Extracting Fingerprints from a Packet Capture File

For the packet capture files of Zone Attack Matched or Zone Anomaly Matched, you can obtain the features of anomalies or attacks by extracting fingerprints. The fingerprints can be added to the Zone fingerprint list as the reference of traffic cleaning.

Prerequisites

The packet capture task of Zone Attack Matched or Zone Anomaly Matched has been created and enabled.

Procedure

  1. Choose Defense > Policy Settings > Packet Capture.
  2. Click the Packet Capture File tab.
  3. Click of a packet capture file in the Operation column to extract fingerprints.

    The fingerprint of the packet capture file is extracted and displayed in Fingerprint List on the left area.

  4. Optional: Extract reference fingerprints.

    Reference fingerprints are extracted from normal packets when no anomaly or attack occurs.

    1. Click Select File on the right area of the page.
    2. On the Packet Capture File page that is displayed, select a packet capture file of the same device as the reference file and click OK.

      The fingerprint of the reference file is extracted and displayed in Fingerprint List on the right area.

  5. Optional: In the fingerprint list on the left, select the fingerprint to be added, and then click Add the Fingerprint on the lower part of the page. The fingerprint is displayed in the protocol fingerprint list of a Zone. For details on the protocol types of fingerprints, see Configuring the Zone-based Defense Policy. Fingerprints take effect only after deployed on the device. For details on the deployment process, see Deploying the Defense Policy.
  6. Click Close. Return to the Packet Capture File page.
Parent topic: Managing Packet Capture File
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.