Support #3163: The modbus engine doesn't detect the modbus response data - Suricata - Open Information Security Foundation

Actions

Support #3163

closed

The modbus engine doesn't detect the modbus response data

Added by John Smith about 5 years ago. Updated over 4 years ago.

Status:

Closed

Priority:

Normal

Assignee:

-

Affected Versions:

Label:

Description

The suricata version is 4.1.4.
And I still send the modbus request data and response data.
But only see the modbus-detect-engine detects the request data.
So I want to know the 4.1.4 doesn't detect the response data or I run in a wrong way?
Thank you!

Actions

#1

Updated by John Smith about 5 years ago

oh,I know why?Because these is no register to the modbus response data in detect-modbus.c

Actions

#2

Updated by Victor Julien about 5 years ago

Assignee deleted (~~Victor Julien~~)

Actions

#3

Updated by Andreas Herz about 5 years ago

Assignee set to OISF Dev
Affected Versions 4.1.4 added

Actions

#4

Updated by Victor Julien about 5 years ago

Can you provide a test case (pcap)?

Actions

#5

Updated by Andreas Herz about 5 years ago

Target version set to Support

Actions

#6

Updated by Victor Julien over 4 years ago

Status changed from New to Closed
Assignee deleted (~~OISF Dev~~)

Actions

Also available in: Atom PDF