[Oisf-devel] Help! How can I get alerts when each pcap replaying
xbadou xbadou
xbadou at gmail.com
Mon Jul 15 12:59:32 UTC 2013
Hi, I noticed that the following settings in the suricata.yaml
midstream: false # do not allow midstream session pickups
async_oneside: false # do not enable async stream handling
I tried to change all above settings to true. But the problem still exists.
I known each time suricata got the same packets with same flags. But how
can I force suricata to check them each time?
Thanks!
On Mon, Jul 15, 2013 at 8:54 PM, xbadou xbadou <xbadou at gmail.com> wrote:
> Hi
>
>
>
> I am using suricata 1.4.2. Today I do a test, but can't get the result I
> want.
>
>
>
> I use a computer runing suricata and listen traffic on one interface. On
> the same time, I use the other PC replaying a pcap file on the interface
> which connected to the first PC. The pcap file contain some tcp packet
> which can cause alerts.
>
>
>
> When the first time I replay it, the pcap file can cause some alerts, but
> when I replay the same pcap for several times I can’t get more alerts.
> Until I restart suricata, I can get them.
>
>
>
> So, I want to known whether I can change some config or code, then when
> each time I replay the pcap file, I can get the corresponding alerts.
>
>
>
> I am very anxious <http://dict.cn/feel%20anxious> and hope someone can
> help me soon. Thanks!
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20130715/f1fcd0f2/attachment-0002.html>
More information about the Oisf-devel
mailing list