You can clone with
HTTPS or Subversion.
fix bug on double "Activate"
Clicking on "Suricata->Activate" twice was resulting in wireshark to
leave because the protocol dissector was redefined. Moving code
relative to dissector out af the activate function is fixing the
README: add some more details
README: fix formatting
README: fix documentation
Sync it with current state of the code.
Set release to 0.2.
README: add screenshot and fix description
Update copyright and description
Use "suricata.alert" prefix for alert info
To be homogeneous with the reset of extracted info, we switch
to suricata.alert.sid and similar names.
Add support for HTTP event
This is working but factorization of the code should not wait
and be the next thing to do.
Improve top level info
Add the fact that Suricata is the origin of info is less confusing.
Display SSH info
We now use EVE format.
Suppress pcapinfo code
Suricata EVE file is far more interesting. So this patch suppresses
the code related to pcapinfo.
Display TLS related info
This patch adds parsing for TLS message contained in EVE file. This
allow to add information such as TLS subject or issuerdn inside
Use EVE output instead of pcapinfo
Suricata 2.0 features EVE JSON output which contains all the necessary info
to add alert related disseector and more. This patch parses eve.json file
and display information about alerts in wireshark.
Import ChangeLog and INSTALL.
This patch prepares the release of version 0.1.
suppress tx_id which is not in pcap-info output.
Sync with suricata output named change.
Comment non-ready functions and follow module renaming.
Follow numlog output evolution.
This patch follow numlog output module evolution by adding a bunch
of fields to the protocol.
Improve included documentation.
Support for multiple Activate
It is now possible to use different alerts file on the same pcap
without leaving wireshark.
Choose indentation style and apply it.
I've choosen a no expand tab, tab width to 8 indentation.
Improve parsing code.
The parsing code can not be run from protocol init function as it
is evaluated more than once.
Add preference to handle default alert file.
The default alert file can be set by choosing the file name in the
Fix scope or suricata protocol.
Improve alert storage.
THis patch fixes the algorithm used to store alert. It takes
into account the fact that multiple alerts can be attached to
a packet and improves speed by using a dictionnary instead of
Update parsing to log format change.
Add LICENSE and basic README.rst
Use local function to avoid code run.
If functions for suri_proto are not local to suriwire_activate(),
it leads to an evaluation we don't want.
Add dialog to select suricata log file.
Fix some description in fields.
Added menu should permit activation.
It seems wireshark menu is not working in my current version.