Bug #184
closedInconsistent timestamps and logged packets for http based alerts.
Description
src/suricata -r /pcaps/tests/suricata27.pcap -s /testscripts/suricata27.rules -l ./ -c suricata.yaml
The packet that gets logged is this one..
================
TIME: 10/16/09-16:44:16.108951
PCAP PKT NUM: 3
ALERT CNT: 1
ALERT MSG [00]: msg escape tests wxy'"\;:
ALERT GID [00]: 1
ALERT SID [00]: 100
ALERT REV [00]: 0
ALERT CLASS [00]: (null)
ALERT PRIO [00]: 3
SRC IP: 192.168.2.3
DST IP: 208.69.36.231
PROTO: 6
SRC PORT: 37010
DST PORT: 80
TCP SEQ: 1567227342
TCP ACK: 1130989795
FLOW: to_server: TRUE, to_client FALSE
PACKET LEN: 66
PACKET:
0000 00 04 76 D3 D8 6A 00 24 E8 29 FA 4F 08 00 45 00 ..v..j.$ .).O..E.
0010 00 34 A0 C0 40 00 40 06 E2 2B C0 A8 02 03 D0 45 .4...
. ......E
0020 24 E7 90 92 00 50 5D 69 FD CE 43 69 88 E3 80 10 $....P]i ..Ci....
0030 00 2E BA B3 00 00 01 01 08 0A 01 F1 5D 79 A5 71 ........ ....]y.q
0040 46 C0 F.
The packet that should be logged is this one...
+================
TIME: 10/16/09-16:44:16.109042
PCAP PKT NUM: 4
ALERT CNT: 1
ALERT MSG [00]: msg escape tests wxy'"\;:
ALERT GID [00]: 1
ALERT SID [00]: 100
ALERT REV [00]: 0
ALERT CLASS [00]: (null)
ALERT PRIO [00]: 3
SRC IP: 192.168.2.3
DST IP: 208.69.36.231
PROTO: 6
SRC PORT: 37010
DST PORT: 80
TCP SEQ: 1567227342
TCP ACK: 1130989795
FLOW: to_server: TRUE, to_client FALSE
PACKET LEN: 173
PACKET:
0000 00 04 76 D3 D8 6A 00 24 E8 29 FA 4F 08 00 45 00 ..v..j.$ .).O..E.
0010 00 9F A0 C1 40 00 40 06 E1 BF C0 A8 02 03 D0 45 .....
. .......E
0020 24 E7 90 92 00 50 5D 69 FD CE 43 69 88 E3 80 18 $....P]i ..Ci....
0030 00 2E B8 69 00 00 01 01 08 0A 01 F1 5D 79 A5 71 ...i.... ....]y.q
0040 46 C0 47 45 54 20 2F 62 6C 61 68 2F 20 48 54 54 F.GET /b lah/ HTT
0050 50 2F 31 2E 30 0D 0A 55 73 65 72 2D 41 67 65 6E P/1.0..U ser-Agen
0060 74 3A 20 57 67 65 74 2F 31 2E 31 31 2E 34 0D 0A t: Wget/ 1.11.4..
0070 41 63 63 65 70 74 3A 20 2A 2F 2A 0D 0A 48 6F 73 Accept: */*..Hos
0080 74 3A 20 77 77 77 2E 67 6F 6F 67 6C 65 2E 63 6F t: www.g oogle.co
0090 6D 0D 0A 43 6F 6E 6E 65 63 74 69 6F 6E 3A 20 4B m..Conne ction: K
00A0 65 65 70 2D 41 6C 69 76 65 0D 0A 0D 0A eep-Aliv e....
Files
Updated by Victor Julien over 14 years ago
- Assignee changed from OISF Dev to Victor Julien
Updated by Victor Julien over 14 years ago
- Status changed from New to Closed
- % Done changed from 0 to 100
Should be fixed in current master.
Updated by Victor Julien over 14 years ago
- Target version changed from 0.9.3 to 1.0.0