For a packet capture file whose packet capture type is ACL Matched,Zone Attack Matched or Zone Anomaly Matched, you can use the packet analysis function to extract the features of abnormal or attack events.
Prerequisites
The packet capture task of ACL Matched,Zone Attack Matched or Zone Anomaly Matched has been created and enabled.
Procedure
- Choose .
- Click the Packet Capture File tab.
- Click
in
the Operation column of a packet capture file to analyze the
file.
The Packet analysis tab displays the analysis result of the packet capture file.
- Optional: In the fingerprint list on the UDP tab, select a fingerprint to be added and click Add Finger. The fingerprint is displayed in the fingerprint list of the protocol type corresponding to the Zone. For details on the protocol types of fingerprints, see Configuring the Zone-based Defense Policy. Fingerprints take effect only after being deployed on the device. For details on the deployment process, see Deploying the Defense Policy.
- Click Close. Return to the Packet Capture File page.