https://redmine.openinfosecfoundation.org/https://redmine.openinfosecfoundation.org/favicon.ico?17011170022019-03-29T08:50:08ZOpen Information Security FoundationSuricata - Bug #2907: Sometimes TLS Logs are missing https://redmine.openinfosecfoundation.org/issues/2907?journal_id=116822019-03-29T08:50:08ZMats Klepslandmats.klepsland@gmail.com
<ul><li><strong>Assignee</strong> set to <i>Mats Klepsland</i></li></ul><p>I took a look at the pcap's and it seems that most of them have packets with invalid checksums. They might have been captured with checksum offloading turned on, or something else that messes up the checksums. This is quite a common problem when processing pcap files with Suricata.</p>
<p>Because of this, I usually use '-k none' when reading pcap files, especially when reading pcap files captured by other people. This makes Suricata disable the checksum checking.</p>
<p>Let me know if this solves your problem :)</p> Suricata - Bug #2907: Sometimes TLS Logs are missing https://redmine.openinfosecfoundation.org/issues/2907?journal_id=116832019-03-29T13:13:21ZDarren pierre
<ul></ul><p>yes it did solve the promblem</p> Suricata - Bug #2907: Sometimes TLS Logs are missing https://redmine.openinfosecfoundation.org/issues/2907?journal_id=116842019-03-29T13:18:35ZMats Klepslandmats.klepsland@gmail.com
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Resolved</i></li></ul><p>I'm glad to hear that. Thanks for letting me know that it solved your problem :)</p> Suricata - Bug #2907: Sometimes TLS Logs are missing https://redmine.openinfosecfoundation.org/issues/2907?journal_id=116852019-03-29T13:18:59ZMats Klepslandmats.klepsland@gmail.com
<ul><li><strong>Status</strong> changed from <i>Resolved</i> to <i>Closed</i></li></ul>