Cisco Cisco ASA 5580 Adaptive Security Appliance Leaflet
13-38
思科 ASA 系列命令参考,S 命令
第 13 章 show tcpstat 至 show traffic 命令
show threat-detection statistics top
以下是
show threat-detection statistics top tcp-intercept long 命令的输出示例,括号中为实际源
IP 地址:
ciscoasa# show threat-detection statistics top tcp-intercept long
Top 10 protected servers under attack (sorted by average rate)
Monitoring window size: 30 mins Sampling interval: 30 secs
<Rank> <Server IP:Port (Real IP:Real Port)> <Interface> <Ave Rate> <Cur Rate> <Total>
<Source IP (Last Attack Time)>
--------------------------------------------------------------------------------
1 10.1.0.2:6025 (209.165.200.227:6025) inside 18 709 33911 10.0.0.201 (0 secs ago)
2 10.1.0.2:6026 (209.165.200.227:6026) inside 18 709 33911 10.0.0.201 (0 secs ago)
3 10.1.0.2:6027 (209.165.200.227:6027) inside 18 709 33911 10.0.0.201 (0 secs ago)
4 10.1.0.2:6028 (209.165.200.227:6028) inside 18 709 33911 10.0.0.201 (0 secs ago)
5 10.1.0.2:6029 (209.165.200.227:6029) inside 18 709 33911 10.0.0.201 (0 secs ago)
6 10.1.0.2:6030 (209.165.200.227:6030) inside 18 709 33911 10.0.0.201 (0 secs ago)
7 10.1.0.2:6031 (209.165.200.227:6031) inside 18 709 33911 10.0.0.201 (0 secs ago)
8 10.1.0.2:6032 (209.165.200.227:6032) inside 18 709 33911 10.0.0.201 (0 secs ago)
9 10.1.0.2:6033 (209.165.200.227:6033) inside 18 709 33911 10.0.0.201 (0 secs ago)
10 10.1.0.2:6034 (209.165.200.227:6034) inside 18 709 33911 10.0.0.201 (0 secs ago)
以下是
show threat-detection statistics top tcp-intercept detail 命令的输出示例:
ciscoasa# show threat-detection statistics top tcp-intercept detail
Top 10 Protected Servers under Attack (sorted by average rate)
Monitoring Window Size: 30 mins Sampling Interval: 30 secs
<Rank> <Server IP:Port> <Interface> <Ave Rate> <Cur Rate> <Total> <Source IP (Last Attack
Time)>
----------------------------------------------------------------------------------
1 192.168.1.2:5000 inside 1877 9502 3379276 <various> Last: 10.0.0.45 (0 secs ago)
Sampling History (30 Samplings):
95348 95337 95341 95339 95338 95342
95337 95348 95342 95338 95339 95340
95339 95337 95342 95348 95338 95342
95337 95339 95340 95339 95347 95343
95337 95338 95342 95338 95337 95342
95348 95338 95342 95338 95337 95343
95337 95349 95341 95338 95337 95342
95338 95339 95338 95350 95339 95570
96351 96351 96119 95337 95349 95341
95338 95337 95342 95338 95338 95342
......
interface
显示服务器受到攻击的接口。
avg_rate
显示采样期间内的平均攻击速率(以攻击数
/ 秒为单位)。
current_rate
显示当前攻击速率(以攻击数
/ 秒为单位)。
total
显示攻击总数。
attacker_ip
显示攻击者
IP 地址。
(last_attack_time ago)
显示上一次攻击发生的时间。
表
13-8
show threat-detection statistics top tcp-intercept
字段(续)
字段
说明