4-19
Cisco Traffic Anomaly Detector User Guide
OL-6109-01
Chapter 4 Zone Configuration
Zone Detection
2. Choose ENTER. The following (partial sample) screen appears:
admin@DETECTOR-conf-zone-scannet# show policies statistics
Key Rate Policy
192.168.100.34 73.17 http/80/analysis/syns/dst_ip
N/A 0.17 http/80/analysis/syns/global
Key Ratio Policy
192.168.100.34 1.44
tcp_ratio/any/analysis/syn_by_fin/dst_ip_ratio
80 1.44
tcp_ratio/any/analysis/syn_by_fin/dst_port_ratio
Key Connections Policy
N/A 429.00
tcp_connections/any/analysis/in_nodata_conns/global
The sample screen displays that the detector policies are receiving traffic and
functioning properly.
Zone Detection
After learning the zone traffic characteristics the Detector is ready for zone
detection. The user may wish to command the Detector to detect right after
completing the zone configurations. The Detector would then begin applying its
detection policies.
To detect the zone perform the following:
1. From the Global command group level type the following:
admin@DETECTOR# detect <zone-name>
Or alternatively:
From the Zone command group level type the following:
admin@DETECTOR-conf-zone-<zone-name># detect
Where zone-name specifies a zone name.
