Network+ Exam
Packet Captures
October 29, 2025
- #network+
Packet Captures
π¦ Packet Capture Example Questions
1. Port Scan
Capture shows:
No. Time Source Dest Protocol Info
1 0.001 192.168.1.10 10.0.0.5 TCP SYN to port 21
2 0.002 192.168.1.10 10.0.0.5 TCP SYN to port 22
3 0.003 192.168.1.10 10.0.0.5 TCP SYN to port 23
Question: What type of attack is shown?
Answer: Port scan (probing for open ports).
2. SYN Flood
Capture shows many SYN packets from one source, but no completion of the TCP three-way handshake:
1 192.168.1.20 β 10.0.0.5 TCP SYN
2 192.168.1.20 β 10.0.0.5 TCP SYN
3 192.168.1.20 β 10.0.0.5 TCP SYN
Question: Whatβs happening?
Answer: SYN Flood attack (overwhelms the server with half-open connections).
3. DDoS
Capture shows SYN flood attempts but from multiple source IPs all targeting the same server:
1 192.168.1.10 β 10.0.0.5 TCP SYN
2 172.16.4.20 β 10.0.0.5 TCP SYN
3 203.0.113.5 β 10.0.0.5 TCP SYN
Question: What type of attack is indicated?
Answer: Distributed Denial of Service (DDoS).
β Exam Tips
- Focus on Source/Destination IPs, Ports, and Flags (SYN, ACK, FIN).
- Multiple SYNs without ACK = flood.
- Many IPs to one target = DDoS.
- SYNs across many ports = port scan.