Abnormal Packet Analysis

Function

The anomaly packet analysis chart displays the traffic status of normal and anomaly DNS request packets.

Parameter

Table 1 Query parameters of Abnormal Packet Analysis
Parameter Description
Device Select a device from the drop-down list. Total-Cleaning and Total-Detecting are described as follows:

  • Total-Cleaning:

    Indicates that DNS traffic on all cleaning devices is queried.

  • Total-Detecting:

    • If two or more detecting devices in a defense group work in Load Redundancy mode, the maximum DNS traffic volume in the defense group is queried and the sum of DNS traffic volumes among defense groups is queried.
    • If two or more detecting devices in each defense group work in Load Balancing mode, the sum of DNS traffic volumes within each defense group and among defense groups is queried.
Zone Click , select a Zone on the Zone page that is displayed, and then click OK.
IP address Enter the destination IP address. Both IPv4 and IPv6 addresses are applicable. The DNS traffic destined for the IP address is queried.
Time Click to select the start time and end time of statistics. Or you can change the time values in corresponding text boxes.

The end time should be later than the start time and the interval cannot be longer than one year.

  • If the query interval is longer than or equal to seven days and shorter than one year, statistics are collected daily.
  • If the query interval is longer than or equal to one day and shorter than seven days, statistics are collected hourly.
  • If the query interval is shorter than one day, statistics are collected every five minutes.

Example

If the Device is set to Total-Cleaning and the Zone to Total, the analysis of the normal and anomaly packets within a period of time is displayed in Figure 1.

Figure 1 Anomaly packet analysis

Procedure

  1. Choose Report > Report > DNS Analysis.
  2. Click the Abnormal Packet Analysis tab.
  3. Set query parameters.
  4. Click Search.

    The analysis of the normal and anomaly packets that meet the query conditions is displayed.

  5. Optional: Open or save the query results as files, or send queried reports to the specified email address.

    • Click to open or save the query results as PDF files. A maximum of 10,000 entries can be displayed.
    • Click to open or save the query results as EXCEL files. A maximum of 10,000 entries can be displayed.
    • Click to open or save the query results as CSV files. All data except figures can be displayed.
    • Click to enter a recipient mail address and select an attachment format. Then click OK.

Parent topic: DNS Analysis
Copyright © Huawei Technologies Co., Ltd.