#!/bin/sh
while true; do
	pkt_old=$(grep eth0: /proc/net/dev | cut -d ':'  -f2 | awk '{ print $2 }')
	sleep 1
	pkt_new=$(grep eth0: /proc/net/dev | cut -d ':'  -f2 | awk '{ print $2 }')
	pkt=$(( $pkt_new - $pkt_old ))
	echo -ne "\r$pkt packets/s\033[0K"
	if [ $pkt -gt 5000 ]; then
		echo "\nDDoS detected"
		tcpdump -n -s0 -c 5000 -w /home/acidvegas/dumps/dump.$(date +"%Y%m%d-%H%M%S").cap
		sleep 300
	fi
done