display deception flow

Function

The display deception flow command displays the deception flow table.

Format

display deception flow

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

The flow table determines traffic conditions (source and destination IP addresses, Layer 2 and Layer 3 protocol types, etc.) and corresponding deception detection actions (detect or not detect).

The configuration of detected network segments, whitelists, or decoy network segment triggers the generation of the flow table.

Example

# Display the deception flow table.

<FW> display deception flow
Slot: 0                                                                         
--------------------------------------------------------------------------------
Flow ID 1 information:                                                          
--------------------------------------------------------------------------------
Priority        :3                                                              
Action          :8                                                              
Causeid         :2                                                              
Vpn-instance    :public                                                         
Eth_type        :Arp                                                            
--------------------------------------------------------------------------------
Flow ID 2 information:                                                          
--------------------------------------------------------------------------------
Priority        :3                                                              
Action          :8                                                              
Causeid         :8                                                              
Vpn-instance    :public                                                         
Protocol        :Tcp                                                            
Tcp_flag        :Syn                                                            
--------------------------------------------------------------------------------
Flow ID 3 information:                                                          
--------------------------------------------------------------------------------
Priority        :3                                                              
Action          :8                                                              
Causeid         :16                                                             
Vpn-instance    :public                                                         
Protocol        :Tcp                                                            
Tcp_flag        :Syn | Ack                                                      
--------------------------------------------------------------------------------
Flow ID 4 information:                                                          
--------------------------------------------------------------------------------
Priority        :3                                                              
Action          :8                                                              
Causeid         :32                                                             
Vpn-instance    :public                                                         
Protocol        :Tcp                                                            
Tcp_flag        :Rst | Ack    
--------------------------------------------------------------------------------
Flow ID 5 information:                                                          
--------------------------------------------------------------------------------
Priority        :1                                                              
Action          :4                                                              
Causeid         :64                                                             
Vpn-instance    :public                                                         
Eth_type        :Arp                                                            
Destination IP  :1.1.1.1/255.255.255.255                                        
--------------------------------------------------------------------------------
Flow ID 6 information:                                                          
--------------------------------------------------------------------------------
Priority        :1                                                              
Action          :4                                                              
Causeid         :128                                                            
Vpn-instance    :public                                                         
Destination IP  :1.1.1.1/255.255.255.255                                        
Protocol        :Tcp                                                            
Tcp_flag        :Syn

**Table 1** Description of the **display deception flow** command output
Item	Description
Slot	Slot ID.
Flow ID n information	Information about flow n in the flow table.
Priority	Flow priority, which ranges from 0 to 10. A smaller value indicates a higher priority. If traffic matches multiple flows in the flow table, the flow with the highest priority takes effect.
Action	Action to be taken on packets that match the flow table: 1: Do not perform deception detection. 2: Discard the packets. 4 or 8: Perform deception detection.
Causeid	Flow type: 1: ARP packets 3: SYN packets 4: SYN-ACK packets 5: RST packets 6: Packets that match the ARP decoy network segment 7: Packets that match the TCP decoy network segment 8: Packets that match the ARP whitelist 9: Packets that match the TCP whitelist 10: Packets that match the flow table 11: UDP packets that match the decoy 12. Packets that match decoy network segments
Vpn-instance	VPN instance.
Destination IP	Destination IP address.
Destination Port	Destination port.
Source IP	Source IP address.
Protocol	Layer 3 protocol type.
Eth_type	Layer 2 protocol type.
Tcp_flag	TCP flag.