[Bro] Extraction of IP identification field from tcpdump file
vern at icir.org
Sun Feb 26 13:04:26 PST 2012
> I want to extract the IP identification field from tcpdump dataset. I have
> attached the script which I have got.
It's unreasonable to expect us to look through an 1,800 line script for a
problem like this. You really should trim it down to the simplest script
that expresses the problem you're encountering.
That said, I'll note that the only references to $ip_hdr$id (or even $ip_hdr)
are commented-out, so certainly aren't going to work!
More information about the Bro