Actions
Feature #1342
closed
JM
VJ
Support Cisco erspan traffic
Feature #1342:
Support Cisco erspan traffic
Effort:
Difficulty:
Label:
Description
Please add support for decoding Cisco erspan traffic, common on some Cisco 5k and 7k devices which do not support rspan or other common forms of port mirroring.
I have provided Victor sample data to provide insight into the unique headers Cisco uses.
Additionally, I have conducted testing with the latest version of snort and have confirmed erspan is working, in addition to the note on their blog: http://blog.snort.org/2013/07/snort-295-is-now-available.html.
I am available to provide testing if needed.
Actions