show services stateful-firewall statistics
구문
show services stateful-firewall statistics <application-protocol protocol> <brief | detail | extensive | summary> <interface interface-name> <service-set service-set>
설명
스테이트풀 방화벽 통계를 표시합니다.
옵션
none | 모든 스테이트풀 방화벽 통계에 대한 표준 정보를 표시합니다. |
brief | detail | extensive | summary | (선택 사항) 지정된 출력 수준을 표시합니다. |
interface interface-name | (선택 사항) 특정 인터페이스에 대한 정보를 표시합니다. M 시리즈 및 T 시리즈 라우터에서 은 |
service-set service-set | (선택 사항) 특정 서비스 세트에 대한 정보를 표시합니다. |
필요한 권한 수준
보기
출력 필드
표 1 에는 명령의 출력 필드가 나열되어 있습니다 show services stateful-firewall statistics
. 출력 필드는 나타나는 대략적인 순서대로 나열됩니다.
필드 이름 |
필드 설명 |
---|---|
|
적응형 서비스 인터페이스의 이름입니다. |
|
서비스 세트의 이름입니다. |
|
새 흐름에 대한 규칙 일치 카운터:
|
|
기존 흐름에 대한 규칙 일치 카운터:
|
|
헤어핀 카운터:
|
|
드롭 카운터:
|
|
프로토콜별로 분류된 총 오류:
|
|
IPv4 오류:
|
|
TCP 프로토콜 오류:
|
|
UDP 프로토콜 오류:
|
|
ICMP 프로토콜 오류:
|
|
ALG 컨텍스트에서 별도로 계산된 모든 ALG(Application-Level Gateway Protocol) 드롭의 누적:
|
|
|
샘플 출력
show services stateful-firewall statistics extensive
user@host> show services stateful-firewall statistics extensive Interface: ms-1/3/0 Service set: interface-svc-set New flows: Rule Accepts: 907, Rule Discards: 0, Rule Rejects: 0 Existing flow types packet counters: Accepts: 3535, Drop: 0, Rejects: 0 Haripinning counters: Slow Path Hairpinned Packets: 0, Fast Path Hairpinned Packets: 0 Drops: IP option: 0, TCP SYN defense: 0 NAT ports exhausted: 0, Sessions dropped due to subscriber flow limit: 0 Errors: IP: 0, TCP: 0 UDP: 0, ICMP: 0 Non-IP packets: 0, ALG: 0 IP errors: IP packet length inconsistencies: 0 Minimum IP header length check failures: 0 Reassembled packet exceeds maximum IP length: 0 Illegal source address: 0 Illegal destination address: 0 TTL zero errors: 0, Illegal IP protocol number (0 or 255): 0 Land attack: 0 Non-IPv4 packets: 0, Bad checksum: 0 Illegal IP fragment length: 0 IP fragment overlap: 0 IP fragment reassembly timeout: 0 IP fragment limit exceeded:0 Unknown: 0 TCP errors: TCP header length inconsistencies: 0 Source or destination port number is zero: 0 Illegal sequence number and flags combination: 0 SYN attack (multiple SYN messages seen for the same flow): 0 First packet not a SYN message: 0 TCP port scan (TCP handshake, RST seen from server for SYN): 0 Bad SYN cookie response: 0 TCP reconstructor sequence number error: 0 TCP reconstructor retransmissions: 0 TCP partially opened connection timeout (SYN): 0 TCP partially opened connection timeout (SYN-ACK): 0 TCP partially closed connection reuse: 0 TCP 3-way error - client sent SYN+ACK: 0 TCP 3-way error - server sent ACK: 0 TCP 3-way error - SYN seq number retransmission mismatch: 0 TCP 3-way error - RST seq number mismatch: 0 TCP 3-way error - FIN received: 0 TCP 3-way error - invalid flags (PSH, URG, ECE, CWR): 0 TCP 3-way error - SYN recvd but no client flows: 0 TCP 3-way error - first packet SYN+ACK: 0 TCP 3-way error - first packet FIN+ACK: 0 TCP 3-way error - first packet FIN: 0 TCP 3-way error - first packet RST: 0 TCP 3-way error - first packet ACK: 0 TCP 3-way error - first packet invalid flags (PSH, URG, ECE, CWR): 0 TCP Close error - no final ACK: 0 TCP Resumed Flow: 0 UDP errors: IP data length less than minimum UDP header length (8 bytes): 0 Source or destination port is zero: 0 UDP port scan (ICMP error seen for UDP flow): 0 ICMP errors: IP data length less than minimum ICMP header length (8 bytes): 0 ICMP error length inconsistencies: 0 Duplicate ping sequence number: 0 Mismatched ping sequence number: 0 No matching flow: 0 ALG errors: BOOTP: 0, DCE-RPC: 0, DCE-RPC portmap: 0 DNS: 0, Exec: 0, FTP: 0 H323: 0, ICMP: 0, IIOP: 0 Login: 0, NetBIOS: 0, Netshow: 0 Real Audio: 0, RPC: 0, RPC portmap: 0 RTSP: 0, Shell: 0, SIP: 0 SNMP: 0, SQLNet: 0, TFTP: 0 Traceroute: 0 Drop Flows: Maximum Ingress Drop flows allowed: 20 Maximum Egress Drop flows allowed: 20 Current Ingress Drop flows: 0 Current Egress Drop flows: 0 Ingress Drop Flow limit drops count: 0 Egress Drop Flow limit drops count: 0 **If max-drop-flows is not configured, the following is shown** Drop Flows: Maximum Ingress Drop flows allowed: Default Maximum Egress Drop flows allowed: Default
릴리스 정보
Junos OS 릴리스 7.4 전에 소개된 명령입니다.