Packet capture is used to capture network traffic and locate network faults.
In packet capture, the AntiDDoS captures packets according to the packet capture task delivered by the management center. Then the device encapsulates captured packets in a fixed format and sends them to the anti-DDoS collector for resolution.
In actual applications, packet capture is mainly used to analyze and locate network problems. Different packet capture types are applicable to diversified application scenarios:
ACL-based packet capture
When the AntiDDoS does not detect attacks, and packet loss occurs on the protected network or access fails, you can adopt ACL-based packet capture to identify packet types and thereby analyze defense failure.
Global packet capture
A global packet capture task captures discarded packets, including those discarded due to non-anti-DDoS policies such as malformed packet check and packet filtering. In so doing, causes for service interruption are exploited.
Zone attack matched packet capture
The AntiDDoS captures the packets discarded by attacks upon the Zone. This assists in analyzing attack events.
Zone anomaly matched packet capture
The AntiDDoS captures the abnormal packets of different types. This assists in analyzing abnormal events.
After the packet-capture task is complete, the captured packets are saved in the packet-capture file. With the packet-capture file, you can view attack events, trace attack sources, parse attack packets, and extract fingerprints for locating attacks, and obtaining features and details on attackers, so that proper defense policies can be configured. The packet-capture file can also be downloaded to the local for other operations.
Viewing attack events
By viewing abnormal or attack events associated with the packet-capture file, you can analyze their details.
Attack source tracing
You can obtain information about attack sources by using attack source tracing. Additionally, the system adds suspicious source IP addresses to the static blacklist to effectively defend against attacks.
Packet parsing
You can obtain details on each packet by using packet parsing.
Fingerprint extracting
With fingerprint extracting, the system extracts the features of abnormal or attack packets. Additionally, the system adds extracted fingerprints to the Zone fingerprint list as the reference of traffic cleaning.
Packet-capture file download
The packet-capture file can be downloaded to the local for future operations.