[Oisf-users] Pcap-log issue
Peter Manev
petermanev at gmail.com
Tue Mar 15 15:44:16 UTC 2016
On Mon, Mar 14, 2016 at 8:39 AM, Murali Kandula <muralispruce at gmail.com> wrote:
> Hello,
>
> Can any body help me on how to make sure Suricata flush all the packets
> immediately including the FIN packets?.
Is it just the Fin packets missing every time?
>
> -Murali
>
> On Thu, Mar 10, 2016 at 3:47 PM, Murali Kandula <muralispruce at gmail.com>
> wrote:
>>
>> Hello,
>>
>> I enabled the pcap-log option for Suricata. I replayed the traffic related
>> to HTTP session and after a minute I opened the pcap file and didn't observe
>> the FIN handshake. I am able to observe the FIN handshake after I replayed a
>> traffic belong to another HTTP session.
>> I tried playing with the flow timeout belong to TCP and it didn't work. Is
>> there any config parameter that I can use to log the packets immediately?.
>>
>> -Murali
>
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 9-11 in Washington, DC:
> http://oisfevents.net
--
Regards,
Peter Manev
More information about the Oisf-users
mailing list