I have same Transaction ID for all packets in DNS. Is there possibility of DNS flood or DNS amp attack?
All are DNS protocol. Please refer to capture here. https://filebin.net/mgq9w3f4be8xpbew
Is this simply a rephrasing of your other question: What is wrong with the DNS in PCAP?
If so, please add a comment to your original question so that this duplicate can be closed.
Adding the actual capture file to any question helps immensely, screen shots aren't all that helpful as they only show the info you have on display, there's much more in the actual capture file.
No, This is not from the same. I have a different issue this time. Please find the capture file here. https://filebin.net/mgq9w3f4be8xpbew
Thanks!
Is this a lab assignment? What is the source of the capture?
Have you looked through the RFC to see how the ID field is used?
yes, Source is not specified. No i have not seen RFC and apologies cor informality i am new to community sites. I have a doubt of this capture as a result of DNS flood or DNS amplification attack. Please correct me if i am wrong.
If this is a network security-related assignment then to answer your question you need to understand what is the basic difference between a DNS amplification attack and a DNS flood. Hints: In each type of attack, what are the packets an attacker sends and what are the packets a target receives? Does the attacker send packets directly to the target? Who is the target for each type of attack? Good luck. Google is your friend.