From the course: Wireshark: Malware and Forensics

Unlock the full course today

Join today to access over 22,400 courses taught by industry experts or purchase this course individually.

Using a ring buffer

Using a ring buffer - Wireshark Tutorial

From the course: Wireshark: Malware and Forensics

Start my 1-month free trial

Using a ring buffer

- [Narrator] When working with Wireshark, there are times that you want to capture a specific type of traffic. For example, that you heard that there was a new Trojan in the wild, and it used a specific port. You could open a packet capture, begin running it, and watch for that specific type of traffic. However unless you stop it and put it into a file, it could start to consume all of your resources. A better option is to simply use a ring buffer. A ring buffer will allow you to monitor the traffic, and it will continuously drop the traffic into a ring buffer and you could set up three ring buffers or five or how many ever you would like to set up, and it will continuously overwrite those files while you're monitoring your traffic. Now in this case, I want to monitor SSDP traffic. Now if you notice, there are no coloring rules. I've taken them all off to set us up. I'll go to simple service discovery protocol, and select the protocol. I'll right click and I'll say colorize with…

Contents