display attack-source-trace file verbose
Function
The display attack-source-trace file verbose command displays detailed information about attack source tracing in a specified file.
Format
display attack-source-trace file filename verbose [ { source-mac source-mac source-mac-mask } | { destination-mac dest-mac dest-mac-mask } | { source source-ip source-ip-mask } | { destination dest-ip dest-ip-mask } | { source-port source-port-num } | { destination-port dest-port-num } | { protocol-number protocol-num } | { time-range from start-time [ to end-time ] } | { vlan vlan-id } | { source-ipv6 source-ipv6-address source-ipv6-prefixlen } | { destination-ipv6 destination-ipv6-address destination-ipv6-prefixlen } | { next-header next-header } ] *
Parameters
| Parameter | Description | Value |
|---|---|---|
| filename |
Specifies the name of a file. |
The value is a string of 1 to 128 case-sensitive characters, spaces not supported. |
| source-mac source-mac |
Displays detailed information about attack source tracing based on the source MAC address. |
The MAC address is in the H-H-H format. H is a hexadecimal number that contains one to four digits, such as 00e0 and fc01. If an H contains less than four bits, 0s are padded ahead. For example, e0 is equal to 00e0. A MAC address cannot be FFFF-FFFF-FFFF. |
| source-mac-mask |
Displays detailed information about attack source tracing based on the source MAC address's subnet mask. |
The MAC address's subnet mask is in the H-H-H format. H is a hexadecimal number that contains one to four digits, such as 00e0 and fc01. If an H contains less than four bits, 0s are padded ahead. For example, e0 is equal to 00e0. A MAC address cannot be FFFF-FFFF-FFFF. |
| destination-mac dest-mac |
Displays brief information about attack source tracing based on the destination MAC address. |
The MAC address is in the H-H-H format. H is a hexadecimal number that contains one to four digits, such as 00e0 and fc01. If an H contains less than four bits, 0s are padded ahead. For example, e0 is equal to 00e0. A MAC address cannot be FFFF-FFFF-FFFF. |
| dest-mac-mask |
Displays brief information about attack source tracing based on the destination MAC address's subnet mask. |
The MAC address's subnet mask is in the H-H-H format. H is a hexadecimal number that contains one to four digits, such as 00e0 and fc01. If an H contains less than four bits, 0s are padded ahead. For example, e0 is equal to 00e0. A MAC address cannot be FFFF-FFFF-FFFF. |
| source source-ip |
Displays brief information about attack source tracing based on the source IP address. |
source-ip is an IPv4 address in dotted decimal notation (X.X.X.X), for example, 10.1.1.1. |
| source-ip-mask |
Displays brief information about attack source tracing based on the source IP address subnet mask. |
source-ip-mask is an IPv4 subnet mask in dotted decimal notation (X.X.X.X), for example, 255.255.255.0. |
| destination dest-ip |
Displays brief information about attack source tracing based on the destination IP address. |
dest-ip is an IPv4 address in dotted decimal notation (X.X.X.X), for example, 10.1.1.1. |
| dest-ip-mask |
Displays brief information about attack source tracing based on the destination IP address subnet mask. |
dest-ip-mask is an IPv4 subnet mask in dotted decimal notation (X.X.X.X), for example, 255.255.255.0. |
| source-port source-port-num |
Displays brief information about attack source tracing based on the source port number. |
The value is an integer ranging from 0 to 65535. |
| destination-port dest-port-num |
Displays brief information about attack source tracing based on the destination port number. |
The value is an integer ranging from 0 to 65535. |
| protocol-number protocol-num |
Displays brief information about attack source tracing based on the protocol number. |
The value is an integer ranging from 0 to 255. |
| time-range |
Show as time. |
- |
| from start-time |
Display brief information about attack source tracing based on the start time of a time range. |
The value is in the format of YYYY/MM/DD,HH:MM:SS. YYYY-MM-DD indicates the year/month/day. The value of YYYY ranges from 1970 to 9999; the value of MM ranges from 1 to 12; the value of DD ranges from 1 to 31. HH:MM:SS indicates the hour:minute:second. The value of HH ranges from 0 to 23; the value of MM and SS ranges from 0 to 59. |
| to end-time |
Display brief information about attack source tracing based on the end time of a time range. |
The value is in the format of YYYY/MM/DD,HH:MM:SS. YYYY-MM-DD indicates the year/month/day. The value of YYYY ranges from 1970 to 9999; the value of MM ranges from 1 to 12; the value of DD ranges from 1 to 31. HH:MM:SS indicates the hour:minute:second. The value of HH ranges from 0 to 23; the value of MM and SS ranges from 0 to 59. |
| vlan vlan-id |
Specifies the VLAN ID. |
The value is an integer that ranges from 0 to 4094. |
| source-ipv6 source-ipv6-address |
Specifies a source IPv6 address. |
The value is a 32-digit hexadecimal number, in the IPv6 address format of X:X:X:X:X:X:X:X. |
| source-ipv6-prefixlen |
Specifies a source IPv6 address's prefix length. |
The IPv6 prefix length is an integer ranging from 1 to 128. |
| destination-ipv6 destination-ipv6-address |
Specifies a destination IPv6 address. |
The value is a 32-digit hexadecimal number, in the IPv6 address format of X:X:X:X:X:X:X:X. |
| destination-ipv6-prefixlen |
Specifies a destination IPv6 address's prefix length. |
The IPv6 prefix length is an integer ranging from 1 to 128. |
| next-header next-header |
Specifies an IPv6 protocol number. |
The value is an integer ranging from 0 to 255. |
Usage Guidelines
Usage Scenario
To display detailed information about attack source tracing in a specified file, the display attack-source-trace file verbose command can be used. The display can be based on the source MAC address and its subnet mask, destination MAC address and its subnet mask, source IP address and its subnet mask, destination IP address and its subnet mask, source port number, destination port number, protocol number, or time range.
Example
The actual command output varies according to the device. The command output here is only an example.
<HUAWEI> display attack-source-trace file sun.cap verbose
----------------------------------
Record number: 7 packets
----------------------------------
No 1 Packet Info:
PeVlanId : 0
CeVlanId : 0
Attack Pack Time : 2017-07-13 15:10:13
L2 Type : Ethernet
Source Mac : 00e0-fc01-0363
Dest Mac : ffff-ffff-ffff
Ethernet type : (0x0800)IP
L3 Type : IP
Version : 4
Header Length : 20 byte
Type Of Service : 0
Total Length : 114
Identification : 0
Fragment Offset : 0
TTL : 64
Protocol Num : 89(89)
Checksum : 25977
Source Ip : 172.16.1.2
Dest Ip : 192.168.1.1
Attack Trace Data:
ff ff ff ff ff ff 00 00 50 01 03 63 08 00 45 00
00 72 00 00 00 00 40 59 65 79 50 01 03 63 c0 55
01 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
----------------------------------
<HUAWEI> display attack-source-trace file sun.cap verbose
----------------------------------
Record number: 7 packets
----------------------------------
No 1 Packet Info:
PeVlanId : 0
CeVlanId : 0
Attack Pack Time : 2017-07-13 15:10:13
L2 Type : Ethernet
Source Mac : 00e0-fc01-0363
Dest Mac : ffff-ffff-ffff
Ethernet type : IPV6
L3 Type : IPV6
Version : 6
Traffic Class : 20
Flow Label : 86
Payload Length : 74
Next Header : 6
Hop Limit : 21
Source IPv6 : 2001:db8:1::1
Dest IPv6 : 2001:db8:2::1
Attack Trace Data:
ff ff ff ff ff ff 00 00 50 01 03 63 08 00 45 00
00 72 00 00 00 00 40 59 65 79 50 01 03 63 c0 55
01 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ff ff ff ff ff ff 00 00 50 01 03 63 08 00 45 00
00 72 00 00 00 00 40 59 65 79 50 01 03 63 c0 55
----------------------------------
| Item | Description |
|---|---|
| Record number | Record Number. |
| No 1 Packet Info | Packet information. |
| PeVlanId | PE VLAN ID of the port for transmitting information about attack source tracing. |
| CeVlanId | CE VLAN ID of the port for transmitting information about attack source tracing. |
| Attack Pack Time | Time when an attack packet is received. |
| Attack Trace Data | Data recorded by attack source tracing. |
| L2 Type | Layer 2 link type. |
| Type Of Service | Service type. |
| Ethernet type | Ethernet type. |
| Source Mac | Source MAC address. |
| Source Ip | Source IP address. |
| Source IPv6 | Source IPv6 address. |
| Dest Mac | Destination MAC address. |
| Dest Ip | Destination IP address. |
| Dest IPv6 | Destination IPv6 address. |
| L3 Type | Layer 3 protocol type. |
| Version | Version. |
| Traffic Class | Service type. |
| Flow Label | Flow label. |
| Payload Length | Payload length. |
| Next Header | IPv6 protocol number. |
| Header Length | Length of the header of the Layer 3 protocol type. |
| Hop Limit | Maximum number of hops. |
| Total Length | Total length of the IP data packet. |
| Identification | Unique ID identifying the IP data packet. |
| Fragment Offset | Offset value of the fragmented packet. |
| TTL | TTL value. |
| Protocol Num | Protocol number. |
| Checksum | IP head checksum. |