[Oisf-users] SURICATA VLAN unknown type
PENZ Robert
ROBERT.PENZ at TIROL.GV.AT
Mon Mar 31 12:11:23 UTC 2014
Hi!
Using Suricata 2.0 rc2 (will update today to the final version) I get many following entries, but most packets are parsed correctly:
03/31/2014-13:15:38.049215 [**] [1:2200067:1] SURICATA VLAN unknown type [**] [Classification: (null)] [Priority: 3] [**] [Raw pkt: FF FF FF FF FF FF 38 EA A7 91 D7 11 81 00 09 F8 08 06 00 01 08 00 06 04 00 01 38 EA A7 91 D7 11 ]
03/31/2014-13:15:38.049226 [**] [1:2200067:1] SURICATA VLAN unknown type [**] [Classification: (null)] [Priority: 3] [**] [Raw pkt: FF FF FF FF FF FF 38 EA A7 91 D7 11 81 00 05 48 08 06 00 01 08 00 06 04 00 01 38 EA A7 91 D7 11 ]
03/31/2014-13:15:38.733961 [**] [1:2200067:1] SURICATA VLAN unknown type [**] [Classification: (null)] [Priority: 3] [**] [Raw pkt: 00 04 96 51 97 A1 38 EA A7 91 D7 11 81 00 05 48 08 06 00 01 08 00 06 04 00 01 38 EA A7 91 D7 11 ]
03/31/2014-13:15:40.542186 [**] [1:2200067:1] SURICATA VLAN unknown type [**] [Classification: (null)] [Priority: 3] [**] [Raw pkt: FF FF FF FF FF FF 38 EA A7 31 30 A5 81 00 06 74 08 06 00 01 08 00 06 04 00 01 38 EA A7 31 30 A5 ]
03/31/2014-13:15:40.542252 [**] [1:2200067:1] SURICATA VLAN unknown type [**] [Classification: (null)] [Priority: 3] [**] [Raw pkt: FF FF FF FF FF FF 38 EA A7 31 30 A5 81 00 0C 50 08 06 00 01 08 00 06 04 00 01 38 EA A7 31 30 A5 ]
03/31/2014-13:15:44.444643 [**] [1:2200067:1] SURICATA VLAN unknown type [**] [Classification: (null)] [Priority: 3] [**] [Raw pkt: FF FF FF FF FF FF 38 EA A7 91 D7 11 81 00 0C 50 08 06 00 01 08 00 06 04 00 01 38 EA A7 91 D7 11 ]
03/31/2014-13:15:44.444654 [**] [1:2200067:1] SURICATA VLAN unknown type [**] [Classification: (null)] [Priority: 3] [**] [Raw pkt: FF FF FF FF FF FF 38 EA A7 91 D7 11 81 00 07 A0 08 06 00 01 08 00 06 04 00 01 38 EA A7 91 D7 11 ]
03/31/2014-13:15:44.444665 [**] [1:2200067:1] SURICATA VLAN unknown type [**] [Classification: (null)] [Priority: 3] [**] [Raw pkt: FF FF FF FF FF FF 38 EA A7 91 D7 11 81 00 08 CC 08 06 00 01 08 00 06 04 00 01 38 EA A7 91 D7 11 ]
03/31/2014-13:15:44.444676 [**] [1:2200067:1] SURICATA VLAN unknown type [**] [Classification: (null)] [Priority: 3] [**] [Raw pkt: FF FF FF FF FF FF 38 EA A7 91 D7 11 81 00 09 F8 08 06 00 01 08 00 06 04 00 01 38 EA A7 91 D7 11 ]
03/31/2014-13:15:44.444687 [**] [1:2200067:1] SURICATA VLAN unknown type [**] [Classification: (null)] [Priority: 3] [**] [Raw pkt: FF FF FF FF FF FF 38 EA A7 91 D7 11 81 00 05 48 08 06 00 01 08 00 06 04 00 01 38 EA A7 91 D7 11 ]
03/31/2014-13:15:44.444747 [**] [1:2200067:1] SURICATA VLAN unknown type [**] [Classification: (null)] [Priority: 3] [**] [Raw pkt: FF FF FF FF FF FF 38 EA A7 91 D7 11 81 00 06 74 08 06 00 01 08 00 06 04 00 01 38 EA A7 91 D7 11 ]
But the packets look valid for me. e.g. the last one.
FF FF FF FF FF FF Broadcast
38 EA A7 91 D7 11 Source MAC
81 00 TPID = 0x8100
06 74 VLAN ID = 1652
08 06 EtherType/Size
00 01 08 00 06 04 00 01 38 EA A7 91 D7 11 payload
What do I miss?
Regards,
Robert Penz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20140331/5d76d03e/attachment.html>
More information about the Oisf-users
mailing list