<div style="width:100%;max-width:980px"><table width="100%" cellpadding="0" cellspacing="0" border="0" style="table-layout:fixed"><tr><td><img src="https://ssl.pstatic.net/static/pwe/mail/deskhome/ico_att_clip.gif" width="7" height="10" alt=""> <strong>대용량 첨부파일</strong> <span style="color:#38b601">1개</span>(41MB)</td><td align="right" style="font-size:11px;letter-spacing:-1px;color:#666">대용량 첨부 파일은 <span style="letter-spacing:0;color:#ff3300;">30일간</span> 보관 / <span style="letter-spacing:0;color:#ff3300;">100회까지</span> 다운로드 가능</td></tr><td height="5" style="height:5px;font-size:0"></td></tr></table><table width="100%" cellpadding="0" cellspacing="0" border="0" style="table-layout:fixed"><tr><td colspan="2" style="border:1px solid #ededee;border-bottom:0"><table width="100%" height="100%" cellpadding="0" cellspacing="0" border="0" style="border-bottom:1px solid #ededee;table-layout:fixed"><tr><td valign="middle" align="right" width="20" style="width:20px"><a href="http://bigfile.mail.naver.com/bigfileupload/download?fid=4Ye0M6G0p6mqKoEm+B0OHqujKxudaAEZaxMjKogZKAgdKxKwaAEXFxUjKxE/axK/Kxvla3eCMxUZp6M9p4i4FquqF6tXFxblaxbmMrtmaxglax00Mt=="> <img src="https://ssl.pstatic.net/static/pwe/nm/btn_savepc.png" width="17" height="17" alt="PC저장" border="0" style="vertical-align:top" ></a></td><!--endpcsavetd--><td valign="middle" align="right" width="20" style="width:20px"><a class="_c1(mcCore|downloadBigfileNdrive|https://cloud.naver.com/saveFile.nhn?service=mail&resource=%7B%22size%22%3A42775788%2C%22name%22%3A%22First_smtp_timestamp.tar.gz%22%2C%22downloadUrl%22%3A%22bigfile.mail.naver.com%2Fbigfileupload%2Fdownload%3Ffid%3D4Ye0M6G0p6mqKoEm%2BB0OHqujKxudaAEZaxMjKogZKAgdKxKwaAEXFxUjKxE%2FaxK%2FKxvla3eCMxUZp6M9p4i4FquqF6tXFxblaxbmMrtmaxglax00Mt%3D%3D%22%2C%22key%22%3A%22%22%7D) _stopDefault"   href="https://cloud.naver.com/saveFile.nhn?service=mail&resource=%7B%22size%22%3A42775788%2C%22name%22%3A%22First_smtp_timestamp.tar.gz%22%2C%22downloadUrl%22%3A%22bigfile.mail.naver.com%2Fbigfileupload%2Fdownload%3Ffid%3D4Ye0M6G0p6mqKoEm%2BB0OHqujKxudaAEZaxMjKogZKAgdKxKwaAEXFxUjKxE%2FaxK%2FKxvla3eCMxUZp6M9p4i4FquqF6tXFxblaxbmMrtmaxglax00Mt%3D%3D%22%2C%22key%22%3A%22%22%7D&filekey=4Ye0M6G0p6mqKoEm+B0OHqujKxudaAEZaxMjKogZKAgdKxKwaAEXFxUjKxE/axK/Kxvla3eCMxUZp6M9p4i4FquqF6tXFxblaxbmMrtmaxglax00Mt=="> <img src="https://ssl.pstatic.net/static/pwe/nm/btn_savendr.png" width="17" height="17" alt="네이버 클라우드" border="0" style="vertical-align:top" ></a></td><td width="*" style="width: auto; line-height: 17px; padding: 3px 7px"><a href="http://bigfile.mail.naver.com/bigfileupload/download?fid=4Ye0M6G0p6mqKoEm+B0OHqujKxudaAEZaxMjKogZKAgdKxKwaAEXFxUjKxE/axK/Kxvla3eCMxUZp6M9p4i4FquqF6tXFxblaxbmMrtmaxglax00Mt==" title="First_smtp_timestamp.tar.gz" style="color: #333; font-size: 12px; display: block; text-overflow: ellipsis; white-space: nowrap; width: 100%; overflow: hidden; text-decoration:none">First_smtp_timestamp.tar.gz <span style="font-family:tahoma;font-size:11px;color:#999;">41MB</span></a></td></tr></table></td></tr><tr><td colspan="2" height="26" style="font-size:11px;letter-spacing:-1px;">  다운로드 기간: <span style="letter-spacing:0;color:#ff3300">2020/04/13 ~ 2020/05/13</span></td></tr><table width="100%" cellpadding="0" cellspacing="0" border="0" style="table-layout:fixed"><tr><td height="7"></td></tr><tr><td><div style="background-color: #ececec; height: 1px; width: 100%"></div></td></tr><tr><td height="20"></td></tr></table></table></div><html><head><style>p{margin-top:0px;margin-bottom:0px;}</style></head><body><div style=""><p style="font-family: Gulim, sans-serif; font-size: 10pt;"><span style="font-size: 12px; font-family: 돋움, Dotum, Helvetica, "Apple SD Gothic Neo", sans-serif;">Hi oisf-users team,</span></p><p style="font-family: Gulim, sans-serif; font-size: 13.3333px;"> </p><p style="font-family: Gulim, sans-serif; font-size: 13.3333px;"><font face="돋움, Dotum, Helvetica, Apple SD Gothic Neo, sans-serif"><span style="font-size: 12px;">I am testing the file extraction function of Suricata version 5.0.2.</span></font></p><p>pcap was used in the ".lst" file format.</p><p>Also used the "--pcap-file-continuous" option.</p><p> </p><p style=""><font face="돋움, Dotum, Helvetica, Apple SD Gothic Neo, sans-serif" style=""><span style="font-size: 12px;">I have 2 questions.</span></font></p><p style=""> </p><p style=""><font face="돋움, Dotum, Helvetica, Apple SD Gothic Neo, sans-serif"><span style="font-size: 12px;">First,</span></font></p><p style=""><font face="돋움, Dotum, Helvetica, Apple SD Gothic Neo, sans-serif"><span style="font-size: 12px;">If the same rule and the same packet are tested many times, the timestamp of the detected packet will be detected differently.</span></font></p><p style=""><font face="돋움, Dotum, Helvetica, Apple SD Gothic Neo, sans-serif"><span style="font-size: 12px;">Information other than the time stamp and flow_id match.</span></font></p><p style=""><font face="돋움, Dotum, Helvetica, Apple SD Gothic Neo, sans-serif"><span style="font-size: 12px;">I want to know why the timestamp value was detected differently each time.</span></font></p><p style="font-family: Gulim, sans-serif; font-size: 13.3333px;"><font face="돋움, Dotum, Helvetica, Apple SD Gothic Neo, sans-serif"><span style="font-size: 12px;"><br></span></font></p><p style=""><font face="돋움, Dotum, Helvetica, Apple SD Gothic Neo, sans-serif"><span style="font-size: 12px;">Second,</span></font></p><p><font face="돋움, Dotum, Helvetica, Apple SD Gothic Neo, sans-serif"><span style="font-size: 12px;">When extracting files from ftp pcap, detection may not be possible.</span></font></p><p><font face="돋움, Dotum, Helvetica, Apple SD Gothic Neo, sans-serif"><span style="font-size: 12px;">Detects about once in a maximum of 10 inspection operations.</span></font></p><p><font face="돋움, Dotum, Helvetica, Apple SD Gothic Neo, sans-serif"><span style="font-size: 12px;">For testing, i used the same rules and the same pcap. (Pcap size is 94k and small size.)</span><br></font></p><p><font face="돋움, Dotum, Helvetica, Apple SD Gothic Neo, sans-serif"><span style="font-size: 12px;">If detected and not, I want to know why it is displayed in the same pcap.</span><br></font></p><p><font face="돋움, Dotum, Helvetica, Apple SD Gothic Neo, sans-serif"><span style="font-size: 12px;"><br></span></font></p><p>Attached files such as pcap, rule, and .yaml used in the test to the email. </p><p><font face="돋움, Dotum, Helvetica, Apple SD Gothic Neo, sans-serif"><span style="font-size: 12px;">Ftp also includes a fast.log file.</span><br></font></p><p> </p><p style="font-family: 돋움, Dotum, Helvetica, "Apple SD Gothic Neo", sans-serif; font-size: 12px;"><span lang="EN-US">Can you help me with any related issues?</span></p><p style="font-family: 돋움, Dotum, Helvetica, "Apple SD Gothic Neo", sans-serif; font-size: 12px;"><span lang="EN-US">Thank you for your time.</span></p><p style="font-family: 돋움, Dotum, Helvetica, "Apple SD Gothic Neo", sans-serif; font-size: 12px;"><span lang="EN-US">We look forward to your reply.</span></p><p style="font-family: 돋움, Dotum, Helvetica, "Apple SD Gothic Neo", sans-serif; font-size: 12px;"><span lang="EN-US"> </span></p><p style="font-family: Gulim, sans-serif; font-size: 13.3333px;"><font face="돋움, Dotum, Helvetica, Apple SD Gothic Neo, sans-serif"><span style="font-size: 12px;"><b>JK Lee</b></span></font></p><p style="font-family: 돋움, Dotum, Helvetica, "Apple SD Gothic Neo", sans-serif; font-size: 12px;"><span lang="EN-US">leejaekyu0523<a href="mailto:jbkcoatl@naver.com" rel="noreferrer noopener" target="_blank" style="text-decoration-line: none;">@naver.com</a></span></p><p style="font-family: 돋움, Dotum, Helvetica, "Apple SD Gothic Neo", sans-serif; font-size: 12px;"><span lang="EN-US">+82-10-9501-9597</span></p></div>

</body></html><table style='display:none'><tr><td><img src="https://mail.naver.com/readReceipt/notify/?img=4P%2B0M6G0p6mqKoEm%2BB0Oaqm%2FKqgrazMZp6MXFACopzFvKz34Fq0SMqvdMot%2FKAiCtzFXp6UmKxK5W4d5W4pZMLlGWq%2FsWr0qpS99brkZbdIn1BFdbZlTbzk516l4WXF0MrpT%2B6lvMB3GWr%2F5WXiN.gif" border="0"/></td></tr></table>