<?xml version="1.0" encoding="utf-8" ?>
<!--
Description:
VisualEther Message Templates for TCP, UDP, SCTP and IP based protocols. You can
customize these templates to meet your documentation needs.
Note that VisualEther applies the templates from top to bottom and stops at
the first match. So place more specific templates before general ones. For example,
place HTTP message template before a TCP message template.
You many define multiple templates for the same protocol to capture different
types of messages.
Supported Protocols:
SIP Session Initiation Protocol
H.225 Narrowband visual telephone services
H.245 Negotiate channel use and capabilities
Q.931 Manage call setup and termination
RADIUS Remote Authentication Dial In User Service
RTP Real-time Protocol
RTCP RTP Control Protocol
SNMP Simple Network Management Protocol
NFS V3 Network File System (Version 3)
RPC Remote Procedure Call
TCAP Transaction Capabilities Application Part
SCTP Stream Control Transport Protocol
POP3 Post Office Protocol (Version 3)
IGMP Internet Group Management Protocol
ARP Address Resolution Protocol
DNS Domain Name System
FTP File Transfer Protocol
HTTP Hypertext Transfer Protocol
ICMP Internet Control Message Protocol
NBNS Net Bios Name Service
BOOTP Bootstrap Protocol
OSPF Open Shortest Path First Routing Protocol
BGP Border Gateway Protocol
TCP Transmission Control Protocol
UDP User Datagram Protocol
IP Internetworking Protocol
Copyright © EventHelix.com Inc. 2005-2006. All Rights Reserved.
-->
<FXT xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.eventhelix.com/Schemas/FXT_0_3.xsd">
<!-- Message Templates for Session Initiation Protocol (SIP) Extraction -->
<udp-message>
<opcode display="brief">sip.Request-Line</opcode>
<param display="brief">sip.from.addr</param>
<param display="brief">sdp.connection_info</param>
</udp-message>
<udp-message>
<opcode display="brief">sip.Status-Line</opcode>
<param display="brief">sip.from.addr</param>
<param display="brief">sdp.connection_info</param>
</udp-message>
<!-- Message Template for H.225 Extraction -->
<tcp-message>
<opcode>h225.RasMessage</opcode>
<param display="brief">h225.requestSeqNum</param>
<param display="brief">h225.t35CountryCode</param>
</tcp-message>
<!-- Message Template for H.245 Extraction -->
<tcp-message>
<opcode>h245</opcode>
<param>h245.pdu_type</param>
<param>h245.request</param>
<param>h245.response</param>
</tcp-message>
<!-- Message Template for Q.931 Extraction -->
<tcp-message>
<opcode>q931.message_type</opcode>
<param display="brief">q931.call_ref</param>
<param display="brief">h225.t35CountryCode</param>
</tcp-message>
<!-- Message Template for Remote Authentication Dial In User Service (RADIUS) Extraction -->
<udp-message>
<opcode>radius.code</opcode>
<param>radius.Called_Station_Id</param>
<param>radius.Calling_Station_Id</param>
<param>radius.Service_Type</param>
<param>radius.NAS_IP_Address</param>
<param>radius.NAS_Port</param>
<param>radius.NAS_Identifier</param>
<param>radius.Proxy_State</param>
</udp-message>
<!-- Message Template for Real-time Protocol (RTP) Extraction -->
<udp-message>
<opcode display="brief">rtp</opcode>
<param>proto</param>
<param>rtp.p_type</param>
<param>rtp.ssrc</param>
<param>rtp.seq</param>
<param>rtp.timestamp</param>
</udp-message>
<!-- Message Template for RTP Control Protocol Extraction -->
<udp-message>
<opcode display="brief">rtcp</opcode>
<param>rtcp.rc</param>
<param>rtcp.pt</param>
<param>rtcp.senderssrc</param>
<param>rtcp.ssrc.identifier</param>
<param>rtcp.timestamp.rtp</param>
<param>rtcp.sender.packetcount</param>
<param>rtcp.sender.octetcount</param>
<param>rtcp.sc</param>
<param>rtcp.pt</param>
</udp-message>
<!-- Message Template for Simple Network Management Protocol (SNMP) Extraction -->
<udp-message>
<opcode>snmp.pdutype</opcode>
<param>snmp.version</param>
<param>snmp.community</param>
<param>snmp.oid</param>
<param>snmp.id</param>
<param>snmp.error</param>
<param>snmp.Value</param>
</udp-message>
<!-- Message Templates for Network File System (NFS) Version 3 Extraction -->
<udp-message>
<opcode>portmap.procedure_v3</opcode>
<param>portmap.rpcb.prog</param>
<param>portmap.rpcb.version</param>
<param>portmap.uaddr</param>
<param>portmap.rpcb.netid</param>
<param>portmap.rpcb.owner</param>
</udp-message>
<udp-message>
<opcode>mount.procedure_v3</opcode>
<param>rpc.programversion</param>
</udp-message>
<udp-message>
<opcode>nfs.procedure_v3</opcode>
<param>nfs.nfsstat3</param>
<param>nfs.status</param>
<param>nfs.fh.length</param>
<param>nfs.fh.hash</param>
<param>nfs.type</param>
<param>nfs.fh.fsid.major</param>
<param>nfs.fh.fsid.minor</param>
<param>nfs.fh.fstype</param>
<param>nfs.fh.fn</param>
<param>nfs.fh.fn.len</param>
<param>nfs.fh.fn.inode</param>
<param>nfs.fh.fn.generation</param>
<param>nfs.fh.xfn</param>
<param>nfs.fh.xfn.len</param>
<param>nfs.fh.xfn.inode</param>
<param>nfs.fh.xfn.generation</param>
<param>nfs.mode</param>
<param>nfs.fattr3.nlink</param>
<param>nfs.fattr3.uid</param>
<param>nfs.fattr3.gid</param>
<param>nfs.fattr3.size</param>
<param>nfs.fattr3.used</param>
<param>nfs.fattr3.fsid</param>
<param>nfs.fattr3.fileid</param>
<param>nfs.atime</param>
<param>nfs.mtime</param>
<param>nfs.ctime</param>
</udp-message>
<!-- Message Templates for Remote Procedure Call (RPC) Extraction -->
<udp-message>
<opcode>rpc.msgtyp</opcode>
<param>rpc.xid</param>
<param>rpc.version</param>
<param>rpc.program</param>
<param>rpc.procedure</param>
<param>rpc.auth.flavor</param>
<param>rpc.auth.gid</param>
<param>rpc.replystat</param>
<param>rpc.state_accept</param>
</udp-message>
<!-- Message Template for Transaction Capabilities Application Part (TCAP) Extraction -->
<sctp-message>
<opcode>tcap</opcode>
<param>tcap.oid</param>
<param>tcap.application_context_name</param>
<param>tcap.otid</param>
<param>tcap.msgtype</param>
<param>tcap.len</param>
<param>m2ua.message_type</param>
<param>m2ua.message_class</param>
<param>mtp3.network_indicator</param>
<param>mtp3.service_indicator</param>
<param>mtp3.dpc</param>
<param>mtp3.opc</param>
<param>mtp3.sls</param>
<param>sccp.called.pc</param>
<param>sccp.called.ssn</param>
<param>sccp.calling.pc</param>
<param>sccp.calling.ssn</param>
</sctp-message>
<!-- Message Template for Stream Control Transport Protocol (SCTP) Extraction -->
<sctp-message>
<opcode>sctp.chunk_type</opcode>
<param>sctp.chunk_type</param>
<param>sctp.chunk_flags</param>
<param>sctp.chunk_length</param>
<param>sctp.initiate_tag</param>
<param>sctp.init_credit</param>
<param>sctp.init_nr_out_streams</param>
<param>sctp.init_nr_in_streams</param>
<param>sctp.init_initial_tsn</param>
<param>sctp.initack_credit</param>
<param>sctp.initack_nr_out_streams</param>
<param>sctp.initack_nr_in_streams</param>
<param>sctp.initack_initial_tsn</param>
<param>sctp.data_tsn</param>
<param>sctp.data_sid</param>
<param>sctp.data_ssn</param>
<param>sctp.data_payload_proto_id</param>
<param>sctp.asconf_serial_number</param>
<param>sctp.asconf_ack_serial_number</param>
<param>sctp.parameter_type</param>
<param>sctp.parameter_ipv4_address</param>
<param>sctp.correlation_id</param>
<param>sctp.sack_cumulative_tsn_ack</param>
<param>sctp.sack_a_rwnd</param>
<param>sctp.sack_number_of_gap_blocks</param>
<param>sctp.sack_number_of_duplicated_tsns</param>
<param>sctp.shutdown_cumulative_tsn_ack</param>
</sctp-message>
<!-- Message Template for Post Office Protocol (POP3) Version 3 Extraction -->
<tcp-message>
<opcode display="brief">pop</opcode>
<param>pop.Response</param>
<param>pop.Response Arg</param>
<param>pop.Request</param>
<param>pop.Request Arg</param>
</tcp-message>
<!-- Message Template for Internet Group Management Protocol (IGMP) Extraction -->
<ip-message>
<opcode display="brief">igmp</opcode>
<param display="brief">igmp.maddr</param>
</ip-message>
<!-- Message Template for Address Resolution Protocol (ARP) Extraction -->
<message>
<opcode display="brief">arp</opcode>
<param display="brief">arp.src.hw_mac</param>
<param display="brief">arp.src.proto_ipv4</param>
<param display="brief">arp.dst.hw_mac</param>
<param display="brief">arp.dst.proto_ipv4</param>
<source>
<ip>arp.src.proto_ipv4</ip>
<port>arp.src.hw_mac</port>
</source>
<destination>
<ip>arp.dst.proto_ipv4</ip>
<port>arp.dst.hw_mac</port>
</destination>
</message>
<!-- Message Template for Domain Name System (DNS) Extraction -->
<udp-message>
<opcode display="brief">dns</opcode>
<param>dns.flags</param>
<param>dns.qry.name</param>
<param>dns.qry.type</param>
<param>dns.qry.class</param>
<param>dns.resp.name</param>
<param>dns.resp.type</param>
<param>dns.resp.class</param>
<param>dns.resp.ttl</param>
<param display="brief">dns.Addr</param>
</udp-message>
<!-- Message Template for File Transfer Protocol (FTP) Extraction -->
<tcp-message>
<opcode display="brief">ftp</opcode>
<param display="brief">ftp.response.code</param>
<param display="brief">ftp.response.arg</param>
<param display="brief">ftp.request.command</param>
<param display="brief">ftp.request.arg</param>
<param display="brief">ftp.active.cip</param>
<param display="brief">ftp.active.port</param>
<param display="brief">tcp.len</param>
</tcp-message>
<!-- Message Templates for Hypertext Transfer Protocol (HTTP) Request Extraction -->
<tcp-message>
<opcode>http.request.method</opcode>
<param>http.request.uri</param>
<param>http.request.version</param>
<param>http.response.code</param>
<param>http.If-Modified-Since</param>
<param display="brief">tcp.len</param>
</tcp-message>
<tcp-message>
<opcode>http.response.code</opcode>
<param>http.request.uri</param>
<param>http.request.version</param>
<param display="brief">tcp.len</param>
</tcp-message>
<tcp-message>
<opcode display="brief">http</opcode>
<param>http.request.uri</param>
<param>http.request.version</param>
<param>http.response.code</param>
<param display="brief">tcp.len</param>
</tcp-message>
<!-- Message Template for Internet Control Message Protocol (ICMP) Extraction -->
<ip-message>
<opcode>icmp.type</opcode>
<param>icmp.seq</param>
</ip-message>
<!-- Message Template for Net Bios Name Service (NBNS) Extraction -->
<udp-message>
<opcode display="brief">nbns</opcode>
<param>nbns.flags</param>
<param>nbns.count.queries</param>
<param>nbns.count.add_rr</param>
<param>nbns.Addr</param>
</udp-message>
<!-- Message Template for Bootstrap Protocol (BOOTP) Extraction -->
<ip-message>
<opcode display="brief">bootp.Option 53</opcode>
<param>bootp.hw.mac_addr</param>
<param>bootp.Option 50</param>
<param>bootp.fqdn.name</param>
</ip-message>
<!-- Message Template for Open Shortest Path First (OSPF) Routing Protocol Extraction -->
<ip-message>
<opcode>ospf.msg</opcode>
<param>ospf.msg.lsreq</param>
<param>ospf.srcrouter</param>
<param>ospf.Area ID:</param>
<param>ospf.Hello Interval</param>
<param>ospf.Router Priority</param>
<param>ospf.Options</param>
<param>ospf.Designated Router</param>
<param>ospf.Backup Designated Router</param>
<param>ospf.Network Mask</param>
<param>ospf.Interface MTU</param>
<param>ospf.DD Sequence</param>
<param>ospf.Flags</param>
<param>ospf.lsa</param>
<param>ospf.Link State ID</param>
<param>ospf.advrouter</param>
</ip-message>
<!-- Message Template for the Border Gateway Protocol (BGP) Extraction -->
<tcp-message>
<opcode>bgp.type</opcode>
<param>bgp</param>
<param>bgp.Version</param>
<param>bgp.My AS</param>
<param>bgp.Hold time</param>
<param>bgp.BGP identifier</param>
<param>bgp.Unfeasible routes length</param>
<param>bgp.Total path attribute length</param>
<param>bgp.ORIGIN</param>
<param>bgp.Flags</param>
<param>bgp.AS_PATH</param>
<param>bgp.NEXT_HOP</param>
<param>bgp.LOCAL_PREF</param>
<param>bgp.AGGREGATOR</param>
<param>bgp.COMMUNITIES</param>
<param>bgp.ORIGINATOR_ID</param>
<param>bgp.CLUSTER_LIST</param>
<param>bgp.nlri_prefix</param>
</tcp-message>
<!-- Message Template for Transmission Control Protocol (TCP) Extraction -->
<tcp-message>
<opcode>ip.proto</opcode>
<param>tcp.flags</param>
<param display="brief">tcp.len</param>
</tcp-message>
<!-- Message Pattern for User Datagram Protocol (UDP) Extraction -->
<udp-message>
<opcode>ip.proto</opcode>
</udp-message>
<!-- Message Pattern for Internetworking Protocol (IP) Extraction -->
<ip-message>
<opcode>ip.proto</opcode>
</ip-message>
</FXT>
