I use nmap for sA scanning
The following are the data packets in Wireshark
The following is the content of eve.json
I want to know why the TCP flag in Wireshark is ack,but the TCP flag in Eve.log is “00”
I use nmap for sA scanning
The following are the data packets in Wireshark
Do you have midstream
enabled? Packets with SYN/ACK will not lead to a TcpSession set up otherwise, and this logging depends on that. We should probably just not log the field in this case.