Bug #7855
closed
anomaly/ether_type: always logged as big endian
Added by Andy Awad 4 months ago.
Updated about 1 month ago.
Description
I believe the eth_type is logged as little-endian while the value is big-endian.
Maybe it can be handled in line 764 in output-json.c with the SCNtohs func call.
Also, it may make more sense to log the ether type in HEX instead of decimal.
Thanks,
Andy
- Label Needs backport to 8.0 added
- Status changed from New to In Review
- Assignee changed from OISF Dev to Jeff Lucovsky
- Status changed from In Review to Closed
- Subject changed from Ether_type is printed as decimal instead of HEX and it should be handled as BigEndian to eve: ether_type is printed as decimal instead of HEX and it should be handled as BigEndian
- Status changed from Closed to Resolved
- Target version changed from TBD to 9.0.0-beta1
- Label deleted (
Needs backport to 8.0)
- Status changed from Resolved to Closed
- Subject changed from eve: ether_type is printed as decimal instead of HEX and it should be handled as BigEndian to anomaly/ether_type: always logged as big endian
Also available in: Atom
PDF