Abstract: Network anomaly detection is a important and dynamic research area. Signal processing techniques have been applied recently for analyzing and detect network anomalies due to their potential to find novel or unknown intrusions. Flooding is a kind of attack, in which the attacker sends several floods of packets to the victim or associated service in an effort to bring down the system. There are unlike types of flooding attacks like ping flood, Syn floods, UDP (User Datagram Protocols) floods etc. The project simulates a ping flood scenario, by using the ping command on the OS(Operating System) and same time wireshark is installing the system on the victim, which would be used to analyses the number of ping packets acknowledged during a specified period with orientation to a threshold, based on which a flooding attack is detected. In wireshark one port received all ping request. Therefore is not accurate to handle the all request. In this paper briefly disused how is wireshark tool working, wireshark tool disadvantages use traceback mechanism and improved the wireshark tool.