[Oisf-devel] Avoid drop of truncated TCP packets
עמית קליינמן
a.b.kleinmann at gmail.com
Tue Jun 4 10:23:04 UTC 2013
Hello,
I am reading a PCAP file into Suricata.
The PCAP file contains TCP packets, that were recorded with a limit on
their payload length. So each packet that is longer than X bytes was
truncated.
I am interested in detecting anomalies only in the packet headers (IP, TCP,
HTTP).
The headers are not truncated.
Is there an easy way to tell Suricata not to drop the truncated packets, so
my detect module can analyze them too?
I'll be happy to get your thoughts,
Amit.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20130604/5f553fdf/attachment.html>
More information about the Oisf-devel
mailing list