--- /dev/null
+requires:
+ lt-version: 6.0.0
+
+checks:
+- filter:
+ count: 1
+ match:
+ dest_ip: 10.16.1.1
+ dest_port: 67
+ dhcp.assigned_ip: 0.0.0.0
+ dhcp.client_id: 00:11:32:17:49:f0
+ dhcp.client_ip: 10.16.1.4
+ dhcp.client_mac: 00:11:32:17:49:f0
+ dhcp.dhcp_type: request
+ dhcp.hostname: nas1\x00
+ dhcp.id: 4016330564
+ dhcp.params[0]: subnet_mask
+ dhcp.params[1]: router
+ dhcp.params[2]: domain
+ dhcp.params[3]: dns_server
+ dhcp.type: request
+ event_type: dhcp
+ pcap_cnt: 1
+ proto: UDP
+ src_ip: 10.16.1.4
+ src_port: 68
+- filter:
+ count: 1
+ match:
+ dest_ip: 10.16.1.4
+ dest_port: 68
+ dhcp.assigned_ip: 10.16.1.4
+ dhcp.client_ip: 10.16.1.4
+ dhcp.client_mac: 00:11:32:17:49:f0
+ dhcp.dhcp_type: ack
+ dhcp.dns_servers[0]: 10.16.1.1
+ dhcp.hostname: nas1\x00
+ dhcp.id: 4016330564
+ dhcp.lease_time: 3600
+ dhcp.next_server_ip: 10.16.1.1
+ dhcp.rebinding_time: 3031
+ dhcp.relay_ip: 0.0.0.0
+ dhcp.renewal_time: 1681
+ dhcp.routers[0]: 10.16.1.1
+ dhcp.subnet_mask: 255.255.0.0
+ dhcp.type: reply
+ event_type: dhcp
+ pcap_cnt: 2
+ proto: UDP
+ src_ip: 10.16.1.1
+ src_port: 67
+- filter:
+ count: 1
+ match:
+ app_proto: dhcp
+ dest_ip: 10.16.1.1
+ dest_port: 67
+ event_type: flow
+ flow.age: 0
+ flow.alerted: false
+ flow.bytes_toclient: 350
+ flow.bytes_toserver: 342
+ flow.pkts_toclient: 1
+ flow.pkts_toserver: 1
+ flow.reason: shutdown
+ flow.state: established
+ proto: UDP
+ src_ip: 10.16.1.4
+ src_port: 68
-# *** Add configuration here ***
+requires:
+ min-version: 6.0.0
checks:
- filter:
dhcp.client_ip: 10.16.1.4
dhcp.client_mac: 00:11:32:17:49:f0
dhcp.dhcp_type: request
- dhcp.hostname: nas1\x00
+ dhcp.hostname: "nas1\u0000"
dhcp.id: 4016330564
dhcp.params[0]: subnet_mask
dhcp.params[1]: router
dhcp.client_mac: 00:11:32:17:49:f0
dhcp.dhcp_type: ack
dhcp.dns_servers[0]: 10.16.1.1
- dhcp.hostname: nas1\x00
+ dhcp.hostname: "nas1\u0000"
dhcp.id: 4016330564
dhcp.lease_time: 3600
dhcp.next_server_ip: 10.16.1.1
projects / thirdparty / suricata-verify.git / commitdiff
