Project

General

Profile

Actions
Copy link

Bug #4220

open

detect: signature not hit with --simulate-ips option

Added by Litmus Shi over 4 years ago. Updated about 20 hours ago.

Status:
Assigned
Priority:
Normal
Assignee:
Victor Julien
Target version:
8.0.0-rc1
Affected Versions:
5.0.3
Effort:
Difficulty:
Label:

Description

Hi,

I have a pcap trace which can hit my signature with the configurations in the attachment in IDS mode.
But the same trace failed to hit the same signature with the same configuration in IPS mode.

Is it by design or a bug?

How to reproduce:
1. uncompress the tar.gz to /home/inline-test, make sure all files are under /home/inline-test
2. cd /home/inline-test
3. ntd-ids -c ./suricata.yaml -r ./1flowB.pcap, and we can see eve logs.
4. ntd-ids -c ./suricata.yaml -r ./1flowB.pcap --simulate-ips, and we can't see any eve logs.

Files

inline-test.tar.gz (581 KB) inline-test.tar.gz Litmus Shi, 12/16/2020 08:55 AM
Actions
Copy link
 #1

Updated by Victor Julien about 4 years ago

  • Status changed from New to Assigned
  • Assignee changed from Community Ticket to Victor Julien
  • Target version set to 7.0.0-beta1
Actions
Copy link
 #2

Updated by Victor Julien over 2 years ago

  • Target version changed from 7.0.0-beta1 to 8.0.0-beta1
Actions
Copy link
 #3

Updated by Victor Julien 3 months ago

  • Target version changed from 8.0.0-beta1 to 8.0.0-rc1
Actions
Copy link
 #4

Updated by Shivani Bhardwaj about 20 hours ago

  • Subject changed from failed to hit a signature with option --simulate-ips to detect: signature not hit with --simulate-ips option
  • Priority changed from High to Normal
Actions
Copy link

Also available in: Atom PDF