Project

General

Profile

Actions

Support #5370

open

The problem of Suricata reading Wireshark's pcap package

Added by kk4l sc 4 months ago. Updated 3 months ago.

Status:
New
Priority:
Normal
Assignee:
Affected Versions:
Label:
Beginner

Description

Hello, I'm learning IDs. I wrote a Suricata rule. I used Wireshark and tcpdump to export two pcap packages and read them with the - R parameter. The result is that only the pcap package of tcpdump can be matched.

https://s1.ax1x.com/2022/05/21/OjmOF1.png


Files

OjmOF1.png (224 KB) OjmOF1.png kk4l sc, 05/21/2022 05:55 AM
Actions #1

Updated by Victor Julien 3 months ago

Are you able to share the pcaps?

Actions

Also available in: Atom PDF