[Oisf-devel] Help! How can I get alerts when each pcap replaying
xbadou xbadou
xbadou at gmail.com
Mon Jul 15 12:54:17 UTC 2013
Hi
I am using suricata 1.4.2. Today I do a test, but can't get the result I
want.
I use a computer runing suricata and listen traffic on one interface. On
the same time, I use the other PC replaying a pcap file on the interface
which connected to the first PC. The pcap file contain some tcp packet
which can cause alerts.
When the first time I replay it, the pcap file can cause some alerts, but
when I replay the same pcap for several times I can’t get more alerts.
Until I restart suricata, I can get them.
So, I want to known whether I can change some config or code, then when
each time I replay the pcap file, I can get the corresponding alerts.
I am very anxious <http://dict.cn/feel%20anxious> and hope someone can help
me soon. Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20130715/564e8af5/attachment.html>
More information about the Oisf-devel
mailing list