Creating a Global Defense Packet Capture Task

A global defense packet capture task captures discarded packets, including those discarded by non-anti-DDoS policies such as malformed packet check and packet filtering. In so doing, causes for service interruption are exploited. After a packet capture operation is complete, the global discarding packet capture becomes in Disable state. Enable this task upon the next packet capture operation.

Prerequisites

Service configurations are complete.
The packet capture length was configured. For details, see Configuring the Packet Capture Length.

Context

The detecting device detects traffic, but does not process the traffic. Only the cleaning device can discard packets. Therefore, when you create a global discarding packet capture task, Device can be only the cleaning device.

Procedure

Choose Defense > Policy Settings > Packet Capture.
On the Packet Capture Task page, click .
On the Create Packet Capture Task page, select Global Defense Matched from the Type drop-down list.

Set other basic parameters. For details, see Table 1.

**Table 1** Creating a packet capture task
Parameter	Description	Reference Value
Task Name	Indicates the packet capture task name.	The name cannot be null and can contain letters, digits and special characters "!", "@", "#", "$", "*", "^", "+", "-", "=", "\|", "}", "{", "]", "[", ";", "?", "/", ".".
Sampling Ratio	Indicates the ratio of the number of packets complying with packet capture conditions to that of captured packets.	The default value is 1024:1. In this value, the device captures one packet from 1024 packets that match packet capture conditions.
Captured Packet	If the packet capture type is Global Defense Matched or ACL Matched, the value is the sum of packets captured by the device. When the number of captured packets hits Captured Packet and a packet capture operation is complete, the packet capture task becomes in Disable state. If packets are captured on the basis of Zone Attack Matched and Zone Anomaly Matched, the number of captured packets is the number of packets (of the same attack or anomaly) captured by each CPU. For example, a device has four CPUs, Captured Packet is set to 1000. If an attack with ACK and UDP flood attack packets is launched, the packet capture result is as follows: 4 x 1000 ACK flood attack packets are captured and four packet capture files are generated. 4 x 1000 UDP flood attack packets are captured and four packet capture files are generated. After the packet capture operation is complete, the packet capture task is in Enable state. Capture packets upon the next attack.	The default value is 1000.
Packet capture duration	Indicates the period from the time when a packet capture task starts to the time when the packet capture task ends.	The value ranges from 5 to 3600, in seconds. If the packet capture durationis not specified, the default value 0 is used, indicating that packet capture duration is not limited.

Click Next.
Click , click Cleaning Device to add network elements, and click OK.
On the Create Packet Capture Task page, click Finish.
The Packet Capture Task page is displayed, with the packet capture task in the list.
Select the check box of a packet capture task and click to enable the task.

Only one global packet capture task can be enabled on an AntiDDoS within a period of time.

Follow-up Procedure

You can disable, view, or delete a packet capture task by referring to Managing Packet Capture Tasks.