Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
branch: master
Commits on Jun 16, 2014
  1. fix bug on double "Activate"

    authored
    Clicking on "Suricata->Activate" twice was resulting in wireshark to
    leave because the protocol dissector was redefined. Moving code
    relative to dissector out af the activate function is fixing the
    issue.
Commits on Jun 14, 2014
  1. README: add some more details

    authored
  2. README: fix formatting

    authored
  3. README: fix documentation

    authored
    Sync it with current state of the code.
  4. Set release to 0.2.

    authored
  5. Update copyright and description

    authored
  6. Use "suricata.alert" prefix for alert info

    authored
    To be homogeneous with the reset of extracted info, we switch
    to suricata.alert.sid and similar names.
  7. Add support for HTTP event

    authored
    This is working but factorization of the code should not wait
    and be the next thing to do.
  8. Display fileinfo

    authored
  9. Improve top level info

    authored
    Add the fact that Suricata is the origin of info is less confusing.
  10. Display SSH info

    authored
  11. Fix README

    authored
    We now use EVE format.
  12. Suppress pcapinfo code

    authored
    Suricata EVE file is far more interesting. So this patch suppresses
    the code related to pcapinfo.
  13. Display TLS related info

    authored
    This patch adds parsing for TLS message contained in EVE file. This
    allow to add information such as TLS subject or issuerdn inside
    wireshark.
  14. Use EVE output instead of pcapinfo

    authored
    Suricata 2.0 features EVE JSON output which contains all the necessary info
    to add alert related disseector and more. This patch parses eve.json file
    and display information about alerts in wireshark.
Commits on Oct 5, 2011
  1. Import ChangeLog and INSTALL.

    authored
    This patch prepares the release of version 0.1.
Commits on Oct 4, 2011
  1. Update documentation.

    authored
    Sync with suricata output named change.
Commits on Oct 2, 2011
  1. Follow numlog output evolution.

    authored
    This patch follow numlog output module evolution by adding a bunch
    of fields to the protocol.
Commits on Oct 1, 2011
  1. Improve included documentation.

    authored
  2. Support for multiple Activate

    authored
    It is now possible to use different alerts file on the same pcap
    without leaving wireshark.
  3. Choose indentation style and apply it.

    authored
    I've choosen a no expand tab, tab width to 8 indentation.
Commits on Sep 30, 2011
  1. Improve parsing code.

    authored
    The parsing code can not be run from protocol init function as it
    is evaluated more than once.
Commits on Sep 29, 2011
  1. Add preference to handle default alert file.

    authored
    The default alert file can be set by choosing the file name in the
    protocol preferences.
  2. Fix scope or suricata protocol.

    authored
  3. Improve alert storage.

    authored
    THis patch fixes the algorithm used to store alert. It takes
    into account the fact that multiple alerts can be attached to
    a packet and improves speed by using a dictionnary instead of
    an iteration.
  4. Add LICENSE and basic README.rst

    authored
  5. Create TODO.

    authored
  6. Use local function to avoid code run.

    authored
    If functions for suri_proto are not local to suriwire_activate(),
    it leads to an evaluation we don't want.
Commits on Sep 28, 2011
  1. Fix some description in fields.

    authored
Commits on Sep 24, 2011
  1. Added menu should permit activation.

    authored
    It seems wireshark menu is not working in my current version.
Something went wrong with that request. Please try again.