[Oisf-users] Tagged packets different from original packets
Luis Escamilla
luis at cyberopsec.com.mx
Thu Apr 18 00:26:09 UTC 2019
Sure, here is a link to the pcaps: https://wetransfer.com/downloads/7cf3693258b7d2e87287a52d3f40357e20190418002225/e489d55f96f84713faeb23053601592920190418002225/18b29f
From: Peter Manev <petermanev at gmail.com>
Date: Saturday, April 13, 2019 at 10:16 AM
To: Luis Escamilla <luis at cyberopsec.com.mx>
Cc: "oisf-users at lists.openinfosecfoundation.org" <oisf-users at lists.openinfosecfoundation.org>
Subject: Re: [Oisf-users] Tagged packets different from original packets
On 13 Apr 2019, at 02:29, Luis Escamilla <luis at cyberopsec.com.mx<mailto:luis at cyberopsec.com.mx>> wrote:
Hi everyone.
I’m trying to assemble a pcap file from the tagged packets resulting from the firing of an alert, the problem is, the packets in the resulting pcap file differ from the original packets, specifically the identification field is sometimes incremented or decremented by one.
Does anyone know what this issue could
Hi,
What is the diff ?
Is it possible to share the two pcaps or share how to reproduce your test case ?
Thank you
mean?
_______________________________________________
Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org<mailto:oisf-users at openinfosecfoundation.org>
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
Conference: https://suricon.net
Trainings: https://suricata-ids.org/training/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190418/253c2bbb/attachment.html>
More information about the Oisf-users
mailing list