Hello, Is there any filter in Wireshark which can calculate a cummulative of the packets received and sent over a given period of time. For example, the filter flags a host and destination if more than 150 packets are received in a second. This can be used to track possible denial of service attacks and so may prove to be very useful for me Thanks :)) asked 16 Oct '17, 10:33  smurpani |
One Answer:
Nope. Filters can only decide if any individual packet should be captured\displayed, they don't provide aggregation facilities over multiple packets. The area you're looking at sounds more like network security tools rather than packet analysis. answered 16 Oct '17, 11:01  grahamb ♦ Thanks for the answer... I'm actually doing a project which explores how packet analysis can prevent malware from spreading and so your assumption about the network security aspect is accurate ;) (16 Oct '17, 11:04) smurpani This looks like something for Snort or Suricata (16 Oct '17, 12:36) Jasper ♦♦ |
Omnipeek, a commercial alternative to wireshark, contains some defined error conditions related to such metrics as packets per second of a particular condition. However, I am not sure it is extensible, i.e. where you get to define your own conditions.