Suriwire is a plugin for Wireshark that displays Suricata generated alerts for a pcap file inside the Wireshark output. It adds the alerts to the packet details and in the expert info window. It also enables you to use signature fields as filtering items in Wireshark output.
|Tags||Security Analysis wireshark suricata|
|Operating Systems||Linux FreeBSD OpenBSD|
Release Notes: Suriwire now uses the EVE file format created by Suricata 2.x instead of using the pcapinfo file. This allows you to add information about alerts and events coming from protocol decoding. For example, you can now get packets corresponding to a TLS where the certificate subject contains a substring.
Release Notes: Initial public release.