Feature #2771
closed
Added by Wesley van der Ree almost 6 years ago.
Updated over 3 years ago.
Description
I was looking at the code for decode-vlan.c and noticed that it wasn't capable of handling MPLS over vlan. We have seen this type of traffic by one of our customers an wish to monitor this.
Files
- Status changed from New to Closed
It works with current version.
I get
jq '.' log/eve.json
{
"timestamp": "2019-01-14T14:08:24.156358+0100",
"flow_id": 1633369784345286,
"event_type": "flow",
"vlan": [
42
],
"src_ip": "1.1.1.1",
"dest_ip": "0.0.0.0",
"proto": "ICMP",
"icmp_type": 8,
"icmp_code": 0,
A S-V test can be created out of this if needed
Also available in: Atom
PDF