[Discussion] Suricata rule not giving alerts

• Previous message (by thread): [Discussion] Suricata rule not giving alerts
• Next message (by thread): [Discussion] Suricata rule not giving alerts
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

A copy of the pcap would be helpful if you are able to share it.  Most of
the time when I see weirdness like this it is due to hardware offload
setting being enabled on the nic you are performing inspection/capture on.
 Perhaps have a look at the following and try again.

http://blog.securityonion.net/2011/10/when-is-full-packet-capture-not-full.html

Regards,

Will
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/discussion/attachments/20140713/03b6f823/attachment-0002.html>

• Previous message (by thread): [Discussion] Suricata rule not giving alerts
• Next message (by thread): [Discussion] Suricata rule not giving alerts
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]