This is our old Q&A Site. Please post any new questions and answers at


Is there any filter in Wireshark which can calculate a cummulative of the packets received and sent over a given period of time. For example, the filter flags a host and destination if more than 150 packets are received in a second. This can be used to track possible denial of service attacks and so may prove to be very useful for me

Thanks :))

asked 16 Oct '17, 10:33

smurpani's gravatar image

accept rate: 0%


Omnipeek, a commercial alternative to wireshark, contains some defined error conditions related to such metrics as packets per second of a particular condition. However, I am not sure it is extensible, i.e. where you get to define your own conditions.

(16 Oct '17, 11:05) Bob Jones

Nope. Filters can only decide if any individual packet should be captured\displayed, they don't provide aggregation facilities over multiple packets.

The area you're looking at sounds more like network security tools rather than packet analysis.

permanent link

answered 16 Oct '17, 11:01

grahamb's gravatar image

grahamb ♦
accept rate: 22%

Thanks for the answer... I'm actually doing a project which explores how packet analysis can prevent malware from spreading and so your assumption about the network security aspect is accurate ;)

(16 Oct '17, 11:04) smurpani

This looks like something for Snort or Suricata

(16 Oct '17, 12:36) Jasper ♦♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 16 Oct '17, 10:33

question was seen: 1,892 times

last updated: 16 Oct '17, 12:36

p​o​w​e​r​e​d by O​S​Q​A