Wireshark Network Threat Forensics par Libor Benes (Dr. B)
3,100 Wireshark display filters for threat hunting, malware C2/beaconing detection, intrusion analysis, exfiltration, lateral movement, credential abuse, and network forensics. âą Real-time search. âą Fully offline. No Data Collection.
5 utilisateurs·trices5 utilisateurs·trices
MĂ©tadonnĂ©es de lâextension
Ă propos de cette extension
Wireshark Network Threat Forensics is a security-first, offline Firefox sidebar extension that delivers instant, searchable access to 3,100 carefully curated Wireshark display filters â a unique (albeit logically non-exhaustive) collection focused on real-world network threat detection and digital forensics.
With the signature, hallmark architecture prioritizing the security-first approach, all processing and data are client-side â no telemetry, no network requests, no data collection.
During incident response, malware analysis, threat hunting, red-team/blue-team exercises, and forensic investigations, security professionals need rapid access to proven display filters capable of identifying command-and-control (C2) beaconing, data exfiltration, lateral movement, credential harvesting, ransomware precursors, port scans, MITM attempts, protocol abuse, and many other malicious behaviors.
This extension provides exactly that â a comprehensive, categorized reference of the most effective and up-to-date display filters, drawn from official Wireshark documentation, public cheat sheets, SANS posters, malware traffic analysis reports (Unit 42, Mandiant, Black Hills, etc.), and current 2025â2026 threat intelligence observations.
Purpose:
Rapid, searchable reference for Wireshark display filters â ideal for real-time packet analysis, threat hunting, incident response, malware traffic analysis, red-team/blue-team exercises, and forensic investigations.
About Wireshark:
Wireshark, originally authored as Ethereal in 1998 by Gerald Combs (a computer science graduate of the University of MissouriâKansas City), is the world's leading open-source network protocol analyzer. It supports two distinct types of filters:
âą Capture filters â applied during live capture using BPF syntax (e.g. tcp port 80), used to reduce the volume of recorded traffic.
âą Display filters â applied after capture to filter, highlight, and analyze already-recorded packets using Wireshark's own powerful expression language (e.g. http.request.method == "POST" && http.request.uri contains "login").
This extension contains exclusively display filters â the far more expressive, flexible, and forensics-oriented type used for deep inspection of PCAP files or live sessions. It does not include capture filters, which are simpler and far less numerous.
Target Audience:
âą Network Security Analysts & Threat Hunters.
âą Incident Responders & DFIR Practitioners.
âą Malware Reverse Engineers.
âą Red Team / Penetration Testers.
âą Blue Team / SOC Analysts.
âą Forensic Investigators.
âą Bug Bounty Hunters.
âą Students & Educators in network security.
Key Categories Include:
âą Frame & General
âą Ethernet / Link Layer
âą IP / ICMP / ICMPv6
âą TCP Basics & Flags
âą TCP Analysis & Errors
âą UDP
âą DNS (tunneling, DGA, exfil)
âą HTTP / HTTPS / TLS (client hints, weak ciphers, downgrade)
âą Suspicious / Security / Anomalies (scans, MITM, DoS)
âą Malware / C2 / Beaconing Indicators
âą Wireless / Wi-Fi / 802.11 (deauth, PMKID, evil twin)
âą SMB / Windows Protocols (NTLM, PsExec, WMI)
âą Email / SMTP / IMAP / POP (phishing, credential leaks)
âą VoIP / RTP / SIP (toll fraud, call spam)
âą Miscellaneous / Expert / Custom (rare patterns, high-entropy, shellcode).
Features:
âą Real-time dynamic smart search across category, title, filter expression, and description.
âą Click-to-copy display filter string with "Copied!" visual feedback.
âą Syntax-highlighted filters (monospace) + highlighted search terms (<mark>).
âą Terminal-inspired design.
âą Fully offline â no network requests, no data collection.
âą Compact with instant performance even on 3,100 entries.
Security & Privacy:
âą Only one permission: clipboardWrite (required for copy-to-clipboard).
âą Zero data collection â explicitly declared in manifest.json.
âą No external requests, no analytics, no telemetry.
âą No third-party libraries â 100% first-party code.
âą Manifest v2 compliant with Mozilla review standards.
Technical Specifications:
âą Compatibility: Firefox 109.0+ (64-bit desktop).
âą Size: ~532 KB total (minimal memory footprint).
âą Performance: Instant filtering on 3,100 entries.
âą Tested on: Firefox 147.0.3 (February 2026).
Wireshark Network Threat Forensics brings a unique, powerful, comprehensive, security-first collection of display filters directly into your Firefox sidebar â ready for immediate use in threat hunting and forensic workflows, with complete offline privacy protection.
Happy network threat hunting â stay safe, stay offline.
With the signature, hallmark architecture prioritizing the security-first approach, all processing and data are client-side â no telemetry, no network requests, no data collection.
During incident response, malware analysis, threat hunting, red-team/blue-team exercises, and forensic investigations, security professionals need rapid access to proven display filters capable of identifying command-and-control (C2) beaconing, data exfiltration, lateral movement, credential harvesting, ransomware precursors, port scans, MITM attempts, protocol abuse, and many other malicious behaviors.
This extension provides exactly that â a comprehensive, categorized reference of the most effective and up-to-date display filters, drawn from official Wireshark documentation, public cheat sheets, SANS posters, malware traffic analysis reports (Unit 42, Mandiant, Black Hills, etc.), and current 2025â2026 threat intelligence observations.
Purpose:
Rapid, searchable reference for Wireshark display filters â ideal for real-time packet analysis, threat hunting, incident response, malware traffic analysis, red-team/blue-team exercises, and forensic investigations.
About Wireshark:
Wireshark, originally authored as Ethereal in 1998 by Gerald Combs (a computer science graduate of the University of MissouriâKansas City), is the world's leading open-source network protocol analyzer. It supports two distinct types of filters:
âą Capture filters â applied during live capture using BPF syntax (e.g. tcp port 80), used to reduce the volume of recorded traffic.
âą Display filters â applied after capture to filter, highlight, and analyze already-recorded packets using Wireshark's own powerful expression language (e.g. http.request.method == "POST" && http.request.uri contains "login").
This extension contains exclusively display filters â the far more expressive, flexible, and forensics-oriented type used for deep inspection of PCAP files or live sessions. It does not include capture filters, which are simpler and far less numerous.
Target Audience:
âą Network Security Analysts & Threat Hunters.
âą Incident Responders & DFIR Practitioners.
âą Malware Reverse Engineers.
âą Red Team / Penetration Testers.
âą Blue Team / SOC Analysts.
âą Forensic Investigators.
âą Bug Bounty Hunters.
âą Students & Educators in network security.
Key Categories Include:
âą Frame & General
âą Ethernet / Link Layer
âą IP / ICMP / ICMPv6
âą TCP Basics & Flags
âą TCP Analysis & Errors
âą UDP
âą DNS (tunneling, DGA, exfil)
âą HTTP / HTTPS / TLS (client hints, weak ciphers, downgrade)
âą Suspicious / Security / Anomalies (scans, MITM, DoS)
âą Malware / C2 / Beaconing Indicators
âą Wireless / Wi-Fi / 802.11 (deauth, PMKID, evil twin)
âą SMB / Windows Protocols (NTLM, PsExec, WMI)
âą Email / SMTP / IMAP / POP (phishing, credential leaks)
âą VoIP / RTP / SIP (toll fraud, call spam)
âą Miscellaneous / Expert / Custom (rare patterns, high-entropy, shellcode).
Features:
âą Real-time dynamic smart search across category, title, filter expression, and description.
âą Click-to-copy display filter string with "Copied!" visual feedback.
âą Syntax-highlighted filters (monospace) + highlighted search terms (<mark>).
âą Terminal-inspired design.
âą Fully offline â no network requests, no data collection.
âą Compact with instant performance even on 3,100 entries.
Security & Privacy:
âą Only one permission: clipboardWrite (required for copy-to-clipboard).
âą Zero data collection â explicitly declared in manifest.json.
âą No external requests, no analytics, no telemetry.
âą No third-party libraries â 100% first-party code.
âą Manifest v2 compliant with Mozilla review standards.
Technical Specifications:
âą Compatibility: Firefox 109.0+ (64-bit desktop).
âą Size: ~532 KB total (minimal memory footprint).
âą Performance: Instant filtering on 3,100 entries.
âą Tested on: Firefox 147.0.3 (February 2026).
Wireshark Network Threat Forensics brings a unique, powerful, comprehensive, security-first collection of display filters directly into your Firefox sidebar â ready for immediate use in threat hunting and forensic workflows, with complete offline privacy protection.
Happy network threat hunting â stay safe, stay offline.
Noté 0 par 1 personne
Autorisations et données
Autorisations nécessaires :
- Ajouter des données dans le presse-papiers
Collecte de données :
- Le dĂ©veloppeur indique que cette extension nâa pas besoin de collecter de donnĂ©es.
Plus dâinformations
- Liens du module
- Version
- 1.0
- Taille
- 150,99Â Ko
- DerniĂšre mise Ă jour
- il y a 3 mois (15 févr. 2026)
- Catégories associées
- Licence
- Mozilla Public License 2.0
- Historique des versions
- Ajouter Ă la collection