Ethereal/Wireshark

**sumesh.tr** · 17-10-2008

Plz point me how to trace the intruders and virus traffic from Ethereal/Wireshark

**unlimitedtech** · 18-10-2008

Run tcpdump, or the dumpcap utility that comes with Wireshark, with superuser privileges to capture packets into a file, and later analyze these packets by running Wireshark with restricted privileges on the packet capture dump file.

**unidentified** · 18-10-2008

Check out the guides here: How to Trace a hacker

and also

Networking Guide 7 - Network Access and Security

**Milton.J** · 18-10-2008

Originally Posted by sumesh.tr

Plz point me how to trace virus traffic from Ethereal/Wireshark

For some viruses/worms there might be a capture filter to recognize the virus traffic. Check the CaptureFilters page on the Wireshark Wiki to see if anybody's added such a filter.

Note that Wireshark was not designed to be an intrusion detection system; you might be able to use it as an IDS, but in most cases software designed to be an IDS, such as Snort or Prelude, will probably work better.

The Bleeding Edge of Snort has a collection of signatures for Snort to detect various viruses, worms, and the like.