[Oisf-users] Packet not dropped?
James Moe
jimoe at sohnen-moe.com
Sat Dec 1 20:06:50 UTC 2018
On 28/11/2018 12.54 PM, Giuseppe Longo wrote:
>> Chain OUTPUT (policy ACCEPT)
>> target prot opt source destination
>> NFQUEUE all -- anywhere anywhere NFQUEUE
>> num 0 bypass
>
> Ok, looks correct.
> Would you be able to generate a pcap and send it?
>
For the instance:
12/01/2018-12:45:33.386511 [Drop] [**] [1:2260002:1] SURICATA Applayer
Detect protocol only one direction [**] [Classification: Generic
Protocol Command Decode] [Priority: 3] {TCP} 190.64.84.98:47029 ->
192.168.69.246:25
The PCAP filtered for IP.addr = 190.64.84.98:
https://www.dropbox.com/s/6ydhzr6vo5to566/suricata-rule-2260002.pcapng?dl=0
--
James Moe
moe dot james at sohnen-moe dot com
520.743.3936
Think.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20181201/07432b12/attachment.sig>
More information about the Oisf-users
mailing list