CASE ONE
As we can see, there are a lot of packets that sent from many different IP addresses to only two IP destinations.
This statistic shows which IP have the largest size of bytes. The IP "188.94.128.16" is the in the top. The IP
"204.28.237.77" comes after it. They are the same IP destinations in the first picture. Those two IP received 3865 packets
as a total.
This figure shows the top IP by sent the packets.
Most of the packets are sent using "UDP" NTP protocol.
As the figure shows, the port 123 received the largest
number of packets " 3464 packets".
Page 2
According to all those figures and statistics, I assume it's a DDoS attack, because DDoS attack involves
multiple botnets. The packets sent to only two destinations from many different IP addresses. They used
NTP, which is Network Time Protocol, it's an old network protocol used by Internet-connected machines.
While the sent data are a large number, it means that it's not normal traffic. Therefore, it's a NTP DDos
attack.
Page 3
CASE TWO
Page 4
Page 5
Page 6
Page 7
CASE THREE
ping "networking utility", Ping is a computer network software which used to test the reachability of a host on an IP network. ICMP
echo requests and replies.
CASE FOUR
It's about BitTorrent, which means normal peer-to-peer traffic.
Page 8
CASE FIVE
DNS standard query . DNS uses Port 53
Page 9
Ports Scan.
CASE SEVEN
N-map SYN scan.
Page 10
CASE EIGHT
It's normal traffic.
CASE ONE
Fragmented ACK Attack, flooding the target machine with a lot of ACK flags. It's kind of DDoS attack.
Page 11