Are there any problems with my suricata.yaml settings?
The version of my Suricata is 6.0.3.
I could read pcap file with the following command and signature alerts drop into eve.json.
suricata -c /etc/suricata/suricata.yaml -r somePcap.pcap
I tried to replay the same pcap with tcpreplay with:
tcpreplay -i eth0 somePcap.pcap
But in this case, there is no alerts in eve.json and all.
I tired to fix the checksum withTcprewrite and replayed the pcap again, but it still didn’t work.