DDoS Detection Script ready to use for a integration in third party software using the "DATA" output. Should work on every linux system

ddosDetection.sh

#! /bin/bash
echo "DDos Detect by masusniper#0666";

interface=$(ip -o -4 route show to default | awk '{print $5}')
dumpdir=/root/dumps

echo -e "Using interface ${interface}"

mkdir $dumpdir

while /bin/true; do

  rm -r $dumpdir/*

  old_b=$(grep $interface: /proc/net/dev | cut -d :  -f2 | awk '{ print $1 }')  
  old_ps=$(grep $interface: /proc/net/dev | cut -d :  -f2 | awk '{ print $2 }')

  sleep 1

  new_b=$(grep $interface: /proc/net/dev | cut -d :  -f2 | awk '{ print $1 }')
  new_ps=$(grep $interface: /proc/net/dev | cut -d :  -f2 | awk '{ print $2 }')

  ##Defining Packets/s
  pps=$(( $new_ps - $old_ps ))
  
  ##Defining Bytes/s
  byte=$(( $new_b - $old_b ))

  gigs=$(( $byte/1024 ** 3 ))
  mbps=$(( $byte/1024 ** 2 ))
  kbps=$(( $byte/1024 ** 1 ))

  echo "$pps packets/s"

  capfile=$(date +"%Y%m%d-%H%M%S")
  touch $dumpdir/capture.$capfile.pcap

  tcpdump -i $interface -n -s0 -c 1500 -w $dumpdir/capture.$capfile.pcap
  
  echo "Detecting packets"

  sleep 1
  if [ $pps -gt 10000 ]; then

    ip=$(tcpdump -n -r $dumpdir/capture.$capfile.pcap | awk '{print $3}' | awk -F. '{print $1"."$2"."$3"."$4}' | sort | uniq -c | sort -n | tail -1 | awk '{print $2}')

    echo "DATA:START:$ip:$pps"

    sleep 10
    
    echo "DATA:END:$ip:$mbps"
  fi
done