Feature #5247
closedApplayer Detect protocol only one direction : RTSP protocol
Description
I run Suricata on MacOS:
# suricata -i en6 -F filter.bpf -v
filter.bpf limits the traffic to a single IP address:
host 192.168.1.19
fast.log shows an alert:
04/06/2022-11:45:39.142492 [**] [1:2260002:1] SURICATA Applayer Detect protocol only one direction [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.1.19:64527 -> 192.168.1.178:7000
However, the traffic contains both directions. See attached PCAP.
I have reported this issue at forum.suricata.io (https://forum.suricata.io/t/applayer-detect-protocol-only-one-direction/2371/2) and Andrea Herz was able to reproduce it.
Files
Updated by Philippe Antoine over 1 year ago
- Tracker changed from Bug to Feature
- Subject changed from Applayer Detect protocol only one direction to Applayer Detect protocol only one direction : RTSP protocol
- Affected Versions deleted (
6.0.4)
This works as expected.
Suricata recognizes HTTP from the client side, but not from the server side, as it is RTSP and not HTTP
Updated by Philippe Antoine about 2 months ago
- Status changed from New to Rejected
Working as expected, let us know if you have more feedback about it