Bug #5263: Flow is stuck if there is no traffic - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #5263

open

Flow is stuck if there is no traffic

Added by Brijesh Valera over 1 year ago.

Status:

New

Priority:

Normal

Assignee:

OISF Dev

Target version:

TBD

Affected Versions:

6.0.4

Effort:

Difficulty:

Label:

Description

Replay PCAP I have attached here. It's FTP control and data-channel PCAP.

On replaying PCAP, I see FTP data channel is getting detected but I don't see FLOW event gets generated for FTP data channel.
FTP data-channel flow gets stuck if there is no further traffic is sent to Suricata engine.

On terminating Suricata, I see Flow is getting removed and FlowEvent gets generated.

Files

ftp_case144.pcap (24.4 KB) ftp_case144.pcap

FTP control and data channel flows

Brijesh Valera, 04/11/2022 05:31 PM

No data to display

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #5263

Flow is stuck if there is no traffic