i was watching because my internet seemed a tad slow after somoene threatened to dos/ddos me. Does this look abit sus? i Tracked the ip back to Santa monica California, which is not im my country. Something called Edgecast Networks. i don't overly believe that this would be the ip of someone trying to ddos me. however i was just wondering if anyone can make sense of it. i Am new to using Wireshark so sorry if i seem dumb when it comes to this. asked 02 Dec '15, 02:42  gunshin101 edited 02 Dec '15, 02:46 |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
Hard to tell without the tracefile. Could you provide us a trace on a public accessible place like dropbox or cloudshark?
Sometimes the error message(New Fragment overlaps...) is caused by frame slicing. Do you use frame slicing?
What can be told without the tracefile, by the screenshot, is that these particular packets are not part of a traditional DoS (or even DDoS) attack to your PC as it was your PC which has first asked the remote site for contents (see the destination IP of the http GET). The response which comes is broken (or got broken under way) for some reason.
A traditional DoS targeted to your PC would be quite complex to do as the PC is connected to the internet via a NAT device, so if someone would want to take it down using a targeted (D)DoS, they would have to use other computers in the same LAN for the purpose (which is not impossible but it is not the case here).
But it could be that the web site which your browser has asked for legal contents has been hijacked and is now responding with malicious contents to clients like your PC, in hope to exploit some tcp bug. The clients become accessible for such attacker because they've open a pinhole on their firewall by sending the http GET request.
For deeper analysis, you'd need to post the trace to some public place and give a link to it here, as @Christian_R asked you to.