Evaluation of the capabilities of Wireshark as network intrusion system

Network security professions learning network intrusion should be able to see attack signatures and learn the different techniques to detect them. Wireshark is an open source cross-platform protocol analyzer with a user-friendly interface. Wireshark has a protocol dissector that supports over 2000 protocols. In the paper we assume that Network Intrusion detection systems should have three components: a user interface, packet sniffer and a detection engine. The detection engine can either detect anomaly or signature based attacks but it must be automated: it should detect intrusions without human intervention. The paper shows that Wireshark can be considered a packet sniffer, protocol analyzer and trouble shooting tool but not a network intrusion detection system as it lacks the fundamental component which is an automated detection engine.