Hi
In the tcp_packet event, how can I obtain the absolute values (found in the tcp header), not the relative values of ack and seq numbers.
Best regards,
Hui Lin
Hi
In the tcp_packet event, how can I obtain the absolute values (found in the tcp header), not the relative values of ack and seq numbers.
Best regards,
Hui Lin
The `get_current_packet_header()` BIF likely works for you:
https://docs.zeek.org/en/stable/scripts/base/bif/zeek.bif.zeek.html#id-get_current_packet_header
Or else the `raw_packet` event is also something that uses the
`raw_pkt_hdr` type which should have the absolute sequence numbers.
- Jon