Interaction Between Wireshark And Linux Firewall
There are two important reasons why sniffing network traffic. First, peering into the packets details can prove invaluable when designing countermeasures (e.g. if a denial of service happens, you can use Wireshark to identify the specific type of attack). Wireshark can craft the upstream firewall rules that block the suspicious traffic. The second reason is to troubleshoot security devices, usually it can be used to troubleshoot the firewall rules. If a systems that running Wireshark are connected to another side of a firewall, it is make you easier to see which packets successfully traverse the device and identify whether the firewall is the cause of connectivity problems.
You'll see that it can be a powerfull tool for everything about configuring firewall rules. But keep in mind, that you should always have permission from the network owner before capturing traffic on any network.
Share This:
Uncle Noobee
Uncle Noobee - Editor of Noobsquare.com , loves science and technology specially internet. Sees internet as the largest university with millions of students. Every students have rights to learn their own subject and to master it.
Social Links: