[Oisf-users] The meaning of these alerts

James Moe jimoe at sohnen-moe.com
Wed Apr 22 04:59:36 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

suricata v2.0.7

  I have perused the documentation. It said the logged details should
point me in the right direction for more information. Not with these.

- ----
04/03/2015-10:08:27.470956  [**] [1:2210045:1] SURICATA STREAM Packet
with invalid ack [**] [Classification: (null)] [Priority: 3] {TCP}
192.168.69.115:969 -> 192.168.69.245:2049

04/03/2015-10:08:27.471467  [**] [1:2210044:1] SURICATA STREAM Packet
with invalid timestamp [**] [Classification: (null)] [Priority: 3]
{TCP} 192.168.69.245:2049 -> 192.168.69.115:969
- ----
  These two are a result of some NFS problem.
1. What are the consequences of an "invalid ack"?
2. How do I determine what is wrong with the "timestamp"? Is it the
wrong format? Is it garbage?
  Will I be cranking up Wireshark?

- ----
04/03/2015-10:08:30.343623  [**] [1:2200067:1] SURICATA VLAN unknown
type [**] [Classification: (null)] [Priority: 3] [**] [Raw pkt: FF FF
FF FF FF FF AC 86 74 02 1C 2F 81 00 03 E6 08 06 00 01 08 00 06 04 00
02 43 05 43 05 31 DC ]
- ----
1. What is VLAN?
2. Unknown type of what?

- ----
04/21/2015-19:50:51.185867  [**] [1:2200074:1] SURICATA TCPv4 invalid
checksum [**] [Classification: (null)] [Priority: 3] {TCP}
192.168.69.246:3128 -> 192.168.69.115:55519
- ----
1. What are the consequences of an "invalid checksum"?


- -- 
James Moe
moe dot james at sohnen-moe dot com
520.743.3936
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iEYEARECAAYFAlU3KrgACgkQzTcr8Prq0ZPuFACfbBwl3Flt5ez6h8UXon56k4e2
6nYAn1c73BrlFnrv0PDtVyowlXIuhU68
=hrRE
-----END PGP SIGNATURE-----


More information about the Oisf-users mailing list