[Oisf-devel] Why sometime p->pcap_cnt value is 0?
iswalker
mail2cissp at gmail.com
Fri Dec 7 13:15:06 UTC 2012
hi,when I run suricata in pcap-file mode,and use fast and unified2 output
plugins,I want to know which packet in pcap-file triggered signature,so I
print p->pcap_cnt, I found some value is 0,I don't know in which condition
the value is set to zero ?
I know if event generated by single packet,the p->pcap_cnt is valid,if
event generated by ip fragment or tcp stream,p->pcap_cnt is useless, Can
someone know where the codes set p->pcap_cnt to zero?
thanks ,walker
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20121207/ae7acaa1/attachment.html>
More information about the Oisf-devel
mailing list