Open topic with navigation

Countermeasures

The Countermeasures section of the Mitigation Console page is comprised of the following.

To access the TPS Zone Mitigation Console page, navigate as follows:

  1. Go to Incidents > Mitigation Console.

  2. (Optional) Click the Packet Debugger button across the upper-right side of the Mitigation Console. A Packet Debugger page appears.

    The Packet Debugger shows packets that are forwarded and dropped by mitigation based on the parameters selected. Forwarded packets are in green, whereas dropped packets are shown in red.

    Table 37 : Countermeasures

    Field

    Purpose

    Capture Name

    Auto populated by the UUID.

    Max Packets Per Device

    Enter the maximum number of packets to capture from a device before it stops.

    Protocols

    Select the check boxes for the protocols to be captured. Leave all the boxes unchecked, if you want to capture all protocols. For example, select the IP and TCP to capture IPv4 TCP packets.

    Berkley Packet Filter

    Enter in Berkeley Packet Filter syntax, the expressions to filter packets, for example, IP Proto 47.

    Device

    Select either All to capture packets from all the devices in an incident or select a single device for capture.

    Time out

    Enter the maximum capture duration. If the maximum packet counter per device is reached first, the capture will automatically stop. This is a required field.

    Max Packet Length

    Enter the maximum allowable size packet value.

    Egress Only

    Select the check box to enable capture of all packets forwarded to the destination entry.

    File Size

    Enter the maximum file size value.

    Regex Finder

    Field to search for a pattern in the payload of a packet, for example Host:*

    Start

    Click the button to begin packet debugging. When the process has already begun, the Start button is replaced by a Stop button. Select Stop to manually halt the process or wait until time is up for the full captured packet session. A table displays the last 9 captured packets in real-time. When the capture is stopped, a table index is displayed with all captured packets.

    Search

    The Search bar is used to search packets.
NOTE: The ongoing capture will not show index and timestamp of capture. Click on a Packet to select. Use the up and down arrows on the keyboard to select the previous or next packet.
Table 38 : Packet Debugger

Zone Service

Description

Index

Displays the Index sequence.

Time

Displays the Timestamp of the packet.

CC

Displays the Geo-location of source IP address.

Source

Displays the Source IP address.

Port

Displays the Source Port information.

CC

Displays the Geo-location of destination IP address.

Destination

Displays the Destination IP address.

Port

Displays the Destination Port information.

Protocol

Displays the Protocol involved (TCP, UDP, ICMP, ARP, Other).

Length

Displays the length of packet.

Device

Displays the device involved with packet capture.

Drop Reason

Displays the reason for dropped packet.

Match

Displays the string in payload that matches regex filter.

The following topics are covered:

COMPANY INFORMATION: Copyright © 2025 A10 Networks, Inc. All Rights Reserved. Legal Notice