[Oisf-users] SURICATA STREAM excessive retransmissions

[Andreas Herz]

On 16/01/17 at 10:05, Vieri wrote:
> Doesn't "excessive retransmissions" usually mean there's a network
> congestion? This could be my case since I might have some internet
> provider issues.
> 
> Having "excessive retransmissions" on a LAN might be more worrying.

The best way would be to look into your traffic :)

> Wouldn't it be better to have different threshold values for
> tcp.retransmission.count depending on whether traffic flow is to or
> from EXTERNAL_NET?

Might be, but IMHO it depends on the scenario/usecase so I would suggest
to change the rule just to your needs.

-- 
Andreas Herz