osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity
wireshark/plugins/epan/falco_bridge/README.md

936 B
Raw Blame History

Falco Bridge

This plugin is a bridge between Falco plugins and Wireshark, so that Falco plugins can be used as dissectors. It requires libsinsp and libscap.

Building the Falco Bridge plugin

  1. Download and compile libsinsp and libscap.

  2. Configure Wireshark with cmake ... -DSINSP_INCLUDE_DIR=/path/to/falcosecurity-libs -DSINSP_LIBDIR=/path/to/falcosecurity-libs/build ...

Quick Start

  1. Create a directory named "falco" at the same level as the "epan" plugin folder. You can find the global and per-user plugin folder locations on your system in About → Folders or in the User's Guide.

  2. Build your desired Falco plugin and place it in the "falco" plugin directory.