First time here? Check out the FAQ!

Ask Your Question
0

How do we filter out the malware attackers ip from incoming and outgoing traffic in Wireshark?
 
  
 
  
 
 
 
 
 
 
    
        
        asked Sep 19 '3  
 
 Khushboo gravatar image  
 
 
 
 
    
        
        updated Sep 19 '3  
 
 
 
 
 
Hi,
 
I want to know How do we filter out the malware attacker IPs from incoming and outgoing traffic in Wireshark? Actually, I want to use Wireshark in our production environment to monitor and analyze the incoming and outgoing traffic. And if there is some malware or any kind of suspicious traffic, then in that situation, I want from Wireshark that:
a. Filter out the malware and suspicious incoming traffic.
b. categories and store it in a different log file and provide some kind of alert or notification, like there is some malware attack like this.
 
So, how can I achieve this, and is it possible to do it in Wireshark? Please let me know as soon as possible.
a
Thanks!
Khushboo Kumari
 
Preview: (hide)
 
 
 
 
          
 
add a comment
 
 
 
 
 
 1 Answer
    
 
 
                    Sort by »
                     oldest newest most voted 
 
 
 
 
 
  
 
 
 
 
0
 
 
  
 
 
 
 
 
 
 
 
    
        
        answered Sep 19 '3  
 
 Jaap gravatar image  
 
 
 
 
 
No, Wireshark can't do that for you. Look for IDS (intrusion detection systems) like Snort instead.
 
Preview: (hide)
 
 
 
 
         
        link
        
 
Comments
Okay, so by using Wireshark, we can not even find out the attacker or do the malware analysis?
Khushboo gravatar imageKhushboo (
    
        Sep 19 '3
    )
Well. You can, sort of, but that means you have to work round the clock doing the manual labor that a proper IDS system will do for you so you can only focus on the realy suspicious traffic.
Something like SNORT is definilty not as expensive as you looking at Wireshark 24x7.
hugo.vanderkooij gravatar imagehugo.vanderkooij (
    
        Sep 19 '3
    )
add a comment
 
 
 
 
  
 
 
 
 

    
        Your Answer
    

 
 Please start posting anonymously - your entry will be published after you log in or create a new account.

    

 
 
Add Answer
 
 
 
 
 
 
 
 
   
  
 
   
 
 
 
 
 
 
 
 
Question Tools
  
 

        
        
            1 follower
        
    
 
 
 subscribe to rss feed 
 
 
 
 
 
 
Stats
 

        Asked:  Sep 19 '3  
 
 
        Seen: 615 times 
 

        Last updated: Sep 19 '23 
 
 
 
Related questions
 
 
 How does the Wireshark tool work? 
 
 Wireshark kills VMware workstation bridged VMs 
 
 How can I remove my ask.wireshark.org account? 
 
 The capture option wifi doesn't appear 
 
 What is wrong with the DNS in PCAP? 
 
 My Wireshark shows regardless of how much I use the Internet that I do not use Wifi 
 
 Analysing pcap 
 
 Get IP/host informations of an app. 
 
 How could I potentially export the actual binary file from a POST request? 
 
 NBIOT wireshark support for RRC connection setup