[Oisf-users] Suricata not detecting app-layers
Joris Roefs l Onsight Solutions BV
joris.roefs at onsight.nl
Tue Dec 23 16:12:19 UTC 2014
> Many more SYN's than SYN/ACK's and by far most flows are timed out when still in state 'new'.
>
> I'm suspecting you may only see on side of the traffic?
That's it!
Downloaded a larger file: tcpdump & wireshark tell me they only see one side of the traffic.
This would explain a lot of other stuff as well...
Thanks a lot, I'll contact the people upstairs to get this fixed.
Regards,
- Joris
More information about the Oisf-users
mailing list