I addition to collecting traces on one side, you can do the search live for anything coming into the network by using tshark and directing the trace to your python scripts to capture what you are looking for and display it instantly. Or send the output to another short file. Use network tapping device to collect/monitor network instead of running wireshark on the server itself.
i am not sure if we can run Wireshark on big environment.I think this is suitable for a small organization.A big organization have different security zones and its tough for one to actually know where to have a tap.You have taps on IDS/IPS and now with security products like Crowdstrike you are able to get memory forensics and traffic path on a single dashboard....as we progress looks like eventually the programmers will be looking at a console which shows the traffic of their system.The lines are fast disappearing.
