Anomaly IP Packet header

Posted on by lechuck park

From Gemini with some prompting
Title: Anomaly Detection (IP Packet Header)

Overview:

The image illustrates the structure of an IP packet header and how to detect anomalous activities based on TCP/IP header information.

Key Elements:

  • IP Address: Identifies the server.
  • TCP/UDP Port: Used to send and receive packets.
  • Service Port Number: Port number used to connect to a specific service.
  • Service Area: IP address range where a specific service is provided.

Indicators of Anomalous Activity:

  • Unknown IP: Packets coming from unknown IP addresses.
  • Foreign IP: Packets coming from overseas IP addresses.
  • Unused Port: Packets sent to unused ports.
  • TCP/UDP Port == 0: Packets with TCP/UDP port number 0.
  • IP/TCP Checksum == 0: Packets with IP/TCP checksum 0.
  • Unused IP Protocol: Packets using unused protocols.
  • Too Large (IP.ttl): Packets with excessively large TTL values.
  • Too Many (TCP Syn): Excessive number of SYN packets.
  • Too Many (IP. fragmented): Excessive number of fragmented packets.
Unknown's avatar

Published by lechuck park

AI Infrastructure Architect & Technical Visualizer "Complex Systems, Simplified. I translate massive AI infrastructure into visual intelligence." I love to learn computer tech and help people by the digital.

Leave a comment