How can I use Wireshark to perform some specific action (for example, running an external program) when it captures packet data that meets certain criteria? I need to do this in realtime as the capture is ongoing, and I would also need to pass some of the captured data as input to the program. Can anyone think of an general approach this sort of task (using Wireshark or not)?
This reminds me of Snort IDS. I mean, that’s all snort does right?