[Oisf-users] Suricata isn't passing all the packets from the pcap
Peter Manev
petermanev at gmail.com
Tue Apr 4 11:51:30 UTC 2017
On Tue, Apr 4, 2017 at 1:49 PM, Simon Janeshvili <sikking23 at yahoo.com> wrote:
> My command is: sudo suricata -c /etc/suricata/suricata-debian.yaml -r
> /home/pi/now.pcap
>
> On Tuesday, April 4, 2017, 5:27:32 PM GMT+3, Peter Manev
> <petermanev at gmail.com> wrote:
> On Mon, Apr 3, 2017 at 11:38 AM, Simon Janeshvili <sikking23 at yahoo.com>
> wrote:
>
>> I am using Suricata 3.2.
>>
>> the Lua script:
>> <code>
>> function init (args)
>>
>> local needs = {}
>>
>> needs["packet"] = tostring(true)
>>
>> needs["payload"] = tostring(true)
>>
>> return needs
>>
>> end
>>
>>
>>
>> function match(args)
>>
>> print("********************************")
>>
>> return 1
>>
>> end
>>
>>
>>
>> return 0
>> </code>
>>
>> very simple one, and this is happening in every pcap I'm using, I just
>> count
>> the number of lines and see there is a difference.
>> By the way Suricata still telling at the end the right amount(as it says
>> in
>> wire-shark) but the number of lines are way off.
>
>
>
> How do you start/run that Suricata test?
> How do you do the test sequence ?
Do you use any particular rules?
> Can you share the pcap?
>
>
> Thank you
>
> --
> Regards,
> Peter Manev
>
--
Regards,
Peter Manev
More information about the Oisf-users
mailing list