How do we filter out the malware attackers ip from incoming and outgoing traffic in Wireshark?

asked 2023-09-19 07:07:26 +0000

Khushboo
1 ●1 ●3

updated 2023-09-19 07:10:18 +0000

Hi,

I want to know How do we filter out the malware attacker IPs from incoming and outgoing traffic in Wireshark? Actually, I want to use Wireshark in our production environment to monitor and analyze the incoming and outgoing traffic. And if there is some malware or any kind of suspicious traffic, then in that situation, I want from Wireshark that: a. Filter out the malware and suspicious incoming traffic. b. categories and store it in a different log file and provide some kind of alert or notification, like there is some malware attack like this.

So, how can I achieve this, and is it possible to do it in Wireshark? Please let me know as soon as possible. a Thanks! Khushboo Kumari

edit retag flag offensive close merge delete

add a comment

Comments

Okay, so by using Wireshark, we can not even find out the attacker or do the malware analysis?

Khushboo ( 2023-09-19 09:12:09 +0000 )edit

Well. You can, sort of, but that means you have to work round the clock doing the manual labor that a proper IDS system will do for you so you can only focus on the realy suspicious traffic. Something like SNORT is definilty not as expensive as you looking at Wireshark 24x7.

hugo.vanderkooij ( 2023-09-19 11:50:12 +0000 )edit

add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

How do we filter out the malware attackers ip from incoming and outgoing traffic in Wireshark?

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

How do we filter out the malware attackers ip from incoming and outgoing traffic in Wireshark? edit

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

How do we filter out the malware attackers ip from incoming and outgoing traffic in Wireshark?