I am trying to figure out how to display TCP connections that were initiated from an outside interface. Maybe I am missing something, but I can't seem to find this in the "show conn" command. I tried the "show conn state conn_inbound", but that just gives me this:
121 in use, 4202 most used
I want to see the connection detail. I also don't see anything in the description of the "flags" output that tells me if the connection were initiated from the outside or the inside. Am I missing something or is there just no way to do this?
You can find the meaning of flags using this command-
Flags: A - awaiting inside ACK to SYN, a - awaiting outside ACK to SYN,
B - initial SYN from outside, C - CTIQBE media, D - DNS, d - dump,
E - outside back connection, F - outside FIN, f - inside FIN,
G - group, g - MGCP, H - H.323, h - H.225.0, I - inbound data,
i - incomplete, J - GTP, j - GTP data, K - GTP t3-response
k - Skinny media, M - SMTP data, m - SIP media, O - outbound data,
P - inside back connection, q - SQL*Net data, R - outside acknowledged FIN,
R - UDP SUNRPC, r - inside acknowledged FIN, S - awaiting inside SYN,
s - awaiting outside SYN, T - SIP, t - SIP transient, U - up
X - inspected by service module
Now .. when you do a "show conn", you'll recieve the connections with the Flags at the end of it. In the flags field, if you see "B", it means connection was initiated from a lower security level interface, i.e, outside to inside.
B - initial SYN from outside
Hope this clears the question.