You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@metron.apache.org by rm...@apache.org on 2018/08/17 15:34:34 UTC
[19/51] [abbrv] metron git commit: METRON-1671 Create PCAP UI (tiborm
via merrimanr) closes apache/metron#1103
http://git-wip-us.apache.org/repos/asf/metron/blob/d5eb56a9/metron-interface/metron-alerts/src/app/pcap/service/pcap.service.spec.ts
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts/src/app/pcap/service/pcap.service.spec.ts b/metron-interface/metron-alerts/src/app/pcap/service/pcap.service.spec.ts
new file mode 100644
index 0000000..244a3ea
--- /dev/null
+++ b/metron-interface/metron-alerts/src/app/pcap/service/pcap.service.spec.ts
@@ -0,0 +1,1752 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import { TestBed, async, inject } from '@angular/core/testing';
+import {
+ BaseRequestOptions,
+ HttpModule,
+ Http,
+ Response,
+ ResponseOptions
+} from '@angular/http';
+import { MockBackend } from '@angular/http/testing';
+
+import { PcapService } from './pcap.service';
+import { PcapRequest } from '../model/pcap.request';
+
+describe('PcapService', () => {
+ beforeEach(() => {
+
+ TestBed.configureTestingModule({
+ imports: [HttpModule],
+ providers: [
+ PcapService,
+ {
+ provide: Http,
+ useFactory: (mockBackend, options) => {
+ return new Http(mockBackend, options);
+ },
+ deps: [MockBackend, BaseRequestOptions]
+ },
+ MockBackend,
+ BaseRequestOptions
+ ]
+ });
+ });
+ describe('getPackets()', () => {
+ it('should return an Observable<Response>',
+ inject([PcapService, MockBackend], (pcapService, mockBackend) => {
+
+ let request: PcapRequest = {
+ startTimeMs: 0,
+ endTimeMs: 0,
+ ipSrcAddr: '0.0.0.0',
+ ipSrcPort: '80',
+ ipDstAddr: '0.0.0.0',
+ ipDstPort: '80',
+ protocol: '*',
+ packetFilter: '*',
+ includeReverse: false,
+ };
+
+ mockBackend.connections.subscribe((connection) => {
+ connection.mockRespond(new Response(new ResponseOptions({body: pdml_json()})));
+ });
+ let packets;
+ pcapService.getPackets(request).subscribe(r => packets = r)
+ expect(packets).toBeTruthy()
+ expect(packets.pdml).toBeTruthy()
+ expect(packets.pdml.packet.length).toBe(1)
+ expect(packets.pdml.packet[0].proto.length).toBeGreaterThan(3)
+
+ console.log(packets)
+ }))
+
+
+ it('should ...', inject([PcapService], (service: PcapService) => {
+ expect(service).toBeTruthy();
+ }));
+
+ })
+
+});
+
+
+
+
+function pdml_json() {
+ return `{
+ "pdml": {
+ "$": {
+ "version": "0",
+ "creator": "wireshark/2.4.2",
+ "time": "Tue Mar 27 21:55:25 2018",
+ "capture_file": "./metron-platform/metron-api/src/test/resources/test-tcp-packet.pcap"
+ },
+ "packet": [
+ {
+ "proto": [
+ {
+ "$": {
+ "name": "geninfo",
+ "pos": "0",
+ "showname": "General information",
+ "size": "104"
+ },
+ "field": [
+ {
+ "$": {
+ "name": "num",
+ "pos": "0",
+ "show": "1",
+ "showname": "Number",
+ "value": "1",
+ "size": "104"
+ }
+ },
+ {
+ "$": {
+ "name": "len",
+ "pos": "0",
+ "show": "104",
+ "showname": "Frame Length",
+ "value": "68",
+ "size": "104"
+ }
+ },
+ {
+ "$": {
+ "name": "caplen",
+ "pos": "0",
+ "show": "104",
+ "showname": "Captured Length",
+ "value": "68",
+ "size": "104"
+ }
+ },
+ {
+ "$": {
+ "name": "timestamp",
+ "pos": "0",
+ "show": "Mar 26, 2014 19:59:40.024362000 GMT",
+ "showname": "Captured Time",
+ "value": "1395863980.024362000",
+ "size": "104"
+ }
+ }
+ ]
+ },
+ {
+ "$": {
+ "name": "frame",
+ "showname": "Frame 1: 104 bytes on wire (832 bits), 104 bytes captured (832 bits)",
+ "size": "104",
+ "pos": "0"
+ },
+ "field": [
+ {
+ "$": {
+ "name": "frame.encap_type",
+ "showname": "Encapsulation type: Ethernet (1)",
+ "size": "0",
+ "pos": "0",
+ "show": "1"
+ }
+ },
+ {
+ "$": {
+ "name": "frame.time",
+ "showname": "Arrival Time: Mar 26, 2014 19:59:40.024362000 GMT",
+ "size": "0",
+ "pos": "0",
+ "show": "Mar 26, 2014 19:59:40.024362000 GMT"
+ }
+ },
+ {
+ "$": {
+ "name": "frame.offset_shift",
+ "showname": "Time shift for this packet: 0.000000000 seconds",
+ "size": "0",
+ "pos": "0",
+ "show": "0.000000000"
+ }
+ },
+ {
+ "$": {
+ "name": "frame.time_epoch",
+ "showname": "Epoch Time: 1395863980.024362000 seconds",
+ "size": "0",
+ "pos": "0",
+ "show": "1395863980.024362000"
+ }
+ },
+ {
+ "$": {
+ "name": "frame.time_delta",
+ "showname": "Time delta from previous captured frame: 0.000000000 seconds",
+ "size": "0",
+ "pos": "0",
+ "show": "0.000000000"
+ }
+ },
+ {
+ "$": {
+ "name": "frame.time_delta_displayed",
+ "showname": "Time delta from previous displayed frame: 0.000000000 seconds",
+ "size": "0",
+ "pos": "0",
+ "show": "0.000000000"
+ }
+ },
+ {
+ "$": {
+ "name": "frame.time_relative",
+ "showname": "Time since reference or first frame: 0.000000000 seconds",
+ "size": "0",
+ "pos": "0",
+ "show": "0.000000000"
+ }
+ },
+ {
+ "$": {
+ "name": "frame.number",
+ "showname": "Frame Number: 1",
+ "size": "0",
+ "pos": "0",
+ "show": "1"
+ }
+ },
+ {
+ "$": {
+ "name": "frame.len",
+ "showname": "Frame Length: 104 bytes (832 bits)",
+ "size": "0",
+ "pos": "0",
+ "show": "104"
+ }
+ },
+ {
+ "$": {
+ "name": "frame.cap_len",
+ "showname": "Capture Length: 104 bytes (832 bits)",
+ "size": "0",
+ "pos": "0",
+ "show": "104"
+ }
+ },
+ {
+ "$": {
+ "name": "frame.marked",
+ "showname": "Frame is marked: False",
+ "size": "0",
+ "pos": "0",
+ "show": "0"
+ }
+ },
+ {
+ "$": {
+ "name": "frame.ignored",
+ "showname": "Frame is ignored: False",
+ "size": "0",
+ "pos": "0",
+ "show": "0"
+ }
+ },
+ {
+ "$": {
+ "name": "frame.protocols",
+ "showname": "Protocols in frame: eth:ethertype:ip:tcp:smtp",
+ "size": "0",
+ "pos": "0",
+ "show": "eth:ethertype:ip:tcp:smtp"
+ }
+ }
+ ]
+ },
+ {
+ "$": {
+ "name": "eth",
+ "showname": "Ethernet II, Src: MS-NLB-PhysServer-26_c5:01:00:02 (02:1a:c5:01:00:02), Dst: MS-NLB-PhysServer-26_c5:05:00:02 (02:1a:c5:05:00:02)",
+ "size": "14",
+ "pos": "0"
+ },
+ "field": [
+ {
+ "$": {
+ "name": "eth.dst",
+ "showname": "Destination: MS-NLB-PhysServer-26_c5:05:00:02 (02:1a:c5:05:00:02)",
+ "size": "6",
+ "pos": "0",
+ "show": "02:1a:c5:05:00:02",
+ "value": "021ac5050002"
+ },
+ "field": [
+ {
+ "$": {
+ "name": "eth.dst_resolved",
+ "showname": "Destination (resolved): MS-NLB-PhysServer-26_c5:05:00:02",
+ "hide": "yes",
+ "size": "6",
+ "pos": "0",
+ "show": "MS-NLB-PhysServer-26_c5:05:00:02",
+ "value": "021ac5050002"
+ }
+ },
+ {
+ "$": {
+ "name": "eth.addr",
+ "showname": "Address: MS-NLB-PhysServer-26_c5:05:00:02 (02:1a:c5:05:00:02)",
+ "size": "6",
+ "pos": "0",
+ "show": "02:1a:c5:05:00:02",
+ "value": "021ac5050002"
+ }
+ },
+ {
+ "$": {
+ "name": "eth.addr_resolved",
+ "showname": "Address (resolved): MS-NLB-PhysServer-26_c5:05:00:02",
+ "hide": "yes",
+ "size": "6",
+ "pos": "0",
+ "show": "MS-NLB-PhysServer-26_c5:05:00:02",
+ "value": "021ac5050002"
+ }
+ },
+ {
+ "$": {
+ "name": "eth.lg",
+ "showname": ".... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)",
+ "size": "3",
+ "pos": "0",
+ "show": "1",
+ "value": "1",
+ "unmaskedvalue": "021ac5"
+ }
+ },
+ {
+ "$": {
+ "name": "eth.ig",
+ "showname": ".... ...0 .... .... .... .... = IG bit: Individual address (unicast)",
+ "size": "3",
+ "pos": "0",
+ "show": "0",
+ "value": "0",
+ "unmaskedvalue": "021ac5"
+ }
+ }
+ ]
+ },
+ {
+ "$": {
+ "name": "eth.src",
+ "showname": "Source: MS-NLB-PhysServer-26_c5:01:00:02 (02:1a:c5:01:00:02)",
+ "size": "6",
+ "pos": "6",
+ "show": "02:1a:c5:01:00:02",
+ "value": "021ac5010002"
+ },
+ "field": [
+ {
+ "$": {
+ "name": "eth.src_resolved",
+ "showname": "Source (resolved): MS-NLB-PhysServer-26_c5:01:00:02",
+ "hide": "yes",
+ "size": "6",
+ "pos": "6",
+ "show": "MS-NLB-PhysServer-26_c5:01:00:02",
+ "value": "021ac5010002"
+ }
+ },
+ {
+ "$": {
+ "name": "eth.addr",
+ "showname": "Address: MS-NLB-PhysServer-26_c5:01:00:02 (02:1a:c5:01:00:02)",
+ "size": "6",
+ "pos": "6",
+ "show": "02:1a:c5:01:00:02",
+ "value": "021ac5010002"
+ }
+ },
+ {
+ "$": {
+ "name": "eth.addr_resolved",
+ "showname": "Address (resolved): MS-NLB-PhysServer-26_c5:01:00:02",
+ "hide": "yes",
+ "size": "6",
+ "pos": "6",
+ "show": "MS-NLB-PhysServer-26_c5:01:00:02",
+ "value": "021ac5010002"
+ }
+ },
+ {
+ "$": {
+ "name": "eth.lg",
+ "showname": ".... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)",
+ "size": "3",
+ "pos": "6",
+ "show": "1",
+ "value": "1",
+ "unmaskedvalue": "021ac5"
+ }
+ },
+ {
+ "$": {
+ "name": "eth.ig",
+ "showname": ".... ...0 .... .... .... .... = IG bit: Individual address (unicast)",
+ "size": "3",
+ "pos": "6",
+ "show": "0",
+ "value": "0",
+ "unmaskedvalue": "021ac5"
+ }
+ }
+ ]
+ },
+ {
+ "$": {
+ "name": "eth.type",
+ "showname": "Type: IPv4 (0x0800)",
+ "size": "2",
+ "pos": "12",
+ "show": "0x00000800",
+ "value": "0800"
+ }
+ },
+ {
+ "$": {
+ "name": "eth.fcs",
+ "showname": "Frame check sequence: 0x26469e92 [correct]",
+ "size": "4",
+ "pos": "100",
+ "show": "0x26469e92",
+ "value": "26469e92"
+ }
+ },
+ {
+ "$": {
+ "name": "eth.fcs.status",
+ "showname": "FCS Status: Good",
+ "size": "0",
+ "pos": "100",
+ "show": "1"
+ }
+ }
+ ]
+ },
+ {
+ "$": {
+ "name": "ip",
+ "showname": "Internet Protocol Version 4, Src: 24.0.0.2, Dst: 24.128.0.2",
+ "size": "20",
+ "pos": "14"
+ },
+ "field": [
+ {
+ "$": {
+ "name": "ip.version",
+ "showname": "0100 .... = Version: 4",
+ "size": "1",
+ "pos": "14",
+ "show": "4",
+ "value": "4",
+ "unmaskedvalue": "45"
+ }
+ },
+ {
+ "$": {
+ "name": "ip.hdr_len",
+ "showname": ".... 0101 = Header Length: 20 bytes (5)",
+ "size": "1",
+ "pos": "14",
+ "show": "20",
+ "value": "45"
+ }
+ },
+ {
+ "$": {
+ "name": "ip.dsfield",
+ "showname": "Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)",
+ "size": "1",
+ "pos": "15",
+ "show": "0x00000000",
+ "value": "00"
+ },
+ "field": [
+ {
+ "$": {
+ "name": "ip.dsfield.dscp",
+ "showname": "0000 00.. = Differentiated Services Codepoint: Default (0)",
+ "size": "1",
+ "pos": "15",
+ "show": "0",
+ "value": "0",
+ "unmaskedvalue": "00"
+ }
+ },
+ {
+ "$": {
+ "name": "ip.dsfield.ecn",
+ "showname": ".... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)",
+ "size": "1",
+ "pos": "15",
+ "show": "0",
+ "value": "0",
+ "unmaskedvalue": "00"
+ }
+ }
+ ]
+ },
+ {
+ "$": {
+ "name": "ip.len",
+ "showname": "Total Length: 86",
+ "size": "2",
+ "pos": "16",
+ "show": "86",
+ "value": "0056"
+ }
+ },
+ {
+ "$": {
+ "name": "ip.id",
+ "showname": "Identification: 0xcff6 (53238)",
+ "size": "2",
+ "pos": "18",
+ "show": "0x0000cff6",
+ "value": "cff6"
+ }
+ },
+ {
+ "$": {
+ "name": "ip.flags",
+ "showname": "Flags: 0x02 (Don't Fragment)",
+ "size": "1",
+ "pos": "20",
+ "show": "0x00000002",
+ "value": "40"
+ },
+ "field": [
+ {
+ "$": {
+ "name": "ip.flags.rb",
+ "showname": "0... .... = Reserved bit: Not set",
+ "size": "1",
+ "pos": "20",
+ "show": "0",
+ "value": "40"
+ }
+ },
+ {
+ "$": {
+ "name": "ip.flags.df",
+ "showname": ".1.. .... = Don't fragment: Set",
+ "size": "1",
+ "pos": "20",
+ "show": "1",
+ "value": "40"
+ }
+ },
+ {
+ "$": {
+ "name": "ip.flags.mf",
+ "showname": "..0. .... = More fragments: Not set",
+ "size": "1",
+ "pos": "20",
+ "show": "0",
+ "value": "40"
+ }
+ }
+ ]
+ },
+ {
+ "$": {
+ "name": "ip.frag_offset",
+ "showname": "Fragment offset: 0",
+ "size": "2",
+ "pos": "20",
+ "show": "0",
+ "value": "4000"
+ }
+ },
+ {
+ "$": {
+ "name": "ip.ttl",
+ "showname": "Time to live: 32",
+ "size": "1",
+ "pos": "22",
+ "show": "32",
+ "value": "20"
+ }
+ },
+ {
+ "$": {
+ "name": "ip.proto",
+ "showname": "Protocol: TCP (6)",
+ "size": "1",
+ "pos": "23",
+ "show": "6",
+ "value": "06"
+ }
+ },
+ {
+ "$": {
+ "name": "ip.checksum",
+ "showname": "Header checksum: 0x5a28 [validation disabled]",
+ "size": "2",
+ "pos": "24",
+ "show": "0x00005a28",
+ "value": "5a28"
+ }
+ },
+ {
+ "$": {
+ "name": "ip.checksum.status",
+ "showname": "Header checksum status: Unverified",
+ "size": "0",
+ "pos": "24",
+ "show": "2"
+ }
+ },
+ {
+ "$": {
+ "name": "ip.src",
+ "showname": "Source: 24.0.0.2",
+ "size": "4",
+ "pos": "26",
+ "show": "24.0.0.2",
+ "value": "18000002"
+ }
+ },
+ {
+ "$": {
+ "name": "ip.addr",
+ "showname": "Source or Destination Address: 24.0.0.2",
+ "hide": "yes",
+ "size": "4",
+ "pos": "26",
+ "show": "24.0.0.2",
+ "value": "18000002"
+ }
+ },
+ {
+ "$": {
+ "name": "ip.src_host",
+ "showname": "Source Host: 24.0.0.2",
+ "hide": "yes",
+ "size": "4",
+ "pos": "26",
+ "show": "24.0.0.2",
+ "value": "18000002"
+ }
+ },
+ {
+ "$": {
+ "name": "ip.host",
+ "showname": "Source or Destination Host: 24.0.0.2",
+ "hide": "yes",
+ "size": "4",
+ "pos": "26",
+ "show": "24.0.0.2",
+ "value": "18000002"
+ }
+ },
+ {
+ "$": {
+ "name": "ip.dst",
+ "showname": "Destination: 24.128.0.2",
+ "size": "4",
+ "pos": "30",
+ "show": "24.128.0.2",
+ "value": "18800002"
+ }
+ },
+ {
+ "$": {
+ "name": "ip.addr",
+ "showname": "Source or Destination Address: 24.128.0.2",
+ "hide": "yes",
+ "size": "4",
+ "pos": "30",
+ "show": "24.128.0.2",
+ "value": "18800002"
+ }
+ },
+ {
+ "$": {
+ "name": "ip.dst_host",
+ "showname": "Destination Host: 24.128.0.2",
+ "hide": "yes",
+ "size": "4",
+ "pos": "30",
+ "show": "24.128.0.2",
+ "value": "18800002"
+ }
+ },
+ {
+ "$": {
+ "name": "ip.host",
+ "showname": "Source or Destination Host: 24.128.0.2",
+ "hide": "yes",
+ "size": "4",
+ "pos": "30",
+ "show": "24.128.0.2",
+ "value": "18800002"
+ }
+ },
+ {
+ "$": {
+ "name": "",
+ "show": "Source GeoIP: United States, Woodbridge, NJ, AS7922 Comcast Cable Communications, LLC, United States, Woodbridge, NJ, AS7922 Comcast Cable Communications, LLC, 40.557598, -74.284599",
+ "size": "4",
+ "pos": "26",
+ "value": "18000002"
+ },
+ "field": [
+ {
+ "$": {
+ "name": "ip.geoip.src_country",
+ "showname": "Source GeoIP Country: United States",
+ "size": "4",
+ "pos": "26",
+ "show": "United States",
+ "value": "18000002"
+ }
+ },
+ {
+ "$": {
+ "name": "ip.geoip.country",
+ "showname": "Source or Destination GeoIP Country: United States",
+ "hide": "yes",
+ "size": "4",
+ "pos": "26",
+ "show": "United States",
+ "value": "18000002"
+ }
+ },
+ {
+ "$": {
+ "name": "ip.geoip.src_city",
+ "showname": "Source GeoIP City: Woodbridge, NJ",
+ "size": "4",
+ "pos": "26",
+ "show": "Woodbridge, NJ",
+ "value": "18000002"
+ }
+ },
+ {
+ "$": {
+ "name": "ip.geoip.city",
+ "showname": "Source or Destination GeoIP City: Woodbridge, NJ",
+ "hide": "yes",
+ "size": "4",
+ "pos": "26",
+ "show": "Woodbridge, NJ",
+ "value": "18000002"
+ }
+ },
+ {
+ "$": {
+ "name": "ip.geoip.src_asnum",
+ "showname": "Source GeoIP AS Number: AS7922 Comcast Cable Communications, LLC",
+ "size": "4",
+ "pos": "26",
+ "show": "AS7922 Comcast Cable Communications, LLC",
+ "value": "18000002"
+ }
+ },
+ {
+ "$": {
+ "name": "ip.geoip.asnum",
+ "showname": "Source or Destination GeoIP AS Number: AS7922 Comcast Cable Communications, LLC",
+ "hide": "yes",
+ "size": "4",
+ "pos": "26",
+ "show": "AS7922 Comcast Cable Communications, LLC",
+ "value": "18000002"
+ }
+ },
+ {
+ "$": {
+ "name": "ip.geoip.src_country",
+ "showname": "Source GeoIP Country: United States",
+ "size": "4",
+ "pos": "26",
+ "show": "United States",
+ "value": "18000002"
+ }
+ },
+ {
+ "$": {
+ "name": "ip.geoip.country",
+ "showname": "Source or Destination GeoIP Country: United States",
+ "hide": "yes",
+ "size": "4",
+ "pos": "26",
+ "show": "United States",
+ "value": "18000002"
+ }
+ },
+ {
+ "$": {
+ "name": "ip.geoip.src_city",
+ "showname": "Source GeoIP City: Woodbridge, NJ",
+ "size": "4",
+ "pos": "26",
+ "show": "Woodbridge, NJ",
+ "value": "18000002"
+ }
+ },
+ {
+ "$": {
+ "name": "ip.geoip.city",
+ "showname": "Source or Destination GeoIP City: Woodbridge, NJ",
+ "hide": "yes",
+ "size": "4",
+ "pos": "26",
+ "show": "Woodbridge, NJ",
+ "value": "18000002"
+ }
+ },
+ {
+ "$": {
+ "name": "ip.geoip.src_asnum",
+ "showname": "Source GeoIP AS Number: AS7922 Comcast Cable Communications, LLC",
+ "size": "4",
+ "pos": "26",
+ "show": "AS7922 Comcast Cable Communications, LLC",
+ "value": "18000002"
+ }
+ },
+ {
+ "$": {
+ "name": "ip.geoip.asnum",
+ "showname": "Source or Destination GeoIP AS Number: AS7922 Comcast Cable Communications, LLC",
+ "hide": "yes",
+ "size": "4",
+ "pos": "26",
+ "show": "AS7922 Comcast Cable Communications, LLC",
+ "value": "18000002"
+ }
+ },
+ {
+ "$": {
+ "name": "ip.geoip.src_lat",
+ "showname": "Source GeoIP Latitude: 40.557598",
+ "size": "4",
+ "pos": "26",
+ "show": "40.557598",
+ "value": "18000002"
+ }
+ },
+ {
+ "$": {
+ "name": "ip.geoip.lat",
+ "showname": "Source or Destination GeoIP Latitude: 40.557598",
+ "hide": "yes",
+ "size": "4",
+ "pos": "26",
+ "show": "40.557598",
+ "value": "18000002"
+ }
+ },
+ {
+ "$": {
+ "name": "ip.geoip.src_lon",
+ "showname": "Source GeoIP Longitude: -74.284599",
+ "size": "4",
+ "pos": "26",
+ "show": "-74.284599",
+ "value": "18000002"
+ }
+ },
+ {
+ "$": {
+ "name": "ip.geoip.lon",
+ "showname": "Source or Destination GeoIP Longitude: -74.284599",
+ "hide": "yes",
+ "size": "4",
+ "pos": "26",
+ "show": "-74.284599",
+ "value": "18000002"
+ }
+ }
+ ]
+ },
+ {
+ "$": {
+ "name": "",
+ "show": "Destination GeoIP: United States, Groton, CT, AS7922 Comcast Cable Communications, LLC, United States, Groton, CT, AS7922 Comcast Cable Communications, LLC, 41.353199, -72.038597",
+ "size": "4",
+ "pos": "30",
+ "value": "18800002"
+ },
+ "field": [
+ {
+ "$": {
+ "name": "ip.geoip.dst_country",
+ "showname": "Destination GeoIP Country: United States",
+ "size": "4",
+ "pos": "30",
+ "show": "United States",
+ "value": "18800002"
+ }
+ },
+ {
+ "$": {
+ "name": "ip.geoip.country",
+ "showname": "Source or Destination GeoIP Country: United States",
+ "hide": "yes",
+ "size": "4",
+ "pos": "30",
+ "show": "United States",
+ "value": "18800002"
+ }
+ },
+ {
+ "$": {
+ "name": "ip.geoip.dst_city",
+ "showname": "Destination GeoIP City: Groton, CT",
+ "size": "4",
+ "pos": "30",
+ "show": "Groton, CT",
+ "value": "18800002"
+ }
+ },
+ {
+ "$": {
+ "name": "ip.geoip.city",
+ "showname": "Source or Destination GeoIP City: Groton, CT",
+ "hide": "yes",
+ "size": "4",
+ "pos": "30",
+ "show": "Groton, CT",
+ "value": "18800002"
+ }
+ },
+ {
+ "$": {
+ "name": "ip.geoip.dst_asnum",
+ "showname": "Destination GeoIP AS Number: AS7922 Comcast Cable Communications, LLC",
+ "size": "4",
+ "pos": "30",
+ "show": "AS7922 Comcast Cable Communications, LLC",
+ "value": "18800002"
+ }
+ },
+ {
+ "$": {
+ "name": "ip.geoip.asnum",
+ "showname": "Source or Destination GeoIP AS Number: AS7922 Comcast Cable Communications, LLC",
+ "hide": "yes",
+ "size": "4",
+ "pos": "30",
+ "show": "AS7922 Comcast Cable Communications, LLC",
+ "value": "18800002"
+ }
+ },
+ {
+ "$": {
+ "name": "ip.geoip.dst_country",
+ "showname": "Destination GeoIP Country: United States",
+ "size": "4",
+ "pos": "30",
+ "show": "United States",
+ "value": "18800002"
+ }
+ },
+ {
+ "$": {
+ "name": "ip.geoip.country",
+ "showname": "Source or Destination GeoIP Country: United States",
+ "hide": "yes",
+ "size": "4",
+ "pos": "30",
+ "show": "United States",
+ "value": "18800002"
+ }
+ },
+ {
+ "$": {
+ "name": "ip.geoip.dst_city",
+ "showname": "Destination GeoIP City: Groton, CT",
+ "size": "4",
+ "pos": "30",
+ "show": "Groton, CT",
+ "value": "18800002"
+ }
+ },
+ {
+ "$": {
+ "name": "ip.geoip.city",
+ "showname": "Source or Destination GeoIP City: Groton, CT",
+ "hide": "yes",
+ "size": "4",
+ "pos": "30",
+ "show": "Groton, CT",
+ "value": "18800002"
+ }
+ },
+ {
+ "$": {
+ "name": "ip.geoip.dst_asnum",
+ "showname": "Destination GeoIP AS Number: AS7922 Comcast Cable Communications, LLC",
+ "size": "4",
+ "pos": "30",
+ "show": "AS7922 Comcast Cable Communications, LLC",
+ "value": "18800002"
+ }
+ },
+ {
+ "$": {
+ "name": "ip.geoip.asnum",
+ "showname": "Source or Destination GeoIP AS Number: AS7922 Comcast Cable Communications, LLC",
+ "hide": "yes",
+ "size": "4",
+ "pos": "30",
+ "show": "AS7922 Comcast Cable Communications, LLC",
+ "value": "18800002"
+ }
+ },
+ {
+ "$": {
+ "name": "ip.geoip.dst_lat",
+ "showname": "Destination GeoIP Latitude: 41.353199",
+ "size": "4",
+ "pos": "30",
+ "show": "41.353199",
+ "value": "18800002"
+ }
+ },
+ {
+ "$": {
+ "name": "ip.geoip.lat",
+ "showname": "Source or Destination GeoIP Latitude: 41.353199",
+ "hide": "yes",
+ "size": "4",
+ "pos": "30",
+ "show": "41.353199",
+ "value": "18800002"
+ }
+ },
+ {
+ "$": {
+ "name": "ip.geoip.dst_lon",
+ "showname": "Destination GeoIP Longitude: -72.038597",
+ "size": "4",
+ "pos": "30",
+ "show": "-72.038597",
+ "value": "18800002"
+ }
+ },
+ {
+ "$": {
+ "name": "ip.geoip.lon",
+ "showname": "Source or Destination GeoIP Longitude: -72.038597",
+ "hide": "yes",
+ "size": "4",
+ "pos": "30",
+ "show": "-72.038597",
+ "value": "18800002"
+ }
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "$": {
+ "name": "tcp",
+ "showname": "Transmission Control Protocol, Src Port: 2137, Dst Port: 25, Seq: 1, Ack: 1, Len: 34",
+ "size": "32",
+ "pos": "34"
+ },
+ "field": [
+ {
+ "$": {
+ "name": "tcp.srcport",
+ "showname": "Source Port: 2137",
+ "size": "2",
+ "pos": "34",
+ "show": "2137",
+ "value": "0859"
+ }
+ },
+ {
+ "$": {
+ "name": "tcp.dstport",
+ "showname": "Destination Port: 25",
+ "size": "2",
+ "pos": "36",
+ "show": "25",
+ "value": "0019"
+ }
+ },
+ {
+ "$": {
+ "name": "tcp.port",
+ "showname": "Source or Destination Port: 2137",
+ "hide": "yes",
+ "size": "2",
+ "pos": "34",
+ "show": "2137",
+ "value": "0859"
+ }
+ },
+ {
+ "$": {
+ "name": "tcp.port",
+ "showname": "Source or Destination Port: 25",
+ "hide": "yes",
+ "size": "2",
+ "pos": "36",
+ "show": "25",
+ "value": "0019"
+ }
+ },
+ {
+ "$": {
+ "name": "tcp.stream",
+ "showname": "Stream index: 0",
+ "size": "0",
+ "pos": "34",
+ "show": "0"
+ }
+ },
+ {
+ "$": {
+ "name": "tcp.len",
+ "showname": "TCP Segment Len: 34",
+ "size": "1",
+ "pos": "46",
+ "show": "34",
+ "value": "80"
+ }
+ },
+ {
+ "$": {
+ "name": "tcp.seq",
+ "showname": "Sequence number: 1 (relative sequence number)",
+ "size": "4",
+ "pos": "38",
+ "show": "1",
+ "value": "f88900ce"
+ }
+ },
+ {
+ "$": {
+ "name": "tcp.nxtseq",
+ "showname": "Next sequence number: 35 (relative sequence number)",
+ "size": "0",
+ "pos": "34",
+ "show": "35"
+ }
+ },
+ {
+ "$": {
+ "name": "tcp.ack",
+ "showname": "Acknowledgment number: 1 (relative ack number)",
+ "size": "4",
+ "pos": "42",
+ "show": "1",
+ "value": "365aa74f"
+ }
+ },
+ {
+ "$": {
+ "name": "tcp.hdr_len",
+ "showname": "1000 .... = Header Length: 32 bytes (8)",
+ "size": "1",
+ "pos": "46",
+ "show": "32",
+ "value": "80"
+ }
+ },
+ {
+ "$": {
+ "name": "tcp.flags",
+ "showname": "Flags: 0x018 (PSH, ACK)",
+ "size": "2",
+ "pos": "46",
+ "show": "0x00000018",
+ "value": "18",
+ "unmaskedvalue": "8018"
+ },
+ "field": [
+ {
+ "$": {
+ "name": "tcp.flags.res",
+ "showname": "000. .... .... = Reserved: Not set",
+ "size": "1",
+ "pos": "46",
+ "show": "0",
+ "value": "0",
+ "unmaskedvalue": "80"
+ }
+ },
+ {
+ "$": {
+ "name": "tcp.flags.ns",
+ "showname": "...0 .... .... = Nonce: Not set",
+ "size": "1",
+ "pos": "46",
+ "show": "0",
+ "value": "0",
+ "unmaskedvalue": "80"
+ }
+ },
+ {
+ "$": {
+ "name": "tcp.flags.cwr",
+ "showname": ".... 0... .... = Congestion Window Reduced (CWR): Not set",
+ "size": "1",
+ "pos": "47",
+ "show": "0",
+ "value": "0",
+ "unmaskedvalue": "18"
+ }
+ },
+ {
+ "$": {
+ "name": "tcp.flags.ecn",
+ "showname": ".... .0.. .... = ECN-Echo: Not set",
+ "size": "1",
+ "pos": "47",
+ "show": "0",
+ "value": "0",
+ "unmaskedvalue": "18"
+ }
+ },
+ {
+ "$": {
+ "name": "tcp.flags.urg",
+ "showname": ".... ..0. .... = Urgent: Not set",
+ "size": "1",
+ "pos": "47",
+ "show": "0",
+ "value": "0",
+ "unmaskedvalue": "18"
+ }
+ },
+ {
+ "$": {
+ "name": "tcp.flags.ack",
+ "showname": ".... ...1 .... = Acknowledgment: Set",
+ "size": "1",
+ "pos": "47",
+ "show": "1",
+ "value": "1",
+ "unmaskedvalue": "18"
+ }
+ },
+ {
+ "$": {
+ "name": "tcp.flags.push",
+ "showname": ".... .... 1... = Push: Set",
+ "size": "1",
+ "pos": "47",
+ "show": "1",
+ "value": "1",
+ "unmaskedvalue": "18"
+ }
+ },
+ {
+ "$": {
+ "name": "tcp.flags.reset",
+ "showname": ".... .... .0.. = Reset: Not set",
+ "size": "1",
+ "pos": "47",
+ "show": "0",
+ "value": "0",
+ "unmaskedvalue": "18"
+ }
+ },
+ {
+ "$": {
+ "name": "tcp.flags.syn",
+ "showname": ".... .... ..0. = Syn: Not set",
+ "size": "1",
+ "pos": "47",
+ "show": "0",
+ "value": "0",
+ "unmaskedvalue": "18"
+ }
+ },
+ {
+ "$": {
+ "name": "tcp.flags.fin",
+ "showname": ".... .... ...0 = Fin: Not set",
+ "size": "1",
+ "pos": "47",
+ "show": "0",
+ "value": "0",
+ "unmaskedvalue": "18"
+ }
+ },
+ {
+ "$": {
+ "name": "tcp.flags.str",
+ "showname": "TCP Flags: \\\\xc2\\\\xb7\\\\xc2\\\\xb7\\\\xc2\\\\xb7\\\\xc2\\\\xb7\\\\xc2\\\\xb7\\\\xc2\\\\xb7\\\\xc2\\\\xb7AP\\\\xc2\\\\xb7\\\\xc2\\\\xb7\\\\xc2\\\\xb7",
+ "size": "2",
+ "pos": "46",
+ "show": "\\\\xc2\\\\xb7\\\\xc2\\\\xb7\\\\xc2\\\\xb7\\\\xc2\\\\xb7\\\\xc2\\\\xb7\\\\xc2\\\\xb7\\\\xc2\\\\xb7AP\\\\xc2\\\\xb7\\\\xc2\\\\xb7\\\\xc2\\\\xb7",
+ "value": "8018"
+ }
+ }
+ ]
+ },
+ {
+ "$": {
+ "name": "tcp.window_size_value",
+ "showname": "Window size value: 7240",
+ "size": "2",
+ "pos": "48",
+ "show": "7240",
+ "value": "1c48"
+ }
+ },
+ {
+ "$": {
+ "name": "tcp.window_size",
+ "showname": "Calculated window size: 7240",
+ "size": "2",
+ "pos": "48",
+ "show": "7240",
+ "value": "1c48"
+ }
+ },
+ {
+ "$": {
+ "name": "tcp.window_size_scalefactor",
+ "showname": "Window size scaling factor: -1 (unknown)",
+ "size": "2",
+ "pos": "48",
+ "show": "-1",
+ "value": "1c48"
+ }
+ },
+ {
+ "$": {
+ "name": "tcp.checksum",
+ "showname": "Checksum: 0x681f [unverified]",
+ "size": "2",
+ "pos": "50",
+ "show": "0x0000681f",
+ "value": "681f"
+ }
+ },
+ {
+ "$": {
+ "name": "tcp.checksum.status",
+ "showname": "Checksum Status: Unverified",
+ "size": "0",
+ "pos": "50",
+ "show": "2"
+ }
+ },
+ {
+ "$": {
+ "name": "tcp.urgent_pointer",
+ "showname": "Urgent pointer: 0",
+ "size": "2",
+ "pos": "52",
+ "show": "0",
+ "value": "0000"
+ }
+ },
+ {
+ "$": {
+ "name": "tcp.options",
+ "showname": "Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps",
+ "size": "12",
+ "pos": "54",
+ "show": "01:01:08:0a:eb:83:4b:08:e8:8c:de:cb",
+ "value": "0101080aeb834b08e88cdecb"
+ },
+ "field": [
+ {
+ "$": {
+ "name": "tcp.options.nop",
+ "showname": "TCP Option - No-Operation (NOP)",
+ "size": "1",
+ "pos": "54",
+ "show": "01",
+ "value": "01"
+ },
+ "field": [
+ {
+ "$": {
+ "name": "tcp.option_kind",
+ "showname": "Kind: No-Operation (1)",
+ "size": "1",
+ "pos": "54",
+ "show": "1",
+ "value": "01"
+ }
+ }
+ ]
+ },
+ {
+ "$": {
+ "name": "tcp.options.nop",
+ "showname": "TCP Option - No-Operation (NOP)",
+ "size": "1",
+ "pos": "55",
+ "show": "01",
+ "value": "01"
+ },
+ "field": [
+ {
+ "$": {
+ "name": "tcp.option_kind",
+ "showname": "Kind: No-Operation (1)",
+ "size": "1",
+ "pos": "55",
+ "show": "1",
+ "value": "01"
+ }
+ }
+ ]
+ },
+ {
+ "$": {
+ "name": "tcp.options.timestamp",
+ "showname": "TCP Option - Timestamps: TSval 3951250184, TSecr 3901546187",
+ "size": "10",
+ "pos": "56",
+ "show": "08:0a:eb:83:4b:08:e8:8c:de:cb",
+ "value": "080aeb834b08e88cdecb"
+ },
+ "field": [
+ {
+ "$": {
+ "name": "tcp.option_kind",
+ "showname": "Kind: Time Stamp Option (8)",
+ "size": "1",
+ "pos": "56",
+ "show": "8",
+ "value": "08"
+ }
+ },
+ {
+ "$": {
+ "name": "tcp.option_len",
+ "showname": "Length: 10",
+ "size": "1",
+ "pos": "57",
+ "show": "10",
+ "value": "0a"
+ }
+ },
+ {
+ "$": {
+ "name": "tcp.options.timestamp.tsval",
+ "showname": "Timestamp value: 3951250184",
+ "size": "4",
+ "pos": "58",
+ "show": "3951250184",
+ "value": "eb834b08"
+ }
+ },
+ {
+ "$": {
+ "name": "tcp.options.timestamp.tsecr",
+ "showname": "Timestamp echo reply: 3901546187",
+ "size": "4",
+ "pos": "62",
+ "show": "3901546187",
+ "value": "e88cdecb"
+ }
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "$": {
+ "name": "tcp.analysis",
+ "showname": "SEQ/ACK analysis",
+ "size": "0",
+ "pos": "34",
+ "show": "",
+ "value": ""
+ },
+ "field": [
+ {
+ "$": {
+ "name": "tcp.analysis.bytes_in_flight",
+ "showname": "Bytes in flight: 34",
+ "size": "0",
+ "pos": "34",
+ "show": "34"
+ }
+ },
+ {
+ "$": {
+ "name": "tcp.analysis.push_bytes_sent",
+ "showname": "Bytes sent since last PSH flag: 34",
+ "size": "0",
+ "pos": "34",
+ "show": "34"
+ }
+ }
+ ]
+ },
+ {
+ "$": {
+ "name": "tcp.payload",
+ "showname": "TCP payload (34 bytes)",
+ "size": "34",
+ "pos": "66",
+ "show": "45:48:4c:4f:20:63:6c:69:65:6e:74:2d:31:38:30:30:30:30:30:33:2e:65:78:61:6d:70:6c:65:2e:69:6e:74:0d:0a",
+ "value": "45484c4f20636c69656e742d31383030303030332e6578616d706c652e696e740d0a"
+ }
+ }
+ ]
+ },
+ {
+ "$": {
+ "name": "smtp",
+ "showname": "Simple Mail Transfer Protocol",
+ "size": "34",
+ "pos": "66"
+ },
+ "field": [
+ {
+ "$": {
+ "name": "smtp.req",
+ "showname": "Request: True",
+ "hide": "yes",
+ "size": "0",
+ "pos": "66",
+ "show": "1"
+ }
+ },
+ {
+ "$": {
+ "name": "smtp.command_line",
+ "showname": "Command Line: EHLO client-18000003.example.int\\\\r\\\\n",
+ "size": "34",
+ "pos": "66",
+ "show": "EHLO client-18000003.example.int\\\\xd\\\\xa",
+ "value": "45484c4f20636c69656e742d31383030303030332e6578616d706c652e696e740d0a"
+ },
+ "field": [
+ {
+ "$": {
+ "name": "smtp.req.command",
+ "showname": "Command: EHLO",
+ "size": "4",
+ "pos": "66",
+ "show": "EHLO",
+ "value": "45484c4f"
+ }
+ },
+ {
+ "$": {
+ "name": "smtp.req.parameter",
+ "showname": "Request parameter: client-18000003.example.int",
+ "size": "27",
+ "pos": "71",
+ "show": "client-18000003.example.int",
+ "value": "636c69656e742d31383030303030332e6578616d706c652e696e74"
+ }
+ }
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ]
+ }
+}
+`
+}
+
+function pdml() {
+ return `<?xml version="1.0" encoding="utf-8"?>
+ <?xml-stylesheet type="text/xsl" href="pdml2html.xsl"?>
+ <!-- You can find pdml2html.xsl in /usr/share/wireshark or at https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob_plain;f=pdml2html.xsl. -->
+ <pdml version="0" creator="wireshark/2.4.2" time="Tue Mar 27 21:55:25 2018" capture_file="./metron-platform/metron-api/src/test/resources/test-tcp-packet.pcap">
+ <packet>
+ <proto name="geninfo" pos="0" showname="General information" size="104">
+ <field name="num" pos="0" show="1" showname="Number" value="1" size="104"/>
+ <field name="len" pos="0" show="104" showname="Frame Length" value="68" size="104"/>
+ <field name="caplen" pos="0" show="104" showname="Captured Length" value="68" size="104"/>
+ <field name="timestamp" pos="0" show="Mar 26, 2014 19:59:40.024362000 GMT" showname="Captured Time" value="1395863980.024362000" size="104"/>
+ </proto>
+ <proto name="frame" showname="Frame 1: 104 bytes on wire (832 bits), 104 bytes captured (832 bits)" size="104" pos="0">
+ <field name="frame.encap_type" showname="Encapsulation type: Ethernet (1)" size="0" pos="0" show="1"/>
+ <field name="frame.time" showname="Arrival Time: Mar 26, 2014 19:59:40.024362000 GMT" size="0" pos="0" show="Mar 26, 2014 19:59:40.024362000 GMT"/>
+ <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/>
+ <field name="frame.time_epoch" showname="Epoch Time: 1395863980.024362000 seconds" size="0" pos="0" show="1395863980.024362000"/>
+ <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/>
+ <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/>
+ <field name="frame.time_relative" showname="Time since reference or first frame: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/>
+ <field name="frame.number" showname="Frame Number: 1" size="0" pos="0" show="1"/>
+ <field name="frame.len" showname="Frame Length: 104 bytes (832 bits)" size="0" pos="0" show="104"/>
+ <field name="frame.cap_len" showname="Capture Length: 104 bytes (832 bits)" size="0" pos="0" show="104"/>
+ <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/>
+ <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/>
+ <field name="frame.protocols" showname="Protocols in frame: eth:ethertype:ip:tcp:smtp" size="0" pos="0" show="eth:ethertype:ip:tcp:smtp"/>
+ </proto>
+ <proto name="eth" showname="Ethernet II, Src: MS-NLB-PhysServer-26_c5:01:00:02 (02:1a:c5:01:00:02), Dst: MS-NLB-PhysServer-26_c5:05:00:02 (02:1a:c5:05:00:02)" size="14" pos="0">
+ <field name="eth.dst" showname="Destination: MS-NLB-PhysServer-26_c5:05:00:02 (02:1a:c5:05:00:02)" size="6" pos="0" show="02:1a:c5:05:00:02" value="021ac5050002">
+ <field name="eth.dst_resolved" showname="Destination (resolved): MS-NLB-PhysServer-26_c5:05:00:02" hide="yes" size="6" pos="0" show="MS-NLB-PhysServer-26_c5:05:00:02" value="021ac5050002"/>
+ <field name="eth.addr" showname="Address: MS-NLB-PhysServer-26_c5:05:00:02 (02:1a:c5:05:00:02)" size="6" pos="0" show="02:1a:c5:05:00:02" value="021ac5050002"/>
+ <field name="eth.addr_resolved" showname="Address (resolved): MS-NLB-PhysServer-26_c5:05:00:02" hide="yes" size="6" pos="0" show="MS-NLB-PhysServer-26_c5:05:00:02" value="021ac5050002"/>
+ <field name="eth.lg" showname=".... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)" size="3" pos="0" show="1" value="1" unmaskedvalue="021ac5"/>
+ <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="021ac5"/>
+ </field>
+ <field name="eth.src" showname="Source: MS-NLB-PhysServer-26_c5:01:00:02 (02:1a:c5:01:00:02)" size="6" pos="6" show="02:1a:c5:01:00:02" value="021ac5010002">
+ <field name="eth.src_resolved" showname="Source (resolved): MS-NLB-PhysServer-26_c5:01:00:02" hide="yes" size="6" pos="6" show="MS-NLB-PhysServer-26_c5:01:00:02" value="021ac5010002"/>
+ <field name="eth.addr" showname="Address: MS-NLB-PhysServer-26_c5:01:00:02 (02:1a:c5:01:00:02)" size="6" pos="6" show="02:1a:c5:01:00:02" value="021ac5010002"/>
+ <field name="eth.addr_resolved" showname="Address (resolved): MS-NLB-PhysServer-26_c5:01:00:02" hide="yes" size="6" pos="6" show="MS-NLB-PhysServer-26_c5:01:00:02" value="021ac5010002"/>
+ <field name="eth.lg" showname=".... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)" size="3" pos="6" show="1" value="1" unmaskedvalue="021ac5"/>
+ <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="021ac5"/>
+ </field>
+ <field name="eth.type" showname="Type: IPv4 (0x0800)" size="2" pos="12" show="0x00000800" value="0800"/>
+ <field name="eth.fcs" showname="Frame check sequence: 0x26469e92 [correct]" size="4" pos="100" show="0x26469e92" value="26469e92"/>
+ <field name="eth.fcs.status" showname="FCS Status: Good" size="0" pos="100" show="1"/>
+ </proto>
+ <proto name="ip" showname="Internet Protocol Version 4, Src: 24.0.0.2, Dst: 24.128.0.2" size="20" pos="14">
+ <field name="ip.version" showname="0100 .... = Version: 4" size="1" pos="14" show="4" value="4" unmaskedvalue="45"/>
+ <field name="ip.hdr_len" showname=".... 0101 = Header Length: 20 bytes (5)" size="1" pos="14" show="20" value="45"/>
+ <field name="ip.dsfield" showname="Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)" size="1" pos="15" show="0x00000000" value="00">
+ <field name="ip.dsfield.dscp" showname="0000 00.. = Differentiated Services Codepoint: Default (0)" size="1" pos="15" show="0" value="0" unmaskedvalue="00"/>
+ <field name="ip.dsfield.ecn" showname=".... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)" size="1" pos="15" show="0" value="0" unmaskedvalue="00"/>
+ </field>
+ <field name="ip.len" showname="Total Length: 86" size="2" pos="16" show="86" value="0056"/>
+ <field name="ip.id" showname="Identification: 0xcff6 (53238)" size="2" pos="18" show="0x0000cff6" value="cff6"/>
+ <field name="ip.flags" showname="Flags: 0x02 (Don't Fragment)" size="1" pos="20" show="0x00000002" value="40">
+ <field name="ip.flags.rb" showname="0... .... = Reserved bit: Not set" size="1" pos="20" show="0" value="40"/>
+ <field name="ip.flags.df" showname=".1.. .... = Don't fragment: Set" size="1" pos="20" show="1" value="40"/>
+ <field name="ip.flags.mf" showname="..0. .... = More fragments: Not set" size="1" pos="20" show="0" value="40"/>
+ </field>
+ <field name="ip.frag_offset" showname="Fragment offset: 0" size="2" pos="20" show="0" value="4000"/>
+ <field name="ip.ttl" showname="Time to live: 32" size="1" pos="22" show="32" value="20"/>
+ <field name="ip.proto" showname="Protocol: TCP (6)" size="1" pos="23" show="6" value="06"/>
+ <field name="ip.checksum" showname="Header checksum: 0x5a28 [validation disabled]" size="2" pos="24" show="0x00005a28" value="5a28"/>
+ <field name="ip.checksum.status" showname="Header checksum status: Unverified" size="0" pos="24" show="2"/>
+ <field name="ip.src" showname="Source: 24.0.0.2" size="4" pos="26" show="24.0.0.2" value="18000002"/>
+ <field name="ip.addr" showname="Source or Destination Address: 24.0.0.2" hide="yes" size="4" pos="26" show="24.0.0.2" value="18000002"/>
+ <field name="ip.src_host" showname="Source Host: 24.0.0.2" hide="yes" size="4" pos="26" show="24.0.0.2" value="18000002"/>
+ <field name="ip.host" showname="Source or Destination Host: 24.0.0.2" hide="yes" size="4" pos="26" show="24.0.0.2" value="18000002"/>
+ <field name="ip.dst" showname="Destination: 24.128.0.2" size="4" pos="30" show="24.128.0.2" value="18800002"/>
+ <field name="ip.addr" showname="Source or Destination Address: 24.128.0.2" hide="yes" size="4" pos="30" show="24.128.0.2" value="18800002"/>
+ <field name="ip.dst_host" showname="Destination Host: 24.128.0.2" hide="yes" size="4" pos="30" show="24.128.0.2" value="18800002"/>
+ <field name="ip.host" showname="Source or Destination Host: 24.128.0.2" hide="yes" size="4" pos="30" show="24.128.0.2" value="18800002"/>
+ <field name="" show="Source GeoIP: United States, Woodbridge, NJ, AS7922 Comcast Cable Communications, LLC, United States, Woodbridge, NJ, AS7922 Comcast Cable Communications, LLC, 40.557598, -74.284599" size="4" pos="26" value="18000002">
+ <field name="ip.geoip.src_country" showname="Source GeoIP Country: United States" size="4" pos="26" show="United States" value="18000002"/>
+ <field name="ip.geoip.country" showname="Source or Destination GeoIP Country: United States" hide="yes" size="4" pos="26" show="United States" value="18000002"/>
+ <field name="ip.geoip.src_city" showname="Source GeoIP City: Woodbridge, NJ" size="4" pos="26" show="Woodbridge, NJ" value="18000002"/>
+ <field name="ip.geoip.city" showname="Source or Destination GeoIP City: Woodbridge, NJ" hide="yes" size="4" pos="26" show="Woodbridge, NJ" value="18000002"/>
+ <field name="ip.geoip.src_asnum" showname="Source GeoIP AS Number: AS7922 Comcast Cable Communications, LLC" size="4" pos="26" show="AS7922 Comcast Cable Communications, LLC" value="18000002"/>
+ <field name="ip.geoip.asnum" showname="Source or Destination GeoIP AS Number: AS7922 Comcast Cable Communications, LLC" hide="yes" size="4" pos="26" show="AS7922 Comcast Cable Communications, LLC" value="18000002"/>
+ <field name="ip.geoip.src_country" showname="Source GeoIP Country: United States" size="4" pos="26" show="United States" value="18000002"/>
+ <field name="ip.geoip.country" showname="Source or Destination GeoIP Country: United States" hide="yes" size="4" pos="26" show="United States" value="18000002"/>
+ <field name="ip.geoip.src_city" showname="Source GeoIP City: Woodbridge, NJ" size="4" pos="26" show="Woodbridge, NJ" value="18000002"/>
+ <field name="ip.geoip.city" showname="Source or Destination GeoIP City: Woodbridge, NJ" hide="yes" size="4" pos="26" show="Woodbridge, NJ" value="18000002"/>
+ <field name="ip.geoip.src_asnum" showname="Source GeoIP AS Number: AS7922 Comcast Cable Communications, LLC" size="4" pos="26" show="AS7922 Comcast Cable Communications, LLC" value="18000002"/>
+ <field name="ip.geoip.asnum" showname="Source or Destination GeoIP AS Number: AS7922 Comcast Cable Communications, LLC" hide="yes" size="4" pos="26" show="AS7922 Comcast Cable Communications, LLC" value="18000002"/>
+ <field name="ip.geoip.src_lat" showname="Source GeoIP Latitude: 40.557598" size="4" pos="26" show="40.557598" value="18000002"/>
+ <field name="ip.geoip.lat" showname="Source or Destination GeoIP Latitude: 40.557598" hide="yes" size="4" pos="26" show="40.557598" value="18000002"/>
+ <field name="ip.geoip.src_lon" showname="Source GeoIP Longitude: -74.284599" size="4" pos="26" show="-74.284599" value="18000002"/>
+ <field name="ip.geoip.lon" showname="Source or Destination GeoIP Longitude: -74.284599" hide="yes" size="4" pos="26" show="-74.284599" value="18000002"/>
+ </field>
+ <field name="" show="Destination GeoIP: United States, Groton, CT, AS7922 Comcast Cable Communications, LLC, United States, Groton, CT, AS7922 Comcast Cable Communications, LLC, 41.353199, -72.038597" size="4" pos="30" value="18800002">
+ <field name="ip.geoip.dst_country" showname="Destination GeoIP Country: United States" size="4" pos="30" show="United States" value="18800002"/>
+ <field name="ip.geoip.country" showname="Source or Destination GeoIP Country: United States" hide="yes" size="4" pos="30" show="United States" value="18800002"/>
+ <field name="ip.geoip.dst_city" showname="Destination GeoIP City: Groton, CT" size="4" pos="30" show="Groton, CT" value="18800002"/>
+ <field name="ip.geoip.city" showname="Source or Destination GeoIP City: Groton, CT" hide="yes" size="4" pos="30" show="Groton, CT" value="18800002"/>
+ <field name="ip.geoip.dst_asnum" showname="Destination GeoIP AS Number: AS7922 Comcast Cable Communications, LLC" size="4" pos="30" show="AS7922 Comcast Cable Communications, LLC" value="18800002"/>
+ <field name="ip.geoip.asnum" showname="Source or Destination GeoIP AS Number: AS7922 Comcast Cable Communications, LLC" hide="yes" size="4" pos="30" show="AS7922 Comcast Cable Communications, LLC" value="18800002"/>
+ <field name="ip.geoip.dst_country" showname="Destination GeoIP Country: United States" size="4" pos="30" show="United States" value="18800002"/>
+ <field name="ip.geoip.country" showname="Source or Destination GeoIP Country: United States" hide="yes" size="4" pos="30" show="United States" value="18800002"/>
+ <field name="ip.geoip.dst_city" showname="Destination GeoIP City: Groton, CT" size="4" pos="30" show="Groton, CT" value="18800002"/>
+ <field name="ip.geoip.city" showname="Source or Destination GeoIP City: Groton, CT" hide="yes" size="4" pos="30" show="Groton, CT" value="18800002"/>
+ <field name="ip.geoip.dst_asnum" showname="Destination GeoIP AS Number: AS7922 Comcast Cable Communications, LLC" size="4" pos="30" show="AS7922 Comcast Cable Communications, LLC" value="18800002"/>
+ <field name="ip.geoip.asnum" showname="Source or Destination GeoIP AS Number: AS7922 Comcast Cable Communications, LLC" hide="yes" size="4" pos="30" show="AS7922 Comcast Cable Communications, LLC" value="18800002"/>
+ <field name="ip.geoip.dst_lat" showname="Destination GeoIP Latitude: 41.353199" size="4" pos="30" show="41.353199" value="18800002"/>
+ <field name="ip.geoip.lat" showname="Source or Destination GeoIP Latitude: 41.353199" hide="yes" size="4" pos="30" show="41.353199" value="18800002"/>
+ <field name="ip.geoip.dst_lon" showname="Destination GeoIP Longitude: -72.038597" size="4" pos="30" show="-72.038597" value="18800002"/>
+ <field name="ip.geoip.lon" showname="Source or Destination GeoIP Longitude: -72.038597" hide="yes" size="4" pos="30" show="-72.038597" value="18800002"/>
+ </field>
+ </proto>
+ <proto name="tcp" showname="Transmission Control Protocol, Src Port: 2137, Dst Port: 25, Seq: 1, Ack: 1, Len: 34" size="32" pos="34">
+ <field name="tcp.srcport" showname="Source Port: 2137" size="2" pos="34" show="2137" value="0859"/>
+ <field name="tcp.dstport" showname="Destination Port: 25" size="2" pos="36" show="25" value="0019"/>
+ <field name="tcp.port" showname="Source or Destination Port: 2137" hide="yes" size="2" pos="34" show="2137" value="0859"/>
+ <field name="tcp.port" showname="Source or Destination Port: 25" hide="yes" size="2" pos="36" show="25" value="0019"/>
+ <field name="tcp.stream" showname="Stream index: 0" size="0" pos="34" show="0"/>
+ <field name="tcp.len" showname="TCP Segment Len: 34" size="1" pos="46" show="34" value="80"/>
+ <field name="tcp.seq" showname="Sequence number: 1 (relative sequence number)" size="4" pos="38" show="1" value="f88900ce"/>
+ <field name="tcp.nxtseq" showname="Next sequence number: 35 (relative sequence number)" size="0" pos="34" show="35"/>
+ <field name="tcp.ack" showname="Acknowledgment number: 1 (relative ack number)" size="4" pos="42" show="1" value="365aa74f"/>
+ <field name="tcp.hdr_len" showname="1000 .... = Header Length: 32 bytes (8)" size="1" pos="46" show="32" value="80"/>
+ <field name="tcp.flags" showname="Flags: 0x018 (PSH, ACK)" size="2" pos="46" show="0x00000018" value="18" unmaskedvalue="8018">
+ <field name="tcp.flags.res" showname="000. .... .... = Reserved: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/>
+ <field name="tcp.flags.ns" showname="...0 .... .... = Nonce: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/>
+ <field name="tcp.flags.cwr" showname=".... 0... .... = Congestion Window Reduced (CWR): Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/>
+ <field name="tcp.flags.ecn" showname=".... .0.. .... = ECN-Echo: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/>
+ <field name="tcp.flags.urg" showname=".... ..0. .... = Urgent: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/>
+ <field name="tcp.flags.ack" showname=".... ...1 .... = Acknowledgment: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/>
+ <field name="tcp.flags.push" showname=".... .... 1... = Push: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/>
+ <field name="tcp.flags.reset" showname=".... .... .0.. = Reset: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/>
+ <field name="tcp.flags.syn" showname=".... .... ..0. = Syn: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/>
+ <field name="tcp.flags.fin" showname=".... .... ...0 = Fin: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/>
+ <field name="tcp.flags.str" showname="TCP Flags: \\xc2\\xb7\\xc2\\xb7\\xc2\\xb7\\xc2\\xb7\\xc2\\xb7\\xc2\\xb7\\xc2\\xb7AP\\xc2\\xb7\\xc2\\xb7\\xc2\\xb7" size="2" pos="46" show="\\xc2\\xb7\\xc2\\xb7\\xc2\\xb7\\xc2\\xb7\\xc2\\xb7\\xc2\\xb7\\xc2\\xb7AP\\xc2\\xb7\\xc2\\xb7\\xc2\\xb7" value="8018"/>
+ </field>
+ <field name="tcp.window_size_value" showname="Window size value: 7240" size="2" pos="48" show="7240" value="1c48"/>
+ <field name="tcp.window_size" showname="Calculated window size: 7240" size="2" pos="48" show="7240" value="1c48"/>
+ <field name="tcp.window_size_scalefactor" showname="Window size scaling factor: -1 (unknown)" size="2" pos="48" show="-1" value="1c48"/>
+ <field name="tcp.checksum" showname="Checksum: 0x681f [unverified]" size="2" pos="50" show="0x0000681f" value="681f"/>
+ <field name="tcp.checksum.status" showname="Checksum Status: Unverified" size="0" pos="50" show="2"/>
+ <field name="tcp.urgent_pointer" showname="Urgent pointer: 0" size="2" pos="52" show="0" value="0000"/>
+ <field name="tcp.options" showname="Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps" size="12" pos="54" show="01:01:08:0a:eb:83:4b:08:e8:8c:de:cb" value="0101080aeb834b08e88cdecb">
+ <field name="tcp.options.nop" showname="TCP Option - No-Operation (NOP)" size="1" pos="54" show="01" value="01">
+ <field name="tcp.option_kind" showname="Kind: No-Operation (1)" size="1" pos="54" show="1" value="01"/>
+ </field>
+ <field name="tcp.options.nop" showname="TCP Option - No-Operation (NOP)" size="1" pos="55" show="01" value="01">
+ <field name="tcp.option_kind" showname="Kind: No-Operation (1)" size="1" pos="55" show="1" value="01"/>
+ </field>
+ <field name="tcp.options.timestamp" showname="TCP Option - Timestamps: TSval 3951250184, TSecr 3901546187" size="10" pos="56" show="08:0a:eb:83:4b:08:e8:8c:de:cb" value="080aeb834b08e88cdecb">
+ <field name="tcp.option_kind" showname="Kind: Time Stamp Option (8)" size="1" pos="56" show="8" value="08"/>
+ <field name="tcp.option_len" showname="Length: 10" size="1" pos="57" show="10" value="0a"/>
+ <field name="tcp.options.timestamp.tsval" showname="Timestamp value: 3951250184" size="4" pos="58" show="3951250184" value="eb834b08"/>
+ <field name="tcp.options.timestamp.tsecr" showname="Timestamp echo reply: 3901546187" size="4" pos="62" show="3901546187" value="e88cdecb"/>
+ </field>
+ </field>
+ <field name="tcp.analysis" showname="SEQ/ACK analysis" size="0" pos="34" show="" value="">
+ <field name="tcp.analysis.bytes_in_flight" showname="Bytes in flight: 34" size="0" pos="34" show="34"/>
+ <field name="tcp.analysis.push_bytes_sent" showname="Bytes sent since last PSH flag: 34" size="0" pos="34" show="34"/>
+ </field>
+ <field name="tcp.payload" showname="TCP payload (34 bytes)" size="34" pos="66" show="45:48:4c:4f:20:63:6c:69:65:6e:74:2d:31:38:30:30:30:30:30:33:2e:65:78:61:6d:70:6c:65:2e:69:6e:74:0d:0a" value="45484c4f20636c69656e742d31383030303030332e6578616d706c652e696e740d0a"/>
+ </proto>
+ <proto name="smtp" showname="Simple Mail Transfer Protocol" size="34" pos="66">
+ <field name="smtp.req" showname="Request: True" hide="yes" size="0" pos="66" show="1"/>
+ <field name="smtp.command_line" showname="Command Line: EHLO client-18000003.example.int\\r\\n" size="34" pos="66" show="EHLO client-18000003.example.int\\xd\\xa" value="45484c4f20636c69656e742d31383030303030332e6578616d706c652e696e740d0a">
+ <field name="smtp.req.command" showname="Command: EHLO" size="4" pos="66" show="EHLO" value="45484c4f"/>
+ <field name="smtp.req.parameter" showname="Request parameter: client-18000003.example.int" size="27" pos="71" show="client-18000003.example.int" value="636c69656e742d31383030303030332e6578616d706c652e696e74"/>
+ </field>
+ </proto>
+ </packet>
+
+
+ </pdml>`
+}
http://git-wip-us.apache.org/repos/asf/metron/blob/d5eb56a9/metron-interface/metron-alerts/src/app/pcap/service/pcap.service.ts
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts/src/app/pcap/service/pcap.service.ts b/metron-interface/metron-alerts/src/app/pcap/service/pcap.service.ts
new file mode 100644
index 0000000..5f6f33c
--- /dev/null
+++ b/metron-interface/metron-alerts/src/app/pcap/service/pcap.service.ts
@@ -0,0 +1,68 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import {Injectable, NgZone} from '@angular/core';
+import {Observable, Subject} from 'rxjs/Rx';
+import {Http, Headers, RequestOptions, Response} from '@angular/http';
+import {HttpUtil} from '../../utils/httpUtil';
+
+import 'rxjs/add/operator/map';
+
+import {PcapRequest} from '../model/pcap.request';
+import {Pdml} from '../model/pdml';
+
+export class PcapStatusResponse {
+ jobStatus: string;
+ percentComplete: number;
+ pageTotal: number;
+}
+
+@Injectable()
+export class PcapService {
+
+ private statusInterval = 4;
+ defaultHeaders = {'Content-Type': 'application/json', 'X-Requested-With': 'XMLHttpRequest'};
+
+ constructor(private http: Http, private ngZone: NgZone) {
+ }
+
+ public pollStatus(id: string): Observable<{}> {
+ return Observable.interval(this.statusInterval * 1000).switchMap(() => {
+ return this.getStatus(id);
+ });
+ }
+
+ public submitRequest(pcapRequest: PcapRequest): Observable<string> {
+ return this.http.post('/api/v1/pcap/fixed', pcapRequest, new RequestOptions({headers: new Headers(this.defaultHeaders)}))
+ .map(result => JSON.parse(result.text()).jobId)
+ .catch(HttpUtil.handleError)
+ .onErrorResumeNext();
+ }
+
+ public getStatus(id: string): Observable<PcapStatusResponse> {
+ return this.http.get(`/api/v1/pcap/${id}`,
+ new RequestOptions({headers: new Headers(this.defaultHeaders)}))
+ .map(HttpUtil.extractData)
+ .catch(HttpUtil.handleError);
+ }
+ public getPackets(id: string, pageId: number): Observable<Pdml> {
+ return this.http.get(`/api/v1/pcap/${id}/pdml?page=${pageId}`, new RequestOptions({headers: new Headers(this.defaultHeaders)}))
+ .map(HttpUtil.extractData)
+ .catch(HttpUtil.handleError)
+ .onErrorResumeNext();
+ }
+}