To discover HTTP error codes, configure the display filter http.response.code >= 400. The same applies to SIP and any protocol that uses HTTP-like codes. To find known scanners, you can simply use the Edit | Find packet feature and look for common scanner names. In the following screenshot, you can see an example for Nmap, which is one of the common ones. We chose the string nmap.org (1) in Packet bytes (2).
And this is what we got:
Another important issue in a brute force attack is when the attacker tries to guess the password in order to break into a server.
In the following screenshot, you see what happens when an attacker tries to break into a well-protected FTP server.
Since it is FTP, the first trial is with username anonymous (1). A password chosen by the attacker (2). The login is, of course, approved (3) and the attacker gets in (4).
In the following screenshot, you see what happens when the attacker tries other usernames that are not authorized.
Here, you can see that the attacker is trying to log in with the usernames root (1), admin (2) and administrator (3).
The attacker is blocked, and the server sends a TCP Zero-Window message and even answers by displaying you could at least say goodbye.