netstream tcp-flag enable

Usage Scenario

Each TCP field contains the source and destination port numbers for querying the source and destination application programs. Source and destination port numbers, together with source and destination IP addresses in the IP field, can uniquely identify a TCP connection. There are six flag bits (URG, ACK, PSH, RST, SYN, and FIN) in a TCP packet header. The flag bits, together with the destination IP address, source IP address, destination port number, and source port number of a TCP packet, identify the function and status of the TCP packet on a TCP connection. Based on the TCP packet status, the NMS determines whether the network is attacked by TCP packets.

The original flow statistics collection function collects statistics about TCP flags regardless of whether TCP flag statistics collection is enabled. TCP flag information is recorded in the flag field. The system does not classify traffic based on TCP flags. If TCP flag statistics collection is enabled, a new flow is created for each flag. The NMS checks the traffic volume of each flag and determines whether the network is attacked using TCP packets.

Precautions

Only original flows, not aggregated flows, support the collection of TCP flag statistics.

A new flow is created for each flag. Therefore, when TCP flag statistics collection is enabled, the number of original flows in the system greatly increases.

After enabling TCP flag statistics collection, configure sampling functions.