Dear Sir/Madam, I would like to get MORE sample wireshark traces (.cap or .pcap files) that contains Denial of Service events that comes from Wireshark. I have gotten one sample trace for SYN-Flood and one sample trace for Teardrop attack (already have them). Can anyone provide MORE sample traces that contain the following DoS attacks? Eg. ICMP flood,Smurf attack, ping flood, ping of death, Peer-to-peer attacks, Reflected / Spoofed attacks, Application-level floods, Distributed attack etc. I need such sample traces because i hardly find them on http://pcapr.net/home and http://wiki.wireshark.org/SampleCaptures and some other sources that provide sample wireshark captures. Does anyone know where to get them or have them?? I still want some more....... Thank You. Best Regards, Misteryuku. asked 12 Apr '12, 17:59  misteryuku edited 23 May '12, 17:49 |
The question has been closed for the following reason “The question is answered, right answer was accepted” by helloworld 21 May ‘12, 21:53
2 Answers:
I uploaded a (very short) Syn Flood sample trace file at http://www.cloudshark.org/captures/ba85949942a0. There's a download link on top of the page if you want to get the pcap file. It is taken from a real life attack that slammed a 1Gig/s line shut for about a week. The trace is anonymized in regard of the target IP and MAC, of course, but it shows packets coming from the original IP source addresses. answered 13 Apr '12, 02:26  Jasper ♦♦ Do you have any more sample traces showing different types of DOS attack occurence? (06 May '12, 06:19) misteryuku Yes, but none I can distribute, sorry. (06 May '12, 07:23) Jasper ♦♦ okay. Never mind. (06 May '12, 17:55) misteryuku Anyone else please?? (06 May '12, 17:55) misteryuku |
2.) I suggest you build your own honeynet and start watching the attacks coming in (http://www.honeynet.org/). Regards answered 09 May '12, 02:02  Kurt Knochner ♦ edited 09 May '12, 02:09 (10 May '12, 20:08) Guy Harris ♦♦ |
Closing as duplicate of http://ask.wireshark.org/questions/10051/log-file-that-detects-dos
I reopened it as I think @misteryuku is actually asking for a sample capture containing DOS events, not quite the same as his original which seemded to be asking how wireshark could filter out DOS events.
I'm quite sorry about it. I must have misphrased the question. Yeah i was asking for a sample capture containing DoS events.
@misteryuku, You've bumped this question 40+ times in the last 30 days. Please stop doing that. Thanks.