We have been getting hit with DDoS Attacks on various machines for months. The datacenter either null routes or sets up an ACL for us. However, it just came to my attention there's a tool floating around meant for targeting Game Servers that actually turns other game servers (using an exploit in the software) into zombies, which is essentially a massive botnet.
As I strongly believe that a single port is being used to send out these attacks, I would like to verify this before asking the Datacenter to block this port for inbound traffic completely on our machines. I have used Wireshark a few times, but just from reading I am having a hard time figuring out how to do this.
1) How can I set up a Packet Capture that will log all incoming network activity, but split it into 1GB files or so. We seem to be getting hit every night now, so I can just leave this going during peak hours.
2) Will having a constant Capture running have any adverse affects on network traffic?
Have a look at this page. It shows the capture options. You can save your packets in multiple files and limit the file size.
Of course, you can apply the needed filter to capture only the interesting traffic. This will limit the amount of saved data especially on a busy network/server.
The packet capturing will not affect the network as it is a passive operation. You are just collecting received data, but it may slow down your server a little depending on the traffic size. Be prepared to have the required HD capacity also.