Is there a way for Wireshark to give a notification when a certain number of packets/second (or other time interval) are transmitted from a given protocol? On a LAN recently, one computer was sending five thousand emails a second (not sure on the cause, obviously something malicious) and the staff did not realize it until the ISP handling the requests turned the service off.
asked 18 Oct '11, 04:35
Unfortunately you can't, but that kind of thing is more or less a task for a network monitoring solution, not a packet capture solution like Wireshark. Take a look at Netflow collectors, and have the routers/switches send NetFlow statistics to one of them, which can then aggregate and monitor thresholds of IPs and Ports as well as Packets and Bytes transmitted.
answered 18 Oct '11, 06:59