[Bro] Extraction of IP identification field from tcpdump file

Nicholas Weaver nweaver at ICSI.Berkeley.EDU
Tue Feb 21 08:13:33 PST 2012


On Tue, Feb 21, 2012 at 7:40 AM, Rishi Sahay <basusahay at gmail.com> wrote:
> Hello,
> 
>  I want to extract the IP identification field from the tcpdump file. I have
> extracted header information from the packet in the tcpdump file using
> conn.bro script. But IP identification field has not been extracted. Is
> there any script available to extract the IP identification field. I am
> using BRO IDS 1.5.3. Please, help me in this regard. Thanks in advance.
> 

For this task you might want to consider using IPSumdump

http://www.cs.ucla.edu/~kohler/ipsumdump/

Which is much faster for getting IP header level information from a TCPdump file than bro.





More information about the Bro mailing list