-
The clarissa v1.0 format consists of a version header followed by zero or more lines.
-
The version header format consists of an octothorpe, three spaces, the string
clarissa, three spaces, and a format version string.-
Example:
# clarissa v1.0
-
-
The line format consists of 6 fields: a MAC address, an IPv4 address and an IPv6 address, each followed by a unix timestamp. This is terminated by a line ending.
-
All fields must be present and must start at offsets:
0 20 33 51 64 106 -
These fields must be lower case.
-
These fields are separated by at least 3 spaces.
-
Visual aid:
[0]-mac [20]-timestamp [33]-ipv4 [51]-timestamp [64]-ipv6 [106]-timestamp -
The MAC address must be represented as 6 hexadecimal octets separated by colons.
-
The IPv4 address must be in dotted-decimal notation. (
0.0.0.0if absent) -
The IPv6 address must follow IETF RFC5952 sections 4 and 5. (
::if absent) -
Each timestamp must take the form of a single positive integer decimal number representing the number of seconds since 1970-01-01T00:00:00Z as reported by the system clock at the time of its respective capture. They are at most 10 characters wide and without leading zeros. (
0if absent) -
Example:
be:69:27:de:c3:be 1582924127 192.168.42.127 1582924125 2001:db8:bc3a:d23a::666 1582924126
-
-
Any line not following this format should not be parsed as such.
-