Focus Areas:
Defensive Security
Presentation Material
Abstract
Network traffic dumps can be very valuable when processed with proper tools. There are various open source and paid tools to analyse the traffic but most of them either have predefined functionality or scalability issues or one of dozen other problems. But, what if we can convert our favourite traffic analysis tool Wireshark, to an extensible, free platform independent threat/signature/attack hunter tool? In this presentation, we will talk about developing wireshark plugins to do security analysis of live and stored packets. We will use examples of older and newer protocols (including non-standard ones) to explain the plugin workflow and development.