display attack-source-trace verbose
Function
The display attack-source-trace verbose command displays verbose information about attack source tracing.
Format
display attack-source-trace slot { slot-id | all } verbose [ { source source-ip source-ip-mask } | { car-index car-index } | { destination dest-ip dest-ip-mask } | { source-port source-port-num } | { destination-port dest-port-num } | { destination-mac dest-mac dest-mac-mask } | { source-mac source-mac source-mac-mask } | { protocol-number protocol-num } | { time-range from begin-time [ to end-time ] } | { attack-type { car | tcpip-defend | ma-defend | application-apperceive | totalcar } } | { vlan vlan-id } | { source-ipv6 source-ipv6-address source-ipv6-prefixlen } | { destination-ipv6 destination-ipv6-address destination-ipv6-prefixlen } | { next-header next-header } ] *
Parameters
| Parameter | Description | Value |
|---|---|---|
| all |
Displays information about all slots. |
- |
| source source-ip |
Displays brief information about attack source tracing based on the source IP address. |
source-ip is an IPv4?address in dotted decimal notation (X.X.X.X), for example, 10.1.1.1. |
| source-ip-mask |
Displays brief information about attack source tracing based on the source IP address subnet mask. |
source-ip-mask is an IPv4 subnet mask in dotted decimal notation (X.X.X.X), for example, 255.255.255.0. |
| car-index car-index |
CAR ID index. |
The value is an integer ranging from 0 to 1699. |
| destination dest-ip |
Displays brief information about attack source tracing based on the destination IP address. |
dest-ip is an IPv4 address in dotted decimal notation (X.X.X.X), for example, 10.1.1.1. |
| dest-ip-mask |
Displays brief information about attack source tracing based on the destination IP address subnet mask. |
dest-ip-mask is an IPv4 subnet mask in dotted decimal notation (X.X.X.X), for example, 255.255.255.0. |
| source-port source-port-num |
Displays brief information about attack source tracing based on the source port number. |
The value is an integer ranging from 0 to 65535. |
| destination-port dest-port-num |
Displays brief information about attack source tracing based on the destination port number. |
The value is an integer ranging from 0 to 65535. |
| destination-mac dest-mac |
Displays brief information about attack source tracing based on the destination MAC address. |
The MAC address is in the H-H-H format. H is a hexadecimal number that contains one to four digits, such as 00e0 and fc01. If an H contains less than four bits, 0s are padded ahead. For example, e0 is equal to 00e0. A MAC address cannot be FFFF-FFFF-FFFF. |
| dest-mac-mask |
Displays brief information about attack source tracing based on the destination MAC address's subnet mask. |
The MAC address's subnet mask is in the H-H-H format. H is a hexadecimal number that contains one to four digits, such as 00e0 and fc01. If an H contains less than four bits, 0s are padded ahead. For example, e0 is equal to 00e0. A MAC address cannot be FFFF-FFFF-FFFF. |
| source-mac source-mac |
Displays detailed information about attack source tracing based on the source MAC address. |
The MAC address is in the H-H-H format. H is a hexadecimal number that contains one to four digits, such as 00e0 and fc01. If an H contains less than four bits, 0s are padded ahead. For example, e0 is equal to 00e0. A MAC address cannot be FFFF-FFFF-FFFF. |
| source-mac-mask |
Displays detailed information about attack source tracing based on the source MAC address's subnet mask. |
The MAC address's subnet mask is in the H-H-H format. H is a hexadecimal number that contains one to four digits, such as 00e0 and fc01. If an H contains less than four bits, 0s are padded ahead. For example, e0 is equal to 00e0. A MAC address cannot be FFFF-FFFF-FFFF. |
| protocol-number protocol-num |
Displays brief information about attack source tracing based on the protocol number. |
The value is an integer that ranges from 0 to 255. |
| time-range |
Configures the time range of the domain. |
- |
| from begin-time |
Display brief information about attack source tracing based on the start time of a time range. |
The value is in the format of YYYY/MM/DD,HH:MM:SS. YYYY-MM-DD indicates the year/month/day. The value of YYYY ranges from 1970 to 9999; the value of MM ranges from 1 to 12; the value of DD ranges from 1 to 31. HH:MM:SS indicates the hour:minute:second. The value of HH ranges from 0 to 23; the value of MM and SS ranges from 0 to 59. |
| to end-time |
Display brief information about attack source tracing based on the end time of a time range. |
The value is in the format of YYYY/MM/DD,HH:MM:SS. YYYY-MM-DD indicates the year/month/day. The value of YYYY ranges from 1970 to 9999; the value of MM ranges from 1 to 12; the value of DD ranges from 1 to 31. HH:MM:SS indicates the hour:minute:second. The value of HH ranges from 0 to 23; the value of MM and SS ranges from 0 to 59. |
| attack-type |
Display brief information about attack source tracing based on the attack type. |
- |
| car |
Committed access rate. |
- |
| tcpip-defend |
Defensive for TCP/IP Datagrams' Attack drop packet. |
- |
| ma-defend |
Application and management defend. |
- |
| application-apperceive |
Application apperceive defend. |
- |
| totalcar |
Indicates the total rate at which packets are sent to the CPU. |
- |
| vlan vlan-id |
Specifies the VLAN ID. |
The value is an integer that ranges from 0 to 4094. |
| source-ipv6 source-ipv6-address |
Specifies a source IPv6 address. |
The value is a 32-digit hexadecimal number, in the IPv6 address format of X:X:X:X:X:X:X:X. |
| source-ipv6-prefixlen |
Specifies a source IPv6 address's prefix length. |
The IPv6 prefix length is an integer ranging from 1 to 128. |
| destination-ipv6 destination-ipv6-address |
Specifies a destination IPv6 address. |
The value is a 32-digit hexadecimal number, in the IPv6 address format of X:X:X:X:X:X:X:X. |
| destination-ipv6-prefixlen |
Specifies a destination IPv6 address's prefix length. |
The IPv6 prefix length is an integer ranging from 1 to 128. |
| next-header next-header |
Specifies an IPv6 protocol number. |
The value is an integer ranging from 0 to 255. |
| slot slot-id |
Specifies the slot number of the interface board in position. |
The value is a string of 1 to 32 case-sensitive characters, spaces not supported. |
Usage Guidelines
Usage Scenario
Data in the memory and files can be displayed. Provides the function of displaying detailed information by category, and supports the function of displaying the source/destination MAC address and quintuple. (Source/destination IP address, source/destination port number (TCP/UDP, etc.) 1. Protocol number (IP header), time range, VLAN, source tracing field, and packet CAR ID.
Example
The actual command output varies according to the device. The command output here is only an example.
<HUAWEI> display attack-source-trace slot 1 verbose ----------------------------- Slot : 1 Buffer Size : 1048576 Bytes Record Number : 7 Packets Overwrite Flag : No ----------------------------- No 1 Packet Info: Interface Name : GigabitEthernet0/1/1 PeVlanid : 0 CeVlanid : 0 CAR Index : 8 Attack Type : Application apperceive Attack Pack Time : 2017-07-13 15:10:19 L2 Type : Ethernet Source Mac : 00e0-fc01-0363 Destination Mac : ffff-ffff-ffff Ethernet type : (0x86dd)IPV6 L3 Type : IPV6 Version : 6 Traffic Class : 20 Flow Label : 86 Payload Length : 74 Next Header : 6 Hop Limit : 21 Source IPv6 : 2001:db8:1::1 Dest IPv6 : 2001:db8:2::1 Attack Trace Data: ff ff ff ff ff ff 00 00 50 01 03 63 08 00 45 00 00 72 00 00 00 00 40 59 65 79 50 01 03 63 c0 55 01 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ----------------------------------
<HUAWEI> display attack-source-trace slot 1 verbose ----------------------------- Slot : 1 Buffer Size : 1048576 Bytes Record Number : 7 Packets Overwrite Flag : No ----------------------------- No 1 Packet Info: Interface Name : GigabitEthernet0/1/1 PeVlanid : 0 CeVlanid : 0 CAR Index : 8 Attack Type : Application apperceive Attack Pack Time : 2017-07-13 15:10:19 L2 Type : Ethernet Source Mac : 00e0-fc01-0363 Destination Mac : ffff-ffff-ffff Ethernet type : (0x0800)IP L3 Type : IP Version : 4 Header Length : 20 Type Of Service : 0 Total Length : 114 (0x0072) Identification : 0 Fragment Offset : 0 TTL : 64 Protocol Num : 89(89) Checksum : 25977 Source Ip : 172.16.1.2 Dest Ip : 192.168.1.1 Attack Trace Data: ff ff ff ff ff ff 00 00 50 01 03 63 08 00 45 00 00 72 00 00 00 00 40 59 65 79 50 01 03 63 c0 55 01 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ----------------------------------
| Item | Description |
|---|---|
| Slot | Slot ID. |
| Buffer Size | Size of the buffer for attack source tracing information. |
| Record Number | Number of recorded attack source tracing packets. |
| Overwrite Flag | Whether recorded information in the memory is overridden. |
| No 1 Packet Info | Packet information. |
| Interface Name | Port for transmitting information about attack source tracing. |
| PeVlanid | Single VLAN tag or outer VLAN tag. |
| CeVlanid | Inner VLAN tag. |
| CAR Index | CAR index of packet. |
| Attack Type | Attack type. |
| Attack Trace Data | Data recorded by attack source tracing. |
| Attack Pack Time | Time when an attack packet is received. |
| Type Of Service | Service type. |
| L2 Type | Layer 2 link type. |
| Ethernet type | Ethernet type. |
| Source Mac | Source MAC address. |
| Source Ip | Source IP address. |
| Source IPv6 | Source IPv6 address. |
| Destination Mac | Destination MAC address. |
| L3 Type | Layer 3 protocol type. |
| Version | Version. |
| Traffic Class | Service type. |
| Flow Label | Flow label. |
| Payload Length | Payload length. |
| Next Header | IPv6 protocol number. |
| Header Length | Length of the header of the Layer 3 protocol type. |
| Hop Limit | Maximum number of hops. |
| Dest Ip | Destination IP address. |
| Dest IPv6 | Destination IPv6 address. |
| Total Length | Total length of the IP data packet. |
| Identification | Unique ID identifying the IP data packet. |
| Fragment Offset | Offset value of the fragmented packet. |
| TTL | TTL value. |
| Protocol Num | Protocol number. |
| Checksum | IP head checksum. |