TCPDump Command Builder
Detection, Mitigation & Response

Detect and mitigate DDoS attacks in under 1 second, respond automatically, and keep your users informed.

All features →
1-Second Detection
Know the instant traffic spikes. PPS checked every second.
Attack Classification
Identifies 8 attack types with protocol-level confidence scores.
Node Firewall Rules
Per-server iptables, null-routes, CDN rules & scripts.
Cloud Scrubbing
Auto-divert to Cloudflare, OVH, or Hetzner on attack detection.
BGP Mitigation
Auto-deploy FlowSpec, RTBH blackhole & rate-limiting via BGP.
Multi-Channel Alerts
Discord, Slack, PagerDuty, OpsGenie, SMS, email, webhooks.
PCAP Capture
Full packet capture with AI-powered forensic analysis.
Layer 7 Detection
HTTP flood, credential stuffing, API abuse & bot detection.
Automated Runbooks
Chain mitigation steps into automated incident response playbooks.
Analytics Baselines Threat Intel & IOC Multi-Node Status Pages Correlation Audit Log Attack Profiles Flow Collection
Learn
Documentation Quick Start API Reference Agent Setup DDoS Protection Landscape State of DDoS 2026 REPORT Free Certifications NEW
Research & Guides
Mirai Botnet Kill Switch Research memcached Amplification Dynamic Baselines PCAP Forensics PagerDuty Setup
Company
About Us Partners Whitelabel / Reseller Affiliate Program Pay with Crypto System Status
Legal & Support
Contact Us Terms Privacy SLA
Who Uses Flowtriq

From indie hosts to ISPs, see how teams like yours use Flowtriq to detect and stop DDoS attacks.

Talk to Us →
Infrastructure
Hosting Providers ISPs MSPs/MSSPs Small Operators Routers Edge Node Defense
Gaming
Game Server Hosting Game Studios
Business
SaaS Platforms E-Commerce Financial Services Compliance NEW
Home/Tools/TCPDump Command Builder

Free Tool

TCPDump Command Builder

Visually build tcpdump commands for network traffic analysis and DDoS forensics. Select options, see the command update in real-time, and copy with one click.

Generated Command
sudo tcpdump -i eth0

Quick Presets

Interface & Capture

Use "any" to capture on all interfaces
-c flag; leave empty for continuous
-s flag; 0 = full packet
-w flag; saves as PCAP for Wireshark analysis

Display Options

Protocol Filter

Only applies when protocol is TCP

Host & Port Filter

Capture all traffic for a network
Note: tcpdump requires root privileges (sudo). Capturing on production systems can impact performance at very high packet rates. Use -c to limit capture size and -w to save to file for offline analysis. PCAP files can contain sensitive data; handle them securely.

TCPDump Flag Reference

-i <iface>

Specify the network interface to listen on. Use "any" for all interfaces.

-c <count>

Capture only this many packets, then stop. Useful for quick samples.

-w <file>

Write raw packets to a PCAP file. Open later in Wireshark for analysis.

-n / -nn

Skip DNS resolution (-n) and port name resolution (-nn). Much faster output.

-v / -vv / -vvv

Increasing verbosity. Shows TTL, ID, IP options, ICMP details, etc.

-X

Print packet data in hex and ASCII. Essential for payload inspection.

-A

Print packet payload in ASCII only. Great for HTTP traffic inspection.

-e

Show link-layer (Ethernet) headers. Useful for VLAN/MAC analysis.

-s <len>

Snap length: how many bytes per packet to capture. 0 = entire packet.

-tttt

Print timestamps with date. Makes correlation with logs much easier.

tcp[tcpflags]

Filter by TCP flag bits. Detect SYN floods, RST storms, and more.

-r <file>

Read packets from a PCAP file instead of live capture. For offline analysis.

Protect your infrastructure with Flowtriq

Detect DDoS attacks in under 1 second. Classify attack types automatically. Get instant alerts.

Start your free trial →
Export your results