# ET SCAN Potential SSH Scan
# we have public IP here so those attacks are normal
1:2001219

# SURICATA STREAM 3way handshake SYN resend different seq on SYN recv
# seen on ssh-tunnel
1:2210008

# SURICATA STREAM ESTABLISHED packet out of window
# seen on ke-wireguard
1:2210020

# SURICATA STREAM ESTABLISHED SYNACK resend
# seen on ssh-tunnel
1:2210022

# SURICATA STREAM ESTABLISHED SYNACK resend with different ACK
1:2210023

# SURICATA STREAM ESTABLISHED SYN resend with different seq
1:2210027

# SURICATA STREAM ESTABLISHED invalid ack
# loads of those at day time
1:2210029

# SURICATA STREAM TIMEWAIT ACK with wrong seq
# we do not necessarily need that much detail unless we check layer1
1:2210042

# SURICATA STREAM Packet with invalid timestamp
# maybe hardware checksum offload
1:2210044

# SURICATA STREAM Packet with invalid ack
# loads of those at day time
1:2210045

# SURICATA STREAM excessive retransmissions
# seems to happen even when it's caused by known peers
1:2210054

# SURICATA STREAM bad window update
# seen on ke-wireguard
1:2210056

# ET INFO User-Agent (python-requests) Inbound to Webserver
# OK - Timur Gizatullin against http://10.100.0.13:8080/predictions/query_encoder_v3
1:2017515

# SURICATA Applayer Wrong direction first Data
#1:2260001

# SURICATA IPv4 truncated packet
# long story short, RTFM: https://docs.suricata.io/en/latest/performance/tuning-considerations.html#af-packet
# and attempt to keep trace of invalid captures by means of stats instead
1:2200003

# hotfix
# SURICATA Applayer Mismatch protocol both directions
# SURICATA HTTP Request abnormal Content-Encoding header
1:2260000
1:2221033

# TLS connection to (sni) .ru extension observed
1:3301054