How to blocked specific packet or payload? I saw a packet that would crash the application which I don't have control. is there a way to drop this specific packet? Thanks asked 03 Dec '15, 04:07 mmguy |
3 Answers:
Wireshark is a Packet Analyzer, not a firewall or proxy. You'll need some other software for that sort of functionality. answered 03 Dec '15, 04:29 grahamb ♦ |
If you are able to identify this packet from it's IP address or transport protocol port number you could setup a capture filter to prevent the packet from reaching Wireshark at all. But I doubt that could be made specific enough. If you found a packet which crashed the application we would welcome a bug report at bugs.wireshark.org, including the relevant details of the Wireshark version used and most importantly a sample capture file. answered 03 Dec '15, 04:41 Jaap ♦ |
It is really hard to understand what exactly you have in mind, which is why you get answers varying up to what people guess you are really asking. My guess is that you have already identified, using Wireshark, a packet which kills some application different from Wireshark, and you already know how the packet looks like. And now you are looking for a way to prevent the packet from reaching the application. If the application runs on a Linux machine, netfilter (aka iptables) may help you, but ONLY if the packet is really unrelated to any existing stream. If so, you may set up a netfilter rule to drop the packet. You can also put a linux box between the machine you need to protect and the rest of the network. On Windows I currently don't know about any routinely used equivalent of netfilter; some firewall appliances may be able to go so deep into packet's contents as to allow you to describe in deep detail which packets to drop. If I am right in my decoding of your question, please publish a capture which contains not only the killer packet but also a continuous piece of normal communication before the killer packet has arrived and give a link to it and the frame number of the killer packet here. Only doing so will allow folks here to say whether dropping this packet is possible or whether it would make things worse. answered 03 Dec '15, 06:02 sindy |
Indeed, what is this magical 'the application'?? For sure it's Wireshark? Or, how far off-topic are we going?