Wireshark-users: Re: [Wireshark-users] DoS packets?

From: "Sheahan, John" <John.Sheahan@xxxxxxxxxxxxx>
Date: Thu, 24 Apr 2008 10:32:29 -0400
what makes you think it's a denial of service attack, what are the symptoms?

john 


 

-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Rafael Mejías
Sent: Thursday, April 24, 2008 9:43 AM
To: wireshark-users@xxxxxxxxxxxxx
Subject: [Wireshark-users] DoS packets?

Hi. I suspect that my web server is being a victim of a Denial of Service (DoS) attack. I'm working with a Cisco switch and I'm monitoring all the traffic to and from my web server using Wireshark 1.0 (with the Cisco SPAM function), and got tons of packets and saved then to a .pcap file.

Now that I have the packets info, how can I determine if the server is really under a DoS attack? It's there any packets that I should look up for? How can I use the filters and/or statistics functions to find out?

Thanks.

Rafael Mejias
Venezuela
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users