[Oisf-users] Tagged packets different from original packets
Peter Manev
petermanev at gmail.com
Fri Apr 26 17:00:09 UTC 2019
> On 18 Apr 2019, at 02:26, Luis Escamilla <luis at cyberopsec.com.mx> wrote:
>
> Sure, here is a link to the pcaps: https://wetransfer.com/downloads/7cf3693258b7d2e87287a52d3f40357e20190418002225/e489d55f96f84713faeb23053601592920190418002225/18b29f
>
Hello,
Thank you for sharing - it seems the transfer is not there any more ?
Thank you
> From: Peter Manev <petermanev at gmail.com>
> Date: Saturday, April 13, 2019 at 10:16 AM
> To: Luis Escamilla <luis at cyberopsec.com.mx>
> Cc: "oisf-users at lists.openinfosecfoundation.org" <oisf-users at lists.openinfosecfoundation.org>
> Subject: Re: [Oisf-users] Tagged packets different from original packets
>
>
>
> On 13 Apr 2019, at 02:29, Luis Escamilla <luis at cyberopsec.com.mx> wrote:
>
> Hi everyone.
>
> I’m trying to assemble a pcap file from the tagged packets resulting from the firing of an alert, the problem is, the packets in the resulting pcap file differ from the original packets, specifically the identification field is sometimes incremented or decremented by one.
>
> Does anyone know what this issue could
>
>
> Hi,
>
> What is the diff ?
> Is it possible to share the two pcaps or share how to reproduce your test case ?
>
>
> Thank you
>
>
>
> mean?
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190426/a7041dc7/attachment.html>
More information about the Oisf-users
mailing list