TCP/IP Model is composed with four layers these layers are as follows
- Application layer
- Transportation layer
- Internet layer
- Network/Data link layer We start with Application layer
- APPLICATION LAYER Application layer is the topmost layer, responsible for providing network services directly to user applications. It is where end-user interaction with the network begins and ends. Unlike the OSI model, which separates application-related functions into three layers (Application, Presentation, and Session), the TCP/IP model merges them into a single Application layer. Among of the attacks in this layer are SQL Injection, DOS, DIOR, HTTP GET Flooding consider the following screenshot for more understanding on how to analyze the attacks in Application layer using wireshark, To analyze the attacks we are using the filter section at the top of the wireshark interface.
HTTP GET Flooding
Wireshark Filter ip.src==192.168.1.254 as shown on the screenshoot The top part of this capture shows a rapid succession of HTTP GET requests originating from 192.168.1.254 to various destinations (122.225.98.197 and 183.235.46.234)
HTTP GET flooding is a type of Denial-of-Service (DoS) or Distributed Denial-of-Service (DDoS) attack where an attacker sends a large volume of legitimate-looking HTTP GET requests to a web server. The goal is to overwhelm the server's resources (CPU, memory, bandwidth) and make it unavailable to legitimate users. These requests often target resource-intensive pages or use dynamic URLs to bypass caching.
Key Observations: Multiple consecutive frames (4, 15, 164, 167, etc.) show GET requests for various resources from www.02995.com and www.hao123.com. The rapid succession and sheer volume of these requests from a single source strongly suggest a flood.
Top comments (0)