Ask Your Question
0

Send alerts for 50 LDAP packets in under 1 min

asked 2022-07-27 17:17:33 +0000

Chadnos gravatar image

Hello, I've been trying to figure out different ways to detect "bloodhound" which is an enumeration tool used for Active Directory. Is it possible for Wireshark to send alerts for a certain amount of packets within a certain amount of time?

Originally I was thinking of using python to code it myself since I couldn't find anything about it online.

Thank you in advance!

edit retag flag offensive close merge delete

Comments

It seems as if you should buy or build a IDS or IPS solution.

hugo.vanderkooij gravatar imagehugo.vanderkooij ( 2022-07-28 06:28:30 +0000 )edit
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2022-07-27 17:53:29 +0000

Jaap gravatar image

You're confusing network capture and packet dissection, what Wireshark does, with network monitoring, what tools like Nagios do. So, no, Wireshark is not the tool for this job.

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2022-07-27 17:17:33 +0000

Seen: 99 times

Last updated: Jul 27 '22