Snort mailing list archives
Rule support on Audio Video Bridging (AVB) protocol
From: Rostanin Gleb SBR DIRCS via Snort-sigs <snort-sigs () lists snort org>
Date: Sun, 23 Jul 2023 13:41:19 +0000
Internal Hey Snort team, is there any information on which additional protocols apart of the standard protocols are supported by snort 2 and 3 (support of version differs)? I am interested in analyzing the AVB Transportation protocol with SNORT, by, e.g., using the dataset of an IDS Automotive Ethernet Paper<https://ocslab.hksecurity.net/Datasets/automotive-ethernet-intrusion-dataset>. After Layer 2, the AVB protocol, concretely IEEE 1722 (AVTP) protocol follows directly after Layer 2 and 802.1Q VLAN layer. For the IEEE 1588 protocol, which is used together with AVB, it is nearly the same. Is there any possibility on analyzing the packets with Snort? My goal would be to detect injections to the AVTP used by a Video stream. Also is possible to detect MAC Flooding attacks with Snort, as Snort does not give the option on analyzing Layer 2? Sincerely Gleb Rostanin
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- Rule support on Audio Video Bridging (AVB) protocol Rostanin Gleb SBR DIRCS via Snort-sigs (Jul 24)