Hone Enhanced Wireshark - HoneProject/Wireshark-Shim GitHub Wiki

The log files created by the Hone Linux and Windows sensors use an augmented PCAP-NG format. The Hone team has created a patch for Wireshark 1.10.2 so that it can properly read and display the Hone-specific additions to the PCAP-NG file. If you use Wireshark to view the Hone log files or to perform live captures from the sensor via the Wireshark shim, we recommend that you install the patched version of Wireshark. You can download the Wireshark source code, patches, and prebuilt binaries for Windows using the following links:


This material was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the United States Department of Energy, nor the Contractor, nor any or their employees, nor any jurisdiction or organization that has cooperated in the development of these materials, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness or any information, apparatus, product, software, or process disclosed, or represents that its use would not infringe privately owned rights.

Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government or any agency thereof, or Battelle Memorial Institute. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or any agency thereof.

PACIFIC NORTHWEST NATIONAL LABORATORY operated by BATTELLE for the UNITED STATES DEPARTMENT OF ENERGY under Contract DE-AC05-76RL01830