DoS/DDoS attacks are sometimes hard to discover since they can simulate a real situation. For example:

• Ping scans that can also come for management systems
• HTTP GET requests that are the normal requests that are accepted by web servers
• SNMP GET request

These and many others should be monitored for their quantity and sources in order to discover a problem. In the following screenshot, we see what we get when we follow a specific TCP stream.