Get command to see interface statistics on a SSG/ScreenOS
get counter statistics interface <interface>
This will display the following result:
|
Deciphering Output
address spoof
Number of suspected address spoofing attack packets received
auth deny
Number of times user authentication was denied
auth fail
Number of times user authentication failed
big bkstr
Number of packets that are too big to buffer in the ARP back store while waiting for MAC-to-IP address resolution
connections
Number of sessions established since the last boot
encrypt fail
Number of failed Point-to-Point Tunneling Protocol (PPTP) packets
*icmp broadcast
Number of ICMP broadcasts received
icmp flood
Number of ICMP packets that are counted toward the ICMP flood threshold
illegal pak
Number of packets dropped because they do not conform to the protocol standards
in arp req
Number of incoming arp request packets
in arp resp
Number of outgoing arp request packets
in bytes
Number of bytes received
in icmp
Number of Internet Control Message Protocol (ICMP) packets received
in other
Number of incoming packets that are of a different Ethernet type
in packets
Number of packets received
in self
Number of packets addressed to the Management IP address
*in un auth
Number of unauthorized incoming TCP, UDP, and ICMP packets
*in unk prot
Number of incoming packets using an unknown Ethernet protocol
in vlan
Number of incoming vlan packets
in vpn
Number of IPsec packets received
invalid zone
Number of packets destined for an invalid security zone
ip sweep
Number of packets received and discarded beyond the specified ip sweep threshold
land attack
Number of suspected land attack packets received
loopback drop
Number of packets dropped because they cannot be looped back through the security device. An example of a loopback session is when a host in the Trust zone sends traffic to a MIP or VIP address that is mapped to a server that is also in the Trust zone. The security device creates a loopback session that directs such traffic from the host to the MIP or VIP server. mac relearn Number of times that the MAC address learning table had to relearn the interface associated with a MAC address because the location of the MAC address changed
mac tbl full
Number of times that the MAC address learning table completely filled up
mal url
Number of blocked packets destined for a URL determined to be malicious
*misc prot
Number of packets using a protocol other than TCP, UDP, or ICMP
mp fail
Number of times a problem occurred when sending a PCI message between the master processor module and the processor module
no conn
Number of packets dropped because of unavailable Network Address Translation (NAT) connections
no dip
Number of packets dropped because of unavailable Dynamic IP (DIP) addresses
no frag netpak
Number of times that the available space in the netpak buffer fell below 70%
*no frag sess
The number of times that fragmented sessions were greater than half of the maximum number of NAT sessions
no g-parent
Number of packets dropped because the parent connection could not be found
no gate
Number of packets dropped because no gate was available
no gate sess
Number of terminated sessions because there were no gates in the firewall for them
no map
Number of packets dropped because there was no map to the trusted side
no nat vector
Number of packets dropped because the Network Address Translation (NAT) connection was unavailable for the gate
*no nsp tunnel
Number of dropped packets sent to a tunnel interface to which no VPN tunnel is bound
no route
Number of unroutable packets received
no sa
The number of packets dropped because no Security Associations (SA) was defined
no sa policy
Number of packets dropped because no policy was associated with an SA
*no xmit vpnf
Number of dropped VPN packets due to fragmentation
null zone
Number of dropped packets erroneously sent to an interface bound to the Null zone
nvec err
Number of packets dropped because of NAT vector error
out bytes
Number of bytes sents
out defer
Number of deferred outgoing packets
out packets
Number of packets sent
out defer
Number of deferred outgoing packets
out vlan
Number of outgoing vlan packets
ping of death
Number of suspected Ping of Death attack packets received
policy deny
Number of packets denied by a defined policy
port scan
Number of packets that are counted as a port scan attempt
proc sess
Number of times that the total number of sessions on a processor module exceeded the maximum threshold
sa inactive
Number of packets dropped because of an inactive SA
sa policy deny
Number of packets denied by an SA policy
sessn thresh
the threshold for the maximum number of sessions
*slow mac
Number of frames whose MAC addresses were slow to resolve
src route
Number of packets dropped because of the filter source route option
syn frag
Number of dropped SYN packets because of a fragmentation
tcp out of seq
Number of TCP segments received whose sequence number is outside the acceptable range
tcp proxy
Number of packets dropped from using a TCP proxy such as the SYN flood protection option or user authentication
teardrop
Number of packets blocked as part of a suspected Teardrop attack
tiny frag
Number of tiny fragmented packets received
trmn drop
Number of packets dropped by traffic management
trmng queue
Number of packets waiting in the queue
udp hdlen err
Number of packets where the IP header is less than the IP header + UDP header. If IP Total Length is less than 28 bytes (8 bytes UDP header + 20 bytes IP header), it will increase this counter. This type of traffic is not valid.
udp flood
Number of UDP packets that are counted toward the UDP flood threshold
unknown pak
Any packets with an Ethernet type that the firewall does not recognize. Examples would be Spanning Tree or proprietary Cisco protocols that the firewall does not pass or is capable of reading. When the firewall sees a packet with a Ethernet type it does not recognize, it will drop the packet and increment the ‘unknown pak’ counter.
url block
Number of HTTP requests that were blocked
winnuke
Number of WinNuke attack packets received
wrong intf
Number of session creation messages sent from a processor module to the master processor module
wrong slot
Number of packets erroneously sent to the wrong processor module
Sources
http://kb.juniper.net/InfoCenter/index?page=content&id=KB4257
http://kb.juniper.net/InfoCenter/index?page=content&id=KB4261
Comments