Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: InfoSec Handlers Diary Blog - Wireshark TCP Flags InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Wireshark TCP Flags

Published: 2015-04-05
Last Updated: 2015-04-06 18:23:04 UTC
by Didier Stevens (Version: 1)
0 comment(s)

When I took SEC503 last year in Brussels, taught by Jess Garcia, he remarked that he missed Snort's TCP flag representation in Wireshark.

Lua dissectors are a great way to enhance Wireshark, so I wrote a dissector that adds Snort-style TCP flags:

When you install the dissector, it adds a tcpflags.flags field, which you can add as a column ("Apply as Column").

You can download the dissector here. One way to install Lua dissectors is to copy them in the plugins folder. In the Wireshark menu, go to Help / About / Folders to locate your plugin folders.

 

0 comment(s)
Diary Archives