The display deception arp-request command displays the IP address scanning behavior detected by the switch.
| Parameter | Description | Value |
|---|---|---|
| source ip-address | Specifies the source IP address that initiates IP address scanning. |
The value is in dotted decimal notation. |
You can run this command to check the IP address scanning behavior detected by the switch, so that you can configure a more accurate IP address canning threshold using the deception arp-request rate command. If an IP address is scanned at a lower frequency than the threshold specified by the deception arp-request rate command but have been scanned for many times, the scanning behavior may be an attack.
# Display the IP address scanning behavior detected by the switch.
<HUAWEI> display deception arp-request --------------------------------------------------------------------------------------------------- Current total number = 2 --------------------------------------------------------------------------------------------------- source rate(num/10s) number vlan vpn-instance --------------------------------------------------------------------------------------------------- 10.1.1.1 4 231 10 public 10.1.1.2 1 280 10 public --------------------------------------------------------------------------------
Item |
Description |
|---|---|
| Current total number | Number of entries. |
source |
Source IP address that initiates IP scanning. |
rate(num/10s) |
IP address scanning frequency, in "times per 10 seconds". |
number |
Number of IP address scanning times. |
vlan |
VLAN to which the source IP address belongs. |
vpn-instance |
VPN instance of the source IP address. |