[Oisf-users] VXLAN alert detection

Tiago Faria tiago.faria.backups at gmail.com
Mon Nov 25 18:45:38 UTC 2019

Hi list,

This is related to https://redmine.openinfosecfoundation.org/issues/3348,
which still requires a suricata-verify test, but wanted to check if anyone
is running into issues with VXLAN detection/alert.

It seems that detection on streams >=X in size are not working properly. I
still haven't been able to pinpoint exactly when detection fails, but, for

2011507 - ET POLICY PDF With Embedded File

If not encapsulated with VXLAN: Detection OK
Encapsulated with VXLAN: Detection NOK

Looking at the TCP stream in Wireshark shows the same content from both

Something else I can look into to help troubleshoot?

Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20191125/bac86357/attachment.html>

More information about the Oisf-users mailing list