Wireshark Network Threat Forensics ์ ์์: Libor Benes (Dr. B)
3,100 Wireshark display filters for threat hunting, malware C2/beaconing detection, intrusion analysis, exfiltration, lateral movement, credential abuse, and network forensics. โข Real-time search. โข Fully offline. No Data Collection.
ํ์ฅ ๋ฉํ ๋ฐ์ดํฐ
์ ๋ณด
Wireshark Network Threat Forensics is a security-first, offline Firefox sidebar extension that delivers instant, searchable access to 3,100 carefully curated Wireshark display filters โ a unique (albeit logically non-exhaustive) collection focused on real-world network threat detection and digital forensics.
With the signature, hallmark architecture prioritizing the security-first approach, all processing and data are client-side โ no telemetry, no network requests, no data collection.
During incident response, malware analysis, threat hunting, red-team/blue-team exercises, and forensic investigations, security professionals need rapid access to proven display filters capable of identifying command-and-control (C2) beaconing, data exfiltration, lateral movement, credential harvesting, ransomware precursors, port scans, MITM attempts, protocol abuse, and many other malicious behaviors.
This extension provides exactly that โ a comprehensive, categorized reference of the most effective and up-to-date display filters, drawn from official Wireshark documentation, public cheat sheets, SANS posters, malware traffic analysis reports (Unit 42, Mandiant, Black Hills, etc.), and current 2025โ2026 threat intelligence observations.
Purpose:
Rapid, searchable reference for Wireshark display filters โ ideal for real-time packet analysis, threat hunting, incident response, malware traffic analysis, red-team/blue-team exercises, and forensic investigations.
About Wireshark:
Wireshark, originally authored as Ethereal in 1998 by Gerald Combs (a computer science graduate of the University of MissouriโKansas City), is the world's leading open-source network protocol analyzer. It supports two distinct types of filters:
โข Capture filters โ applied during live capture using BPF syntax (e.g. tcp port 80), used to reduce the volume of recorded traffic.
โข Display filters โ applied after capture to filter, highlight, and analyze already-recorded packets using Wireshark's own powerful expression language (e.g. http.request.method == "POST" && http.request.uri contains "login").
This extension contains exclusively display filters โ the far more expressive, flexible, and forensics-oriented type used for deep inspection of PCAP files or live sessions. It does not include capture filters, which are simpler and far less numerous.
Target Audience:
โข Network Security Analysts & Threat Hunters.
โข Incident Responders & DFIR Practitioners.
โข Malware Reverse Engineers.
โข Red Team / Penetration Testers.
โข Blue Team / SOC Analysts.
โข Forensic Investigators.
โข Bug Bounty Hunters.
โข Students & Educators in network security.
Key Categories Include:
โข Frame & General
โข Ethernet / Link Layer
โข IP / ICMP / ICMPv6
โข TCP Basics & Flags
โข TCP Analysis & Errors
โข UDP
โข DNS (tunneling, DGA, exfil)
โข HTTP / HTTPS / TLS (client hints, weak ciphers, downgrade)
โข Suspicious / Security / Anomalies (scans, MITM, DoS)
โข Malware / C2 / Beaconing Indicators
โข Wireless / Wi-Fi / 802.11 (deauth, PMKID, evil twin)
โข SMB / Windows Protocols (NTLM, PsExec, WMI)
โข Email / SMTP / IMAP / POP (phishing, credential leaks)
โข VoIP / RTP / SIP (toll fraud, call spam)
โข Miscellaneous / Expert / Custom (rare patterns, high-entropy, shellcode).
Features:
โข Real-time dynamic smart search across category, title, filter expression, and description.
โข Click-to-copy display filter string with "Copied!" visual feedback.
โข Syntax-highlighted filters (monospace) + highlighted search terms (<mark>).
โข Terminal-inspired design.
โข Fully offline โ no network requests, no data collection.
โข Compact with instant performance even on 3,100 entries.
Security & Privacy:
โข Only one permission: clipboardWrite (required for copy-to-clipboard).
โข Zero data collection โ explicitly declared in manifest.json.
โข No external requests, no analytics, no telemetry.
โข No third-party libraries โ 100% first-party code.
โข Manifest v2 compliant with Mozilla review standards.
Technical Specifications:
โข Compatibility: Firefox 109.0+ (64-bit desktop).
โข Size: ~532 KB total (minimal memory footprint).
โข Performance: Instant filtering on 3,100 entries.
โข Tested on: Firefox 147.0.3 (February 2026).
Wireshark Network Threat Forensics brings a unique, powerful, comprehensive, security-first collection of display filters directly into your Firefox sidebar โ ready for immediate use in threat hunting and forensic workflows, with complete offline privacy protection.
Happy network threat hunting โ stay safe, stay offline.
With the signature, hallmark architecture prioritizing the security-first approach, all processing and data are client-side โ no telemetry, no network requests, no data collection.
During incident response, malware analysis, threat hunting, red-team/blue-team exercises, and forensic investigations, security professionals need rapid access to proven display filters capable of identifying command-and-control (C2) beaconing, data exfiltration, lateral movement, credential harvesting, ransomware precursors, port scans, MITM attempts, protocol abuse, and many other malicious behaviors.
This extension provides exactly that โ a comprehensive, categorized reference of the most effective and up-to-date display filters, drawn from official Wireshark documentation, public cheat sheets, SANS posters, malware traffic analysis reports (Unit 42, Mandiant, Black Hills, etc.), and current 2025โ2026 threat intelligence observations.
Purpose:
Rapid, searchable reference for Wireshark display filters โ ideal for real-time packet analysis, threat hunting, incident response, malware traffic analysis, red-team/blue-team exercises, and forensic investigations.
About Wireshark:
Wireshark, originally authored as Ethereal in 1998 by Gerald Combs (a computer science graduate of the University of MissouriโKansas City), is the world's leading open-source network protocol analyzer. It supports two distinct types of filters:
โข Capture filters โ applied during live capture using BPF syntax (e.g. tcp port 80), used to reduce the volume of recorded traffic.
โข Display filters โ applied after capture to filter, highlight, and analyze already-recorded packets using Wireshark's own powerful expression language (e.g. http.request.method == "POST" && http.request.uri contains "login").
This extension contains exclusively display filters โ the far more expressive, flexible, and forensics-oriented type used for deep inspection of PCAP files or live sessions. It does not include capture filters, which are simpler and far less numerous.
Target Audience:
โข Network Security Analysts & Threat Hunters.
โข Incident Responders & DFIR Practitioners.
โข Malware Reverse Engineers.
โข Red Team / Penetration Testers.
โข Blue Team / SOC Analysts.
โข Forensic Investigators.
โข Bug Bounty Hunters.
โข Students & Educators in network security.
Key Categories Include:
โข Frame & General
โข Ethernet / Link Layer
โข IP / ICMP / ICMPv6
โข TCP Basics & Flags
โข TCP Analysis & Errors
โข UDP
โข DNS (tunneling, DGA, exfil)
โข HTTP / HTTPS / TLS (client hints, weak ciphers, downgrade)
โข Suspicious / Security / Anomalies (scans, MITM, DoS)
โข Malware / C2 / Beaconing Indicators
โข Wireless / Wi-Fi / 802.11 (deauth, PMKID, evil twin)
โข SMB / Windows Protocols (NTLM, PsExec, WMI)
โข Email / SMTP / IMAP / POP (phishing, credential leaks)
โข VoIP / RTP / SIP (toll fraud, call spam)
โข Miscellaneous / Expert / Custom (rare patterns, high-entropy, shellcode).
Features:
โข Real-time dynamic smart search across category, title, filter expression, and description.
โข Click-to-copy display filter string with "Copied!" visual feedback.
โข Syntax-highlighted filters (monospace) + highlighted search terms (<mark>).
โข Terminal-inspired design.
โข Fully offline โ no network requests, no data collection.
โข Compact with instant performance even on 3,100 entries.
Security & Privacy:
โข Only one permission: clipboardWrite (required for copy-to-clipboard).
โข Zero data collection โ explicitly declared in manifest.json.
โข No external requests, no analytics, no telemetry.
โข No third-party libraries โ 100% first-party code.
โข Manifest v2 compliant with Mozilla review standards.
Technical Specifications:
โข Compatibility: Firefox 109.0+ (64-bit desktop).
โข Size: ~532 KB total (minimal memory footprint).
โข Performance: Instant filtering on 3,100 entries.
โข Tested on: Firefox 147.0.3 (February 2026).
Wireshark Network Threat Forensics brings a unique, powerful, comprehensive, security-first collection of display filters directly into your Firefox sidebar โ ready for immediate use in threat hunting and forensic workflows, with complete offline privacy protection.
Happy network threat hunting โ stay safe, stay offline.
0๋ช
์ด 0์ ์ผ๋ก ํ๊ฐํจ
๊ถํ ๋ฐ ๋ฐ์ดํฐ
ํ์ ๊ถํ:
- ํด๋ฆฝ๋ณด๋์ ๋ฐ์ดํฐ ๋ฃ๊ธฐ
๋ฐ์ดํฐ ์์ง:
- ๊ฐ๋ฐ์๊ฐ ์ด ํ์ฅ ๊ธฐ๋ฅ์ ๋ฐ์ดํฐ ์์ง์ด ํ์ํ์ง ์๋ค๊ณ ํฉ๋๋ค.
์ถ๊ฐ ์ ๋ณด
- ๋ถ๊ฐ ๊ธฐ๋ฅ ๋งํฌ
- ๋ฒ์
- 1.0
- ํฌ๊ธฐ
- 150.99 KB
- ๋ง์ง๋ง ์ ๋ฐ์ดํธ
- 16์ผ ์ (2026๋ 2์ 15์ผ)
- ๊ด๋ จ ์นดํ ๊ณ ๋ฆฌ
- ๋ผ์ด์ ์ค
- Mozilla Public License 2.0
- ๋ฒ์ ๋ชฉ๋ก
- ๋ชจ์์ง์ ์ถ๊ฐ