[Oisf-users] Another app layer log
Cooper F. Nelson
cnelson at ucsd.edu
Fri Jun 3 17:46:22 UTC 2016
Just run something like wireshark on that interface and verify that you
are seeing traffic in both directions.
But since you are running suricata on your management interface (vs. a
tap), I don't see how you could only be seeing traffic in one direction.
-Coop
On 6/3/2016 10:42 AM, Caesar Samsi wrote:
> Hi Coop,
>
> I’m not familiar with packet capture on Linux.
>
> How would I go about doing that?
>
> I am running with just one ethernet interface (eth0), does that make a difference?
>
> The intent is for traffic to be filtered by Suricate before getting to the host.
>
> Thanks, Caesar.
>
>> On Jun 3, 2016, at 10:15 AM, Cooper F. Nelson <cnelson at ucsd.edu> wrote:
>>
>> I've seen issues like this when the capture mechanism is only seeing
>> traffic in one direction. Try running a packet capture on the tap.
>>
>> -Coop
>>
>> On 6/3/2016 8:58 AM, Caesar Samsi wrote:
>>> I also get tons of these and wondering what they are?
>>>
>>> However, I also have a concern about a specific one:
>>>
>>> 06/03/2016-08:46:37.801027 [Drop] [**] [1:2260002:1] SURICATA Applayer Detect protocol only one direction [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 209.85.214.69:34046 -> 192.168.1.2:25
>>
>>
>> --
>> Cooper Nelson
>> Network Security Analyst
>> UCSD ITS Security Team
>> cnelson at ucsd.edu x41042
>>
>
--
Cooper Nelson
Network Security Analyst
UCSD ITS Security Team
cnelson at ucsd.edu x41042
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160603/44131a2f/attachment-0002.sig>
More information about the Oisf-users
mailing list