Abnormal Packet Analysis

Function

The anomaly packet analysis chart displays the traffic status of normal and anomaly DNS request packets.

Parameter

**Table 1** Query parameters of Abnormal Packet Analysis
Parameter	Description
Device	Select a device from the drop-down list.
Zone	Click , select a Zone on the Zone page that is displayed, and then click OK.
IP Address	Enter the destination IP address. Both IPv4 and IPv6 addresses are applicable. The DNS traffic destined for the IP address is queried.
Time	Click to select the start time and end time of statistics. Or you can change the time values in corresponding text boxes. The end time should be later than the start time and the interval cannot be longer than one year. If the query interval is longer than or equal to seven days and shorter than one year, statistics are collected daily. If the query interval is longer than or equal to one day and shorter than seven days, statistics are collected hourly. If the query interval is shorter than one day, statistics are collected every five minutes.

Example

If the device is set to DDoS-Cleaning and the Zone to All, the analysis of the normal and anomaly packets within a period of time is displayed in Figure 1.

Figure 1 Anomaly packet analysis

Procedure

Choose Report > Report > DNS Analysis.
Click the Abnormal Packet Analysis tab.
Set query parameters.
Click Search.
The analysis of the normal and anomaly packets that meet the query conditions is displayed.
Optional: Open or save the query results as files, or send queried reports to the specified email address.
- Click to open or save the query results as PDF files. A maximum of 10,000 entries can be displayed.
- Click to open or save the query results as EXCEL files. A maximum of 10,000 entries can be displayed.
- Click to open or save the query results as CSV files. All data except figures can be displayed.
- Click to enter a recipient mail address and select an attachment format. Then click OK.