display attack-source-trace brief

Function

The display attack-source-trace brief command displays brief information about attack source tracing.

Format

display attack-source-trace slot { slot-id | all } brief [ { source source-ip source-ip-mask } | { car-index car-index } | { destination dest-ip dest-ip-mask } | { source-port source-port-num } | { destination-port dest-port-num } | { protocol-number protocol-num } | { time-range from begin-time [ to end-time ] } | { attack-type { car | tcpip-defend | ma-defend | application-apperceive } } | { source-ipv6 source-ipv6-address source-ipv6-prefixlen } | { destination-ipv6 destination-ipv6-address destination-ipv6-prefixlen } | { next-header next-header } ] *

display attack-source-trace slot { slot-id | all } brief [ { source source-ip source-ip-mask } | { car-index car-index } | { destination dest-ip dest-ip-mask } | { source-port source-port-num } | { destination-port dest-port-num } | { protocol-number protocol-num } | { time-range from begin-time [ to end-time ] } | { attack-type totalcar } | { source-ipv6 source-ipv6-address source-ipv6-prefixlen } | { destination-ipv6 destination-ipv6-address destination-ipv6-prefixlen } | { next-header next-header } ] *

Parameters

Parameter Description Value
all

Indicates all the working interface boards.

-
source source-ip

Displays brief information about attack source tracing based on the source IP address.

source-ip is an IPv4 address in dotted decimal notation (X.X.X.X), for example, 10.1.1.1.
source-ip-mask

Displays brief information about attack source tracing based on the source IP address subnet mask.

source-ip-mask is an IPv4 subnet mask in dotted decimal notation (X.X.X.X), for example, 255.255.255.0.
car-index car-index

Specifies a CAR ID.

The value is an integer ranging from 0 to 1699.
destination dest-ip

Displays brief information about attack source tracing based on the destination IP address.

dest-ip is an IPv4 address in dotted decimal notation (X.X.X.X), for example, 10.1.1.1.
dest-ip-mask

Displays brief information about attack source tracing based on the destination IP address subnet mask.

dest-ip-mask is an IPv4 subnet mask in dotted decimal notation (X.X.X.X), for example, 255.255.255.0.
source-port source-port-num

Displays brief information about attack source tracing based on the source port number.

The value is an integer ranging from 0 to 65535.
destination-port dest-port-num

Displays brief information about attack source tracing based on the destination port number.

The value is an integer ranging from 0 to 65535.
protocol-number protocol-num

Displays brief information about attack source tracing based on the protocol number.

The value is an integer ranging from 0 to 255.
time-range

Sorted by time segment.

-
from begin-time

Display brief information about attack source tracing based on the start time of a time range.

The value is in the format of YYYY/MM/DD,HH:MM:SS. YYYY-MM-DD indicates the year/month/day. The value of YYYY ranges from 1970 to 9999; the value of MM ranges from 1 to 12; the value of DD ranges from 1 to 31. HH:MM:SS indicates the hour:minute:second. The value of HH ranges from 0 to 23; the value of MM and SS ranges from 0 to 59.
to end-time

Display brief information about attack source tracing based on the end time of a time range.

The value is in the format of YYYY/MM/DD,HH:MM:SS. YYYY-MM-DD indicates the year/month/day. The value of YYYY ranges from 1970 to 9999; the value of MM ranges from 1 to 12; the value of DD ranges from 1 to 31. HH:MM:SS indicates the hour:minute:second. The value of HH ranges from 0 to 23; the value of MM and SS ranges from 0 to 59.
attack-type

Display by attack type.

-
car

Committed access rate.

-
tcpip-defend

Defensive for TCP/IP Datagrams' Attack drop packet.

-
ma-defend

Application and management defend.

-
application-apperceive

Application apperceive defend.

-
source-ipv6 source-ipv6-address

Specifies a source IPv6 address.

The value is a 32-digit hexadecimal number, in the IPv6 address format of X:X:X:X:X:X:X:X.
source-ipv6-prefixlen

Specifies a source IPv6 address's prefix length.

The IPv6 prefix length is an integer ranging from 1 to 128.
destination-ipv6 destination-ipv6-address

Specifies a destination IPv6 address.

The value is a 32-digit hexadecimal number, in the IPv6 address format of X:X:X:X:X:X:X:X.
destination-ipv6-prefixlen

Specifies a destination IPv6 address's prefix length.

The IPv6 prefix length is an integer ranging from 1 to 128.
next-header next-header

Specifies an IPv6 protocol number.

The value is an integer ranging from 0 to 255.
totalcar

Total rate at which packets are sent to the CPU.

-
slot slot-id

Specifies the slot number of the interface board in position.

-

Views

All views

Default Level

1: Monitoring level

Task Name and Operations

Task Name Operations
device-mgr read

Usage Guidelines

Usage Scenario

The Device can display details by type, including quintuple information (source/destination IP address, source/destination IP port (TCP/UDP), and protocol number (IP header)), time period, CAR index, and traced attack sources.

Example

The actual command output varies according to the device. The command output here is only an example.

# Display brief information about attack source tracing on the interface board in slot 1 in IPv6 scenarios.
<HUAWEI> display attack-source-trace slot 1 brief
----------------------------- 
Slot            : 1           
Buffer Size     : 1048576 Bytes   
Record Number   : 5 Packets
Overwrite Flag  : No    
----------------------------- 
 No 1 Packet Info:   
 Interface Name   : GigabitEthernet0/1/1 
 PeVlanid : 0           
 CeVlanid : 0       
 Attack Type      : Application apperceive  
 Source IPv6      : 2001:db8:1::1  
 Dest IPv6        : 2001:db8:2::1 
 Next Header      : 89
 CAR Index        : 8 
 Attack Pack Time : 2017-07-13 15:10:17 
 Attack Trace Data:       
ff ff ff ff ff ff 00 00 50 01 03 63 08 00 45 00 
00 72 00 00 00 00 40 59 65 79 50 01 03 63 c0 55    
01 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00  
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
01 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
# Display information about the attack source tracing on the interface board in slot 1 in IPv4 scenarios.
<HUAWEI> display attack-source-trace slot 1 brief
-----------------------------
Slot            : 1
Buffer Size     : 1048576 Bytes
Record Number   : 5 Packets
Overwrite Flag  : No
-----------------------------
 No 1 Packet Info:
 Interface Name   : GigabitEthernet0/1/1
 PeVlanid : 0
 CeVlanid : 0
 Attack Type      : Application apperceive
 Source Ip        : 172.16.1.2
 Dest Ip          : 192.168.1.1
 Protocol Num     : 89
 CAR Index        : 8
 Attack Pack Time : 2017-07-13 15:10:17
 Attack Trace Data:
ff ff ff ff ff ff 00 00 50 01 03 63 08 00 45 00
00 72 00 00 00 00 40 59 65 79 50 01 03 63 c0 55
01 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Table 1 Description of the display attack-source-trace brief command output
Item Description
Slot

Slot ID.
Buffer Size

Size of the buffer for attack source tracing information.
Record Number

Number of recorded attack source tracing packets.
Overwrite Flag

Whether recorded information in the memory is overridden.
No 1 Packet Info

Packet information.
Interface Name

Interface for transmitting information about attack source tracing.
PeVlanid

Single VLAN tag or outer VLAN tag.
CeVlanid

Inner VLAN tag.
Attack Type

Type of attacks.
Attack Pack Time

Time for packet attacks.
Attack Trace Data

Data recorded by attack source tracing.
Source Ip

Source IP address.
Source IPv6

Source IPv6 address.
Dest Ip

Destination IP address.
Dest IPv6

Destination IPv6 address.
Next Header

IPv6 protocol number.
CAR Index

CAR index of packet.
Protocol Num

Protocol number.
Parent Topic: Local Attack Defense Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >