Feature #6916
open
decoding : add support of IEEE 802.2, 802.3 frames
Added by Alexander Dymov 7 months ago.
Updated 7 months ago.
Description
Suricata v7.0.3 does not decode packets IEEE 802.2, 802.3 with SNAP Header. I suggest implementing this feature.
Please attach some pcaps for the header types. Its fine if they are crafted with scapy.
https://www.cloudshark.org/captures/dfa7559c20c7?filter=!(tcp.stream%20eq%201)
This pcap file contains a lot of IEEE 802.3 Ethernet packets (for example all packets of LLC protocol). In particular, packet 4 from top is similar to my packet which Suricata cannot decode.
My packet:
Destination: ff ff ff ff ff ff
Source: fe f5 1c e7 05 05
Length: 81 00
VLAN header: 00 63 00 08
LLC header: 00 00 f5 81
Data: 80 00 06 04
Hope this helps.
Also available in: Atom
PDF