pfsense:suricata:alerts:suricata_stream_packet_with_invalid_timestamp
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
| pfsense:suricata:alerts:suricata_stream_packet_with_invalid_timestamp [2021/01/14 17:17] – created peter | pfsense:suricata:alerts:suricata_stream_packet_with_invalid_timestamp [2021/01/14 17:18] (current) – peter | ||
|---|---|---|---|
| Line 2: | Line 2: | ||
| Disable Hardware Checksum Offloading under **System -> Advanced -> Networking**. | Disable Hardware Checksum Offloading under **System -> Advanced -> Networking**. | ||
| + | |||
| + | ---- | ||
| + | |||
| + | ===== Suppress ===== | ||
| + | |||
| + | < | ||
| + | #SURICATA STREAM Packet with invalid timestamp | ||
| + | suppress gen_id 1, sig_id 2210044 | ||
| + | </ | ||
| + | |||
| + | ---- | ||
| + | |||
| + | <WRAP info> | ||
| + | **NOTE: | ||
| + | |||
| + | If that does not do it, you can simply disable this particular rule by either clicking the red X icon on the **Alerts** tab in the GID/SID column, or you can find and selectively disable that rule on the **Rules** tab for the interface. | ||
| + | |||
| + | See this thread from the official Suricata documentation Wiki for details: | ||
| + | |||
| + | * http:// | ||
| + | |||
| + | Suricata uses PCAP for packet capture during Legacy Blocking Mode operation, and Netmap for Inline IPS Mode operation. | ||
| + | |||
| + | In both cases, hardware checksum offloading needs to be disabled. | ||
| + | </ | ||
| + | |||
pfsense/suricata/alerts/suricata_stream_packet_with_invalid_timestamp.1610644624.txt.gz · Last modified: 2021/01/14 17:17 by peter