To report an attack, it is necessary to perform a network traffic dump. To do this:

1. Log in to SSH.
2. If you are running this command for the first time on the server, make sure the tcpdump package is installed:

apt install -y tcpdump

3. Enter the command:

tcpdump -n -c 100000 -w SkillHost.pcap not arp

4. After the command completes, download the SkillHost.pcap file (it will be in the directory where the command was run).
5. Send this file to us via a support ticket or on our Discord.

Windows Version

1. Download Wireshark on the server from the official website.
2. After launching the program, at the bottom part, find the list of network interfaces. We are interested in the interface that has an IP address assigned and shows active traffic. Usually, this is named Ethernet.
3. Double-click the selected interface — from now on, network traffic will be recorded.
4. After 1–2 minutes, click Stop Packet Capture (red square) in the top-left corner. Then select File → Save As and save the file with the .pcap extension.
5. Send us this file by any means you prefer.