Data insertions into the request
Data insertions into the request involve the IPv6 format and translate mode.
IPv6 format
When IPv6 capture is enabled and IPv6 addresses are
detected in the capture stream, the following variables are inserted
into the [env] section of the request:
[env]
...
IPV6_XLAT=False
IPV6=True
...
REMOTE_ADDR=fe80::20b:dbff:fe93:a462
LOCAL_ADDR=fe80::213:72ff:fe67:ed26
SERVER_NAME=fe80::213:72ff:fe67:ed26
IPV6_REMOTE_ADDR=FE80:0000:0000:0000:020B:DBFF:FE93:A462
IPV6_LOCAL_ADDR=FE80:0000:0000:0000:0213:72FF:FE67:ED26
IPV6_SERVER_NAME= fe80::213:72ff:fe67:ed26
...
- Field
- Description
IPV6_XLAT- When IPv6 is set to
True, this option, ifTrue, indicates whether IP addresses inserted into the request contain IPv4 addresses and must be translated. IPV6- Indicates if captured traffic is IPv6, if
True. REMOTE_ADDR- The raw IP address, as captured, for the remote address can be
in IPv6 or IPv4 format.
- This value can be inserted by the DNCA. Note: This value can be compressed for IPv6 format.
- This value can be inserted by the DNCA.
LOCAL_ADDR- The raw IP address, as captured, for the local address can be
in IPv6 or IPv4 format.
- This value can be inserted by the DNCA. Note: This value can be compressed for IPv6 format.
- This value can be inserted by the DNCA.
SERVER_NAME- Existing field name can now accept IPv6 data. Note:
SERVER_NAMEis not indexed. IPV6_REMOTE_ADDR- The
REMOTE_ADDRvalue that is rendered in IPv6 uncompressed format- This value can be inserted by the DNCA.
IPV6_LOCAL_ADDR- The
LOCAL_ADDRvalue that is rendered in IPv6 uncompressed format- This value can be inserted by the DNCA.
IPV6_SERVER_NAME- New field name is used to store
SERVER_NAMEvalue in uncompressed IPv6 format.
IPv6 Translate mode
In IPv6 Translate mode, the DNCA translates IPv4-native addresses into a format that is readable by using components on the Windows™ Discover servers. The DNCA inserts the following fields in the request. In addition to the fields, the original values for the following are inserted:
IPV6_REMOTE_ADDR_ORIGIPV6_LOCAL_ADDR_ORIGIPV6_SERVER_NAME_ORIG
Example:
IPV6_XLAT=True
IPV6=True
REMOTE_ADDR=254.147.164.98
LOCAL_ADDR=254.103.237.38
SERVER_NAME=254.103.237.38
?
IPV6_REMOTE_ADDR=0000:0000:0000:0000:0000:FFFF:FE93:A462
IPV6_LOCAL_ADDR=0000:0000:0000:0000:0000:FFFF:FE67:ED26
IPV6_SERVER_NAME=0000:0000:0000:0000:0000:FFFF:FE67:ED26
?
IPV6_REMOTE_ADDR_ORIG=FE80:0000:0000:0000:020B:DBFF:FE93:A462
IPV6_LOCAL_ADDR_ORIG=FE80:0000:0000:0000:0213:72FF:FE67:ED26
IPV6_SERVER_NAME_ORIG=FE80:0000:0000:0000:0213:72FF:FE67:ED26
- Field
- Description
IPV6_REMOTE_ADDR_ORIG- Contains the original IPv6 address for the REMOTE_ADDR before it is translated.
IPV6_LOCAL_ADDR_ORIG- Contains the original IPv6 address for the LOCAL_ADDR before it is translated.
IPV6_SERVER_NAME_ORIG- Contains the original IPv6 address for the SERVER_NAME before it is translated.
See IPv6 format.