display deception flow

Function

The display deception flow command displays the deception flow table.

Format

display deception flow [ slot slot-id ]

Parameters

Parameter	Description	Value
slot slot-id	Specifies a slot ID.	The value must be set according to the device configuration.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

In the deception flow table, you can view the traffic that meets certain conditions and will be sent to the deception module. The deception module then determines whether to lure the traffic to the Decoy based on the scanned IP address and TCP port.

Precautions

When a detected network segment, bait network segment, or deception whitelist is configured, a deception flow table is generated.

Example

# Display the deception flow table.

<HUAWEI> display deception flow
                                                                                                                                    
Slot: 0                                                                                                                             
--------------------------------------------------------------------------------                                                    
Flow ID 1 information:                                                                                                              
--------------------------------------------------------------------------------                                                    
Status          :Valid                                                                                                              
Destination mac :0050-568c-1bbc                                                                                                     
Vpn-instance    :                                                                                                                   
--------------------------------------------------------------------------------                                                    
Flow ID 2 information:                                                                                                              
--------------------------------------------------------------------------------                                                    
Status          :Valid                                                                                                              
Vpn-instance    :                                                                                                                   
Eth_type        :Arp                                                                                                                
--------------------------------------------------------------------------------                                                    
Flow ID 4 information:                                                                                                              
--------------------------------------------------------------------------------                                                    
Status          :Valid                                                                                                              
Vpn-instance    :                                                                                                                   
Protocol        :Tcp                                                                                                                
Tcp_flag        :Syn                                                                                                                
--------------------------------------------------------------------------------                                                    
Flow ID 5 information:                                                                                                              
--------------------------------------------------------------------------------                                                    
Status          :Valid                                                                                                              
Vpn-instance    :                                                                                                                   
Protocol        :Tcp                                                                                                                
Tcp_flag        :Syn | Ack                                                                                                          
--------------------------------------------------------------------------------                                                    
Flow ID 6 information:                                                                                                              
--------------------------------------------------------------------------------                                                    
Status          :Valid                                                                                                              
Vpn-instance    :                                                                                                                   
Protocol        :Tcp                                                                                                                
Tcp_flag        :Rst | Ack

**Table 1** Description of the **display deception flow** command output
Item	Description
Slot	Slot ID.
Flow ID n information	Information about deception flow table n.
Status	Whether the deception flow entry is valid: Valid Invalid
Vpn-instance	VPN instance to which the inbound interface of the scanning packets belongs.
Destination mac	MAC address used by the switch to perform ARP spoofing on IP address scanning in a suspected attack.
Destination IP	Destination IP address of scanning packets.
Destination Port	Destination port number of scanning packets.
Source IP	Source IP address of scanning packets.
Protocol	Transport layer protocol type of scanning packets.
Eth_type	Layer 2 protocol type of scanning packets.
Tcp_flag	TCP flag.