--- /dev/null
+# *** Add configuration here ***
+
+checks:
+- filter:
+ count: 1
+ match:
+ dest_ip: 10.16.1.1
+ dest_port: 67
+ dhcp.assigned_ip: 0.0.0.0
+ dhcp.client_id: 00:11:32:17:49:f0
+ dhcp.client_ip: 10.16.1.4
+ dhcp.client_mac: 00:11:32:17:49:f0
+ dhcp.dhcp_type: request
+ dhcp.hostname: nas1\x00
+ dhcp.id: 4016330564
+ dhcp.params[0]: subnet_mask
+ dhcp.params[1]: router
+ dhcp.params[2]: domain
+ dhcp.params[3]: dns_server
+ dhcp.type: request
+ event_type: dhcp
+ pcap_cnt: 1
+ proto: UDP
+ src_ip: 10.16.1.4
+ src_port: 68
+- filter:
+ count: 1
+ match:
+ dest_ip: 10.16.1.4
+ dest_port: 68
+ dhcp.assigned_ip: 10.16.1.4
+ dhcp.client_ip: 10.16.1.4
+ dhcp.client_mac: 00:11:32:17:49:f0
+ dhcp.dhcp_type: ack
+ dhcp.dns_servers[0]: 10.16.1.1
+ dhcp.hostname: nas1\x00
+ dhcp.id: 4016330564
+ dhcp.lease_time: 3600
+ dhcp.next_server_ip: 10.16.1.1
+ dhcp.rebinding_time: 3031
+ dhcp.relay_ip: 0.0.0.0
+ dhcp.renewal_time: 1681
+ dhcp.routers[0]: 10.16.1.1
+ dhcp.subnet_mask: 255.255.0.0
+ dhcp.type: reply
+ event_type: dhcp
+ pcap_cnt: 2
+ proto: UDP
+ src_ip: 10.16.1.1
+ src_port: 67
+- filter:
+ count: 1
+ match:
+ app_proto: dhcp
+ dest_ip: 10.16.1.1
+ dest_port: 67
+ event_type: flow
+ flow.age: 0
+ flow.alerted: false
+ flow.bytes_toclient: 350
+ flow.bytes_toserver: 342
+ flow.pkts_toclient: 1
+ flow.pkts_toserver: 1
+ flow.reason: shutdown
+ flow.state: established
+ proto: UDP
+ src_ip: 10.16.1.4
+ src_port: 68
projects / thirdparty / suricata-verify.git / commitdiff
