[Bro] signature header
Jean-Philippe Luiggi
jp.luiggi at free.fr
Wed Oct 24 08:28:08 PDT 2007
On Wed, Oct 24, 2007 at 01:23:36PM +0100, Research Team wrote:
> Hi all
>
> Can someone help me with this header?
>
> header ip[16:4]
>
> I don't get it? What does it mean. I have read the manual but was not very
> helpful
Hello,
Speaking of pure tcpdump/libpcap definitions, we want to use 4 octets from
position 16 in the ip header.
And in this case, it seems to be the ip destination address.
See http://en.wikipedia.org/wiki/IPv4/Header
Please note taht iounting is done from '0'
With regards,
Jean-philippe.
More information about the Bro
mailing list