[Oisf-users] Suricata parsers
Peter Manev
petermanev at gmail.com
Tue Nov 8 13:03:04 UTC 2011
I presume this is all "tagged" traffic ?
On Tue, Nov 8, 2011 at 4:57 AM, Peter Bates <peter.bates at ucl.ac.uk> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Hello all
>
> On 07/11/2011 17:59, Peter Manev wrote:
> > Hi, This could very well be the reason. Are there any VLANs
> > involved where the interface where Suricata listens to is not part
> > of those VLANs/VLAN ?
>
> Suricata is on a port carrying an RSPAN of traffic from elsewhere in
> the network.
>
> - From stats.log:
>
> decoder.vlan | Decode & Stream | 0
>
> which I presume means that Suricata itself isn't actually decoding
> VLAN packets in the stream.
>
> - --
> Peter Bates
> Senior Computer Security Officer Phone: +44(0)2076792049
> Information Services Division Internal Ext: 32049
> University College London
> London WC1E 6BT
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.17 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iQEcBAEBAgAGBQJOuSdQAAoJELhVoVpEMS6R/JkIAJHu9i8vEgLt3GULWCVvyoPb
> XBqK5gqvZ/2oiWULxU5oCEk98yrGUSFpwJGXiYxAtSz8G1Im4nXhJnkzrK+eCsrb
> OZPFmL1jvpvOm9MtNKRE/j9mS4Lj+/D7pT4nKT4fxo/yx77GlFICw10EynmtFF4g
> FwWXZhTOLh/1P+PNbuQiySjTtDMqCHZQk8P+sfLDAB/V5WveUgjxENF3U307MVxg
> 1dK6X0uGfbXRD/+eaysW9wpnnFfJ87y6Nk5vDsldmt4G1dTfQ4fVIpO+gS/w7mWO
> C0GfOG5AScRhDVgYSp9hxOVS5CQ8nB6m4R6SNIHfe1ymuDcYqcp9zzcLcN8w5vQ=
> =60Gq
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
--
Peter Manev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20111108/76b941fa/attachment-0002.html>
More information about the Oisf-users
mailing list