2018-10-23 16:35:08 +02:00
|
|
|
{
|
|
|
|
"requiredOneOf": [
|
|
|
|
"text",
|
|
|
|
"first-packet-seen",
|
|
|
|
"last-packet-seen"
|
|
|
|
],
|
|
|
|
"attributes": {
|
|
|
|
"capture-length": {
|
|
|
|
"description": "Capture length set on the captured interface.",
|
|
|
|
"disable_correlation": true,
|
|
|
|
"ui-priority": 1,
|
|
|
|
"misp-attribute": "text"
|
|
|
|
},
|
|
|
|
"capture-interface": {
|
|
|
|
"description": "Interface name where the packet capture was running.",
|
|
|
|
"disable_correlation": true,
|
|
|
|
"ui-priority": 1,
|
|
|
|
"misp-attribute": "text"
|
|
|
|
},
|
|
|
|
"protocol": {
|
|
|
|
"description": "Capture protocol (linktype name).",
|
|
|
|
"disable_correlation": true,
|
|
|
|
"ui-priority": 1,
|
|
|
|
"misp-attribute": "text",
|
|
|
|
"sane_default": [
|
2018-10-24 07:35:31 +02:00
|
|
|
"PER_PACKET",
|
|
|
|
"UNKNOWN",
|
|
|
|
"ETHERNET",
|
|
|
|
"TOKEN_RING",
|
|
|
|
"SLIP",
|
|
|
|
"PPP",
|
|
|
|
"FDDI",
|
|
|
|
"FDDI_BITSWAPPED",
|
|
|
|
"RAW_IP",
|
|
|
|
"ARCNET",
|
|
|
|
"ARCNET_LINUX",
|
|
|
|
"ATM_RFC1483",
|
|
|
|
"LINUX_ATM_CLIP",
|
|
|
|
"LAPB",
|
|
|
|
"ATM_PDUS",
|
|
|
|
"ATM_PDUS_UNTRUNCATED",
|
|
|
|
"NULL",
|
|
|
|
"ASCEND",
|
|
|
|
"ISDN",
|
|
|
|
"IP_OVER_FC",
|
|
|
|
"PPP_WITH_PHDR",
|
|
|
|
"IEEE_802_11",
|
|
|
|
"IEEE_802_11_PRISM",
|
|
|
|
"IEEE_802_11_WITH_RADIO",
|
|
|
|
"IEEE_802_11_RADIOTAP",
|
|
|
|
"IEEE_802_11_AVS",
|
|
|
|
"SLL",
|
|
|
|
"FRELAY",
|
|
|
|
"FRELAY_WITH_PHDR",
|
|
|
|
"CHDLC",
|
|
|
|
"CISCO_IOS",
|
|
|
|
"LOCALTALK",
|
|
|
|
"OLD_PFLOG",
|
|
|
|
"HHDLC",
|
|
|
|
"DOCSIS",
|
|
|
|
"COSINE",
|
|
|
|
"WFLEET_HDLC",
|
|
|
|
"SDLC",
|
|
|
|
"TZSP",
|
|
|
|
"ENC",
|
|
|
|
"PFLOG",
|
|
|
|
"CHDLC_WITH_PHDR",
|
|
|
|
"BLUETOOTH_H4",
|
|
|
|
"MTP2",
|
|
|
|
"MTP3",
|
|
|
|
"IRDA",
|
|
|
|
"USER0",
|
|
|
|
"USER1",
|
|
|
|
"USER2",
|
|
|
|
"USER3",
|
|
|
|
"USER4",
|
|
|
|
"USER5",
|
|
|
|
"USER6",
|
|
|
|
"USER7",
|
|
|
|
"USER8",
|
|
|
|
"USER9",
|
|
|
|
"USER10",
|
|
|
|
"USER11",
|
|
|
|
"USER12",
|
|
|
|
"USER13",
|
|
|
|
"USER14",
|
|
|
|
"USER15",
|
|
|
|
"SYMANTEC",
|
|
|
|
"APPLE_IP_OVER_IEEE1394",
|
|
|
|
"BACNET_MS_TP",
|
|
|
|
"NETTL_RAW_ICMP",
|
|
|
|
"NETTL_RAW_ICMPV6",
|
|
|
|
"GPRS_LLC",
|
|
|
|
"JUNIPER_ATM1",
|
|
|
|
"JUNIPER_ATM2",
|
|
|
|
"REDBACK",
|
|
|
|
"NETTL_RAW_IP",
|
|
|
|
"NETTL_ETHERNET",
|
|
|
|
"NETTL_TOKEN_RING",
|
|
|
|
"NETTL_FDDI",
|
|
|
|
"NETTL_UNKNOWN",
|
|
|
|
"MTP2_WITH_PHDR",
|
|
|
|
"JUNIPER_PPPOE",
|
|
|
|
"GCOM_TIE1",
|
|
|
|
"GCOM_SERIAL",
|
|
|
|
"NETTL_X25",
|
|
|
|
"K12",
|
|
|
|
"JUNIPER_MLPPP",
|
|
|
|
"JUNIPER_MLFR",
|
|
|
|
"JUNIPER_ETHER",
|
|
|
|
"JUNIPER_PPP",
|
|
|
|
"JUNIPER_FRELAY",
|
|
|
|
"JUNIPER_CHDLC",
|
|
|
|
"JUNIPER_GGSN",
|
|
|
|
"LINUX_LAPD",
|
|
|
|
"CATAPULT_DCT2000",
|
|
|
|
"BER",
|
|
|
|
"JUNIPER_VP",
|
|
|
|
"USB_FREEBSD",
|
|
|
|
"IEEE802_16_MAC_CPS",
|
|
|
|
"NETTL_RAW_TELNET",
|
|
|
|
"USB_LINUX",
|
|
|
|
"MPEG",
|
|
|
|
"PPI",
|
|
|
|
"ERF",
|
|
|
|
"BLUETOOTH_H4_WITH_PHDR",
|
|
|
|
"SITA",
|
|
|
|
"SCCP",
|
|
|
|
"BLUETOOTH_HCI",
|
|
|
|
"IPMB",
|
|
|
|
"IEEE802_15_4",
|
|
|
|
"X2E_XORAYA",
|
|
|
|
"FLEXRAY",
|
|
|
|
"LIN",
|
|
|
|
"MOST",
|
|
|
|
"CAN20B",
|
|
|
|
"LAYER1_EVENT",
|
|
|
|
"X2E_SERIAL",
|
|
|
|
"I2C",
|
|
|
|
"IEEE802_15_4_NONASK_PHY",
|
|
|
|
"TNEF",
|
|
|
|
"USB_LINUX_MMAPPED",
|
|
|
|
"GSM_UM",
|
|
|
|
"DPNSS",
|
|
|
|
"PACKETLOGGER",
|
|
|
|
"NSTRACE_1_0",
|
|
|
|
"NSTRACE_2_0",
|
|
|
|
"FIBRE_CHANNEL_FC2",
|
|
|
|
"FIBRE_CHANNEL_FC2_WITH_FRAME_DELIMS",
|
|
|
|
"JPEG_JFIF",
|
|
|
|
"IPNET",
|
|
|
|
"SOCKETCAN",
|
|
|
|
"IEEE_802_11_NETMON",
|
|
|
|
"IEEE802_15_4_NOFCS",
|
|
|
|
"RAW_IPFIX",
|
|
|
|
"RAW_IP4",
|
|
|
|
"RAW_IP6",
|
|
|
|
"LAPD",
|
|
|
|
"DVBCI",
|
|
|
|
"MUX27010",
|
|
|
|
"MIME",
|
|
|
|
"NETANALYZER",
|
|
|
|
"NETANALYZER_TRANSPARENT",
|
|
|
|
"IP_OVER_IB_SNOOP",
|
|
|
|
"MPEG_2_TS",
|
|
|
|
"PPP_ETHER",
|
|
|
|
"NFC_LLCP",
|
|
|
|
"NFLOG",
|
|
|
|
"V5_EF",
|
|
|
|
"BACNET_MS_TP_WITH_PHDR",
|
|
|
|
"IXVERIWAVE",
|
|
|
|
"SDH",
|
|
|
|
"DBUS",
|
|
|
|
"AX25_KISS",
|
|
|
|
"AX25",
|
|
|
|
"SCTP",
|
|
|
|
"INFINIBAND",
|
|
|
|
"JUNIPER_SVCS",
|
|
|
|
"USBPCAP",
|
|
|
|
"RTAC_SERIAL",
|
|
|
|
"BLUETOOTH_LE_LL",
|
|
|
|
"WIRESHARK_UPPER_PDU",
|
|
|
|
"STANAG_4607",
|
|
|
|
"STANAG_5066_D_PDU",
|
|
|
|
"NETLINK",
|
|
|
|
"BLUETOOTH_LINUX_MONITOR",
|
|
|
|
"BLUETOOTH_BREDR_BB",
|
|
|
|
"BLUETOOTH_LE_LL_WITH_PHDR",
|
|
|
|
"NSTRACE_3_0",
|
|
|
|
"LOGCAT",
|
|
|
|
"LOGCAT_BRIEF",
|
|
|
|
"LOGCAT_PROCESS",
|
|
|
|
"LOGCAT_TAG",
|
|
|
|
"LOGCAT_THREAD",
|
|
|
|
"LOGCAT_TIME",
|
|
|
|
"LOGCAT_THREADTIME",
|
|
|
|
"LOGCAT_LONG",
|
|
|
|
"PKTAP",
|
|
|
|
"EPON",
|
|
|
|
"IPMI_TRACE",
|
|
|
|
"LOOP",
|
|
|
|
"JSON",
|
|
|
|
"NSTRACE_3_5",
|
|
|
|
"ISO14443",
|
|
|
|
"GFP_T",
|
|
|
|
"GFP_F",
|
|
|
|
"IP_OVER_IB_PCAP",
|
|
|
|
"JUNIPER_VN",
|
|
|
|
"USB_DARWIN",
|
|
|
|
"LORATAP",
|
|
|
|
"3MB_ETHERNET",
|
|
|
|
"VSOCK",
|
|
|
|
"NORDIC_BLE",
|
|
|
|
"NETMON_NET_NETEVENT",
|
|
|
|
"NETMON_HEADER",
|
|
|
|
"NETMON_NET_FILTER",
|
|
|
|
"NETMON_NETWORK_INFO_EX",
|
|
|
|
"MA_WFP_CAPTURE_V4",
|
|
|
|
"MA_WFP_CAPTURE_V6",
|
|
|
|
"MA_WFP_CAPTURE_2V4",
|
|
|
|
"MA_WFP_CAPTURE_2V6",
|
|
|
|
"MA_WFP_CAPTURE_AUTH_V4",
|
|
|
|
"MA_WFP_CAPTURE_AUTH_V6",
|
|
|
|
"JUNIPER_ST",
|
|
|
|
"ETHERNET_MPACKET",
|
|
|
|
"DOCSIS31_XRA31"
|
2018-10-23 16:35:08 +02:00
|
|
|
]
|
|
|
|
},
|
|
|
|
"text": {
|
|
|
|
"description": "A description of the packet capture.",
|
|
|
|
"disable_correlation": true,
|
|
|
|
"ui-priority": 1,
|
|
|
|
"misp-attribute": "text"
|
|
|
|
},
|
|
|
|
"first-packet-seen": {
|
|
|
|
"description": "When the first packet has been seen.",
|
|
|
|
"disable_correlation": true,
|
|
|
|
"ui-priority": 0,
|
|
|
|
"misp-attribute": "datetime"
|
|
|
|
},
|
|
|
|
"last-packet-seen": {
|
|
|
|
"description": "When the last packet has been seen.",
|
|
|
|
"disable_correlation": true,
|
|
|
|
"ui-priority": 0,
|
|
|
|
"misp-attribute": "datetime"
|
|
|
|
}
|
|
|
|
},
|
2018-10-24 07:35:31 +02:00
|
|
|
"version": 2,
|
2018-10-23 16:35:08 +02:00
|
|
|
"description": "Network packet capture metadata",
|
|
|
|
"meta-category": "network",
|
|
|
|
"uuid": "0784aefa-ec3a-4eca-a431-c31ed7058bd3",
|
|
|
|
"name": "pcap-metadata"
|
|
|
|
}
|