Wireshark Extensions

As part of GSoc 2011, Jakub Zawadzki developed a variety of wirkeshark extensions:

  • WireShnork plugin that would support applying Snort IDS rules and signatures against pcap files. This would be useful for network forensic, allowing analysts to automatically colorise packets that match a particular Snort IDS signature.
  • WireshAV plugin that would allow to scan captured files with antiviruses
  • WireBrowse plugin which would allow to access some of wireshark functionality over web browser
  • WireSocks HTTP/SOCKS5 "proxy" plugin that would allow any browser (with proxy support :)) to get the contents of sniffed web pages (with css, images, javascript, and other files) which were saved inside pcap file
  • WireViz GUI plugin which would allow to generate connection graphs with Graphviz