[Oisf-users] Pcap-log issue
Murali Kandula
muralispruce at gmail.com
Tue Mar 15 15:57:56 UTC 2016
I tested this only few times(tcpreplayed http traffic) and during all this
times, observed that Suricata is holding to those FIN packets. It will
flush those packets only when I send more traffic(http traffic).
-Murali
On Tue, Mar 15, 2016 at 11:44 AM, Peter Manev <petermanev at gmail.com> wrote:
> On Mon, Mar 14, 2016 at 8:39 AM, Murali Kandula <muralispruce at gmail.com>
> wrote:
> > Hello,
> >
> > Can any body help me on how to make sure Suricata flush all the packets
> > immediately including the FIN packets?.
>
> Is it just the Fin packets missing every time?
>
> >
> > -Murali
> >
> > On Thu, Mar 10, 2016 at 3:47 PM, Murali Kandula <muralispruce at gmail.com>
> > wrote:
> >>
> >> Hello,
> >>
> >> I enabled the pcap-log option for Suricata. I replayed the traffic
> related
> >> to HTTP session and after a minute I opened the pcap file and didn't
> observe
> >> the FIN handshake. I am able to observe the FIN handshake after I
> replayed a
> >> traffic belong to another HTTP session.
> >> I tried playing with the flow timeout belong to TCP and it didn't work.
> Is
> >> there any config parameter that I can use to log the packets
> immediately?.
> >>
> >> -Murali
> >
> >
> >
> > _______________________________________________
> > Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> > Site: http://suricata-ids.org | Support:
> http://suricata-ids.org/support/
> > List:
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> > Suricata User Conference November 9-11 in Washington, DC:
> > http://oisfevents.net
>
>
>
> --
> Regards,
> Peter Manev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160315/39af7852/attachment-0002.html>
More information about the Oisf-users
mailing list