You could just link the packet capture to NFO support, they’re fairly helpful with this kinda thing.
Are you running on a VDS or just a purchased game server? I’m just curious with the windump.exe part.
Anyway, I took a quick glance and unless I missed something obvious I don’t see a repeat pattern and it’s just empty data. For a single game server you shouldn’t be getting those size packets very often, so you can just block 37-45 packet sizes.
Only add a small rate buffer, encase any legitimate requests happen after the attacks.
if UDP inbound
from any ip / any port
to any ip / 27015
over 50 per second - This means it will allow the first 50 a second in, during an attack this will do nothing to effect your server, simple safety net for legitimate traffic in this range for after the attack.