Supported Platforms
show ddos-protection protocols culprit-flows
Syntax
Release Information
Command introduced in Junos OS Release 12.3.
Description
Display culprit flow information for protocol groups or individual packet types.
Options
none | — | Display information for all protocol groups and packet types. |
aggregate | — | (Optional) Display DDoS protection information for the aggregate policer. The aggregate option is available for all protocol groups. |
packet-type | — | (Optional) Display information for the specified packet type in the protocol group. The available packet types vary by protocol group. See show ddos-protection protocols for a list of available packet types. |
protocol-group | — | (Optional) Display information for a particular protocol group. See show ddos-protection protocols for a list of available groups. |
Required Privilege Level
view
List of Sample Output
show ddos-protection protocols culprit-flowsshow ddos-protection protocols culprit-flows (Specific Protocol Group)
Output Fields
Table 1 lists the output fields for the show ddos-protection protocols culprit-flows command. Output fields are listed in the approximate order in which they appear.
Table 1: show ddos-protection protocols culprit-flows Output Fields
Field Name | Field Description | Level of Output |
|---|---|---|
Currently tracked flows | Number of active flows that are being tracked as culprit flows by flow detection. | none |
Total detected flows | Total number of culprit flows that have been detected, including those that have recovered or timed out. | none |
Protocol Group | Name of protocol group. | none |
Packet type | Name of packet type in protocol group. | none |
Arriving Interface | Logical interface on which the traffic flow arrived. | none |
Source Address MAC or IP | Source address of the traffic flow, either a MAC address or an IP address. | none |
pps | Rate of the traffic flow in packets per second. | none |
pkts | Number of packets in the traffic flow. | none |
Additional information | Flow ID numbers automatically assigned to flow, with embedded slot ID. The flow ID is prefixed by sub, ifl, or ifd, which indicate the subscriber, logical interface, and physical interface flow aggregation levels. Timestamp that identifies when the flow arrived on the interface. | none |
Sample Output
show ddos-protection protocols culprit-flows
user@host> show ddos-protection protocols culprit-flowsCurrently tracked flows: 3, Total detected flows: 3 Protocol Packet Arriving Source Address group type Interface MAC or IP dhcpv4 aggregate ge-1/2/0.1073741824 192.85.1.2 sub:0001000000000000 2012-10-25 10:25:39 EDT pps:0 pkts:0 bfd aggregate ge-1/2/0.1073741824 192.85.1.2 sub:0001000000000001 2012-10-25 10:25:39 EDT pps:30000 pkts:322137 reject aggregate ge-1/2/0.1073741824 00:10:94:00:00:02 sub:0001000000000002 2012-10-25 10:25:39 EDT pps:0 pkts:0 root@abc> show ddos-protection protocols bfd culprit-flows Currently tracked flows: 1, Total detected flows: 1 Protocol Packet Arriving Source Address group type Interface MAC or IP bfd aggregate ge-1/2/0.1073741824 192.85.1.2 sub:0001000000000001 2012-10-25 10:25:39 EDT pps:30000 pkts:2872642
show ddos-protection protocols culprit-flows (Specific Protocol Group)
user@host> show ddos-protection protocols bfd
culprit-flowsCurrently tracked flows: 1, Total detected flows: 1 Protocol Packet Arriving Source Address group type Interface MAC or IP bfd aggregate ge-1/2/0.1073741824 192.85.1.2 sub:0001000000000001 2012-10-25 10:25:39 EDT pps:30000 pkts:2872642
