[Oisf-users] Another app layer log

Caesar Samsi cmsamsi at hotmail.com
Fri Jun 3 17:42:43 UTC 2016

Hi Coop,

I’m not familiar with packet capture on Linux. 

How would I go about doing that?

I am running with just one ethernet interface (eth0), does that make a difference?

The intent is for traffic to be filtered by Suricate before getting to the host.

Thanks, Caesar.

> On Jun 3, 2016, at 10:15 AM, Cooper F. Nelson <cnelson at ucsd.edu> wrote:
> I've seen issues like this when the capture mechanism is only seeing
> traffic in one direction.  Try running a packet capture on the tap.
> -Coop
> On 6/3/2016 8:58 AM, Caesar Samsi wrote:
>> I also get tons of these and wondering what they are?
>> However, I also have a concern about a specific one:
>> 06/03/2016-08:46:37.801027  [Drop] [**] [1:2260002:1] SURICATA Applayer Detect protocol only one direction [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} ->
> -- 
> Cooper Nelson
> Network Security Analyst
> UCSD ITS Security Team
> cnelson at ucsd.edu x41042

More information about the Oisf-users mailing list