xneti_schema = library_schema:new( 1, ["time", "ip", "integer", "ip", 
                                         "int", "string" ], scope() );

filter xnetinside ip ( )  {

     if (tcp.hdr){
       $dabyte = byte(ip.blob, 13);
       $dabyte = $dabyte & 0x3f;
       if (!($dabyte ^ 0x2 )){
         if ( !( ip.source inside values:my_networks )) {
           $string = "S";
           record system.time, ip.src, tcp.sport, ip.dest, tcp.dport, $string
             to xnetinside_recorder;
           return;
         }
       }
       if ( ($dabyte & 0x2) && ($dabyte & 0x2d)){
         $string = "S";
         if ( !( ip.source inside values:my_networks )) {
           if (!($dabyte ^ 0x1))
             cat($string, "F");
           if (!($dabyte ^ 0x4))
             cat($string, "R");
           if (!($dabyte ^ 0x8))
             cat($string, "P");
           if (!($dabyte ^ 0x20))
             cat($string, "U");
           record system.time, ip.src, tcp.sport, ip.dest, tcp.dport, $string
             to xnetinside_recorder;
           return;
         }
        }
     }
}

xnetinside_recorder=recorder( "bin/histogram packages/test/ext_net_inside.cfg",
	"xneti_schema"  );