2. Detect and Protect DOS and DDOS attacks

1. Detect and Protect DDOS attacks using Anti DDOS Guardian

2. Detect DDOS with Wireshark

You can detect a DOS attack by simply viewing a pcap file, a large no of packets from a source within a short span of time indicate a DOS attack. A big giveaway is a large number of SYN packets being sent to our Windows 10 PC. We are able to note the start of the attack by a huge flood of TCP traffic. If there is a huge discrepancy between the results of the bottom 2 display filters, we have syn flood attack

To find DOS (SYN and ACK) : tcp.flags.syn == 1  , tcp.flags.syn == 1 and tcp.flags.ack == 0

Moreover, If we use the following display filter to display syn/ack packets there will be a huge discrepancy between them

tcp.flags.syn == 1 and tcp.flags.ack == 1

We can also view Wireshark’s graphs for a visual representation of the uptick in traffic. The I/O graph can be found via the Statistics>I/O Graph menu. It shows a massive spike in overall packets from near 0 to up to 2400 packets a second.

Go to statistics and select conversations. If there are a number of packets targeted on one IP and no reply pack, it indicates DDOS. You can also check the TCP tab