Security+ Lab · Network Attack Analysis

Analyze a SYN Flood Attack

SY0-701 2.4 2.4.3 Network attacks 2.4.3.1 DDoS / SYN flood

PacketScope — live segment monitor

SYN in

SYN-ACK out

Completed

Shown

Half-open vs. established (server :443) —

Start a capture to populate the segment view.

No.	Time	Source	Destination	Flags	Info
No packets captured yet.

Lab worksheet

You are the on-call analyst at Brightwater Credit Union. Members report the public banking portal at 10.20.30.40:443 is timing out. A peer workstation, bw-analyst-7, sits on the same switched segment as the portal. Capture and triage the traffic to confirm what's happening.

Tasks 0 / 3

Capture on the segment uplink (ens160) and start the capture.
Apply tcp.flags.syn==1 and tcp.flags.ack==1 to isolate the server's replies.
Apply tcp.flags.syn==1 and tcp.flags.ack==0 to isolate inbound connection requests.

Questions 0 / 4

Submit completed lab

Hacker name (pseudonym — no real names)

0 / 7

PacketScope is an original training simulation. No vendor screenshots, lab text, or proprietary scenarios are reproduced. Wireshark display-filter syntax is documented product behavior, taught as fact.
© 2026 <Your Name / Institution>. All rights reserved. — assignmentId splus-syn-flood-analysis.