How to use Wireshark as intrusion detection system on a windows machine ? asked 22 Apr '17, 03:17 w_keyboard |
One Answer:
Not really. It's a packet dissector, for as many protocols as possible, with the highest amount of detail possible. That's not what you want from an IDS. There you want just enough protocol analysis and correlation to process as much data as possible, in order to maintain a high troughput, and raise alarms on detected issues. These are not matching specifications. placing Wireshark in the same realm as IDS's, but not in the same category. It would come into play once IDS alarms have been raised and network logs have been preserved to investigate the occurrence in more detail. answered 22 Apr '17, 03:47 Jaap ♦ |
@Jaap I am unable to add an image to my response to your reply, so I am adding another answer to my question - the reason to ask if wireshark can be used as IDS is that I get frequent DoS like this and another one
these DoS attacks stop the moment I start wireskark or I login to the router.