• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

SURICATA STREAM Packet with invalid timestamp

Scheduled Pinned Locked Moved General pfSense Questions
5 Posts 4 Posters 4.3k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • D
    Draithan
    last edited by Jan 13, 2023, 12:08 AM

    Hey Everyone... Looking for some advice. I have alot of these alerts in the log and would like to resolve rather then hide...

    I am running XCP-NG on a Dell R620, with a pfsense VM. I have made sure all my clocks are in sync, turned off offloading on the VM's.

    I do get the odd "SURICATA STREAM excessive "retransmissions" as well.

    Any help appreciated! :) And yes I am relatively new to PFsense, Suricata etc. Thank you.

    N S 2 Replies Last reply Jan 13, 2023, 2:11 AM Reply Quote 0
    • N
      NollipfSense @Draithan
      last edited by Jan 13, 2023, 2:11 AM

      @draithan It's a false positive and because that, I am no longer bothered by them.

      pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
      pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

      1 Reply Last reply Reply Quote 0
      • B
        bmeeks
        last edited by Jan 13, 2023, 2:56 AM

        All of the Suricata stream events are for information only. They generally do not indicate threat. Many folks do disable lots of those built-in EVENTS-type rules, especially when running in Legacy Blocking Mode as they can result in needless blocks of traffic.

        1 Reply Last reply Reply Quote 1
        • S
          SteveITS Galactic Empire @Draithan
          last edited by Jan 13, 2023, 2:57 AM

          @draithan In our standard Suricata setup we:

          • check "Disable hardware checksum offload" in (System->Advanced->Networking)
          • Suricata: disable ALL stream-events.rules or it will block lots of traffic on false positives

          Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
          When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
          Upvote 👍 helpful posts!

          D 1 Reply Last reply Jan 14, 2023, 2:46 AM Reply Quote 0
          • D
            Draithan @SteveITS
            last edited by Jan 14, 2023, 2:46 AM

            @steveits said in SURICATA STREAM Packet with invalid timestamp:

            @draithan In our standard Suricata setup we:

            • check "Disable hardware checksum offload" in (System->Advanced->Networking)
            • Suricata: disable ALL stream-events.rules or it will block lots of traffic on false positives

            Ok thanks for the confirmation. Appreciate it. Not seeing anyone posting to not disable..

            Appreciate everyones help!

            1 Reply Last reply Reply Quote 0
            5 out of 5
            • First post
              5/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received