Throughput is a metric, one of the core capacity figures a DDoS test drives toward its limit to find where a system breaks. It measures the volume of traffic a component processes per unit time, expressed in bits per second on a link, packets per second through a device, or requests per second at the application. A volumetric attack tries to push throughput past the link's ceiling; a protocol attack tries to push packet throughput past what a firewall or kernel can track, regardless of bandwidth.
Why it matters in DDoS testing
Headline throughput is not the same as useful throughput. A pipe can show high bits per second while almost all of it is attack traffic, so the meaningful figure is goodput: the throughput delivering legitimate work. A test measures both, mapping the rate at which raw throughput climbs but goodput collapses, which marks the layer of first failure.
For how throughput limits shape a resilience baseline, see DDoS Resilience Testing.