PA Toolkit is a collection of traffic analysis plugins to extend the functionality of Wireshark from a micro-analysis tool and protocol dissector to the macro analyzer and threat hunter. PA Toolkit contains plugins (both dissectors and taps) covering various scenarios for multiple protocols, including:
[*]WiFi (WiFi network summary, Detecting beacon, deauth floods etc.)
[*]HTTP (Listing all visited websites, downloaded files)
[*]HTTPS (Listing all websites opened on HTTPS)
[*]ARP (MAC-IP table, Detect MAC spoofing and ARP poisoning)
[*]DNS (Listing DNS servers used and DNS resolution, Detecting DNS Tunnels)
Copy the “plugins” directory to Wireshark plugins directory.