Abstract
Wireshark is the most basic tool that anyone thinks of when network traffic analysis is mentioned. Wireshark is beyond doubt, a wonderful tool which is available free of cost to the community and is well maintained. It is also modular and allows the user to add more functionality in form of C/Lua plugins. There are some good dissectors and plugins available for Wireshark which make user’s life easy but when we talk the plugins related to attack detection or macro analysis from the security point of view, there is not much available. Our PA Toolkit is such an attempt to extend the functionality of Wireshark from a micro-analysis tool and protocol dissector to the macro analyzer and threat hunter.
PA toolkit is a collection of Wireshark plugins which enables a pentester to get insights for multiple network protocols like WiFi, VoIP, ARP, DNS, DHCP, SSL etc. This eliminates the need for a separate software/framework to detect basic attacks. The plugins are easy to add and are platform independent.