[Oisf-users] Tagged packets different from original packets

Peter Manev petermanev at gmail.com
Sat Apr 13 15:16:34 UTC 2019

> On 13 Apr 2019, at 02:29, Luis Escamilla <luis at cyberopsec.com.mx> wrote:
> Hi everyone.
> I’m trying to assemble a pcap file from the tagged packets resulting from the firing of an alert, the problem is, the packets in the resulting pcap file differ from the original packets, specifically the identification field is sometimes incremented or decremented by one.
> Does anyone know what this issue could


What is the diff ?
Is it possible to share the two pcaps or share how to reproduce your test case ?

Thank you

> mean?
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190413/031b8444/attachment.html>

More information about the Oisf-users mailing list