Is there a way for Wireshark to give a notification when a certain number of packets/second (or other time interval) are transmitted from a given protocol? On a LAN recently, one computer was sending five thousand emails a second (not sure on the cause, obviously something malicious) and the staff did not realize it until the ISP handling the requests turned the service off.

asked 18 Oct '11, 04:35

Ben%20Thomas's gravatar image

Ben Thomas
1112
accept rate: 0%


Unfortunately you can't, but that kind of thing is more or less a task for a network monitoring solution, not a packet capture solution like Wireshark. Take a look at Netflow collectors, and have the routers/switches send NetFlow statistics to one of them, which can then aggregate and monitor thresholds of IPs and Ports as well as Packets and Bytes transmitted.

link

answered 18 Oct '11, 06:59

Jasper's gravatar image

Jasper ♦
16.1k338212
accept rate: 17%

Thanks for the info

(18 Oct '11, 13:30) Ben Thomas
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×21
×1

Asked: 18 Oct '11, 04:35

Seen: 1,306 times

Last updated: 18 Oct '11, 13:30

powered by OSQA