Jack Radigan
2014-04-01 13:36:15 UTC
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I've just published the first beta release of a plugin (dissector) that
gives you the ability to view Snort/Suricata alerts from within
Wireshark. A companion set of tools provide you with the ability to
create multiple "configuration instances" so that you can quickly switch
from one to another within Wireshark for comparing differences between
them for the same pcap file.
An overview of the tools and demo of the plugin can be viewed at:
https://vimeo.com/88460795
Everything is currently limited to Linux, but I am working on a
Windows version of Wireshark with the plugin, no timeframe on when it
will be ready for testing though.
The packages for this were developed and tested with Centrych, but
should work with other Ubuntu 12.04 compatible systems as well.
Additional details on the Centrych modified version of Wireshark
(1.10.6) are listed at: http://www.centrych.org/wireshark
A walk-through on installing and setting up snort and suricata
instances is available at: http://www.centrych.org/idsutil
An Ubuntu 12.04 compatible PPA with all the required packages are
available from: https://launchpad.net/~centrych/+archive/security
Centrych can be downloaded from: http://www.centrych.org/downloads
If you're using another distribution, you can obtain the python source
as well as patch files for Wireshark and Barnyard from:
https://github.com/CentrychOS/python-idsutil
Enjoy,
- -jack-
Jack Radigan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQEcBAEBAgAGBQJTOsDPAAoJEG9x8hW2IFbRyc0IAK8F1BvuFs4+iH3UlMKwqa4T
PtAB1gGxcYNsqT3O7uoqYdE1b3l/kuIjIfvwPbzs9fWkhRPmnbzyuHjdVtTVhhFp
fsYd9itMmrwGoAm6fQex8Lic5nxxlaCEisjtjcEjdjjrmppN2xU0rU0Z+8EH2Gjs
39CrGIOR/qDE0oJqxx3tgP21KfYXW28NLoNsMDFtAuJwNFnpqGkGigIvPJCaZylE
Z9TyJXr5VWm45JQD+liXuI6+KKrRYreV16UaDm9pqyzXvjC/DMsS3aRMhc7Qcc6q
d+h72QQaDT6u4IToEjLdB3gaIoL9q6Dn7YmdstH4hWb8D5dURerkkxmo/d4skAM=
=71qy
-----END PGP SIGNATURE-----
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users-IZ8446WsY0/***@public.gmane.org>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request-IZ8446WsY0/***@public.gmane.org?subject=unsubscribe
Hash: SHA1
I've just published the first beta release of a plugin (dissector) that
gives you the ability to view Snort/Suricata alerts from within
Wireshark. A companion set of tools provide you with the ability to
create multiple "configuration instances" so that you can quickly switch
from one to another within Wireshark for comparing differences between
them for the same pcap file.
An overview of the tools and demo of the plugin can be viewed at:
https://vimeo.com/88460795
Everything is currently limited to Linux, but I am working on a
Windows version of Wireshark with the plugin, no timeframe on when it
will be ready for testing though.
The packages for this were developed and tested with Centrych, but
should work with other Ubuntu 12.04 compatible systems as well.
Additional details on the Centrych modified version of Wireshark
(1.10.6) are listed at: http://www.centrych.org/wireshark
A walk-through on installing and setting up snort and suricata
instances is available at: http://www.centrych.org/idsutil
An Ubuntu 12.04 compatible PPA with all the required packages are
available from: https://launchpad.net/~centrych/+archive/security
Centrych can be downloaded from: http://www.centrych.org/downloads
If you're using another distribution, you can obtain the python source
as well as patch files for Wireshark and Barnyard from:
https://github.com/CentrychOS/python-idsutil
Enjoy,
- -jack-
Jack Radigan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQEcBAEBAgAGBQJTOsDPAAoJEG9x8hW2IFbRyc0IAK8F1BvuFs4+iH3UlMKwqa4T
PtAB1gGxcYNsqT3O7uoqYdE1b3l/kuIjIfvwPbzs9fWkhRPmnbzyuHjdVtTVhhFp
fsYd9itMmrwGoAm6fQex8Lic5nxxlaCEisjtjcEjdjjrmppN2xU0rU0Z+8EH2Gjs
39CrGIOR/qDE0oJqxx3tgP21KfYXW28NLoNsMDFtAuJwNFnpqGkGigIvPJCaZylE
Z9TyJXr5VWm45JQD+liXuI6+KKrRYreV16UaDm9pqyzXvjC/DMsS3aRMhc7Qcc6q
d+h72QQaDT6u4IToEjLdB3gaIoL9q6Dn7YmdstH4hWb8D5dURerkkxmo/d4skAM=
=71qy
-----END PGP SIGNATURE-----
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users-IZ8446WsY0/***@public.gmane.org>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request-IZ8446WsY0/***@public.gmane.org?subject=unsubscribe