An internal tracing method for network attack detection is used to trace whole life cycle of an attack data packet for test in different phases such as an attacking phase, a defending phase, and an attacked phase through configuring and uniting three parties including an attack end point (AEP), a detect end point (DEP), and a target end point (TEP) and setting a corresponding internal check point in each part when testing a network intrusion detection system (IDS). In other words, when testing the network IDS, in a whole period that the attack data packet for test is attacking, filtered, detected, and finally transmitted to a target host, a tester may clearly know the statuses and information of the data packet in each important phase, thereby generating a test report conveniently, quickly, and accurately.