No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S12700 V200R013C00 Command Reference

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
display wlan ids attack-detected

display wlan ids attack-detected

Function

The display wlan ids attack-detected command displays information about the detected attacking devices.

Format

display wlan ids attack-detected { all | flood | spoof | wapi-psk | weak-iv | wep-share-key | wpa-psk | wpa2-psk | mac-address mac-address }

Parameters

Parameter

Description

Value

all

Displays information about all types of attacking devices.

-

flood

Displays information about devices launching flood attacks.

-

spoof

Displays information about devices launching spoofing attacks.

-

wapi-psk

Displays information about devices that perform brute force cracking in WAPI-PSK authentication mode.

-

weak-iv

Displays information about devices launching weak IV attacks.

-

wep-share-key

Displays information about devices that perform brute force cracking in WEP-SK authentication mode.

-

wpa-psk

Displays information about devices that perform brute force cracking in WPA-PSK authentication mode.

-

wpa2-psk

Displays information about devices that perform brute force cracking in WPA2-PSK authentication mode.

-

mac-address mac-address

Displays information about the detected attacking devices with specified MAC addresses.

The value is in H-H-H format. An H is a hexadecimal number of 4 digits.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

After attack detection is enabled, you can run the display wlan ids attack-detected command to view information about the attacking devices.

Prerequisites

The attack detection functions of all types have been enabled using the wids attack detect enable command.

Example

# Display information of all current attacking devices.

<HUAWEI> display wlan ids attack-detected all
#AP: Number of monitor APs that have detected the device
AT: Last detected attack type
CH: Channel number
act: Action frame            asr: Association request
aur: Authentication request  daf: Deauthentication frame
dar: Disassociation request  wiv: Weak IV detected
pbr: Probe request           rar: Reassociation request
eaps: EAPOL start frame      eapl: EAPOL logoff frame
saf: Spoofed disassociation frame
sdf: Spoofed deauthentication frame
otsf: Other types of spoofing frames
-------------------------------------------------------------------------------
MAC address     AT     CH   RSSI(dBm)  Last detected time     #AP
-------------------------------------------------------------------------------
000b-c002-9c81  pbr    165  -87        2014-11-20/15:51:13    1
0024-2376-03e9  pbr    165  -84        2014-11-20/15:52:13    1
0046-4b74-691f  act    165  -67        2014-11-20/15:43:33    1
00bc-71b7-171d  pbr    165  -88        2014-11-20/15:41:43    1
00bc-71b7-171f  act    165  -87        2014-11-20/15:44:03    1
-------------------------------------------------------------------------------
Total: 5, printed: 5
Table 11-189  Description of the display wlan ids attack-detected all command output
Item Description

MAC address

  • For spoofing attacks, this parameter indicates the basic service set identifier (BSSID) that forges the MAC address of an AP.
  • For other types of attacks, this parameter indicates the MAC address of the device launching attacks.

AT

Acronym of the attack type.

CH

Channel in which the last attack is detected.

RSSI(dBm)

Average received signal strength indicator (RSSI) of the attack frames detected.

Last detected time

Last time at which an attack is detected.

#AP

Number of APs which detect this attack.

# Display information of an attacking device with the specified MAC address.

<HUAWEI> display wlan ids attack-detected mac-address 8c70-5a47-aad0
act: Action frame            asr: Association request
aur: Authentication request  daf: Deauthentication frame
dar: Disassociation request  wiv: Weak IV detected
pbr: Probe request           rar: Reassociation request
eaps: EAPOL start frame      eapl: EAPOL logoff frame
saf: Spoofed disassociation frame
sdf: Spoofed deauthentication frame
otsf: Other types of spoofing frames
-------------------------------------------------------------------------------
MAC address                           : 8c70-5a47-aad0
Number of detected APs                : 1
Channel                               : 165
RSSI(dBm)                             : -80
Reported AP 1
  AP name                             : ap-13
  Flood attack type                   : pbr
  First detected time(Flood)          : 2014-11-20/15:50:33
  Spoof attack type                   : -
  First detected time(Spoof)          : -
  First detected time(Weak-iv)        : -
  First detected time(WEP)            : -
  First detected time(WPA)            : -
  First detected time(WPA2)           : -
  First detected time(WAPI)           : -
-------------------------------------------------------------------------------
Table 11-190  Description of the display wlan ids attack-detected mac-address mac-address command output
Item Description

MAC address

  • For spoofing attacks, this parameter indicates the basic service set identifier (BSSID) that forges the MAC address of an AP.
  • For other types of attacks, this parameter indicates the MAC address of the device launching attacks.

Number of detected APs

Number of APs which detect this attack.

Channel

Channel in which the last attack is detected.

RSSI(dBm)

Average received signal strength indicator (RSSI) of the attack frames detected.

Reported AP

Information of the AP which detects the attack.

AP name

Name of the AP which detects the attack.

Flood attack type

Flood attacks detected by the AP.

Spoof attack type

Spoofing attacks detected by the AP.

First detected time

First time when an attack is detected by an AP.

Translation
Download
Updated: 2019-04-09

Document ID: EDOC1100065659

Views: 116670

Downloads: 83

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next