This is the detailed content of the PCAP package
this is my rule
Why Suricata unable to detect sA scan
This is the detailed content of the PCAP package
Please provide more details about your Suricata version, config and how you run it.
But I guess it’s related to the fact that the connection is from 192.168.161.129 and 192.168.161.130 so both IPs might be in your HOME_NET
and thus excluded in your EXTERNAL_NET
so that will never match at all.
thanks for your help
I still have a question
I ran Suricata with no rules,but the flow type data in eve.json shows that tcp_flags is 0.Is there any way to display the TCP flag.
Can you provide a pcap with the example traffic?