Replies: 1 comment
-
|
Are you able to share the original pcap? |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Version
Other (please provide detail below)
Installation Method
Network installation on Ubuntu
Description
other (please provide detail below)
Installation Type
Import
Location
on-prem with Internet access
Hardware Specs
Meets minimum requirements
CPU
4 (2*2)
RAM
12GB
Storage for /
unsure, I set 200GB for the VM configuration
Storage for /nsm
unsure
Network Traffic Collection
other (please provide detail below)
Network Traffic Speeds
Less than 1Gbps
Status
Yes, all services on all nodes are running OK
Salt Status
No, there are no failures
Logs
No, there are no additional clues
Detail
I am currently facing the issue of an incomplete pcap file import. Using so-import-pcap, I am importing a 274kb file. However if I were to download the imported file from security onion, it is only 247kb. Looking at the respective pcap files, I noticed that for packets greater than the length of 1500, it gets truncated and it says 'packet size limited during capture. How do I import the whole pcap file without it getting truncated?
This screenshot shows the original pcap file.
This screenshot shows the imported pcap file.
Guidelines
Beta Was this translation helpful? Give feedback.
All reactions