[Oisf-users] Suricata isn't passing all the packets from the pcap

Peter Manev petermanev at gmail.com
Sun Apr 2 15:29:42 UTC 2017

> On 2 Apr 2017, at 17:15, Simon Janeshvili <sikking23 at yahoo.com> wrote:
> Hey all,
> I am running suricata on ubuntu vm, with an simple lua rule.
> But I have noticed that not all the packet in the pcap are getting to my rule, e.g. the pcap has 20 packets and only 7 are getting to my rule.
> I would love to know why it's happening.

We would love too.
For the purpose - could you please share a reproducible case with rule , the Lua script, a pcap. Also what Suricata version are you using and a step by step procedure to reproduce the issue with the expected and actual result to be.

Thank you 

> Thanks.  
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170402/152bd7f5/attachment-0002.html>

More information about the Oisf-users mailing list