<div style="width:100%;max-width:980px"><table width="100%" cellpadding="0" cellspacing="0" border="0" style="table-layout:fixed"><tr><td><img src="https://ssl.pstatic.net/static/pwe/mail/deskhome/ico_att_clip.gif" width="7" height="10" alt=""> <strong>대용량 첨부파일</strong> <span style="color:#38b601">1개</span>(106MB)</td><td align="right" style="font-size:11px;letter-spacing:-1px;color:#666">대용량 첨부 파일은 <span style="letter-spacing:0;color:#ff3300;">30일간 보관</span> / <span style="letter-spacing:0;color:#ff3300;">100회까지</span> 다운로드 가능</td></tr><td height="5" style="height:5px;font-size:0"></td></tr></table><table width="100%" cellpadding="0" cellspacing="0" border="0" style="table-layout:fixed"><tr><td colspan="2" style="border:1px solid #ededee;border-bottom:0"><table width="100%" height="100%" cellpadding="0" cellspacing="0" border="0" style="border-bottom:1px solid #ededee;table-layout:fixed"><tr><td valign="middle" align="right" width="20" style="width:20px"><a href="http://bigfile.mail.naver.com/bigfileupload/download?fid=1qndKokcpXgjKxMjK3YXKogwFqgwKogwKqumKobjKxt/FqEwFoKla3e4Mo34F6iSMrpSpxKXF4ElFxMwazkCa63CKzKXFo2qat=="> <img src="https://ssl.pstatic.net/static/pwe/nm/btn_savepc.png" width="17" height="17" alt="PC저장" border="0" style="vertical-align:top" ></a></td><!--endpcsavetd--><td valign="middle" align="right" width="20" style="width:20px"><a class="_c1(mcCore|downloadBigfileNdrive|https://cloud.naver.com/saveFile.nhn?service=mail&resource=%7B%22size%22%3A111590104%2C%22name%22%3A%22testpcap.pcap%22%2C%22downloadUrl%22%3A%22bigfile.mail.naver.com%2Fbigfileupload%2Fdownload%3Ffid%3D1qndKokcpXgjKxMjK3YXKogwFqgwKogwKqumKobjKxt%2FFqEwFoKla3e4Mo34F6iSMrpSpxKXF4ElFxMwazkCa63CKzKXFo2qat%3D%3D%22%2C%22key%22%3A%22%22%7D) _stopDefault"   href="https://cloud.naver.com/saveFile.nhn?service=mail&resource=%7B%22size%22%3A111590104%2C%22name%22%3A%22testpcap.pcap%22%2C%22downloadUrl%22%3A%22bigfile.mail.naver.com%2Fbigfileupload%2Fdownload%3Ffid%3D1qndKokcpXgjKxMjK3YXKogwFqgwKogwKqumKobjKxt%2FFqEwFoKla3e4Mo34F6iSMrpSpxKXF4ElFxMwazkCa63CKzKXFo2qat%3D%3D%22%2C%22key%22%3A%22%22%7D&filekey=1qndKokcpXgjKxMjK3YXKogwFqgwKogwKqumKobjKxt/FqEwFoKla3e4Mo34F6iSMrpSpxKXF4ElFxMwazkCa63CKzKXFo2qat=="> <img src="https://ssl.pstatic.net/static/pwe/nm/btn_savendr.png" width="17" height="17" alt="네이버 클라우드" border="0" style="vertical-align:top" ></a></td><td width="*" style="width: auto; line-height: 17px; padding: 3px 7px"><a href="http://bigfile.mail.naver.com/bigfileupload/download?fid=1qndKokcpXgjKxMjK3YXKogwFqgwKogwKqumKobjKxt/FqEwFoKla3e4Mo34F6iSMrpSpxKXF4ElFxMwazkCa63CKzKXFo2qat==" title="testpcap.pcap" style="color: #333; font-size: 12px; display: block; text-overflow: ellipsis; white-space: nowrap; width: 100%; overflow: hidden; text-decoration:none">testpcap.pcap <span style="font-family:tahoma;font-size:11px;color:#999;">106MB</span></a></td></tr></table></td></tr><tr><td colspan="2" height="26" style="font-size:11px;letter-spacing:-1px;">  다운로드 기간: <span style="letter-spacing:0;color:#ff3300">2017/01/20 ~ 2017/02/19</span></td></tr><table width="100%" cellpadding="0" cellspacing="0" border="0" style="table-layout:fixed"><tr><td height="7"></td></tr><tr><td height="1" bgcolor="#ececec" style="background-color: #ececec; height: 1px; width: 100%"></td></tr><tr><td height="20"></td></tr></table></table></div><html><head><style>p{margin-top:0px;margin-bottom:0px;}</style></head><body><div style="font-size:10pt; font-family:Gulim;"><p>I attached the pcap file to use  for testing.</p><p>file size is 111MBytes.</p><p> </p><p> </p><p> </p><p style="padding: 0px 0px 0px 10pt; font-family: sans-serif; font-size: 10pt;"><span>-----Original Message-----</span><br><b>From:</b> "Andreas Herz"<andi@geekosphere.org> <br><b>To:</b> <oisf-users@lists.openinfosecfoundation.org>; <br><b>Cc:</b> <br><b>Sent:</b> 2017-01-20 (금) 06:13:22<br><b>Subject:</b> Re: [Oisf-users] [Question] suricata test with pcap-file(After upgrading the suricata version(2.0.11 --> 3.2))<br> </p>On 16/01/17 at 17:15, 박경호 wrote:<br>> I did the test to use two smaller pcap files. one is 111MB and another is 66MB.<br>> when i run the suricata twice with 111MB pcap file, the alert messages are different. <br>> But when i run the suricata twice with 66MB pcap file, the alert messagte is same.<br>> I merged the two pcap files(45MB, 66MB) to one pcap file(111MB) using wire-shark.<br><br>Can you share thoe 11MB pcap here or with us from the OISF team?<br><br>> Is the this issue  computing resources?(specially ram memory issue?)<br><br>I wouldn't say for sure it's an memory issue.<br><br>> Can you recommend me  how much memory i need in the following situation?<br>> when i check some pcap files which the size is more than 1GB with suricata,  how much memory do i  need? <br><br>8GB are not that low IMHO.<br><br>> And,<br>> If I add the memory in my computer, which parts are changed in configuration file(suricata.yaml)?<br><br>Without you changing it, nothing.<br><br>>  <br>> -----Original Message-----<br>> From: "박경호"<pgh5247@naver.com> <br>> To: "Andreas Herz"<andi@geekosphere.org>; <oisf-users@lists.openinfosecfoundation.org>; <br>> Cc: <br>> Sent: 2017-01-16 (월) 16:17:33<br>> Subject: Re: [Oisf-users] [Question] suricata test with pcap-file(After upgrading the suricata version(2.0.11 --> 3.2))<br>>  <br>>  <br>> -----Original Message-----<br>> From: "Andreas Herz"<andi@geekosphere.org> <br>> To: <oisf-users@lists.openinfosecfoundation.org>; <br>> Cc: <br>> Sent: 2017-01-14 (토) 06:19:16<br>> Subject: Re: [Oisf-users] [Question] suricata test with pcap-file(After upgrading the suricata version(2.0.11 --> 3.2))<br>>  <br>> On 12/01/17 at 10:48, 박경호 wrote:<br>> > After upgrading the version from 2.0.11 to 3.2, I did the test again.<br>> > Unfortunately, alert messages were different whenever the suricata was<br>> > run with same a pcap-file.<br>> <br>> Can you be more verbose about that?<br>> ==> i run the suricata like the following command : suricata -c suricata.yaml -r testpcap.pcap<br>>       ( i never changed the configure file(.yaml)).<br>> <br>> > I didn't change the configure file(suricata.yaml) and pcap-file's size<br>> > is 693MB.  (pc memory is 8GB, cpu is intel i5-4460, os is Ubuntu<br>> > 16.06)<br>> <br>> Can you try to reproduce the issue with a smaller pcap file that you can<br>> share with us?<br>> ==> After i try to reproduce with a smaller pcap file, i will share the result and pcap file.<br>>   <br>> > please explain to me about this situation.<br>> <br>> I still need more details about your suricata configuration, how do you<br>> run suricata, what did you configure?<br>> <br>> An easy way to reproduce that for us will help to find a solution (after<br>> we found what's the real issue you have).<br>> <br>> -- <br>> Andreas Herz<br>> _______________________________________________<br>> Suricata IDS Users mailing list: oisf-users@openinfosecfoundation.org<br>> Site: <a href="http://suricata-ids.org">http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/">http://suricata-ids.org/support/</a><br>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users <br>> <br>> <br><br>-- <br>Andreas Herz<br>_______________________________________________<br>Suricata IDS Users mailing list: oisf-users@openinfosecfoundation.org<br>Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/<br>List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users<br></div></body></html>
<table style="display:none"><tr><td><img src="https://mail.naver.com/readReceipt/notify/?img=19KdKokcpXI4MxvwhAnXK6UdMquwFxv%2FMxvdazMZKq%2BoKxElMovqKrtdpuIo%2BrkSKog5W4d5W4C5bX0q%2BzkR74FTWx%2FsWr0qpS99brkZbdIn1BFdbZlTbzk516l4WXF0MrpT%2B6lvMB3GWr%2F5WXiN.gif" border="0"></td></tr></table>