Monitoring Suspicious Flows

Purpose

Display suspicious flows.

Action

To display suspicious flows:

host1(config)# show suspicious-control-flow-detection flows
Suspicious Flow Detection System Flows
                                                          Peak            Time
                                                     In   Rate    Rate    since
Interface             Protocol        MAC address    Slot (pps)   (pps)   Create
-----------------     -------         ------------  ----- ---    -------  -------
GigabitEthernet 1/0/7 Ethernet ARP    0000.0100.0002 ---  1000030 1000050 00:00:32   
*group 3 slot 1       EthernetArpMiss 0000.0100.0003 ---  1000    3000    00:10:10

Meaning

Table 79 lists the show suspicious-control-flow-detection flows detail command output fields.

Table 79: show suspicious-control-flow-detection flows Output Fields

Field Name

Field Description

Interface

Interface for the flow

Protocol

Control protocol of the flow

MAC address

Source MAC address of the flow

InSlot

For certain flows detected on egress, the possible ingress slot of the flow

Rate (pps)

Rate of the flow

Peak Rate (pps)

Peak rate of the flow

Time Since Create

Time since the flow was determined to be suspicious, in hh:mm:sec format

Related Documentation

Copyright© 1999-2012 Juniper Networks, Inc. All rights reserved.