[Oisf-users] Suricata 4.0.0-rc1 ready for testing!
Cooper F. Nelson
cnelson at ucsd.edu
Sun Jul 9 21:19:56 UTC 2017
The truncated size is always less than the stream depth. Increasing the
stream depth results in more data being captured, but it is still
truncated. In some cases small files under the stream depth are being
extracted, hence my theory that the 'bypass bypass' may not be working
correctly in the 4 series.
I should also admit I'm using GRO, which isn't the recommended running
config.
-Coop
On 7/8/2017 10:13 AM, Peter Manev wrote:
>
> What is your bypass set to (if you have it set) as compared to the truncated size?
>
>
>> -Coop
--
Cooper Nelson
Network Security Analyst
UCSD ACT Security Team
cnelson at ucsd.edu x41042
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170709/f9c1c861/attachment-0002.sig>
More information about the Oisf-users
mailing list