[Oisf-users] Another app layer log
Caesar Samsi
cmsamsi at hotmail.com
Fri Jun 3 17:42:43 UTC 2016
Hi Coop,
I’m not familiar with packet capture on Linux.
How would I go about doing that?
I am running with just one ethernet interface (eth0), does that make a difference?
The intent is for traffic to be filtered by Suricate before getting to the host.
Thanks, Caesar.
> On Jun 3, 2016, at 10:15 AM, Cooper F. Nelson <cnelson at ucsd.edu> wrote:
>
> I've seen issues like this when the capture mechanism is only seeing
> traffic in one direction. Try running a packet capture on the tap.
>
> -Coop
>
> On 6/3/2016 8:58 AM, Caesar Samsi wrote:
>> I also get tons of these and wondering what they are?
>>
>> However, I also have a concern about a specific one:
>>
>> 06/03/2016-08:46:37.801027 [Drop] [**] [1:2260002:1] SURICATA Applayer Detect protocol only one direction [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 209.85.214.69:34046 -> 192.168.1.2:25
>
>
> --
> Cooper Nelson
> Network Security Analyst
> UCSD ITS Security Team
> cnelson at ucsd.edu x41042
>
More information about the Oisf-users
mailing list