First time here? Check out the FAQ!

Ask Your Question
0

Send alerts for 50 LDAP packets in under 1 min

asked Jul 27 '2

Hello, I've been trying to figure out different ways to detect "bloodhound" which is an enumeration tool used for Active Directory. Is it possible for Wireshark to send alerts for a certain amount of packets within a certain amount of time?

Originally I was thinking of using python to code it myself since I couldn't find anything about it online.

Thank you in advance!

Preview: (hide)

Comments

It seems as if you should buy or build a IDS or IPS solution.

hugo.vanderkooij gravatar imagehugo.vanderkooij ( Jul 28 '2 )

1 Answer

Sort by » oldest newest most voted
0

answered Jul 27 '2

Jaap gravatar image

You're confusing network capture and packet dissection, what Wireshark does, with network monitoring, what tools like Nagios do. So, no, Wireshark is not the tool for this job.

Preview: (hide)
link

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: Jul 27 '2

Seen: 114 times

Last updated: Jul 27 '22