This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Drop packets

0

Hello, I trying to figure out how to do this.

If you look here in the FAQ at question 12 it talks about filtering traffic. Does filtering means the packet will get dropped if it meets the filter criteria?

Basically what I need is a way to drop packets containing a certain string. Somebody is sending a specific packet that crashes my server.

On Linux, you can use iptables to inspect the packets and block this attack easily, but currently I'm using Windows.

Does Wireshark have the ability to drop packets? If not, is there an extension/addon that can do it? Or how do you all drop malicious packets?

Thank you all for your help.

asked 20 Mar '11, 17:57

lake393's gravatar image

lake393
1111
accept rate: 0%


3 Answers:

2

Nope, Wireshark captures and analyzes network traffic; it doesn't act as a "front-end" to selectively deny/allow traffic. Anything Wireshark sees is handled by the network interface(s).

answered 21 Mar '11, 15:46

wesmorgan1's gravatar image

wesmorgan1
411101221
accept rate: 4%

1

"Filtering" in Wireshark either means "limiting which packets Wireshark captures" or "limiting which of the packets in the current capture that Wireshark displays"; it doesn't mean that it controls what packets the machine on which it's running accepts.

What you need is some form of firewall software that supports string matching. You'd have to look at the firewall software programs available for your version of Windows to see whether any of them support dropping packets that contain a given string.

answered 23 Mar '11, 14:36

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

0

I guess you can use Snort's window's version to drop malicious packets.

answered 21 Mar '11, 01:44

blueguy777's gravatar image

blueguy777
1113
accept rate: 0%