[Bro] Extraction of IP identification field from tcpdump file

Vern Paxson vern at icir.org
Sun Feb 26 13:04:26 PST 2012

> I want to extract the IP identification field from tcpdump dataset. I have
> attached the script which I have got.

It's unreasonable to expect us to look through an 1,800 line script for a
problem like this.  You really should trim it down to the simplest script
that expresses the problem you're encountering.

That said, I'll note that the only references to $ip_hdr$id (or even $ip_hdr)
are commented-out, so certainly aren't going to work!


More information about the Bro mailing list