Wireshark Extensions
Tue, 03/06/2012 - 04:08 — christian.seifert
Twitter
Facebook
LinkedInAs part of GSoc 2011, Jakub Zawadzki developed a variety of wirkeshark extensions:
- WireShnork plugin that would support applying Snort IDS rules and signatures against pcap files. This would be useful for network forensic, allowing analysts to automatically colorise packets that match a particular Snort IDS signature.
- WireshAV plugin that would allow to scan captured files with antiviruses
- WireBrowse plugin which would allow to access some of wireshark functionality over web browser
- WireSocks HTTP/SOCKS5 "proxy" plugin that would allow any browser (with proxy support :)) to get the contents of sniffed web pages (with css, images, javascript, and other files) which were saved inside pcap file
- WireViz GUI plugin which would allow to generate connection graphs with Graphviz
Downloads
Resources
We are a 501c3 non-profit, all volunteer organization. Consider donating to support our forensic challenges, tools development, and research.