![Wireshark ip tracker](https://cdn2.cdnme.se/5447227/9-3/5_64e61dfa9606ee7f6350b87c.png)
How can I identify a DDoS/DoS attack with wiresharkĪnd then I did some sorting in the TCP and UDP tabs. However: sometimes it's enough to make your DNS server fail, for whatever reason (please check the logs).
![wireshark ip tracker wireshark ip tracker](https://openmaniak.com/wireshark/wireshark_conversations_ip_small.png)
![wireshark ip tracker wireshark ip tracker](https://ronnyvandenbroeck.files.wordpress.com/2019/10/using-wireshark-to-monitor-network-traffic.jpg)
So, actually it looks like a DDoS, even though the frequency of the packets is not very high.
![wireshark ip tracker wireshark ip tracker](https://ccna-200-301.online/wp-content/uploads/2020/06/Capture-packets-using-Wireshark.png)
They are not scanning different ports, they are 'hammering' all on the same ports (DNS, 445, 139, usw.).There are different IP addresses, all trying the same.O.K., with access to the capture file (updated question), this looks much more like an attack, even a bit like an attempt to run a DDoS.
![Wireshark ip tracker](https://cdn2.cdnme.se/5447227/9-3/5_64e61dfa9606ee7f6350b87c.png)