tcp.flags.syn == 1 and tcp.flags.ack = 0 - filters all SYN packets without ACK pkts
tcp.flags.syn == 1 and tcp.flags.ack = 0
tcp.flags.syn == 1 - filters all SYN packets
tcp.flags.syn == 1
tcp.flags.syn == 1 and tcp.flags.ack == 1 - filters all SYN packets with ACK pkts
tcp.flags.syn == 1 and tcp.flags.ack == 1
Statistics → Conversations - If there are a number of packets target on one IP from different source addresses and no reply pack, it indicates DDOS
Statistics → Conversations
Statistics → I/O graph
http.request.method==POST
ftp
mqtt
Last updated 2 years ago