[Bro] signature header
Sridhar Basam
basam at stream.aol.net
Wed Oct 24 08:12:57 PDT 2007
It means you are reading 4 bytes starting at 16th byte. So if you line
this up with your IP header, it matches the destination address in your
datagrams.
Sridhar
Research Team wrote:
>
> Hi all
>
>
>
> Can someone help me with this header?
>
>
>
> header ip[16:4]
>
>
>
> I don't get it? What does it mean. I have read the manual but was not
> very helpful
>
>
>
> Thx
>
> Moukala.
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20071024/8dfd120e/attachment.html
More information about the Bro
mailing list