1# DHCP - Dynamic Host Configuration Protocol - RFC 1541 2# Pattern attributes: good veryfast fast 3# Protocol groups: networking ietf_draft_standard 4# Wiki: http://www.protocolinfo.org/wiki/DHCP 5# 6# Usually runs on ports 67 (server) and 68 (client) 7# 8# Also matches BOOTP (Bootstrap Protocol (RFC 951)) in the case that 9# the "vendor specific options" are used (these options were made standard 10# for DHCP). 11# 12# This pattern is lightly tested. 13 14dhcp 15^[\x01\x02][\x01- ]\x06.*c\x82sc 16 17# Let's break that down: 18# 19# (\x01|\x02) is for BOOTREQUEST or BOOTREPLY 20# Is there a demand for doing these seperately? The Packeteer does. 21# 22# [\x01-\x20] is for any of the hardware address types listed at 23# (http://www.iana.org/assignments/arp-parameters) and hopefully faster 24# ethernets too (100, 1000 and 10000mb) as well (do they share the 10mb 25# number?). 26# 27# \x06 for "hardware address length = 6 bytes". Does anyone use other lengths 28# these days? If so, this pattern won't match it as it stands. 29# 30# .* covers the hops, xid, secs, flags, ciaddr, yiaddr, siaddr, giaddr, 31# chaddr, sname and file fields. While this can't really be "any number 32# of characters" long, it doesn't seem worth it to count. 33# Can we make this more specific by restricting the number of hops or seconds? 34# 35# 0x63825363 is the "magic cookie" which begins the DHCP options field. 36