Bug #1043: Different results for the same input pcap file in autofp mode - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #1043

closed

Different results for the same input pcap file in autofp mode

Added by Amin Latifi over 10 years ago. Updated over 7 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Target version:

Affected Versions:

Effort:

Difficulty:

Label:

Description

I run suricata-1.4.6 with the same pcap file for two times and the outputs are not equal. Actually, I compare fast.log outputs and while the number of lines are equal, some lines which are in first fast.log output don't appear in the second one and vice versa. Specifically, the run mode was autofp; and I removed time stamps from all output lines, sort them and compared them. Surprisingly, there are some IP's in each output which don't appear in other one.
The pcapfile with which I tested suricata is ctf08_1228495450_eth1 of https://ictf.cs.ucsb.edu/data/ictf2008/ctf08_traffic.tgz

I attached two fast.log output files.

Files

fast.log.zip (210 KB) fast.log.zip

Amin Latifi, 11/23/2013 12:47 AM

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #1043

Different results for the same input pcap file in autofp mode

Updated by Peter Manev over 10 years ago

Updated by Amin Latifi over 10 years ago

Updated by Victor Julien over 10 years ago

Updated by Andreas Herz over 7 years ago