I am analysing an attack capture with Wireshark and am having some trouble identifying the type of attack that this one is. I am guessing it may be a DDoS attack since there are many TCP Retransmissions but I am not quite sure. Can someone with more experience clarify me?
asked 03 Apr '16, 10:40  twistedx |
One Answer:
This looks pretty normal to me, except for the duplicate frames in the trace. You'll need to deduplicate the file first, see https://blog.packet-foo.com/2015/03/tcp-analysis-and-the-five-tuple/ for more information. answered 03 Apr '16, 12:25  Jasper ♦♦ |
I will take a look at that. But now I was thinking that this can have something to do with a SMB Flow attack. What do you think about that?