misp-objects
misp-objects copied to clipboard
MISP
wireshark format object
{"timestamp" : "1038497564094", "layers" : {"frame": {"frame_frame_encap_type": "1","frame_frame_time": "Nov 28, 2002 16:32:44.094214000 CET","frame_frame_offset_shift": "0.000000000","frame_frame_ti
me_epoch": "1038497564.094214000","frame_frame_time_delta": "0.135987000","frame_frame_time_delta_displayed": "0.135987000","frame_frame_time_relative": "294.809766000","frame_frame_number": "32","fr
ame_frame_len": "220","frame_frame_cap_len": "220","frame_frame_marked": "0","frame_frame_ignored": "0","frame_frame_protocols": "eth:ethertype:ip:udp:dns"},"eth": {"eth_eth_dst": "00:80:5f:25:84:37"
,"eth_dst_eth_dst_resolved": "CompaqCo_25:84:37","eth_dst_eth_addr": "00:80:5f:25:84:37","eth_dst_eth_addr_resolved": "CompaqCo_25:84:37","eth_dst_eth_lg": "0","eth_dst_eth_ig": "0","eth_eth_src": "0
0:01:02:09:88:f9","eth_src_eth_src_resolved": "BbnBoltB_09:88:f9","eth_src_eth_addr": "00:01:02:09:88:f9","eth_src_eth_addr_resolved": "BbnBoltB_09:88:f9","eth_src_eth_lg": "0","eth_src_eth_ig": "0",
"eth_eth_type": "0x00000800"},"ip": {"ip_ip_version": "4","ip_ip_hdr_len": "20","ip_ip_dsfield": "0x00000000","ip_dsfield_ip_dsfield_dscp": "0","ip_dsfield_ip_dsfield_ecn": "0","ip_ip_len": "206","ip
_ip_id": "0x00008903","ip_ip_flags": "0x00000000","ip_flags_ip_flags_rb": "0","ip_flags_ip_flags_df": "0","ip_flags_ip_flags_mf": "0","ip_ip_frag_offset": "0","ip_ip_ttl": "61","ip_ip_proto": "17","i
p_ip_checksum": "0x0000afd5","ip_ip_checksum_status": "2","ip_ip_src": "194.154.192.1","ip_ip_addr": "194.154.192.1","ip_ip_src_host": "194.154.192.1","ip_ip_host": "194.154.192.1","ip_ip_dst": "192.
168.1.2","ip_ip_addr": "192.168.1.2","ip_ip_dst_host": "192.168.1.2","ip_ip_host": "192.168.1.2","ip_text": "Source GeoIP: Luxembourg","text_ip_geoip_src_country": "Luxembourg","text_ip_geoip_country
": "Luxembourg","ip_text": "Destination GeoIP: Unknown"},"udp": {"udp_udp_srcport": "53","udp_udp_dstport": "1025","udp_udp_port": "53","udp_udp_port": "1025","udp_udp_length": "186","udp_udp_checksu
m": "0x0000d8a6","udp_udp_checksum_status": "2","udp_udp_stream": "2"},"dns": {"dns_dns_response_to": "31","dns_dns_time": "0.135987000","dns_dns_id": "0x00004e02","dns_dns_flags": "0x00008580","dns_
flags_dns_flags_response": "1","dns_flags_dns_flags_opcode": "0","dns_flags_dns_flags_authoritative": "1","dns_flags_dns_flags_truncated": "0","dns_flags_dns_flags_recdesired": "1","dns_flags_dns_fla
gs_recavail": "1","dns_flags_dns_flags_z": "0","dns_flags_dns_flags_authenticated": "0","dns_flags_dns_flags_checkdisable": "0","dns_flags_dns_flags_rcode": "0","dns_dns_count_queries": "1","dns_dns_
count_answers": "1","dns_dns_count_auth_rr": "2","dns_dns_count_add_rr": "2","dns_text": "Queries","text_text": "71.60.64.158.in-addr.arpa: type PTR, class IN","text_dns_qry_name": "71.60.64.158.in-a
ddr.arpa","text_dns_qry_name_len": "25","text_dns_count_labels": "6","text_dns_qry_type": "12","text_dns_qry_class": "0x00000001","dns_text": "Answers","text_text": "71.60.64.158.in-addr.arpa: type P
TR, class IN, gilmore.ael.be","text_dns_resp_name": "71.60.64.158.in-addr.arpa","text_dns_resp_type": "12","text_dns_resp_class": "0x00000001","text_dns_resp_ttl": "86400","text_dns_resp_len": "16","
text_dns_ptr_domain_name": "gilmore.ael.be","dns_text": "Authoritative nameservers","text_text": "60.64.158.in-addr.arpa: type NS, class IN, ns arthur.crpht.lu","text_dns_resp_name": "60.64.158.in-ad
dr.arpa","text_dns_resp_type": "2","text_dns_resp_class": "0x00000001","text_dns_resp_ttl": "86400","text_dns_resp_len": "17","text_dns_ns": "arthur.crpht.lu","text_text": "60.64.158.in-addr.arpa: ty
pe NS, class IN, ns dorado.crpht.lu","text_dns_resp_name": "60.64.158.in-addr.arpa","text_dns_resp_type": "2","text_dns_resp_class": "0x00000001","text_dns_resp_ttl": "86400","text_dns_resp_len": "9"
,"text_dns_ns": "dorado.crpht.lu","dns_text": "Additional records","text_text": "arthur.crpht.lu: type A, class IN, addr 158.64.4.8","text_dns_resp_name": "arthur.crpht.lu","text_dns_resp_type": "1",
"text_dns_resp_class": "0x00000001","text_dns_resp_ttl": "58747","text_dns_resp_len": "4","text_dns_a": "158.64.4.8","text_text": "dorado.crpht.lu: type A, class IN, addr 158.64.4.9","text_dns_resp_n
ame": "dorado.crpht.lu","text_dns_resp_type": "1","text_dns_resp_class": "0x00000001","text_dns_resp_ttl": "56032","text_dns_resp_len": "4","text_dns_a": "158.64.4.9"}}}
{
"layers": {
"dns": {
"text_dns_resp_n\name": "dorado.crpht.lu",
"text_dns_a": "158.64.4.9",
"dns_dns_\ncount_answers": "1",
"dns_dns_count_queries": "1",
"dns_flags_dns_flags_rcode": "0",
"dns_flags_dns_flags_checkdisable": "0",
"dns_flags_dns_flags_authenticated": "0",
"dns_flags_dns_flags_z": "0",
"dns_flags_dns_fla\ngs_recavail": "1",
"dns_flags_dns_flags_recdesired": "1",
"dns_dns_response_to": "31",
"dns_dns_time": "0.135987000",
"dns_dns_id": "0x00004e02",
"dns_dns_flags": "0x00008580",
"dns_\nflags_dns_flags_response": "1",
"dns_flags_dns_flags_opcode": "0",
"dns_flags_dns_flags_authoritative": "1",
"dns_flags_dns_flags_truncated": "0",
"dns_dns_count_auth_rr": "2",
"dns_dns_count_add_rr": "2",
"dns_text": "Additional records",
"text_text": "dorado.crpht.lu: type A, class IN, addr 158.64.4.9",
"text_dns_qry_name": "71.60.64.158.in-a\nddr.arpa",
"text_dns_qry_name_len": "25",
"text_dns_count_labels": "6",
"text_dns_qry_type": "12",
"text_dns_qry_class": "0x00000001",
"text_dns_resp_name": "arthur.crpht.lu",
"text_dns_resp_type": "1",
"text_dns_resp_class": "0x00000001",
"text_dns_resp_ttl": "56032",
"text_dns_resp_len": "4",
"\ntext_dns_ptr_domain_name": "gilmore.ael.be",
"text_dns_ns": "dorado.crpht.lu"
},
"udp": {
"udp_udp_stream": "2",
"udp_udp_checksum_status": "2",
"udp_udp_checksu\nm": "0x0000d8a6",
"udp_udp_length": "186",
"udp_udp_port": "1025",
"udp_udp_dstport": "1025",
"udp_udp_srcport": "53"
},
"ip": {
"text_ip_geoip_country\n": "Luxembourg",
"text_ip_geoip_src_country": "Luxembourg",
"ip_text": "Destination GeoIP: Unknown",
"ip_ip_dst_host": "192.168.1.2",
"ip_ip_dst": "192.\n168.1.2",
"ip_ip_host": "192.168.1.2",
"ip_ip_src_host": "194.154.192.1",
"ip_ip_addr": "192.168.1.2",
"ip_ip_src": "194.154.192.1",
"ip_ip_flags": "0x00000000",
"ip\n_ip_id": "0x00008903",
"ip_ip_len": "206",
"ip_dsfield_ip_dsfield_ecn": "0",
"ip_dsfield_ip_dsfield_dscp": "0",
"ip_ip_dsfield": "0x00000000",
"ip_ip_hdr_len": "20",
"ip_ip_version": "4",
"ip_flags_ip_flags_rb": "0",
"ip_flags_ip_flags_df": "0",
"ip_flags_ip_flags_mf": "0",
"ip_ip_frag_offset": "0",
"ip_ip_ttl": "61",
"ip_ip_proto": "17",
"i\np_ip_checksum": "0x0000afd5",
"ip_ip_checksum_status": "2"
},
"eth": {
"eth_eth_type": "0x00000800",
"eth_src_eth_ig": "0",
"eth_src_eth_lg": "0",
"eth_src_eth_addr_resolved": "BbnBoltB_09:88:f9",
"eth_src_eth_addr": "00:01:02:09:88:f9",
"eth_eth_dst": "00:80:5f:25:84:37",
"eth_dst_eth_dst_resolved": "CompaqCo_25:84:37",
"eth_dst_eth_addr": "00:80:5f:25:84:37",
"eth_dst_eth_addr_resolved": "CompaqCo_25:84:37",
"eth_dst_eth_lg": "0",
"eth_dst_eth_ig": "0",
"eth_eth_src": "0\n0:01:02:09:88:f9",
"eth_src_eth_src_resolved": "BbnBoltB_09:88:f9"
},
"frame": {
"frame_frame_protocols": "eth:ethertype:ip:udp:dns",
"frame_frame_ignored": "0",
"frame_frame_marked": "0",
"frame_frame_cap_len": "220",
"fr\name_frame_len": "220",
"frame_frame_encap_type": "1",
"frame_frame_time": "Nov 28, 2002 16:32:44.094214000 CET",
"frame_frame_offset_shift": "0.000000000",
"frame_frame_ti\nme_epoch": "1038497564.094214000",
"frame_frame_time_delta": "0.135987000",
"frame_frame_time_delta_displayed": "0.135987000",
"frame_frame_time_relative": "294.809766000",
"frame_frame_number": "32"
}
},
"timestamp": "1038497564094"
}
I'll close this issue as we have a https://github.com/misp/misp-wireshark/ extension which uses standard network object templates.