How to listen for only on some VLANs

gordnho · May 29, 2024, 1:03pm

Please include the following information with your help request:

Suricata version 7.0.5

Debian 12

Installed from stable-backpots Debian

I’m trying to only listen for 3 vlans let’s say 100 101 102 how can I implement this in suricata i have tried the following but didn’t work

Inside suricata.yaml

    vlan-filter:
      - id: 100
      - id: 101
      - id: 102

bpf-filter: "vlan 100 or vlan 101 or vlan 102"

lixiaoxu557 · May 30, 2024, 1:53am

The version is suricata-6.0.15
The operating system is Ubuntu 20.

I am able to add application layer protocols, but I would like to ask if it is possible to add Profinet DCP, an Ethernet link layer protocol. How should it be added to Suricata? Is it the same process as adding application layer protocols?

Topic		Replies	Views
Suricata - Filter out specific vlan Help	6	137	June 19, 2024
Suricata doesn't have any listening port Help community , suricon , suricata	2	498	June 29, 2023
Mirror traffic suricata Help	1	142	February 7, 2024
Suricata running in AWS Help	2	612	October 5, 2021
Multi-tenancy & VLANs Help	2	1276	May 22, 2020

How to listen for only on some VLANs

Related Topics