The display deception syn-connect command displays the TCP port scanning behavior detected by the switch.
| Parameter | Description | Value |
|---|---|---|
| source-ip ip-address | Specifies the source IP address that initiates TCP port scanning. |
The value is in dotted decimal notation. |
You can run this command to check the TCP port scanning behavior detected by the switch, so that you can configure a more accurate TCP port scanning threshold using the deception syn-connect rate command. If a TCP port is scanned at a lower frequency than the threshold specified by the deception syn-connect rate command but have been scanned for many times, the scanning behavior may be an attack.
# Display the TCP port scanning behavior detected by the switch.
<HUAWEI> display deception syn-connect --------------------------------------------------------------------------------------------------- Current total number = 0 --------------------------------------------------------------------------------------------------- source rate(num/s)number vlan vpn-instance ---------------------------------------------------------------------------------------------------
Item |
Description |
|---|---|
| Current total number | Number of entries. |
source |
Source IP address that initiates TCP port scanning. |
rate(num/s) |
TCP port scanning frequency, in "times per second". |
number |
Number of TCP port scanning times. |
vlan |
VLAN to which the source IP address belongs. |
vpn-instance |
VPN instance of the source IP address. |