First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Send alerts for 50 LDAP packets in under 1 min

  • retag add tags

Hello, I've been trying to figure out different ways to detect "bloodhound" which is an enumeration tool used for Active Directory. Is it possible for Wireshark to send alerts for a certain amount of packets within a certain amount of time?

Originally I was thinking of using python to code it myself since I couldn't find anything about it online.

Thank you in advance!

Chadnos's avatar
1
Chadnos
asked 2022-07-27 17:17:33 +0000
edit flag offensive 0 remove flag close merge delete

Comments

It seems as if you should buy or build a IDS or IPS solution.

hugo.vanderkooij's avatar hugo.vanderkooij (2022-07-28 06:28:30 +0000) edit
more
  • delete
add a comment see more comments

1 Answer

0

You're confusing network capture and packet dissection, what Wireshark does, with network monitoring, what tools like Nagios do. So, no, Wireshark is not the tool for this job.

Jaap's avatar
13.7k
Jaap
answered 2022-07-27 17:53:29 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer