Feature #6916: decoding : add support of IEEE 802.2, 802.3 frames - Suricata - Open Information Security Foundation

Actions

Feature #6916

open

decoding : add support of IEEE 802.2, 802.3 frames

Added by Alexander Dymov 10 months ago. Updated 10 months ago.

Status:

New

Priority:

Normal

Assignee:

Target version:

Effort:

Difficulty:

Label:

Description

Suricata v7.0.3 does not decode packets IEEE 802.2, 802.3 with SNAP Header. I suggest implementing this feature.

Actions

#1

Updated by Victor Julien 10 months ago

Please attach some pcaps for the header types. Its fine if they are crafted with scapy.

Actions

#2

Updated by Alexander Dymov 10 months ago

https://www.cloudshark.org/captures/dfa7559c20c7?filter=!(tcp.stream%20eq%201)

This pcap file contains a lot of IEEE 802.3 Ethernet packets (for example all packets of LLC protocol). In particular, packet 4 from top is similar to my packet which Suricata cannot decode.

My packet:
Destination: ff ff ff ff ff ff
Source: fe f5 1c e7 05 05
Length: 81 00
VLAN header: 00 63 00 08
LLC header: 00 00 f5 81
Data: 80 00 06 04

Hope this helps.

Actions

Also available in: Atom PDF