[Bro] Extraction of IP identification field from tcpdump file

Nicholas Weaver nweaver at ICSI.Berkeley.EDU
Tue Feb 21 08:13:33 PST 2012

On Tue, Feb 21, 2012 at 7:40 AM, Rishi Sahay <basusahay at gmail.com> wrote:
> Hello,
>  I want to extract the IP identification field from the tcpdump file. I have
> extracted header information from the packet in the tcpdump file using
> conn.bro script. But IP identification field has not been extracted. Is
> there any script available to extract the IP identification field. I am
> using BRO IDS 1.5.3. Please, help me in this regard. Thanks in advance.

For this task you might want to consider using IPSumdump


Which is much faster for getting IP header level information from a TCPdump file than bro.

More information about the Bro mailing list