Is there a way for Wireshark to give a notification when a certain number of packets/second (or other time interval) are transmitted from a given protocol? On a LAN recently, one computer was sending five thousand emails a second (not sure on the cause, obviously something malicious) and the staff did not realize it until the ISP handling the requests turned the service off.

asked 18 Oct '11, 04:35

Ben%20Thomas's gravatar image

Ben Thomas
accept rate: 0%

Unfortunately you can't, but that kind of thing is more or less a task for a network monitoring solution, not a packet capture solution like Wireshark. Take a look at Netflow collectors, and have the routers/switches send NetFlow statistics to one of them, which can then aggregate and monitor thresholds of IPs and Ports as well as Packets and Bytes transmitted.


answered 18 Oct '11, 06:59

Jasper's gravatar image

Jasper ♦♦
accept rate: 17%

Thanks for the info

(18 Oct '11, 13:30) Ben Thomas
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported



Asked: 18 Oct '11, 04:35

Seen: 1,658 times

Last updated: 18 Oct '11, 13:30

p​o​w​e​r​e​d by O​S​Q​A