Hi ELK Community,
I'm trying to setup a packetbeat for troubleshooting spam attacking. However, I could not find the packet that encapsulated with PPPoE header in kibana which shows only normal IP packets and Flows with destination/source macaddress.
Try to use tcpdump on packetbeat machine, the output is shown as:
19:28:30.762832 PPPoE [ses 0x20d] IP 18.104.22.168.https > node-12ac.pool-180-180.dynamic.totinternet.net.45926: Flags [.], seq 3884279897:3884281285, ack 3457224134, win 678, options [nop,nop,TS val 3518790448 ecr 323759403], length 1388
19:28:30.858184 PPPoE [ses 0x840] IP 22.214.171.124.https > node-zme.pool-182-52.dynamic.internet.net.50221: UDP, length 1350
Is there a way to decode PPPoE traffic in packetbeat?
or Do I miss something?