[Oisf-users] Packet capture dump in unified2 logs.

Peter Manev petermanev at gmail.com
Wed Feb 15 11:52:44 UTC 2012

Just from observation -
"PACKET LEN:        68" in debug alert
but in Snorby it says "40" - so it does seem there is a bit of discrepancy
If you use pcap.log(ing) in yaml , does this packet indeed have 68 or 40
length ?

Peter Manev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20120215/f70ac047/attachment-0002.html>

More information about the Oisf-users mailing list