This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Is there any tool or method to separate normal traffic and malicious traffic from pcap? For example : if malicious traffic detected with snort i need to store those packets .only if malicious traffic . if ($pcap==snort.signature(i mean it's malicious) then store this packet.sorry for my bad english. .Thanks for respond.

asked 30 Nov '14, 11:16

Chinguun's gravatar image

Chinguun
11112
accept rate: 0%


If you're trying to confirm if there's a way to use Snort filters in Wireshark when reading a packet capture file, sorting by one Snort rule or another, I haven't used it myself but there is a plugin to allow for this within Wireshark: http://www.honeynet.org/node/790

permanent link

answered 01 Dec '14, 16:03

Quadratic's gravatar image

Quadratic
1.9k6928
accept rate: 13%

thanks for respond.But git link doesnt work .how solve this ?

(02 Dec '14, 00:45) Chinguun
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×36
×4

question asked: 30 Nov '14, 11:16

question was seen: 2,294 times

last updated: 02 Dec '14, 00:45

p​o​w​e​r​e​d by O​S​Q​A