[Oisf-devel] Help! How can I get alerts when each pcap replaying
xbadou xbadou
xbadou at gmail.com
Mon Jul 15 14:12:52 UTC 2013
Hi
I replay the pcap file which is attached. The pcap file can cause many
alerts in fast.log, for example 50 alerts. When I replay it for a second
time, I expected there will be 100 alerts in fast.log but it is still 50.
But when I restart suricata and replay the packet then I can get 100 alerts.
On Mon, Jul 15, 2013 at 9:50 PM, Peter Manev <petermanev at gmail.com> wrote:
> Hi ,
>
> >
> >
> >
> > On Mon, Jul 15, 2013 at 8:54 PM, xbadou xbadou <xbadou at gmail.com> wrote:
> >>
> >> Hi
> >>
> >>
> >>
> >> I am using suricata 1.4.2. Today I do a test, but can't get the result I
> >> want.
> >>
>
> What is the result that you want?
>
> >>
> >>
> >> I use a computer runing suricata and listen traffic on one interface. On
> >> the same time, I use the other PC replaying a pcap file on the interface
> >> which connected to the first PC. The pcap file contain some tcp packet
> which
> >> can cause alerts.
> >>
> >>
> >>
>
>
> What are the alerts that you are seeing and what are the alerts that
> you are expecting?
>
>
>
> Regards,
> Peter Manev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20130715/ef04f898/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: HTTP_Xscan_CGI.zip
Type: application/zip
Size: 46663 bytes
Desc: not available
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20130715/ef04f898/attachment-0001.zip>
More information about the Oisf-devel
mailing list