Can wireshark be use to detect anomaly in capured packets? asked 14 Jul '14, 14:18  Maigana |
2 Answers:
Yes, but you have to decide what constitutes an anomaly, and if it's not one of the conditions that Wireshark already highlights (via a coloring rule or an Expert Info message), then you'll have to create a coloring rule or display filter to identify the anomalous packets. answered 14 Jul '14, 14:36  Jim Aragon |
see my answer to a very similar question: BTW: There is no standardized network, so everything we would say about an 'anomaly' in captured packets, could be totally normal for anybody else. If you are looking for an 'expert system' that tells you that it found some 'standard' problems in your capture file, you could use the Expert info messages, as mentioned by @Jim Aragon. But don't expect too much from that. It's just an overview of some typical problems, that helps knowledgeable troubleshooters to nail down a problem. I won't be like this: Your application Expencemaster used by user Marky Mark on the server-farm sf2763 in the datacenter DC272 is slow in response between 09:00 AM and 11:00 AM, because there is an overload of the DNS servers at that time. That won't happen, at least not in the next couple of years. Regards answered 15 Jul '14, 02:16  Kurt Knochner ♦ |
The question sounds suspiciously like a homework or test question.
If so, my inclination would be to say learn a bit about the capabilities of Wireshark (and/or communications protocol analyzers, in general). :)
There's lots of information available on the web.