First time here? Check out the FAQ!

Ask Your Question
0

How do we filter out the malware attackers ip from incoming and outgoing traffic in Wireshark?

asked Sep 19 '3

Khushboo gravatar image

updated Sep 19 '3

Hi,

I want to know How do we filter out the malware attacker IPs from incoming and outgoing traffic in Wireshark? Actually, I want to use Wireshark in our production environment to monitor and analyze the incoming and outgoing traffic. And if there is some malware or any kind of suspicious traffic, then in that situation, I want from Wireshark that: a. Filter out the malware and suspicious incoming traffic. b. categories and store it in a different log file and provide some kind of alert or notification, like there is some malware attack like this.

So, how can I achieve this, and is it possible to do it in Wireshark? Please let me know as soon as possible. a Thanks! Khushboo Kumari

Preview: (hide)

1 Answer

Sort by » oldest newest most voted
0

answered Sep 19 '3

Jaap gravatar image

No, Wireshark can't do that for you. Look for IDS (intrusion detection systems) like Snort instead.

Preview: (hide)
link

Comments

Okay, so by using Wireshark, we can not even find out the attacker or do the malware analysis?

Khushboo gravatar imageKhushboo ( Sep 19 '3 )

Well. You can, sort of, but that means you have to work round the clock doing the manual labor that a proper IDS system will do for you so you can only focus on the realy suspicious traffic. Something like SNORT is definilty not as expensive as you looking at Wireshark 24x7.

hugo.vanderkooij gravatar imagehugo.vanderkooij ( Sep 19 '3 )

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: Sep 19 '3

Seen: 615 times

Last updated: Sep 19 '23