This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Wireshark packet frequency filter

0

Hello,

Is there any filter in Wireshark which can calculate a cummulative of the packets received and sent over a given period of time. For example, the filter flags a host and destination if more than 150 packets are received in a second. This can be used to track possible denial of service attacks and so may prove to be very useful for me

Thanks :))

asked 16 Oct '17, 10:33

smurpani's gravatar image

smurpani
11113
accept rate: 0%

1

Omnipeek, a commercial alternative to wireshark, contains some defined error conditions related to such metrics as packets per second of a particular condition. However, I am not sure it is extensible, i.e. where you get to define your own conditions.

(16 Oct '17, 11:05) Bob Jones

One Answer:

0

Nope. Filters can only decide if any individual packet should be captured\displayed, they don't provide aggregation facilities over multiple packets.

The area you're looking at sounds more like network security tools rather than packet analysis.

answered 16 Oct '17, 11:01

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

Thanks for the answer... I'm actually doing a project which explores how packet analysis can prevent malware from spreading and so your assumption about the network security aspect is accurate ;)

(16 Oct '17, 11:04) smurpani

This looks like something for Snort or Suricata

(16 Oct '17, 12:36) Jasper ♦♦