Support #3131: Protocol identifiers - Suricata - Open Information Security Foundation

Actions

Copy link

Support #3131

closed

Protocol identifiers

Added by Max Mustermann almost 6 years ago. Updated almost 5 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Community Ticket

Affected Versions:

Label:

Description

I see some activitiy on my network that is no IP data. At least the IP protocol identifier is not issuing for alerts. In the stats logs I can see that the decoder.invalid entry is filling. So my question is: Can I use another protocol identfifier that enables layer2 alerts? The identifiers I know of are those I got from the User Guide (https://suricata.readthedocs.io/en/suricata-4.1.4/rules/intro.html#protocol) and they are not working for this very issue.

Glad to get some hints :)

Thanks!

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Support #3131

Protocol identifiers

Updated by Andreas Herz almost 6 years ago

Updated by Max Mustermann almost 6 years ago

Updated by Max Mustermann almost 6 years ago

Updated by Andreas Herz almost 6 years ago

Updated by Max Mustermann almost 6 years ago

Updated by Andreas Herz almost 6 years ago

Updated by Max Mustermann almost 6 years ago

Updated by Andreas Herz almost 6 years ago

Updated by Victor Julien almost 6 years ago

Updated by Andreas Herz almost 5 years ago