Code questions

[Ivanmatthew]

How I'm currently reading the code, and I found the commenting and some code lines odd, could you maybe explain?

Line 30:
if [ $pps -gt 10000 ]; then ## Attack alert will display after incoming traffic reach 30000 PPS
How will it detect 30.000 pps? All I see is a statement to check if packets per second is greater than 10.000 .

Line 67:
sleep 120 && pkill -HUP -f /usr/sbin/tcpdump ## The "Attack no longer detected" alert will display in 220 seconds
How do you know an attack automatically stops after 120 seconds? And why does the comment say 220 seconds?
It seems to me it could potentially just send 2 webhooks every 120 seconds, if the ddoser would commence an attack longer than that.

Thanks in advance.
Sincerely,
IM