First of all I would recommend you to create a test network and isolate it from the production network.
Creating a test network: It depends upon your budget. If you have a big budget then buy couple of systems running Windows and linux, buy some switches and connect them with network cables.
If the budget is not that big then try using virtualization tools like VMware workstation or VirtualBox etc. Here is a nice paper about making a test lab.
In order to simulate attacks it is good to know about how these attacks works and how to detect them. (I assume you know this.) Also most of these attacks are not very common these days but for simulation and playing around it will be fun.
For DOS simulation:
DOS attacks usually send a lot of traffic to the victim machine to consume its resources so that the legit users are not able to access the services. A very common traditional example is Ping flood as DOS attack.
Ping flood: Send a huge amount of Ping packets with packet size as big as possible. In windows you can specify the data/buffer size too. The command is ping -l. The attacker will use the maximum value.
Detection: The normal ping packet has default packet size of 32 bytes in case of Windows. So if you see a lot of Ping packets with unusual size of buffer for eg: like 4000 then you could say it could be a Ping flood.
You can use PING command to simulate this attack. In wireshark create a filter for ICMP Echo packets and check the buffer size.
MAC flooding: In this attack the attacker will transmit a lot of ARP packets to fill up the switch's CAM table. This causes the switch to operate in fail open mode, which means that the switch will broadcast the incoming packet to all the ports.
Detection: If you see a lot of ARP requests coming from random source MAC addresses, then you can assume it is ARP flooding. This is not an ideal detection method. But still if you have only 3-4 devices in your network and on contrast you are seeing many ARP requests with different source addresses then it could be an ARP flooding because 3-4 devices are not going to make a huge ARP requests with different source MAC addresses. You can use some ARP flooding tool for simulation. In wireshark create a filter for ARP request to see the ARP request frames.
ARP spoofing: In this case you shall associate your MAC address to victim's IP address by sending a specially crafted ARP frame! If the attack is successful then all traffic that was destined to Victim's IP will be now redirected to you. Currently I have no idea how you can detect this attack with just a wireshark. What you could try is that you can make a filter for all the ARP probes/requests and then check for which source MAC address the source IP address has been changed in the ARP probes.
Detection: This is not an ideal detection method because this could make a false positive if some one has merely replaced a machine in the network. But if you assume that no machine is replaced in the network then this method could help to detect the attack.
Tools for simulating the attacks: I would recommend using Kali linux it contains a lot of tools.
There are some tools that can help you:
Ping flooding tool: Nping
MAC flooding tool: Macof
ARP spoofing tool: dSniff
Also here is a good article regarding tools!.
I hope it helps.