Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: Wireshark TCP Flags SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Wireshark TCP Flags

When I took SEC503 last year in Brussels, taught by Jess Garcia, he remarked that he missed Snort's TCP flag representation in Wireshark.

Lua dissectors are a great way to enhance Wireshark, so I wrote a dissector that adds Snort-style TCP flags:

When you install the dissector, it adds a tcpflags.flags field, which you can add as a column ("Apply as Column").

You can download the dissector here. One way to install Lua dissectors is to copy them in the plugins folder. In the Wireshark menu, go to Help / About / Folders to locate your plugin folders.

 

DidierStevens

400 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!