CREATING FW RULES

Wireshark can generate firewall rules from captured traffic which can then be implemented on an outside firewall interface. below are the firewall rules it can create.

• Netfilter (iptables)

• Cisco IOS (standard/extended)

• IP Filter (ipfilter)

• IPFirewall (ipfw)

• Packet filter (pf)

• Windows Firewall (netsh new/old format)

root@dco:~$ wireshark &
WireShark > File > Open > {packetCapture.pcapng}

WireShark > Go > Go to Packet
 Packet No: {...}

WireShark > Tools > Firewall ACL Rules
 Create Rule For: IPFirewall (ipfw)
 Inbound: enabled
 Deny: enabled
  {...}