Prerequisites! Make sure tcpdump is installed on your server if using the tcpdump version! 1. Upload l3mon to the /root directory of your server. 2. In terminal, run: chmod +x /root/l3mon 3. To run program type: ./l3mon To view the interfaces on your server run the command: ifconfig Tcpdump logs are stored in the /tmp directory as L3Monlog_DATE-OF_DUMP.pcap Run this command in terminal to view a list of logged Dumps: ls /tmp | grep L3MonLog Warning! Do not set the thresholds very low or you will get spammed every 5 minutes with tcpdumps! I reccommend the lowest for Mbps: 50 and PPS 10000. You can however adjust these to your own limits appropriate for your server. If you have any questions contact me on instagram @DDoS_Filter To run l3mon in the background you can do so by starting it at boot time with a cronjob: crontab -e @reboot sudo /root/l3mon eth0 50 10000 > /dev/null You can also run the tool in a screen or with an & at the end to start it as a background process. ./l3mon eth0 50 10000 &