malcolm in vxlan

[meetpity]

I wanna know if Malcolm can automatically remove the outermost VXLAN Src/Dst IP header information when running in a VXLAN (DG) network environment.

[mmguero]

Hey, good question! When it comes to doing the actual traffic parsing Malcolm can do whatever its components (Zeek, Arkime, and Suricata) can do, and I'm not 100% sure of the answer to this one. I'll do some research and get back to you as soon as I come up with something.

[mmguero]

Hey @meetpity, I apologize, I haven't been able to get to this to investigate it yet. Did you end up coming to an answer on your own?