[Oisf-devel] Suricata's Limitation?
Prabhakaran Kasinathan
prabhakaran1989 at gmail.com
Tue Jul 30 14:47:44 UTC 2013
Hi everyone,
Let's consider that we have a pcap file with 50 matches of ICMP_SEQ:
$number$ using wireshark.
When we use suricata using the same pcap to match ICMP_SEQ:$number$ ( in a
rule), it produces sometimes different, but little less than or equal to
the actual 50 matches.
I mean for the first time it triggers 45 alerts, and different next time.
It misses some matches! This pattern can be reproduced in different cases
such as threshold rule, etc. Each time with the same rule and same pcap, I
get different match or sometime same number of match.
Is this a limitation of all NIDSs?
--
Best Regards,
Prabhakaran Kasinathan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20130730/339779bf/attachment.html>
More information about the Oisf-devel
mailing list