First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Automatic display filter based on previously captured data

  • retag add tags

Is there any way to automatically analyse if the captured data is "business as usual" so we can skip analyzing such data or if it is "unusual" and it requires more detailed analysis? Is such a filter available based on previously captured large sets of packet data, rules and/or configuration?

ws.luke's avatar
3
ws.luke
asked 2019-02-13 14:43:01 +0000, updated 2019-02-13 16:39:55 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

Wireshark does provide some automated help in this area via its "Analyze -> Expert Information" feature, but ultimately it's up to the user to determine what is or isn't "business as usual"or not. There are other tools out there that can help analyze capture files though, so you might want to have a look at some of those listed at https://wiki.wireshark.org/Tools.

cmaynard's avatar
11.1k
cmaynard
answered 2019-02-13 15:13:24 +0000
edit flag offensive 0 remove flag delete link
more

Comments

@cmaynard, thank you so much for the prompt answers and guidance!

ws.luke's avatar ws.luke (2019-02-13 15:16:51 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer