Ask Your Question
0

Filtering out normal traffic

asked 2018-03-05 12:43:20 +0000

Vindra gravatar image

Hi, Is there any simple way to filter out normal traffic? In my case when I watch sports video stream for longer than 10 minutes, my computer freeze, the video freezes too. I want to analyze traffic captured at that time. But it's too much. I want to filter out the normal (e.g., anti malware etc.). If I try to do it by manually adding entries in dfilter it's becoming too lengthy.

Regards

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2018-03-05 17:22:40 +0000

Jaap gravatar image

There's no simple answer here, since it's impossible to define 'normal' traffic. What may be normal traffic in your situation may not be in another, and vice versa.

What you can do though is look into using capture filters instead of display filters. Even though their options aren't as extensive as display filters, they do keep unwanted traffic out of your capture files.

edit flag offensive delete link more

Comments

Thanks Jaap for the reply. I was wondering if there is already some script or program which studies traffic from/to a device and forms a "normal traffic" for that device. When we see a problem with that device we refer to the "normal traffic" and see the difference-- the difference may be traffic to/from unknown IPs or too much/less traffic to known IPs. May be I am thinking too far.

Vindra gravatar imageVindra ( 2018-03-06 04:36:36 +0000 )edit

Baselining your network is what it's called. A very helpful technique to find anomalies. It requires a higher level view of your network, for which other type of (aggregation) tools come in play. Afterwards you drill down to the network packet level (with Wireshark for instance) to look at the details.

Jaap gravatar imageJaap ( 2018-03-06 06:38:15 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2018-03-05 12:43:20 +0000

Seen: 158 times

Last updated: Mar 05