How to listen for only on some VLANs

gordnho · May 29, 2024, 1:03pm

Please include the following information with your help request:

Suricata version 7.0.5

Debian 12

Installed from stable-backpots Debian

I’m trying to only listen for 3 vlans let’s say 100 101 102 how can I implement this in suricata i have tried the following but didn’t work

Inside suricata.yaml

    vlan-filter:
      - id: 100
      - id: 101
      - id: 102

bpf-filter: "vlan 100 or vlan 101 or vlan 102"

lixiaoxu557 · May 30, 2024, 1:53am

The version is suricata-6.0.15
The operating system is Ubuntu 20.

I am able to add application layer protocols, but I would like to ask if it is possible to add Profinet DCP, an Ethernet link layer protocol. How should it be added to Suricata? Is it the same process as adding application layer protocols?

Topic		Replies	Views
Suricata - Filter out specific vlan Help	6	217	June 19, 2024
App layer not detecting flows Help	3	456	August 20, 2022
Suricata doesn't have any listening port Help community , suricon , suricata	2	548	June 29, 2023
Mirror traffic suricata Help	1	159	February 7, 2024
Suricata running in AWS Help	2	631	October 5, 2021

How to listen for only on some VLANs

Related topics