<div dir="ltr"><p style="text-align:left;color:rgb(0,0,0);text-transform:none;text-indent:0px;letter-spacing:normal;font-family:-apple-system,BlinkMacSystemFont,segoe ui,roboto,oxygen,ubuntu,cantarell,fira sans,droid sans,helvetica neue,sans-serif;font-size:15px;font-style:normal;font-variant:normal;font-weight:400;text-decoration:none;word-spacing:0px;white-space:normal;box-sizing:border-box;background-color:transparent">Hello!<br style="box-sizing:border-box"><br style="box-sizing:border-box">I am working on Suricata 3 source code to add an additional feature to it.</p><p style="text-align:left;color:rgb(0,0,0);text-transform:none;text-indent:0px;letter-spacing:normal;font-family:-apple-system,BlinkMacSystemFont,segoe ui,roboto,oxygen,ubuntu,cantarell,fira sans,droid sans,helvetica neue,sans-serif;font-size:15px;font-style:normal;font-variant:normal;font-weight:400;text-decoration:none;word-spacing:0px;white-space:normal;box-sizing:border-box;background-color:transparent">I know Suricata 3 reads a pcap file in the command line.</p><p style="text-align:left;color:rgb(0,0,0);text-transform:none;text-indent:0px;letter-spacing:normal;font-family:-apple-system,BlinkMacSystemFont,segoe ui,roboto,oxygen,ubuntu,cantarell,fira sans,droid sans,helvetica neue,sans-serif;font-size:15px;font-style:normal;font-variant:normal;font-weight:400;text-decoration:none;word-spacing:0px;white-space:normal;box-sizing:border-box;background-color:transparent">We added another function to extract eml files when it reads Pcap in the command line.</p><p style="text-align:left;color:rgb(0,0,0);text-transform:none;text-indent:0px;letter-spacing:normal;font-family:-apple-system,BlinkMacSystemFont,segoe ui,roboto,oxygen,ubuntu,cantarell,fira sans,droid sans,helvetica neue,sans-serif;font-size:15px;font-style:normal;font-variant:normal;font-weight:400;text-decoration:none;word-spacing:0px;white-space:normal;box-sizing:border-box;background-color:transparent"><a style="color:rgb(13,113,251);text-decoration:underline;word-wrap:break-word;box-sizing:border-box;background-color:transparent" href="https://github.com/CPP-CProgramming/Suricata/blob/master/src/app-layer-smtp.c#L1613-L1619">https://github.com/CPP-CProgramming/Suricata/blob/...</a></p><p style="text-align:left;color:rgb(0,0,0);text-transform:none;text-indent:0px;letter-spacing:normal;font-family:-apple-system,BlinkMacSystemFont,segoe ui,roboto,oxygen,ubuntu,cantarell,fira sans,droid sans,helvetica neue,sans-serif;font-size:15px;font-style:normal;font-variant:normal;font-weight:400;text-decoration:none;word-spacing:0px;white-space:normal;box-sizing:border-box;background-color:transparent"><a style="color:rgb(13,113,251);text-decoration:underline;word-wrap:break-word;box-sizing:border-box;background-color:transparent" href="https://github.com/CPP-CProgramming/Suricata/blob/master/src/util-file.c#L780">https://github.com/CPP-CProgramming/Suricata/blob/...</a></p><p style="text-align:left;color:rgb(0,0,0);text-transform:none;text-indent:0px;letter-spacing:normal;font-family:-apple-system,BlinkMacSystemFont,segoe ui,roboto,oxygen,ubuntu,cantarell,fira sans,droid sans,helvetica neue,sans-serif;font-size:15px;font-style:normal;font-variant:normal;font-weight:400;text-decoration:none;word-spacing:0px;white-space:normal;box-sizing:border-box;background-color:transparent">However, it shows a abnormal behavior when it reads a Pcap file. </p><p style="text-align:left;color:rgb(0,0,0);text-transform:none;text-indent:0px;letter-spacing:normal;font-family:-apple-system,BlinkMacSystemFont,segoe ui,roboto,oxygen,ubuntu,cantarell,fira sans,droid sans,helvetica neue,sans-serif;font-size:15px;font-style:normal;font-variant:normal;font-weight:400;text-decoration:none;word-spacing:0px;white-space:normal;box-sizing:border-box;background-color:transparent"><a style="color:rgb(13,113,251);text-decoration:underline;word-wrap:break-word;box-sizing:border-box;background-color:transparent" href="https://drive.google.com/file/d/1TpQnZJyTgCilKPV4H4l-Z43P2EUPW6Kg/view?usp=drive_web">https://drive.google.com/file/d/1TpQnZJyTgCilKPV4H...</a></p><strong style="text-align:left;color:rgb(0,0,0);text-transform:none;text-indent:0px;letter-spacing:normal;font-family:-apple-system,BlinkMacSystemFont,segoe ui,roboto,oxygen,ubuntu,cantarell,fira sans,droid sans,helvetica neue,sans-serif;font-size:15px;font-style:normal;font-variant:normal;font-weight:700;text-decoration:none;word-spacing:0px;white-space:normal;box-sizing:border-box;background-color:transparent"></strong><p style="text-align:left;color:rgb(0,0,0);text-transform:none;text-indent:0px;letter-spacing:normal;font-family:-apple-system,BlinkMacSystemFont,segoe ui,roboto,oxygen,ubuntu,cantarell,fira sans,droid sans,helvetica neue,sans-serif;font-size:15px;font-style:normal;font-variant:normal;font-weight:400;text-decoration:none;word-spacing:0px;white-space:normal;box-sizing:border-box;background-color:transparent">If it reads 200 eml files out of pcap file, it only writes 191 files. </p><p style="text-align:left;color:rgb(0,0,0);text-transform:none;text-indent:0px;letter-spacing:normal;font-family:-apple-system,BlinkMacSystemFont,segoe ui,roboto,oxygen,ubuntu,cantarell,fira sans,droid sans,helvetica neue,sans-serif;font-size:15px;font-style:normal;font-variant:normal;font-weight:400;text-decoration:none;word-spacing:0px;white-space:normal;box-sizing:border-box;background-color:transparent">It does not read and write all the files out of Pcap, but misses some files.</p><p style="text-align:left;color:rgb(0,0,0);text-transform:none;text-indent:0px;letter-spacing:normal;font-family:-apple-system,BlinkMacSystemFont,segoe ui,roboto,oxygen,ubuntu,cantarell,fira sans,droid sans,helvetica neue,sans-serif;font-size:15px;font-style:normal;font-variant:normal;font-weight:400;text-decoration:none;word-spacing:0px;white-space:normal;box-sizing:border-box;background-color:transparent">We believe that this issue disappeared in Suricata 4. <br style="box-sizing:border-box"><br style="box-sizing:border-box">If you have been aware of this issue, could you tell me how to avoid it?</p></div>