Project

General

Profile

Actions

Feature #6916

open

decoding : add support of IEEE 802.2, 802.3 frames

Added by Alexander Dymov 7 months ago. Updated 7 months ago.

Status:
New
Priority:
Normal
Assignee:
Target version:
Effort:
Difficulty:
Label:

Description

Suricata v7.0.3 does not decode packets IEEE 802.2, 802.3 with SNAP Header. I suggest implementing this feature.

Actions #1

Updated by Victor Julien 7 months ago

Please attach some pcaps for the header types. Its fine if they are crafted with scapy.

Actions #2

Updated by Alexander Dymov 7 months ago

https://www.cloudshark.org/captures/dfa7559c20c7?filter=!(tcp.stream%20eq%201)

This pcap file contains a lot of IEEE 802.3 Ethernet packets (for example all packets of LLC protocol). In particular, packet 4 from top is similar to my packet which Suricata cannot decode.

My packet:
Destination: ff ff ff ff ff ff
Source: fe f5 1c e7 05 05
Length: 81 00
VLAN header: 00 63 00 08
LLC header: 00 00 f5 81
Data: 80 00 06 04

Hope this helps.

Actions

Also available in: Atom PDF