|
1
|
# DHCP - Dynamic Host Configuration Protocol - RFC 1541
|
|
2
|
# Pattern attributes: good veryfast fast
|
|
3
|
# Protocol groups: networking ietf_draft_standard
|
|
4
|
# Wiki: http://www.protocolinfo.org/wiki/DHCP
|
|
5
|
# Copyright (C) 2008 Matthew Strait, Ethan Sommer; See ../LICENSE
|
|
6
|
#
|
|
7
|
# Usually runs on ports 67 (server) and 68 (client)
|
|
8
|
#
|
|
9
|
# Also matches BOOTP (Bootstrap Protocol (RFC 951)) in the case that
|
|
10
|
# the "vendor specific options" are used (these options were made standard
|
|
11
|
# for DHCP).
|
|
12
|
#
|
|
13
|
# This pattern is lightly tested.
|
|
14
|
|
|
15
|
dhcp
|
|
16
|
^[\x01\x02][\x01- ]\x06.*c\x82sc
|
|
17
|
|
|
18
|
# Let's break that down:
|
|
19
|
#
|
|
20
|
# (\x01|\x02) is for BOOTREQUEST or BOOTREPLY
|
|
21
|
# Is there a demand for doing these seperately? The Packeteer does.
|
|
22
|
#
|
|
23
|
# [\x01-\x20] is for any of the hardware address types listed at
|
|
24
|
# (http://www.iana.org/assignments/arp-parameters) and hopefully faster
|
|
25
|
# ethernets too (100, 1000 and 10000mb) as well (do they share the 10mb
|
|
26
|
# number?).
|
|
27
|
#
|
|
28
|
# \x06 for "hardware address length = 6 bytes". Does anyone use other lengths
|
|
29
|
# these days? If so, this pattern won't match it as it stands.
|
|
30
|
#
|
|
31
|
# .* covers the hops, xid, secs, flags, ciaddr, yiaddr, siaddr, giaddr,
|
|
32
|
# chaddr, sname and file fields. While this can't really be "any number
|
|
33
|
# of characters" long, it doesn't seem worth it to count.
|
|
34
|
# Can we make this more specific by restricting the number of hops or seconds?
|
|
35
|
#
|
|
36
|
# 0x63825363 is the "magic cookie" which begins the DHCP options field.
|