[Oisf-devel] Suricata extension for layer 2 attacks

Awais Ali awaisali901 at gmail.com
Fri Mar 6 15:36:59 UTC 2020

Hello all,

I am master student working in intrusion detection domain, now a days I am
working on possible extension of Suricata for layer 2 attacks.

 I want to detect attacks in special layer 2 protocols like Goose, CDP etc.
If I want to detect the attacks in the payload of the Goose protocol then
there is no such solution since Suricata detects payload of layer 3 and
There are many such special protocols in in layer 2 where if you want to
detect regular expressions/content in the payload then there is no such

I want to extend suricata in this domain by writing decoders of that
particular protocol the way we have for other protocols like tcp/udp above
layer 3.
I need to know how i can extend Suricata for layer 2?

I hope you will cooperate in this regard. I am looking forward to hearing
from you.

Awais Ali
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20200306/52f27e70/attachment.html>

More information about the Oisf-devel mailing list