05.07.2013, 17:24
Quote:
tcpdump is a packet capture tool which can be installed on linux systems and run from the command line.
So in the terminal: tcpdump -nvx dst 94.242.252.29 -c 500 -w packets.cap Would capture 500 packets to the destination ip (your server ip), and save them in a file. You can then read out the file with tcpdump or download the file to your computer and use Wireshark on Windows. You can then see what traffic was heading to your server. Usually it would all be udp to port 7777, but in a ddos you would see significant other traffic depending on the attack type. The attacking ip's can then be reported which will reduce the effectiveness of the attack in future. During a typical ddos your port speed is probably getting maxed, so you wouldn't actually be able to access the terminal remotely due to packetloss, so you could run tcpdump from a shell script using cron. On linux you can also sample /sys/class/net/eth0/statistics/rx_packets to get the incoming packet rate on the server. |