[Snort-users] ID number in pcap files (Darpa 99)

wkitty42 at windstream.net wkitty42 at windstream.net
Fri May 18 13:13:42 EDT 2018


On 05/18/2018 03:56 AM, Ibrahim Ahmed via Snort-users wrote:
> I had a question about the 'ID' feature in the tpdump file I got from the Darpa 
> 1999 dataset.
> 
> Two examples of packets from this file are below:
> 
> /03/29-06:02:03.398394 135.8.60.182 -> 172.16.113.84/
> /PROTO:254 TTL:64 TOS:0x0 *ID:1508* IpLen:20 DgmLen:20 DF/
> /=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+/
> /
> /
> /03/29-06:02:04.465788 135.8.60.182 -> 172.16.114.169/
> /PROTO:254 TTL:64 TOS:0x0 *ID:1531* IpLen:20 DgmLen:20 DF/
> /=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+/


is that the TCP/IP packet number in the stream being processed?


-- 
  NOTE: No off-list assistance is given without prior approval.
        *Please keep mailing list traffic on the list unless*
        *a signed and pre-paid contract is in effect with us.*


More information about the Snort-users mailing list