show security idp counters packet
Syntax
show security idp counters packet <logical-system (logical-system-name | all)> <tenant (tenant-name | all)>
Description
Displays the status of all IDP packet counter values.
Options
| none |
Displays the status of all IDP packet counter values. |
| logical-system logical-system-name |
(Optional) Displays the status of all IDP packet counter values for a specific logical system. |
| logical-system all |
(Optional) Displays the status of all IDP packet counter values for all logical systems. |
| tenant tenant-name |
(Optional) Displays the status of all IDP packet counter values for a specific tenant system. |
| tenant all |
(Optional) Displays the status of all IDP packet counter values for a all tenant systems. |
Required Privilege Level
view
Output Fields
Table 1 lists the output fields for the
show security idp counters packet command. Output fields are listed in
the approximate order in which they appear.
|
Field Name |
Field Description |
|---|---|
|
|
Number of packets processed by the IDP service. |
|
|
Number of packets dropped by the IDP service. The counter for all dropped packets. |
|
|
Number of packets dropped by the IDP policy. The counter for dropped packets due to the action specified in the IDP policy (starting with the attack detection). |
|
|
Number of packets dropped by error. The difference between Reassembly errors lead to packet drops. So all drops shown in |
|
(Unsupported) |
Number of sessions dropped. |
|
|
Number of packets that fail IP header length validity check. |
|
|
Number of packets that contain the optional header fields. |
|
|
Number of packets that are decapsulated. |
|
(Unsupported) |
Number of packets that are generic routing encapsulation (GRE) decapsulated. |
|
(Unsupported) |
Number of packets that are Point-to-Point Protocol (PPP) decapsulated. |
|
(Unsupported) |
Number of uncompressed IP headers that are to be TCP decompressed. |
|
(Unsupported) |
Number of compressed IP headers that are to be TCP decompressed. |
|
(Unsupported) |
Number of deferred IP packets that are sent out. |
|
(Unsupported) |
Number of packets that are IP-in-IP encapsulated. |
|
(Unsupported) |
Number of packets with TTL error in the header. |
|
(Unsupported) |
Number of packets that continue to be routed in an endless circle due to an inconsistent routing state. |
|
(Unsupported) |
Number of packets that could not be routed further. |
|
(Unsupported) |
Number of packets that are identified as IP flood packets. |
|
(Unsupported) |
Number of packets that are identified with an invalid Ethernet header. |
|
|
Number of packets attached. |
|
|
Number of packets that are cloned. |
|
|
Number of packets allocated. |
|
|
Number of packets destructed. |
Sample Output
- show security idp counters packet
- show security idp counters packet logical-system LSYS1
- show security idp counters packet tenant TSYS1
show security idp counters packet
user@host> show security idp counters packet IDP counters: IDP counter type Value Processed packets 27 Dropped packets 0 Dropped by IDP policy 0 Dropped by error 0 Dropped sessions 0 Bad IP headers 0 Packets with IP options 0 Decapsulated packets 0 GRE decapsulations 0 PPP decapsulations 0 TCP decompression uncompressed IP 0 TCP decompression compressed IP 0 Deferred-send packets 0 IP-in-IP packets 0 TTL errors 0 Routing loops 0 STP drops 0 No-route packets 0 Flood IP 0 Invalid ethernet headers 0 Packets attached 28 Packets cloned 28 Packets allocated 0 Packets destructed 55
show security idp counters packet logical-system LSYS1
user@host> show security idp counters packet logical-system LSYS1 IDP counters: Logical System: LSYS1 IDP counter type Value Processed packets 64 Dropped packets 0 Dropped ICMP packets 0 Dropped TCP packets 0 Dropped UDP packets 0 Dropped Other packets 0 Dropped by IDP Policy 0 Dropped by Error 0 Dropped sessions 0 Bad IP headers 0 Packets with IP options 0 Decapsulated packets 0 GRE decapsulations 0 PPP decapsulations 0 GTP decapsulations 0 GTP flows 0 TCP decompression uncompressed IP 0 TCP decompression compressed IP 0 Deferred-send packets 0 IP-in-IP packets 0 TTL errors 0 Routing loops 0 STP drops 0 No-route packets 0 Flood IP 0 Invalid ethernet headers 0 Packets attached 64 IP Packet attach failed 0 Packets cloned 25 Packets allocated 0 Packets destructed 89 Packet data buffer allocated 24 Packet data buffer released 24 Buffer allocation on clone avoided 0 Late buffer allocation on clone 0 Distinct clone request 0 KPP clone buf cache allocated 0 KPP clone buf cache released 0 KPP clone buf cache used 0 KQMSG constructed 69 KQMSG destructed 69 jbuf copy failed 0 jbuf pullup failed 0 jbuf copy done 0 jbuf copy freed 0 jbuf copy reinjected 0
show security idp counters packet tenant TSYS1
user@host> show security idp counters packet tenant TSYS1 IDP counters: Tenant: TSYS1 IDP counter type Value Processed packets 38 Dropped packets 0 Dropped ICMP packets 0 Dropped TCP packets 0 Dropped UDP packets 0 Dropped Other packets 0 Dropped by IDP Policy 0 Dropped by Error 0 Dropped sessions 0 Bad IP headers 0 Packets with IP options 0 Decapsulated packets 0 GRE decapsulations 0 PPP decapsulations 0 GTP decapsulations 0 GTP flows 0 TCP decompression uncompressed IP 0 TCP decompression compressed IP 0 Deferred-send packets 0 IP-in-IP packets 0 TTL errors 0 Routing loops 0 STP drops 0 No-route packets 0 Flood IP 0 Invalid ethernet headers 0 Packets attached 38 IP Packet attach failed 0 Packets cloned 21 Packets allocated 0 Packets destructed 59 Packets destructed in pipeline 0 Packet data buffer allocated 21 Packet data buffer released 21 Buffer allocation on clone avoided 0 Late buffer allocation on clone 0 Distinct clone request 0 KPP clone buf cache allocated 0 KPP clone buf cache released 0 KPP clone buf cache used 0 KQMSG constructed 38 KQMSG destructed 38 KQMSG destructed in pipeline 0 jbuf copy failed 0 jbuf pullup failed 0 jbuf copy done 0 jbuf copy freed 0 jbuf copy reinjected 0
show security idp counters packet tenant all
Tenant: Tn3 IDP counters: IDP counter type Value Processed packets 0 Dropped packets 0 Dropped ICMP packets 0 Dropped TCP packets 0 Dropped UDP packets 0 Dropped Other packets 0 Dropped by IDP Policy 0 Dropped by Error 0 Dropped sessions 0 Bad IP headers 0 Packets with IP options 0 Decapsulated packets 0 GRE decapsulations 0 PPP decapsulations 0 GTP decapsulations 0 GTP flows 0 TCP decompression uncompressed IP 0 TCP decompression compressed IP 0 Deferred-send packets 0 Ktimer entry optimized 0 TTL errors 0 Routing loops 0 STP drops 0 No-route packets 0 Flood IP 0 Invalid ethernet headers 0 Packets attached 0 IP Packet attach failed 0 Packets cloned 0 Packets allocated 0 Packets destructed 0 Packets destructed in pipeline 0 Packet data buffer allocated 0 Packet data buffer released 0 Buffer allocation on clone avoided 0 Late buffer allocation on clone 0 Distinct clone request 0 KPP clone buf cache allocated 0 KPP clone buf cache released 0 KPP clone buf cache used 0 KQMSG constructed 0 KQMSG destructed 0 KQMSG destructed in pipeline 0 jbuf copy failed 0 jbuf pullup failed 0 jbuf copy done 0 jbuf copy freed 0 jbuf copy reinjected 0 Tenant: Tn2 IDP counters: IDP counter type Value Processed packets 0 Dropped packets 0 Dropped ICMP packets 0 Dropped TCP packets 0 Dropped UDP packets 0 Dropped Other packets 0 Dropped by IDP Policy 0 Dropped by Error 0 Dropped sessions 0 Bad IP headers 0 Packets with IP options 0 Decapsulated packets 0 GRE decapsulations 0 PPP decapsulations 0 GTP decapsulations 0 GTP flows 0 TCP decompression uncompressed IP 0 TCP decompression compressed IP 0 Deferred-send packets 0 Ktimer entry optimized 0 TTL errors 0 Routing loops 0 STP drops 0 No-route packets 0 Flood IP 0 Invalid ethernet headers 0 Packets attached 0 IP Packet attach failed 0 Packets cloned 0 Packets allocated 0 Packets destructed 0 Packets destructed in pipeline 0 Packet data buffer allocated 0 Packet data buffer released 0 Buffer allocation on clone avoided 0 Late buffer allocation on clone 0 Distinct clone request 0 KPP clone buf cache allocated 0 KPP clone buf cache released 0 KPP clone buf cache used 0 KQMSG constructed 0 KQMSG destructed 0 KQMSG destructed in pipeline 0 jbuf copy failed 0 jbuf pullup failed 0 jbuf copy done 0 jbuf copy freed 0 jbuf copy reinjected 0
The command "show security idp counters" with options such as action, application-identification, dfa, flow, http-decoder, ips, log, memory, packet, packet-log, pdf-decoder, policy-manager, tcp-reassembler, now displays system names for all IDP counters in addition to root-logical-system counters.
Release Information
Command introduced in Junos OS Release 9.2.
The fields Dropped by IDP policy and Dropped by Error
added in Junos OS Release 10.1.
logical-system option introduced in Junos OS Release 18.3R1.
tenant option introduced in Junos OS Release 19.2R1.