Hi. I suspect that my web server is being a victim of a Denial of
Service (DoS) attack. I'm working with a Cisco switch and I'm
monitoring all the traffic to and from my web server using Wireshark
1.0 (with the Cisco SPAM function), and got tons of packets and saved
then to a .pcap file.
Now that I have the packets info, how can I determine if the server is
really under a DoS attack? It's there any packets that I should look
up for? How can I use the filters and/or statistics functions to find
out?
Thanks.
Rafael Mejias
Venezuela