[Oisf-users] Pcap-log issue
Murali Kandula
muralispruce at gmail.com
Mon Mar 14 15:39:58 UTC 2016
Hello,
Can any body help me on how to make sure Suricata flush all the packets
immediately including the FIN packets?.
-Murali
On Thu, Mar 10, 2016 at 3:47 PM, Murali Kandula <muralispruce at gmail.com>
wrote:
> Hello,
>
> I enabled the pcap-log option for Suricata. I replayed the traffic related
> to HTTP session and after a minute I opened the pcap file and didn't
> observe the FIN handshake. I am able to observe the FIN handshake after I
> replayed a traffic belong to another HTTP session.
> I tried playing with the flow timeout belong to TCP and it didn't work. Is
> there any config parameter that I can use to log the packets immediately?.
>
> -Murali
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160314/b328e2a8/attachment-0002.html>
More information about the Oisf-users
mailing list