■ Interface—Interface for the flow
■ Protocol—Control protocol of the flow
■ MAC address—Source MAC address of the flow
■ InSlot—For certain flows detected on egress, the possible ingress slot of the
flow
■ Rate (pps)—Rate of the flow
■ Peak Rate (pps)—Peak rate of the flow
■ Time Since Create—Time since the flow was determined to be suspicious,
in hh:mm:sec format
■ Example
host1(config)# show suspicious-control-flow-detection flows
Suspicious Flow Detection System Flows
Peak Time
In Rate Rate since
Interface Protocol MAC address Slot (pps) (pps) Create
----------------- ------- ------------ ----- --- ------- -------
GigabitEthernet 1/0/7 Ethernet ARP 0000.0100.0002 --- 1000030 1000050 00:00:32
*group 3 slot 1 EthernetArpMiss 0000.0100.0003 --- 1000 3000 00:10:10
■ See show suspicious-control-flow-detection flows.
show suspicious-control-flow-detection info
■ Use to display information about suspicious flows.
■ You can specify the following keywords:
■ delta—Displays statistics for the current baseline
■ brief—Displays only suspicious information
■ slot—Displays information for the specific slot
■ Field descriptions
■ Protocol Information
■ Protocol—Control protocol of the flow
■ State
■ OK—Protocol is currently not receiving an excess amount of traffic.
■ Suspicious—Protocol detected as receiving an excess amount of
traffic within the last backoff time in number of seconds.
■ Transitions—Number of times this protocol or priority has transitioned
to the suspicious state
■ Priority Information
■ Priority—Priorities map to a specific queue and color; priority groups
are Hi-Green, Hi-Yellow, Lo-Green and Lo-Yellow.
Denial of Service (DoS) Protection ■ 457
Chapter 7: Passwords and Security
To Next Page
Loading...