Layer-2 Headers of Spanning-Tree

[jpan613]

I noticed an edge case in sampled STP layer-2 header, where the source and destination mac addresses are followed by length instead of ethertype (because STP doesn't have an ethertype), and as a result, length (usually 105) is reported as the ethertype.
I guess one way to get around it is to use the source or destination mac address, which s 01:80:c2:00:00:00 for STP, to identify this edge case.

[mehrdadrad]

@jpan613 are you talking about the sflow and the below?
https://github.com/VerizonDigital/vflow/blob/master/packet/ethernet.go#L106

[jpan613]

@mehrdadrad exactly

[mehrdadrad]

@jpan613 as the ethernet and IP networks are most popular and we need to deep dive on their flow, The vFlow does only ethernet -> IPv4/IPv6 -> UDP/TCP decoding (sFlow) for the time being.
If anyone needs other protocols like STP they can create a PR.