[Oisf-users] Query about suri and ET CURRENT_EVENTS - Applet Tag In Edwards Packed JavaScript - 2015708

Russell Fulton r.fulton at auckland.ac.nz
Tue Oct 21 03:04:20 UTC 2014


On 21/10/2014, at 3:52 pm, Cooper F. Nelson <cnelson at ucsd.edu> wrote:

> Signed PGP part
> Probably just means the sig is triggering on a later packet.
> 
> I'm pretty sure suri only logs packets that match a signature. 

Hmmm… I am see quite a few cases where suri is logging a stream of packet  - always for a http download.

>  This is
> why its recommended to use an indexed full-packet capture system along
> with an IDS.

Agreed.  I wish I had the resources to run moloch, at the moment I am making do with streamdb.

Russell


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20141021/869115e4/attachment.sig>


More information about the Oisf-users mailing list