[Oisf-users] Query about suri and ET CURRENT_EVENTS - Applet Tag In Edwards Packed JavaScript - 2015708
Victor Julien
lists at inliniac.net
Tue Oct 21 17:07:04 UTC 2014
On 10/21/2014 05:04 AM, Russell Fulton wrote:
> On 21/10/2014, at 3:52 pm, Cooper F. Nelson <cnelson at ucsd.edu> wrote:
>> > Probably just means the sig is triggering on a later packet.
>> >
>> > I'm pretty sure suri only logs packets that match a signature.
> Hmmm… I am see quite a few cases where suri is logging a stream of packet - always for a http download.
We log out the TCP segments related to this packet as well. This is a
best effort approach though, we quite aggressively prune the segment
lists to preserve memory.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list