Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Wireshark TCP Flags SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Wireshark TCP Flags

When I took SEC503 last year in Brussels, taught by Jess Garcia, he remarked that he missed Snort's TCP flag representation in Wireshark.

Lua dissectors are a great way to enhance Wireshark, so I wrote a dissector that adds Snort-style TCP flags:

When you install the dissector, it adds a tcpflags.flags field, which you can add as a column ("Apply as Column").

You can download the dissector here. One way to install Lua dissectors is to copy them in the plugins folder. In the Wireshark menu, go to Help / About / Folders to locate your plugin folders.

 

DidierStevens

503 Posts
ISC Handler
Apr 6th 2015

Sign Up for Free or Log In to start participating in the conversation!