Packet Analysis with Wireshark
DDOS
tcp.flags.syn == 1 and tcp.flags.ack = 0
- filters all SYN packets without ACK pktstcp.flags.syn == 1
- filters all SYN packetstcp.flags.syn == 1 and tcp.flags.ack == 1
- filters all SYN packets with ACK pktsStatistics → Conversations
- If there are a number of packets target on one IP from different source addresses and no reply pack, it indicates DDOSStatistics → I/O graph
Password Sniffing
HTTP
http.request.method==POST
FTP
ftp
Detect IoT Traffic
mqtt
Last updated