This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hello, I trying to figure out how to do this.

If you look here in the FAQ at question 12 it talks about filtering traffic. Does filtering means the packet will get dropped if it meets the filter criteria?

Basically what I need is a way to drop packets containing a certain string. Somebody is sending a specific packet that crashes my server.

On Linux, you can use iptables to inspect the packets and block this attack easily, but currently I'm using Windows.

Does Wireshark have the ability to drop packets? If not, is there an extension/addon that can do it? Or how do you all drop malicious packets?

Thank you all for your help.

asked 20 Mar '11, 17:57

lake393's gravatar image

lake393
1111
accept rate: 0%


Nope, Wireshark captures and analyzes network traffic; it doesn't act as a "front-end" to selectively deny/allow traffic. Anything Wireshark sees is handled by the network interface(s).

permanent link

answered 21 Mar '11, 15:46

wesmorgan1's gravatar image

wesmorgan1
411101221
accept rate: 4%

"Filtering" in Wireshark either means "limiting which packets Wireshark captures" or "limiting which of the packets in the current capture that Wireshark displays"; it doesn't mean that it controls what packets the machine on which it's running accepts.

What you need is some form of firewall software that supports string matching. You'd have to look at the firewall software programs available for your version of Windows to see whether any of them support dropping packets that contain a given string.

permanent link

answered 23 Mar '11, 14:36

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

I guess you can use Snort's window's version to drop malicious packets.

permanent link

answered 21 Mar '11, 01:44

blueguy777's gravatar image

blueguy777
1113
accept rate: 0%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×349
×205
×33
×10
×5

question asked: 20 Mar '11, 17:57

question was seen: 10,323 times

last updated: 23 Mar '11, 14:36

p​o​w​e​r​e​d by O​S​Q​A