Ask Your Question

Revision history [back]

if you mean pcap when you say 'log file', then there are several possible signs of an attack. But it's hard to spot such a sign, without knowing what kind of attack you're looking for.

  • DoS/DDoS attack: You should see a massive increase of traffic in the pcap and lot's of missing ACK and/or Duplicate ACK, because the system can't handle the extra load
  • targeted attacks (protocol/application level): Longer response times, more TCP reconnets, TCP RESETs, etc., because the application is either under load or crashing

If you really mean a log file, when you say log file, please add more details.