This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How to use Wireshark as intrusion detection system

0

How to use Wireshark as intrusion detection system on a windows machine ?

asked 22 Apr '17, 03:17

w_keyboard's gravatar image

w_keyboard
6557
accept rate: 0%


One Answer:

0

Not really. It's a packet dissector, for as many protocols as possible, with the highest amount of detail possible. That's not what you want from an IDS. There you want just enough protocol analysis and correlation to process as much data as possible, in order to maintain a high troughput, and raise alarms on detected issues. These are not matching specifications. placing Wireshark in the same realm as IDS's, but not in the same category. It would come into play once IDS alarms have been raised and network logs have been preserved to investigate the occurrence in more detail.

answered 22 Apr '17, 03:47

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

@Jaap I am unable to add an image to my response to your reply, so I am adding another answer to my question - the reason to ask if wireshark can be used as IDS is that I get frequent DoS like this alt text and another one alt text

these DoS attacks stop the moment I start wireskark or I login to the router.

(22 Apr '17, 23:13) w_keyboard