Hello guys,
I am trying to decode packets IEEE 802.2, 802.3 with SNAP Header. And suricata does not decode these packets.
I didn’t find parsing of LLC or SNAP headers in the suricata source code.
As far as I understand, suricata parses only the Ethernet II format, and knows nothing about IEEE 802.2, 802.3.
The question is: I’m right? and if so, will it be done?
Thank you for any hint/help 
You are correct. Can you open a feature ticket? Ideally attach some pcap(s) to it.
Hi, Victor!
Thank you for you answer.
I created feature #6916 (Feature #6916: decoding : add support of IEEE 802.2, 802.3 frames - Suricata - Open Information Security Foundation)
Unfortunately, I can’t provide the pcap file, since these are packets from the client’s network.
Thank you! We will wait for implementation.