Ask Your Question

How do we filter out the malware attackers ip from incoming and outgoing traffic in Wireshark?

asked 2023-09-19 07:07:26 +0000

Khushboo gravatar image

updated 2023-09-19 07:10:18 +0000


I want to know How do we filter out the malware attacker IPs from incoming and outgoing traffic in Wireshark? Actually, I want to use Wireshark in our production environment to monitor and analyze the incoming and outgoing traffic. And if there is some malware or any kind of suspicious traffic, then in that situation, I want from Wireshark that: a. Filter out the malware and suspicious incoming traffic. b. categories and store it in a different log file and provide some kind of alert or notification, like there is some malware attack like this.

So, how can I achieve this, and is it possible to do it in Wireshark? Please let me know as soon as possible. a Thanks! Khushboo Kumari

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2023-09-19 08:46:55 +0000

Jaap gravatar image

No, Wireshark can't do that for you. Look for IDS (intrusion detection systems) like Snort instead.

edit flag offensive delete link more


Okay, so by using Wireshark, we can not even find out the attacker or do the malware analysis?

Khushboo gravatar imageKhushboo ( 2023-09-19 09:12:09 +0000 )edit

Well. You can, sort of, but that means you have to work round the clock doing the manual labor that a proper IDS system will do for you so you can only focus on the realy suspicious traffic. Something like SNORT is definilty not as expensive as you looking at Wireshark 24x7.

hugo.vanderkooij gravatar imagehugo.vanderkooij ( 2023-09-19 11:50:12 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2023-09-19 07:07:26 +0000

Seen: 174 times

Last updated: Sep 19