[Oisf-users] Pcap-log issue
Murali Kandula
muralispruce at gmail.com
Thu Mar 10 20:47:21 UTC 2016
Hello,
I enabled the pcap-log option for Suricata. I replayed the traffic related
to HTTP session and after a minute I opened the pcap file and didn't
observe the FIN handshake. I am able to observe the FIN handshake after I
replayed a traffic belong to another HTTP session.
I tried playing with the flow timeout belong to TCP and it didn't work. Is
there any config parameter that I can use to log the packets immediately?.
-Murali
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160310/f53c2754/attachment-0001.html>
More information about the Oisf-users
mailing list