[prev in list] [next in list] [prev in thread] [next in thread] 

List:       security-onion
Subject:    Re: [security-onion] Re: Syslog-ng service not working
From:       harishstark () gmail ! com
Date:       2017-08-28 14:10:48
Message-ID: 2a28e865-6c68-44db-9ad5-938348ad35cd () googlegroups ! com
[Download RAW message or body]


Hello Wes,

Though I tried regsitering API key I did not see valid API check on the sostat \
output. However I see connection established between the SO sensor & QRadar but when \
I run tcpdump I see below packet. Can you please help me if you understand this one.

root@<sensor>:/etc/nsm/sensor-eth4# tcpdump -vvn dst <QRadar IP>
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
13:58:15.146519 IP (tos 0x0, ttl 64, id 3653, offset 0, flags [DF], proto TCP (6), \
length 52)  <Sensor IP>.35770 > <QRadar IP>.514: Flags [.], cksum 0xe553 (incorrect \
-> 0xa94c), seq 3798946483, ack 1280434003, win 1024, options [nop,nop,TS val \
134073678 ecr 1188288927], length 0

Not sure why it shows incorrect in the packet checksum. No clue about it.

Regards,
Harish

-- 
Follow Security Onion on Twitter!
https://twitter.com/securityonion
--- 
You received this message because you are subscribed to the Google Groups \
"security-onion" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to security-onion+unsubscribe@googlegroups.com. To post to this \
group, send email to security-onion@googlegroups.com. Visit this group at \
https://groups.google.com/group/security-onion. For more options, visit \
https://groups.google.com/d/optout.



[prev in list] [next in list] [prev in thread] [next in thread]