My server is currently under a small DOS attack. I would like to know if there is an easy way to get the list of IPs sending packets to my server, ordered by the number of packet they sent, on a specific port.
I use ubuntu server 12.04
Thank you in advance!
Install tshark and use the following command:
sudo tshark -i wlan0 -z conv,"ip" -a duration:60 -q
Where wlan0 is the interface that you wish to collect statistics on and -a duration:60 says to collect 60 seconds worth of traffic. Change the duration to as long as you need to collect meaningful statistics. You will get the following output:
Capturing on wlan0
288 packets captured
================================================================================
IPv4 Conversations
Filter:<No Filter>
| <- | | -> | | Total | Rel. Start | Duration |
| Frames Bytes | | Frames Bytes | | Frames Bytes | | |
192.168.1.77 <-> 192.168.1.64 13 1044 0 0 13 1044 1.142686000 57.2332
224.0.0.251 <-> 192.168.1.202 11 2147 0 0 11 2147 1.331480000 15.1559
239.255.255.250 <-> 192.168.1.69 7 4046 0 0 7 4046 2.358215000 48.0263
255.255.255.255 <-> 192.168.1.75 6 1296 0 0 6 1296 6.862010000 41.2681
192.168.1.255 <-> 192.168.1.75 5 582 0 0 5 582 17.716916000 30.4114
224.0.0.252 <-> 192.168.1.64 5 336 0 0 5 336 1.024354000 53.2502
239.255.255.250 <-> 192.168.1.70 4 2020 0 0 4 2020 0.924055000 48.0273