Is this an attack? Wireshark Packet analysis // SYN Attack

Thank you for everything, David. After two years in college I was just hired last week as a remote Web and Mobile App Designer and Developer. Because I am also OSCP certified, it drastically raised my salary and the fun level of my position. And a lot of your courses are to thank for this; college is just for the paper or "degrees"."

Legit TCP flows or hacking attacks? Can Wireshark help us to decode the flows and see if the traffic is malicious?
// WIRESHARK FILE //
Download here: www.dropbox.com/s/pvytdvkvxl8b41n/SYNScan_GeoIP_ChrisGreer.pcapng.zip?dl=0
// MAXMIND //
How to: wiki.wireshark.org/HowToUseGeoIP
Maxmind: www.maxmind.com/en/home
// MY STUFF //
www.amazon.com/shop/davidbombal
// SOCIAL //
Discord: discord.com/invite/usKSyzb
Twitter: twitter.com/davidbombal
Instagram: instagram.com/davidbombal
LinkedIn: www.linkedin.com/in/davidbombal
Facebook: facebook.com/davidbombal.co
TikTok: tiktok.com/@davidbombal
CZcams: czcams.com/users/davidbombal
//CHRIS GREER //
Udemy course: davidbombal.wiki/chriswireshark
LinkedIn: www.linkedin.com/in/cgreer/
CZcams: czcams.com/users/ChrisGreer
Twitter: twitter.com/packetpioneer
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!

I came across to this demo, it was really helpful for me to learn about Maxmind and integrated to my Wireshark. Thanks to you and your host for put time on making this video.

I like when you ask questions David. It's often something I'm wanting to ask, or sometimes something I should be asking but didnt even ask in my mind. Thanks again!

Solid content. Knowing what normal/innocuous traffic patterns look like helps you identify the suspicious traffic patterns.
Chris's focus on TTL, window size, and sequence numbers is a really great example of how a seasoned analyst approaches pcap.

David, every video you make is non trivial and some kind of fantastic. Thanks Chris for sharing knowledge!

In response to the question, I'd prefer if you wrote/noted the questions for later and just let the person talk because you never know what cool lessons/tips/stories you missed out on because their flow/train of thought was stopped.
Just pick up at the end
LOVE the content! This has me busy and working towards real goals out of deep pit of depression I've been in for years, thank you David :)

please don't let down those long video version i've enjoyed them a lot and waiting for more ( TCP/IP, scapy, Linux ...) 🔥🔥

Thank you guys for collaborating. Chris Greer is amazing. Strange that I never came across him before. Thanks again!

Thanks, David and Chris! Amazing content that helps us a lot in our everyday work!

Another awesome video!!! Thank you guys for showing us how to read and interpret the packet capture in wireshark!!! I have a new and easier understanding of what I am looking at! Supurb explanation! Now I have a new toy through GOIP!! I would love to see NMAP in action in wireshark! Thanks David and Chris! Cheers!

David this was fantastic! I enjoyed that a lot. Keep bringing the excellent content. I really appreciate you!

Thank you, David, and in this video Chris too. Your content is great, and I been following you for a while....Keep it up and keep it coming :)

Great video. Great Collaboration. I would really enjoy the nmap analysis.

Love these videos! Could watch for hours

Something to note: Industrial control system protocols commonly utilize 20 byte header lengths. It's done for efficiency. But arguably they don't generally run on TCP port 80.... and hopefully not over the internet.
Great video guys

This is great. I love it when you ask lots of questions. I am usually asking the same ones in my head. Perfect!

Thank you David and Chris for this amazing video. Very useful content.

Questions. Always ask, even if is a "dumb" one. The answer is what matters and what is needed.
Great video (even the first 5 min are good enough)
Thanks again David Bombal.

Love your videos since day one I have learnt alot from you continue doing this great work 💪

Fantastic content once again, proving that you are a top-tier content creator for IT. Thank you and thank you Chris Greer!!

For me I prefer if u r asking question around because it gives us more information and it can help us understand topic better from other point of view. And I see that you have really good questions from student point of view David.

wow this is so interesting to watch and learn from the pros. thanks david for this video.

Bunch of questions is great david thank you

Thank you so much David.. I'm a big fan of yours..
Happy merry Christmas 🎄..

Grazie David per i contenuti che divulghi....io sono Italiano e ti seguo da un po...mi hai aperto un mondo....😊

thank you David for this I learned a lot ..want some more videos like this

Very good work mate! helped a lot with a uni assignment!

As always, Thank you David!
If you can please do a walkthrough series on Kali Linux Tools, that would be awesome.
There was a video where you showed us how to use Wifite properly, how to configure it and also how to troubleshoot common problems (which i think is a phenomenon! No-one bothers itself to explain how to solve those problems, but you did make a separate video just to show us how to fix problems we all have encountered while working with that tool).
Sience many people want to learn ethical hacking and this channel is by far my favorite resource, making a series of videos explaining each and every tool that is shipped with Kali has a really good potential.
Also, the way you explain things is absolutely incredible and makes difficult things to be super easy to grasp. Thats the main reason why im asking you for this!
Ive got nothing more to say and im really looking forward to see those videos!

Such pleasure its real chrismus to have u here guys its so instructive God bless u

Amazing analysis, thanks 👍

Great vid - lekker man!
Love the Blue Hat training vids - greatly appreciated!

Very interesting. I have done a lot of statistical analysis in other domains. Would love to see more statistical analysis examples in Wireshark. And how to export data, filtered or not filtered, to a statistical analysis package.

Excited next video with how nmap scan

This is GOLD! Thank you!

Nice conversation both of you chris and DB❤️❤️❤️ are marvelous stuff giving persons

Thanks David after 6 months moving in US I got job RTP because I am also CCNA certified.

I can imagine a lot more utility then just for attacks. Makes me think of EtherPeek IP Maps, the old sniffer pro ip matrix or Skitter application that is or used to be available via CAIDA - pretty cool. Did not know that feature set was available for Wireshark

I can't tell if that's just David's personality, but I notice he's one of those people that talk over you in a Convo lol ... Chris can't get out a full sentence before David interrupts him ..either way both of these guys are brilliant as well as the video ...love it !

Thanks for video :) very informative.

Really interesting stuff ☺️

keep on asking questions david, we all have the same questions!

No questions just showing is THE best

What a great video, very nice 👍🏻

Love You David Bombal

David and chris are the best

Congrats sir we ill reach soon 1million best wishes master. ❤️❤️❤️❤️❤️❤️❤️

Great Video Sir David ....

You the best david keep 🔥❤

more Chris. more Chris. more Chris.

Sometimes David asks very basic questions but I guess it doesn't hurt

Great stuff and I vote for nmap

Wonderful!

Hi! Great video! I was blown away over this!
But it might be just me that is a complete noob. I just find a TCP-handshake file with 15 packets in the WireShark-link above? Should it not be the complete file from the attack Chris is using in the video?

Great. Thank you guru.

Do you have a podcast by chance? I enjoy hearing you talk about anything computers related.

Ask away David, most cases what I was thinking thx

Great Content

Cheers Mate.

Mannnn, this is just cool

Hey Chris. In this video, you mention a low number in a suspicious 34000 range. Is this number randomly chosen by the server, browser, or person initiating the packet? and what if this number was in the high number range?

im experiencing an attack almost exactly like this, but the dest ports are 23, 22 and a bunch more like that. but the syns and rando countries , is exactly like this video. What do you think of using TTL as firewall, and blocking all of them until you need one

Q: Can we get copies of the wireshark profiles used?

what a video!!
Go for nmap for the next video

LOTS OF QUESTIONS

Hi, David and Chris, I'm having a hard time making it work on my Windows version of Wireshark. I downloaded it for MMDB but it was formatted in tar.gz not .mmdb. So I formatted it to .mmdb, point it to my path folder, restarted Wireshark but no luck. Is there something I'm missing?

thx u.

Hi
Big fan of you and your videos

If the TTL number is close, would it not mean that the source is from the same location? Perhaps the hops were changed up a bit such as sent through various VPNs?

Nice video

you the best

Love from 🇧🇩

Hello David I have a problem with Kali Linux in VMBox. When I use firefox, my CPU is 100% overloaded . What can I do against it?

so, if UDP is connection-less, but QUIC is happening over UDP, AND has a connection ID and session ID (TLS), are we now to consider UDP in some cases connection oriented, or just consider QUIC connection oriented? I hope my question makes sense to others.

Ok thats great guys, so how do we block it!??

One more question for Chris what's u re idealy profile in whshark in order to get a max of infos when we try to track the wierd packets thx

How do you stop the traffic once you notice this is not normal traffic. Or it's not real time analysis

The trace file in the download link only contains the TCP Handshake with 15 packets. Is the trace file used in this video available to download?

Keep going

informative

Sir I'm your Big fan

David sir, I like that..

Cheers! P;S. Keep on asking questions.. d ; } #DavidBombal

I havnt watched the whole video. But yes, ASK AWAY!!!

Good

Can you share the link to PCAP file please. The one shared only has the Videos but not PCAP

Yeh, ask questions

Print ("hello David")

how to stop my terminal from saving history in kali linux 2021.4

Imagine heart and comment from Devid Sir

Hello David,
Seems the pcap file that was uploaded to Dropbox only showing 15 packets. I not applied any filters. Could you please
check and assist on this.

Nmap

Sir
Love from India
Iam a CCNP student
Should I learn python for future

I want question ans conversion

Can I use witeshark on the new M1 MacBook?

phone verification not working on discord

Greetings from Russia! You put us on the map! LOL

I have a question,
I'm a beginner, And I do not understand where should I start, from where should I study? I don't understand anything.....
Love❤️ from india 🇮🇳

First sir. Good evening ❤️❤️❤️❤️❤️