Wireshark mailing list archives

Re: Alert on captured packet

From: "j.snelders" <j.snelders () telfort nl>
Date: Mon, 9 Jan 2012 20:08:01 +0100

Hi Harper,

Alarms and triggers are on the WishList:
see Capturing - number 7
http://wiki.wireshark.org/WishList

See also bug 2039 triggerd Capture:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2039

Best regards
Joke

On Mon, 9 Jan 2012 15:59:05 +0000 (UTC) Harper wrote:

I have a protocol, where the same request is sent again and again. Suddenly

a request is answered with another reponse as it done usually. I have 
configured Wireshark to use multiple files to capture all the data.

Now I want to get an alert (message box, email, anything else) when this

event occurs. This can be done by manually look in each capture file. But

this is a bit cumbersome. Can this be done with Wireshark tools or with

an


plug-in? Probably a LUA plug-in could do this?

The creteria for the alert should be something like
 udp.length > 1034 and udp.length< 1037


Thanks,
Harper



       


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Alert on captured packet Harper (Jan 09)
- Re: Alert on captured packet j.snelders (Jan 09)
- Re: Alert on captured packet Tony Trinh (Jan 09)