Wireshark-users: Re: [Wireshark-users] DOS

From: Martin Visser <martinvisser99@xxxxxxxxx>
Date: Sat, 2 May 2009 23:17:42 +1000
Very briefly, (and not wanting to inhibit your learning experience too
much, by discovering for yourself), there are two main ways Wireshark
could be used for watching a Denial of Service attack.

1. You would see the actual attack itself. This could be an increased
traffic rate, or a particular sequence of packets. Wireshark can allow
you see the attack either in real-time, or can aid in terms of
providing statistical reporting tools (tables and graphs) that allow
you provide some view of the attack mechanism
2. It can help you see the impact of the attack - how the service is
being denied. For this you would monitor the traffic pattern of the
legitimate users that are being affected. You can use wireshark to
measure the response time (being degraded), as well observing change
in the actual response (lack of an ACK, or some other load shedding
technique)

But as Stephen said, Wireshark will not pop up a box and say "You have
been DOSsed!", in the same vain as a microscope will not (at least
none of the one's I have seen) tell you "Here is an E.Coli bacteria".

Regards, Martin

MartinVisser99@xxxxxxxxx



2009/5/2 Güngör Basa <gungorbasa@xxxxxxxxxxx>:
> Hi I search this and I found sth but I didn't get my answer.Here is the
> problem
> I am a computer science student and I have to do my internship.For this I
> have to understand how wireshark detect dos attacks. This is an emergency
> please help me.
>
> ________________________________
> Diğer Windows Live™ özelliklerine göz atın. Sadece e-posta iletilerinden
> daha fazlası
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>