[Oisf-users] Question about src_port and dest_port in eve log
"강지환"
kangjh0101 at pizzlysoft.com
Mon Sep 9 01:00:11 UTC 2019
Hi, Herz. Thank you for the reply. As shown in the picture blow, there are ports. Where did you find the ports are missing? Thank you very muchChi Kang-----------------------원본 메세지-----------------------보낸사람: "Andreas Herz "<aherz at oisf.net>받는사람: oisf-users at lists.openinfosecfoundation.org보낸시간: 2019-09-07 04:51:46 GMT +0900 (ROK)제목: Re: [Oisf-users] Question about src_port and dest_port in eve log
On 06/09/19 at 15:15, "강지환" wrote:
> I have faced a very strange thing which is that both src_port and dest_port are 0.
Well if you look into the pcap in wireshark you see that the port
information is missing. The IP part says Proto UDP but the UDP ports are
not included.
--
Andreas Herz
_______________________________________________
Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
Site:
http://suricata-ids.org | Support:
http://suricata-ids.org/support/
List:
https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
Conference:
https://suricon.net
Trainings:
https://suricata-ids.org/training/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190909/48ab61ea/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 20190909_095637320_43009.jpeg
Type: application/octet-stream
Size: 1545420 bytes
Desc: not available
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190909/48ab61ea/attachment-0001.obj>
More information about the Oisf-users
mailing list