[jira] [Created] (METRON-854) Create DHCPDump Parser

Fri, 14 Apr 2017 00:22:49 -0700 

Bas van de Lustgraaf created METRON-854:
-------------------------------------------

             Summary: Create DHCPDump Parser
                 Key: METRON-854
                 URL: https://issues.apache.org/jira/browse/METRON-854
             Project: Metron
          Issue Type: New Feature
            Reporter: Bas van de Lustgraaf
            Priority: Minor


Create a DHCPDump parser. This information can be used during enrichment to 
link ip-addresses to hostnames.

{noformat}
TIME: 2017-01-16 16:54:21.655|INTERFACE: eth2|OP:1 BOOTPREQUEST|CIADDR: 
172.20.75.77|YIADDR: 0.0.0.0|SIADDR: 0.0.0.0|GIADDR: 172.20.75.8|CHADDR: 
fc:f8:ae:e8:ef:db:00:00:00:00:00:00:00:00:00:00|OPTION:  53   1 DHCP message 
type: 8 |DHCPINFORM|OPTION:  61   7 Client-identifier: 
01:fc:f8:ae:e8:ef:db|OPTION:  12   5 Host name: Q1244|OPTION:  60   8 Vendor 
class identifier: MSFT 5.0|OPTION:  55  13 Parameter Request List:   1 (Subnet 
mask)|| 15 (Domainname)||  3 (Routers)||  6 (DNS server)|| 44 (NetBIOS name 
server)|| 46 (NetBIOS node type)|| 47 (NetBIOS scope)|| 31 (Perform router 
discovery)|| 33 (Static route)||121 (Classless Static Route)||249 (MSFT - 
Classless route)|| 43 (Vendor specific info)||252 (MSFT - WinSock Proxy Auto 
Detect)|||IP: 10.10.10.177 > 172.20.1.11 | b8:ca:3a:67:95:8a > 0:50:56:84:68:43
TIME: 2017-01-16 17:13:14.548|INTERFACE: eth2|OP:1 BOOTPREQUEST|CIADDR: 
172.20.75.77|YIADDR: 0.0.0.0|SIADDR: 0.0.0.0|GIADDR: 172.20.75.8|CHADDR: 
fc:f8:ae:e8:ef:db:00:00:00:00:00:00:00:00:00:00|OPTION:  53   1 DHCP message 
type: 8 |DHCPINFORM|OPTION:  61   7 Client-identifier: 
01:fc:f8:ae:e8:ef:db|OPTION:  12   5 Host name: Q1244|OPTION:  60   8 Vendor 
class identifier: MSFT 5.0|OPTION:  55  13 Parameter Request List:   1 (Subnet 
mask)|| 15 (Domainname)||  3 (Routers)||  6 (DNS server)|| 44 (NetBIOS name 
server)|| 46 (NetBIOS node type)|| 47 (NetBIOS scope)|| 31 (Perform router 
discovery)|| 33 (Static route)||121 (Classless Static Route)||249 (MSFT - 
Classless route)|| 43 (Vendor specific info)||252 (MSFT - WinSock Proxy Auto 
Detect)|||IP: 10.10.10.177 > 172.20.1.10 | b8:ca:3a:67:95:8a > 0:50:56:b9:28:ac
{noformat}



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to