Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Best way to analyze blocked packets

    Scheduled Pinned Locked Moved IDS/IPS
    1 Posts 1 Posters 335 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nekopep
      last edited by

      Hello,
      I've setup a suricata IPS currently in alert only mode to train it and disable rules that are not adapted to my network.
      Now I've got fairly cleaned up the rules and now I got interesting rules arising.
      I would like to analyze the packet that are detected as an issue.
      For example I got some "ET POLICY HTTP Request to *.tk domain". Is there a way to log all these offending packet and analyze them with wireshark?
      In the *.tk domain case, can I log all DNS request of firewall unbound DNS resolver and correlate them with my detection? Any idea where I could find these packet logs and activate it? Any idea where DNS can log the DNS requests?

      Thanks for any idea or tutorials links :)

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.