When I took SEC503 last year in Brussels, taught by Jess Garcia, he remarked that he missed Snort's TCP flag representation in Wireshark.
Lua dissectors are a great way to enhance Wireshark, so I wrote a dissector that adds Snort-style TCP flags:
When you install the dissector, it adds a tcpflags.flags field, which you can add as a column ("Apply as Column").
You can download the dissector here. One way to install Lua dissectors is to copy them in the plugins folder. In the Wireshark menu, go to Help / About / Folders to locate your plugin folders.
Apr 6th 2015
3 years ago