Understanding How to Use tcpdump in High Traffic

Asked 1 years ago, Updated 1 years ago, 128 views

[Environment]: CentOS or Ubuntu

We use the iptables hash limit to determine where the attack is coming from during high traffic.
I try to log srcip that exceeds the threshold that I have decided.

I think it will be similar, but is it possible to determine where the access (attack source) is coming from in real time with tcpdump alone?

Even if you run it normally with the tcpdump-iIF name option, it will be difficult to determine which one is the source of the attack.

If you know any techniques (options or techniques) to squeeze and tcpdump hosts that have abnormal access (more access than other srcip's) for one minute (although time is not required), could you tell me?

If it's impossible, I'd appreciate it if you could just tell me a few words.

linux tcpdump

2022-09-30 19:22

1 Answers

If you want to check quickly on Linux,
tcptrack, iftop, and so on.

If you do it properly, it's like netflow or sflow.
http://labs.gree.jp/blog/2015/12/15515/

The rest is IDS.

If you know any techniques (options or techniques) to squeeze and tcpdump hosts that have abnormal access (more access than other srcip's) for one minute (although time is not required), could you tell me?

I don't have any.

2022-09-30 19:22

If you have any answers or tips

Popular Tags
python x 4647
android x 1593
java x 1494
javascript x 1427
c x 927
c++ x 878
ruby-on-rails x 696
php x 692
python3 x 685
html x 656
Popular Questions

969 In Java servlet, when SHA-256 sends WW-Authenticate header for digest authentication, the client does not return the result.

539 Understanding How to Configure Google API Key

516 The method of the class of the application that I am creating in Typescript does not work as I expected.

539 rails db:create error: Could not find mysql2-0.5.4 in any of the sources

537 Unable to install versioned in Google Colab

© 2024 OneMinuteCode. All rights reserved.