DDOS tcpdump

If you have a publicly accessible service, it means that anyone can visit your website make use of the services and resources. This also means that your also opening yourself up to online attacks known as DDOS (Distributed Denial of Service). This means that someone is making loads of request against your service, so much that your service cannot reply to legitimate request from real users.

By having DDOS protection, you can mitigate the attacks away from your service so that legitimate request can be fulfilled and malicious request is turned away. In the world of DDOS, it is a constant cat and mouse game. Providers are constantly looking to improve the DDOS system to protect users websites and online services, however other people online try to take down online websites and services.

To improve the DDOS system for network administrators to make the changes, you can capture the DDOS attack logs via the following command. By using this command you can forward it to the provider for analysis.

tcpdump -w capture -c 100000 tcp port not 22

You can find more information on the tcpdump and is usage on tcpdump.