Detection, Mitigation & Response

Detect and mitigate DDoS attacks in under 1 second, respond automatically, and keep your users informed.

All features →
1-Second Detection
Know the instant traffic spikes. PPS checked every second.
Attack Classification
Identifies 8 attack types with protocol-level confidence scores.
Node Firewall Rules
Per-server iptables, null-routes, CDN rules & scripts.
Cloud Scrubbing
Auto-divert to Cloudflare, OVH, or Hetzner on attack detection.
BGP Mitigation
Auto-deploy FlowSpec, RTBH blackhole & rate-limiting via BGP.
Multi-Channel Alerts
Discord, Slack, PagerDuty, OpsGenie, SMS, email, webhooks.
IOC Pattern Matching
Identify Mirai, LOIC & botnets via payload-level indicator matching.
PCAP Capture
Full packet capture with AI-powered forensic analysis.
Status Pages
Auto-updated public incident pages for your users.
Real-Time Analytics Dynamic Baselines Threat Intel Multi-Node Maintenance Audit Log
Learn
Documentation Quick Start API Reference Agent Setup DDoS Protection Landscape Free Certifications NEW
Popular Guides
memcached Amplification Dynamic Baselines PCAP Forensics PagerDuty Setup
Company
About Us Partners White Label Referral Program Pay with Crypto System Status
Legal & Support
Contact Us Terms Privacy SLA
Who Uses Flowtriq

From indie hosts to ISPs — see how teams like yours use Flowtriq to detect and stop DDoS attacks.

Talk to Us →
Infrastructure
Hosting Providers ISPs MSPs Small Operators
Gaming
Game Server Hosting Game Studios
Business
SaaS Platforms E-Commerce Financial Services
Home/Tools/TCPDump Command Builder

Free Tool

TCPDump Command Builder

Visually build tcpdump commands for network traffic analysis and DDoS forensics. Select options, see the command update in real-time, and copy with one click.

Generated Command
sudo tcpdump -i eth0

Quick Presets

Interface & Capture

Use "any" to capture on all interfaces
-c flag; leave empty for continuous
-s flag; 0 = full packet
-w flag; saves as PCAP for Wireshark analysis

Display Options

Protocol Filter

Only applies when protocol is TCP

Host & Port Filter

Capture all traffic for a network
Note: tcpdump requires root privileges (sudo). Capturing on production systems can impact performance at very high packet rates. Use -c to limit capture size and -w to save to file for offline analysis. PCAP files can contain sensitive data; handle them securely.

TCPDump Flag Reference

-i <iface>

Specify the network interface to listen on. Use "any" for all interfaces.

-c <count>

Capture only this many packets, then stop. Useful for quick samples.

-w <file>

Write raw packets to a PCAP file. Open later in Wireshark for analysis.

-n / -nn

Skip DNS resolution (-n) and port name resolution (-nn). Much faster output.

-v / -vv / -vvv

Increasing verbosity. Shows TTL, ID, IP options, ICMP details, etc.

-X

Print packet data in hex and ASCII. Essential for payload inspection.

-A

Print packet payload in ASCII only. Great for HTTP traffic inspection.

-e

Show link-layer (Ethernet) headers. Useful for VLAN/MAC analysis.

-s <len>

Snap length: how many bytes per packet to capture. 0 = entire packet.

-tttt

Print timestamps with date. Makes correlation with logs much easier.

tcp[tcpflags]

Filter by TCP flag bits. Detect SYN floods, RST storms, and more.

-r <file>

Read packets from a PCAP file instead of live capture. For offline analysis.

Protect your infrastructure with Flowtriq

Detect DDoS attacks in under 1 second. Classify attack types automatically. Get instant alerts.

Start your free trial →
Export your results