I am not a hacker so bear with me. I've seen his module https://www.npmjs.com/package/tshark, I use node.js and websockets.
Could I use wireshark to intercept, sniff and pre-inspect incoming websocket traffic to my own server and boycott/redirect/deny-ip it if it is a ddos?
I would probably have to set up an additional server to do this work, maybe one that is always sniffing incoming traffic to the port..(?)
I would think that on deciding that some message is bad I would have to MITM the message and ether just stop it (like; with a ray gun and vaporize/delete it) or add a variable to the message like 'bad':'true' so the server denies further processing.
Is this even a feasible idea?
I could imagine some hacker may wan't to do a number of things
have I missed any cases?
I am aware that I can check some of these things on my server (like data sanitisation and same origin) but, I am particularly concerned with ddos
EDIT
I am very interested in MITM myself. If others can do it to me, why should it be a bad idea do it to ones own self?
Could I use wireshark to intercept, sniff and pre-inspect incoming websocket traffic to my own server and boycott/redirect/deny-ip it if it is a ddos?
No - Wireshark is a passive sniffer, and does not connect to the networking stack in a fashion that would even allow it to "boycott/redirect/deny-ip it".
You would need something that plugs into the stack in such a fashion and, like it or not, I suspect most if not all of those things are called "firewalls", so you might have to learn to prefer firewalls to onion layers.