[Oisf-users] Oisf-users Digest, Vol 24, Issue 12
Wenji Wu
wuwenji18 at gmail.com
Sat Nov 12 12:31:24 EST 2011
Peter,
Here is the data link:
www.itoc.usma.edu/research/dataset/data/2009-04-20-09-05-46.dmp
best,
wenji
On Sat, Nov 12, 2011 at 1:38 AM, Peter Manev <petermanev at gmail.com> wrote:
>
>
> On Fri, Nov 11, 2011 at 11:59 PM, Wenji Wu <wuwenji18 at gmail.com> wrote:
>
>> I download the pcap data set from:
>> http://www.itoc.usma.edu/research/dataset/, install the emerging rules,
>> and run suricata,
>>
>> I got the following errors:
>>
>> [9511] 11/11/2011 -- 16:54:42 - (app-layer-htp.c:391) <Error>
>> (HTPHandleRequestData) -- [ERRCODE: SC_ERR_ALPARSER(59)] - Error in parsing
>> HTTP client request: [1] [htp_request_generic.c] [154] Request field
>> invalid: colon missing
>> [9511] 11/11/2011 -- 16:54:42 - (app-layer-parser.c:969) <Error>
>> (AppLayerParse) -- [ERRCODE: SC_ERR_ALPARSER(59)] - Error occured in
>> parsing "http" app layer protocol, using network protocol 6, source IP
>> address 10.2.190.254, destination IP address 10.1.60.187, src port 44737
>> and dst port 80
>> [9511] 11/11/2011 -- 16:54:42 - (app-layer-htp.c:391) <Error>
>> (HTPHandleRequestData) -- [ERRCODE: SC_ERR_ALPARSER(59)] - Error in parsing
>> HTTP client request: [1] [htp_request_generic.c] [154] Request field
>> invalid: colon missing
>> [9511] 11/11/2011 -- 16:54:42 - (app-layer-parser.c:969) <Error>
>> (AppLayerParse) -- [ERRCODE: SC_ERR_ALPARSER(59)] - Error occured in
>> parsing "http" app layer protocol, using network protocol 6, source IP
>> address 10.2.190.254, destination IP address 10.1.60.187, src port 47764
>> and dst port 80
>>
>>
>> wenji
>>
>> _______________________________________________
>> Oisf-users mailing list
>> Oisf-users at openinfosecfoundation.org
>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>
>>
> Hi Wenji,
>
> The "parsing "http" app layer protocol" - err we have seen before, there
> is a number of reasons for this to occur, it could be "tagged"/VLAN traffic
> that the interface that Suricata listens to is not part of , it could be
> that it can not find the appropriate responses from given ips and others...
> I think this is more of an "informational" warning than an err.
>
> The "Request field invalid: colon missing" err - i see for the first time.
>
> It would be useful if you can share a small pcap (not the 12 Gig from the
> exercise :) ) that by running it we could reproduce the err.
>
> Lets not forget that this is traffic full of "sadness" on purpose...
>
> Thanks
>
>
>
> --
> Peter Manev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20111112/0378956d/attachment.html
More information about the Oisf-users
mailing list