[Oisf-users] Tagged packets different from original packets
Peter Manev
petermanev at gmail.com
Sat Apr 13 15:16:34 UTC 2019
> On 13 Apr 2019, at 02:29, Luis Escamilla <luis at cyberopsec.com.mx> wrote:
>
> Hi everyone.
>
> I’m trying to assemble a pcap file from the tagged packets resulting from the firing of an alert, the problem is, the packets in the resulting pcap file differ from the original packets, specifically the identification field is sometimes incremented or decremented by one.
>
> Does anyone know what this issue could
Hi,
What is the diff ?
Is it possible to share the two pcaps or share how to reproduce your test case ?
Thank you
> mean?
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190413/031b8444/attachment.html>
More information about the Oisf-users
mailing list