DoS Attacking view

The DoS Attacking view is only available when you are using the analysis profile of Security Analysis.

If there is an item on this view, it means that the listed computers has been compromised and been manipulated to join in an attack of some remote or local sites. A compromised machine like this is called a botnet. A botnet consumes the network bandwidth dramatically. DoS attackings are identified according to default setting values, and you can also customize these values to let the program find out the root of the problem more accurately (See DoS attacking settings for details).

The DoS Attacking view will not be available when you select any nodes on the Protocol Explorer and all nodes except IP address nodes on the Physical Explorer.

This view lists the IP addresses and their traffic information of the hosts which may perform DoS attack. You can double-click any item on the list to view detailed packet information in the Packet window which is named with the node and is just the same as the Packet view (See Packet view for more information).

Toolbar

The following table lists and describes the items on the toolbar of this view.

Item	Description
	Exports current statistical list as a .csv file.
	Shows or hides the lower pane.
	Makes a packet filter based on the selected node. See Creating Filters for details.
	Adds an alias to the Name Table for selected node. See Name Table for details.
	Locates the selected node in the Node Explorer window.
	Refreshes the node list or sets display refresh interval by clicking the little triangle. If the interval is set to Manually Refresh, display will update only when the Refresh button is clicked.
	Displays particular items of the list. See Display Filter for details.
	Shows the number of worm attacks in the list. The name changes along with the selection in the Node Explorer window.

DoS Attacking columns

By right-clicking the column header, you can specify which columns to show in the list. Choose Default to show default columns and choose More to open Display Column dialog box to set which columns to show and to set the position, the alignment and the width of the column. See Endpoint columns for details.

Pop-up menu

Right-click the node list to get a pop-up menu with items as follows:

Item	Description
Packet Details	Views the decoding information of the packets of the node in the Packet window which is just the same as the Packet view (See Packet view for more information).
Copy	Copies the selection and the header row in original format to the clipboard.
Copy Column	Copies the selected column in original format to the clipboard.
Display Column	Shows or hides columns or changes the position of columns. This command is just the same as right-clicking the column header.
Export Node Statistics	Saves current list of the node statistics as a .csv file.
Find	Calls out Find dialog box to search only in the node list.
Make Filter	Makes a packet filter based on the selected node. See Creating Filters for details.
Make Graph	Makes a graph in the Dashboard view on the basis of the selected node. See Creating Graphs for details.
Make Alarm	Makes an alarm on the basis of the selected node. See Creating Alarms for details.
Add to Name Table	Adds an alias to the Name Table for the IP address or MAC address of selected item. See Name Table for details.
Resolve Address	Only available when an IP address node is selected. Resolves the host name of selected node.
Locate in Node Explorer	Locates the selected node in the Node Explorer window.
Ping	Only available with right-clicking IP address node. Calls out the build-in Ping Tool to ping selected node.
Select All	Selects all items in the node list.
Refresh	Refreshes the node list.

DoS Attacking lower pane

When you select a specific item in the node list on the DoS Attacking view, the lower pane tabs will provide detailed information about the item. By default, the lower pane is visible. You can click Details button on the DoS Attacking view to close it, and you can also click Details button to show the lower pane when it is invisible.

The DoS Attacking lower pane provides IP Conversation tab, TCP Conversation tab, and UDP Conversation tab.

The IP Conversation tab lists all IP address conversations of the node selected on the Worm view. The toolbar and columns are just the same as those on IP Conversation view. See IP Conversation for details.
The TCP Conversation tab lists the conversations using TCP protocol of the node selected on the Worm view. The toolbar and columns are just the same as those on TCP Conversation view. See TCP Conversation for details.
The UDP Conversation tab lists the conversations using UDP protocol of the node selected on the Worm view. The toolbar and columns are just the same as those on UDP Conversation view. See UDP Conversation for details.

You can double-click any item in the conversation lists to view detailed packet information in the Packet window which is named with the conversation and is just the same as the Packet view (See Packet view for more information).

Back