "JUNIPER_FIBRECHANNEL" \
elseif(Linktype == 235)
then return "DVB_CI" \
elseif(Linktype == 236)
then return "MUX27010" \
elseif(Linktype == 237)
then return "STANAG_5066_D_PDU" \
elseif(Linktype == 238)
then return "JUNIPER_ATM_CEMIC" \
elseif(Linktype == 239)
then return "NFLOG" \
elseif(Linktype == 240)
then return "NETANALYZER" \
elseif(Linktype == 241)
then return "NETANALYZER_TRANSPARENT" \
elseif(Linktype == 242)
then return "IPOIB" \
elseif(Linktype == 243)
then return "MPEG_2_TS" \
elseif(Linktype == 244)
then return "NG40" \
elseif(Linktype == 245)
then return "NFC_LLCP" \
elseif(Linktype == 246)
then return "PFSYNC" \
elseif(Linktype == 247)
then return "INFINIBAND" \
elseif(Linktype == 248)
then return "SCTP" \
elseif(Linktype == 249)
then return "USBPCAP" \
elseif(Linktype == 250)
then return "RTAC_SERIAL" \
elseif(Linktype == 251)
then return "BLUETOOTH_LE_LL" \
elseif(Linktype == 252)
then return "WIRESHARK_UPPER_PDU" \
elseif(Linktype == 253)
then return "NETLINK" \
elseif(Linktype == 254)
then return "BLUETOOTH_LINUX_MONITOR" \
elseif(Linktype == 255)
then return "BLUETOOTH_BREDR_BB" \
elseif(Linktype == 256)
then return "BLUETOOTH_LE_LL_WITH_PHDR" \
elseif(Linktype == 257)
then return "PROFIBUS_DL" \
elseif(Linktype == 258)
then return "PKTAP" \
elseif(Linktype == 259)
then return "EPON" \
elseif(Linktype == 260)
then return "IPMI_HPM_2" \
elseif(Linktype == 261)
then return "ZWAVE_R1_R2" \
elseif(Linktype == 262)
then return "ZWAVE_R3" \
elseif(Linktype == 263)
then return "WATTSTOPPER_DLM" \
elseif(Linktype == 264)
then return "ISO_14443" \
elseif(Linktype == 265)
then return "RDS" \
elseif(Linktype == 266)
then return "USB_DARWIN" \
elseif(Linktype == 268)
then return "SDLC" \
elseif(Linktype == 270)
then return "LORATAP" \
elseif(Linktype == 271)
then return "VSOCK" \
elseif(Linktype == 272)
then return "NORDIC_BLE" \
elseif(Linktype == 273)
then return "DOCSIS31_XRA31" \
elseif(Linktype == 274)
then return "ETHERNET_MPACKET" \
elseif(Linktype == 275)
then return "DISPLAYPORT_AUX" \
else return
_CST("Unknown") end',
}
_PROTO.summary = 'if(Messagetype == 1) then return _CST("Messagetype")..":
"..load(_PROTO.comment.Messagetype)()..". The other host terminated the
connection." \
else return _CST("Messagetype")..":
"..load(_PROTO.comment.Messagetype)() end'
_PROTO.cst = {
zh_cn={
RPCAP = '远程数据包捕获 | RPCAP',
Outbound = '流出',
Inbound = '流入',
Serveropen = '服务器打开',
UseDatagram = '使用数据报',
Promiscuousmode = '混杂模式',
Class = '种类',
Rval = 'Rval',
Mode = '模式',
Size = '大小',
Op7 = 'Op',
Op4 = 'Op',
Op5 = 'Op',
Src = 'Src',
Fields = '字段',
Version = '版本',
Messagetype = '消息类型',
Messagevalue = '消息值',
Payloadlength = '负载长度',
Errorvalue = '错误值',
Arrivaltime = '到达时间',
Capturelength = '捕获长度',
Framelength = '帧长度',
Framenumber = '帧编号',
Framedata = '帧数据',
ErrorData = '错误数据',
OpenRequest = '打开请求',
Snaplength = '临时长度',
Readtimeout = '读取超时',
ClientPort = '客户端端口',
Filtertype = '过滤方式',
Dummy = '虚拟网络',
Numberofitems = '项目数',
JT = 'JT',
JF = 'JF',
Instructionvalue = '指令值',
Authenticationtype = '认证类型',
AIL1 = '身份验证条目长度 1',
AIL2 = '身份验证条目长度 2',
Username = '用户名',
Password = '密码',
Method = '采样方法',
Dummy1 = '虚拟网络 1',
Dummy2 = '虚拟网络 2',
Value = '值',
Namelength = '名称长度',
Descriptionlength = '描述长度',
Interfaceflags = '接口标志',
Numberofaddresses = '地址数量',
Name = '接口名称',
Description = '接口描述',
Addressfamily = '地址簇',
Port = '端口',
IPaddress = 'IP 地址',
Padding = '填充',
Unknownaddress = '未知地址',
Linktype = '链路类型',
Timezoneoffset = '时区偏移',
Buffersize = '缓冲区大小',
Serverport = '服务器端口',
RBKF = '通过内核过滤器接收',
DBNI = '通过网络接口丢弃',
DBKF = '被内核过滤器丢弃',
CBR = '由 RPCAP 守护进程捕获',
Opcodes = '操作码',
FilterbpfINSN = '过滤器 BPF 指令',
Filter = '滤波器',
Flags = '标志',
Interface = '接口',
Interfaceaddress = '接口地址',
Address = '地址',
Netmask = '网络掩码',
Broadcast = '广播',
P2Pdestinationaddress = 'P2P 目的地址',
StartcapReq = '开始获取请求',
Packet = '数据包',
Authentcation = '认证',
Samplings = '采样',
Findalldevices = '发现所有设备',
Openreply = '打开回复',
Startcapturereply = '开始捕获回复',
Statistics = '统计',
RPCAP_MSG_ERROR = '错误',
RPCAP_MSG_FINDALLIF_REQ = '找到所有接口请求',
RPCAP_MSG_OPEN_REQ = '打开请求',
RPCAP_MSG_STARTCAP_REQ = '开始获取请求',
RPCAP_MSG_UPDATEFILTER_REQ = '更新过滤器请求',
RPCAP_MSG_CLOSE = '结束',
RPCAP_MSG_PACKET = '数据包',
RPCAP_MSG_AUTH_REQ = '认证请求',
RPCAP_MSG_STATS_REQ = '数据请求',
RPCAP_MSG_ENDCAP_REQ = '最终获取请求',
RPCAP_MSG_SETSAMPLING_REQ = '设置采样请求',
RPCAP_MSG_FINDALLIF_REPLY = '找到所有接口的回复',
RPCAP_MSG_OPEN_REPLY = '打开回复',
RPCAP_MSG_STARTCAP_REPLY = '开始捕获回复',
RPCAP_MSG_UPDATEFILTER_REPLY = '更新过滤器回复',
RPCAP_MSG_AUTH_REPLY = '身份验证回复',
RPCAP_MSG_STATS_REPLY = '统计回复',
RPCAP_MSG_ENDCAP_REPLY = '最后捕获回复',
RPCAP_MSG_SETSAMPLING_REPLY = '设置采样回复',
Unknown = '未知的',
RPCAP_ERR_NETW = '网络错误',
RPCAP_ERR_INITTIMEOUT = '初始超时已过期',
RPCAP_ERR_AUTH = '验证错误',
RPCAP_ERR_FINDALLIF = '通用发现所有设备错误',
RPCAP_ERR_NOREMOTEIF = '没有远程接口',
RPCAP_ERR_OPEN = '通用 pcap 打开错误',
RPCAP_ERR_UPDATEFILTER = '通用更新过滤器错误',
RPCAP_ERR_GETSTATS = '通用 pcap_stats 错误',
RPCAP_ERR_READEX = '通用 pcap_next_ex 错误',
RPCAP_ERR_HOSTNOAUTH = '主机未经授权',
RPCAP_ERR_REMOTEACCEPT = '通用 pcap 远程接收错误',
RPCAP_ERR_STARTCAPTURE = '通用 pcap 开始捕获错误',
RPCAP_ERR_ENDCAPTURE = '通用 pcap 结束捕获错误',
RPCAP_ERR_RUNTIMETIMEOUT = '运行时间超时已过期',
RPCAP_ERR_SETSAMPLING = '设置采样参数时出错',
RPCAP_ERR_WRONGMSG = '无法识别的消息',
RPCAP_ERR_WRONGVER = '版本不兼容',
},
en_us={
RPCAP = 'Remote Packet Capture | RPCAP',
Outbound = 'Outbound',
Inbound = 'Inbound',
Serveropen = 'Server open',
UseDatagram = 'Use Datagram',
Promiscuousmode = 'Promiscuous mode',
Class = 'Class',
Rval = 'Rval',
Mode = 'Mode',
Size = 'Size',
Op7 = 'Op',
Op4 = 'Op',
Op5 = 'Op',
Src = 'Src',
Fields = 'Fields',
Version = 'Version',
Messagetype = 'Message type',
Messagevalue = 'Message value',
Payloadlength = 'Payload length',
Errorvalue = 'Error value',
Arrivaltime = 'Arrival time',
Capturelength = 'Capture length',
Framelength = 'Frame length',
Framenumber = 'Frame number',
Framedata = 'Frame data',
ErrorData = 'Error Data',
OpenRequest = 'Open Request',
Snaplength = 'Snap length',
Readtimeout = 'Read timeout',
ClientPort = 'Client Port',
Filtertype = 'Filter type',
Dummy = 'Dummy',
Numberofitems = 'Number of items',
JT = 'JT',
JF = 'JF',
Instructionvalue = 'Instruction value',
Authenticationtype = 'Authentcation type',
AIL1 = 'Authentication item length 1',
AIL2 = 'Authentication item length 2',
Username = 'Username',
Password = 'Password',
Method = 'Method',
Dummy1 = 'Dummy 1',
Dummy2 = 'Dummy 2',
Value = 'Value',
Namelength = 'Name length',
Descriptionlength = 'Description length',
Interfaceflags = 'Interface flags',
Numberofaddresses = 'Number of addresses',
Name = 'Name',
Description = 'Description',
Addressfamily = 'Address family',
Port = 'Port',
IPaddress = 'IP address',
Padding = 'Padding',
Unknownaddress = 'Unknown address',
Linktype = 'Link type',
Timezoneoffset = 'Timezone offset',
Buffersize = 'Buffer size',
Serverport = 'Server port',
RBKF = 'Received by kernel filter',
DBNI = 'Dropped by network interface',
DBKF = 'Dropped by kernel filter',
CBR = 'Captured by rpcapd',
Opcodes = 'Operation code',
FilterbpfINSN = 'Filter BPF instruction',
Filter = 'Filter',
Flags = 'Flags',
Interface = 'Interface',
Interfaceaddress = 'Interface address',
Address = 'Address',
Netmask = 'Netmask',
Broadcast = 'Broadcast',
P2Pdestinationaddress = 'P2P destination address',
StartcapReq = 'Start capture request',
Packet = 'Packet',
Authentcation = 'Authentcation',
Samplings = 'Samplings',
Findalldevices = 'Find all devices',
Openreply = 'Open reply',
Startcapturereply = 'Start capture reply',
Statistics = 'Statistics',
RPCAP_MSG_ERROR = 'Error',
RPCAP_MSG_FINDALLIF_REQ = 'Find all interfaces request',
RPCAP_MSG_OPEN_REQ = 'Open request',
RPCAP_MSG_STARTCAP_REQ = 'Start capture request',
RPCAP_MSG_UPDATEFILTER_REQ = 'Update filter request',
RPCAP_MSG_CLOSE = 'Close',
RPCAP_MSG_PACKET = 'Packet',
RPCAP_MSG_AUTH_REQ = 'Authentication request',
RPCAP_MSG_STATS_REQ = 'Statistics request',
RPCAP_MSG_ENDCAP_REQ = 'End capture request',
RPCAP_MSG_SETSAMPLING_REQ = 'Set sampling request',
RPCAP_MSG_FINDALLIF_REPLY = 'Find all interfaces reply',
RPCAP_MSG_OPEN_REPLY = 'Open reply',
RPCAP_MSG_STARTCAP_REPLY = 'Start capture reply',
RPCAP_MSG_UPDATEFILTER_REPLY = 'Update filter reply',
RPCAP_MSG_AUTH_REPLY = 'Authentication reply',
RPCAP_MSG_STATS_REPLY = 'Statistics reply',
RPCAP_MSG_ENDCAP_REPLY = 'End capture reply',
RPCAP_MSG_SETSAMPLING_REPLY = 'Set sampling reply',
Unknown = 'Unknown',
RPCAP_ERR_NETW = 'Network error',
RPCAP_ERR_INITTIMEOUT = 'Initial timeout has expired',
RPCAP_ERR_AUTH = 'Authentication error',
RPCAP_ERR_FINDALLIF = 'Generic findalldevs error',
RPCAP_ERR_NOREMOTEIF = 'No remote interfaces',
RPCAP_ERR_OPEN = 'Generic pcap_open error',
RPCAP_ERR_UPDATEFILTER = 'Generic updatefilter error',
RPCAP_ERR_GETSTATS = 'Generic pcap_stats error',
RPCAP_ERR_READEX = 'Generic pcap_next_ex error',
RPCAP_ERR_HOSTNOAUTH = 'The host is not authorized',
RPCAP_ERR_REMOTEACCEPT = 'Generic pcap_remoteaccept error',
RPCAP_ERR_STARTCAPTURE = 'Generic pcap_startcapture error',
RPCAP_ERR_ENDCAPTURE = 'Generic pcap_endcapture error',
RPCAP_ERR_RUNTIMETIMEOUT = 'Runtime timeout has expired',
RPCAP_ERR_SETSAMPLING = 'Error in setting sampling parameters',
RPCAP_ERR_WRONGMSG = 'Unrecognized message',
RPCAP_ERR_WRONGVER = 'Incompatible version',
},
};
_PROTO.info = {
--对字段的描述
description={
Outbound = '流出',
Inbound = '流入',
Serveropen = '服务器打开',
UseDatagram = '使用数据报',
Promiscuousmode = '混杂模式',
Class = '种类',
Rval = 'Rval',
Mode = 'Mode',
Size = 'Size',
Op7 = 'Op',
Op4 = 'Op',
Op5 = 'Op',
Src = 'Src',
Fields = '字段',
Version = '协议数据包的版本号,当前必须为 0',
Messagetype = '协议数据包的消息类型值',
Messagevalue = '协议数据包的消息值',
Payloadlength = '负载长度',
Errorvalue = '错误值',
Arrivaltime = '到达时间',
Capturelength = '捕获长度',
Framelength = '帧长度(离线)',
Framenumber = '帧编号',
Framedata = '帧数据',
ErrorData = '错误数据',
OpenRequest = '打开请求的数据',
Snaplength = '临时长度',
Readtimeout = '读取超时',
ClientPort = '客户端端口',
Filtertype = '过滤器类型(BPF)',
Dummy = 'Dummy',
Numberofitems = '项目数',
JT = 'JT',
JF = 'JF',
Instructionvalue = '指令相关值',
Authenticationtype = '认证类型',
AIL1 = '身份验证条目长度 1',
AIL2 = '身份验证条目长度 2',
Username = '用户名',
Password = '密码',
Method = '采样方法',
Dummy1 = 'Dummy 1',
Dummy2 = 'Dummy 2',
Value = '值',
Namelength = '名称长度',
Descriptionlength = '描述长度',
Interfaceflags = '接口标志',
Numberofaddresses = '地址数量',
Name = '接口名称',
Description = '接口描述',
Addressfamily = '地址簇',
Port = '端口',
IPaddress = 'IP 地址',
Padding = '填充',
Unknownaddress = '未知地址',
Linktype = '链路类型',
Timezoneoffset = '时区偏移',
Buffersize = '缓冲区大小',
Serverport = '服务器端口',
RBKF = '通过内核过滤器接收',
DBNI = '通过网络接口丢弃',
DBKF = '被内核过滤器丢弃',
CBR = '由 RPCAP 守护进程捕获',
},
--字段取值及长度
value ={
Outbound = '{0x00,0x01},长度 1 比特位',
Inbound = '{0x00,0x01},长度 1 比特位',
Serveropen = '{0x00,0x01},长度 1 比特位',
UseDatagram = '{0x00,0x01},长度 1 比特位',
Promiscuousmode = '{0x00,0x01},长度 1 比特位',
Class = '{0x00,0x07},长度 3 比特位',
Rval = '{0x00,0x03},长度 2 比特位',
Mode = '{0x00,0x07},长度 3 比特位',
Size = '{0x00,0x03},长度 2 比特位',
Op7 = '{0x00~0x1f},长度 5 比特位',
Op4 = '{0x00~0x0f},长度 4 比特位',
Op5 = '{0x00~0x0f},长度 4 比特位',
Src = '{0x00,0x01},长度 1 比特位',
Fields = '{0x00~0x1f},长度 5 比特位',
Version = '{0x00},长度 1 字节',
Messagetype =
'{0x01~0x0b,0x82,0x83,0x84,0x85,0x88,0x89,0x8a,0x8b},长度 1 字节',
Messagevalue = '{0x00,0xFFFF},长度 2 字节',
Payloadlength = '{0x00,0xFFFFFFFF},长度 4 字节',
Errorvalue = '{0x00~0x11},长度 2 字节',
Arrivaltime = '{0x00,0xFFFFFFFFFFFFFFFF},长度 8 字节',
Capturelength = '{0x00,0xFFFFFFFF},长度 4 字节',
Framelength = '{0x00,0xFFFFFFFF},长度 4 字节',
Framenumber = '{0x00,0xFFFFFFFF},长度 4 字节',
Framedata = '文本,长度由 Framelength 决定',
ErrorData = '文本,长度由 Payloadlength 决定',
OpenRequest = '文本,长度由 Payloadlength 决定',
Snaplength = '{0x00,0xFFFFFFFF},长度 4 字节',
Readtimeout = '{0x00,0xFFFFFFFF},长度 4 字节',
ClientPort = '{0x00,0xFFFF},长度 2 字节',
Filtertype = '{0x00,0xFFFF},长度 2 字节',
Dummy = '{0x00,0xFFFF},长度 2 字节',
Numberofitems = '{0x00,0xFFFFFFFF},长度 4 字节',
JT = '{0x00,0xFF},长度 1 字节',
JF = '{0x00,0xFF},长度 1 字节',
Instructionvalue = '{0x00,0xFFFFFFFF},长度 4 字节',
Authenticationtype = '{0x00,0x01},长度 2 字节',
AIL1 = '{0x00,0xFFFF},长度 2 字节',
AIL2 = '{0x00,0xFFFF},长度 2 字节',
Username = '文本,长度由 AIL1 决定',
Password = '文本,长度由 AIL2 决定',
Method = '{0x00,0xFF},长度 1 字节',
Dummy1 = '{0x00,0xFF},长度 1 字节',
Dummy2 = '{0x00,0xFFFF},长度 2 字节',
Value = '{0x00,0xFFFFFFFF},长度 4 字节',
Namelength = '{0x00,0xFFFF},长度 2 字节',
Descriptionlength = '{0x00,0xFFFF},长度 2 字节',
Interfaceflags = '{0x00,0xFFFFFFFF},长度 4 字节',
Numberofaddresses = '{0x00,0xFFFF},长度 2 字节',
Name = '文本,长度由 Namelength 决定',
Description = '文本,长度由 Descriptionlength 决定',
Addressfamily = '{0x00,0x02},长度 2 字节',
Port = '{0x00,0xFFFF},长度 2 字节',
IPaddress = 'IP 地址,长度 4 字节',
Padding = '文本,长度 120 字节',
Unknownaddress = '文本,长度 126 字节',
Linktype = '{0x00~0x0113},长度 2 字节',
Timezoneoffset = '{0x00,0xFFFFFFFF},长度 4 字节',
Buffersize = '{0x00,0xFFFF},长度 2 字节',
Serverport = '{0x00,0xFFFF},长度 2 字节',
RBKF = '{0x00,0xFFFFFFFF},长度 4 字节',
DBNI = '{0x00,0xFFFFFFFF},长度 4 字节',
DBKF = '{0x00,0xFFFFFFFF},长度 4 字节',
CBR = '{0x00,0xFFFFFFFF},长度 4 字节',
},
--字段存在性
existence ={
Outbound = 'O,1',
Inbound = 'O,1',
Serveropen = 'O,1',
UseDatagram = 'O,1',
Promiscuousmode = 'O,1',
Class = 'O,n',
Rval = 'O,n',
Mode = 'O,n',
Size = 'O,n',
Op7 = 'O,n',
Op4 = 'O,n',
Op5 = 'O,n',
Src = 'O,n',
Fields = 'O,n',
Version = 'M,1',
Messagetype = 'M,1',
Messagevalue = 'O,1',
Payloadlength = 'M,1',
Errorvalue = 'O,1',
Arrivaltime = 'O,1',
Capturelength = 'O,1',
Framelength = 'O,1',
Framenumber = 'O,1',
Framedata = 'O,1',
ErrorData = 'O,1',
OpenRequest = 'O,1',
Snaplength = 'O,1',
Readtimeout = 'O,1',
ClientPort = 'O,1',
Filtertype = 'O,1',
Dummy = 'O,1',
Numberofitems = 'O,1',
JT = 'O,n',
JF = 'O,n',
Instructionvalue = 'O,n',
Authenticationtype = 'O,1',
AIL1 = 'O,1',
AIL2 = 'O,1',
Username = 'O,1',
Password = 'O,1',
Method = 'O,1',
Dummy1 = 'O,1',
Dummy2 = 'O,1',
Value = 'O,1',
Namelength = 'O,1',
Descriptionlength = 'O,1',
Interfaceflags = 'O,1',
Numberofaddresses = 'O,1',
Name = 'O,1',
Description = 'O,1',
Addressfamily = 'O,1',
Port = 'O,n',
IPaddress = 'O,n',
Padding = 'O,n',
Unknownaddress = 'O,n',
Linktype = 'O,1',
Timezoneoffset = 'O,1',
Buffersize = 'O,1',
Serverport = 'O,1',
RBKF = 'O,1',
DBNI = 'O,1',
DBKF = 'O,1',
CBR = 'O,1',
},
}

You might also like