Feature #5247
closedApplayer Detect protocol only one direction : RTSP protocol
Description
I run Suricata on MacOS:
# suricata -i en6 -F filter.bpf -v
filter.bpf limits the traffic to a single IP address:
host 192.168.1.19
fast.log shows an alert:
04/06/2022-11:45:39.142492 [**] [1:2260002:1] SURICATA Applayer Detect protocol only one direction [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.1.19:64527 -> 192.168.1.178:7000
However, the traffic contains both directions. See attached PCAP.
I have reported this issue at forum.suricata.io (https://forum.suricata.io/t/applayer-detect-protocol-only-one-direction/2371/2) and Andrea Herz was able to reproduce it.
Files
Updated by Philippe Antoine over 1 year ago
- Tracker changed from Bug to Feature
- Subject changed from Applayer Detect protocol only one direction to Applayer Detect protocol only one direction : RTSP protocol
- Affected Versions deleted (
6.0.4)
This works as expected.
Suricata recognizes HTTP from the client side, but not from the server side, as it is RTSP and not HTTP
Updated by Philippe Antoine 24 days ago
- Status changed from New to Rejected
Working as expected, let us know if you have more feedback about it