1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
Generic Decode Layer Keywords
=============================
decode-event
------------
Match on events generated by the decode layer. Decode events are generated during
the packet decoding phase that indicate structural or invalid values for the
Ethernet and layer 2 and layer 3 protocol data.
Syntax::
decode-event:<event name>;
Examples::
decode-event:ipv4.opt_duplicate
decode-event:ethernet.unknown_ethertype
Decode Events
~~~~~~~~~~~~~
ethernet.unknown_ethertype
^^^^^^^^^^^^^^^^^^^^^^^^^^
The ethertype value was not recognized by Suricata. Suricata recognizes
the following ethertype values::
ETHERNET_TYPE_IP
ETHERNET_TYPE_IPV6
ETHERNET_TYPE_VLAN
ETHERNET_TYPE_8021QINQ
ETHERNET_TYPE_8021AD
ETHERNET_TYPE_8021AH
ETHERNET_TYPE_ARP
ETHERNET_TYPE_MPLS_UNICAST
ETHERNET_TYPE_MPLS_MULTICAST
ETHERNET_TYPE_DCE
ETHERNET_TYPE_VNTAG
ETHERNET_TYPE_NSH
ETHERNET_TYPE_PPOE_SESS
ETHERNET_TYPE_PPOE_DISC
|
