Project

General

Profile

Actions
Copy link

Bug #179

closed

no alert with decode-event:ipv4.* suricata today git

Added by rmkml rmkml almost 14 years ago. Updated almost 14 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Victor Julien
Target version:
1.0.0
Affected Versions:
Effort:
Difficulty:
Label:

Description

Hi,
On suricata today git (d6709b0961ee972c0402edf0f080ebed590d9581), I don't have alert with joigned pcap file.
I have added theses sig but no alert:
alert ip any any -> any any (msg:"1"; decode-event:ipv4.pkt_too_small; sid:1; rev:1;)
alert ip any any -> any any (msg:"2"; decode-event:ipv4.hlen_too_small; sid:2; rev:1;)
alert ip any any -> any any (msg:"3"; decode-event:ipv4.iplen_smaller_than_hlen; sid:3; rev:1;)
alert ip any any -> any any (msg:"4"; decode-event:ipv4.trunc_pkt; sid:4; rev:1;)
alert ip any any -> any any (msg:"5"; decode-event:ipv4.opt_invalid; sid:5; rev:1;)
alert ip any any -> any any (msg:"6"; decode-event:ipv4.opt_invalid_len; sid:6; rev:1;)
alert ip any any -> any any (msg:"7"; decode-event:ipv4.opt_malformed; sid:7; rev:1;)
alert ip any any -> any any (msg:"8"; decode-event:ipv4.opt_pad_required; sid:8; rev:1;)
alert ip any any -> any any (msg:"9"; decode-event:ipv4.opt_eol_required; sid:9; rev:1;)
alert ip any any -> any any (msg:"10"; decode-event:ipv4.opt_duplicate; sid:10; rev:1;)
alert ip any any -> any any (msg:"11"; decode-event:ipv4.opt_unknown; sid:11; rev:1;)
alert ip any any -> any any (msg:"12"; decode-event:ipv4.wrong_ip_version; sid:12; rev:1;)
...
Regards
Rmkml

Files

suricatawrongiplen.pcap (100 Bytes) suricatawrongiplen.pcap rmkml rmkml, 06/16/2010 03:18 PM
Actions
Copy link

Also available in: Atom PDF