Hi,
Curious to know if there’s any direction or movement in allowing suricata to handle the tzsp protocol, my use case is mikrotik packet sniffing to forward packets on to another machine to handle the suricata ids/ips.
As far as I can see, suricata mutually exclusively, handles the case of listening on eth0 or read from the generated pcap that contains the tzsp protocol data. Is there a developer guide to be able to add a protocol handler for tzsp. Looking at the guide, yields a 404.
Thanks
Would you have a pcap to share ?
1 Like
Hi Tommie,
I hit this issue in 2021 and decided to build a small script that acts like a proxy. I am now publishing this script publicly. See here:
When I have some time, I will try to extend it as a docker container and make it more dynamic.
Hope it helps.