Connection state information?

Answered Question
Feb 20th, 2007

I am trying to figure out how to display TCP connections that were initiated from an outside interface. Maybe I am missing something, but I can't seem to find this in the "show conn" command. I tried the "show conn state conn_inbound", but that just gives me this:

121 in use, 4202 most used

I want to see the connection detail. I also don't see anything in the description of the "flags" output that tells me if the connection were initiated from the outside or the inside. Am I missing something or is there just no way to do this?

Thanks,

-Jeff

I have this problem too.
0 votes
Correct Answer by vitripat about 9 years 7 months ago

You can find the meaning of flags using this command-

Flags: A - awaiting inside ACK to SYN, a - awaiting outside ACK to SYN,

B - initial SYN from outside, C - CTIQBE media, D - DNS, d - dump,

E - outside back connection, F - outside FIN, f - inside FIN,

G - group, g - MGCP, H - H.323, h - H.225.0, I - inbound data,

i - incomplete, J - GTP, j - GTP data, K - GTP t3-response

k - Skinny media, M - SMTP data, m - SIP media, O - outbound data,

P - inside back connection, q - SQL*Net data, R - outside acknowledged FIN,

R - UDP SUNRPC, r - inside acknowledged FIN, S - awaiting inside SYN,

s - awaiting outside SYN, T - SIP, t - SIP transient, U - up

X - inspected by service module

ASA-5520-CSC-Standalone#

Now .. when you do a "show conn", you'll recieve the connections with the Flags at the end of it. In the flags field, if you see "B", it means connection was initiated from a lower security level interface, i.e, outside to inside.

B - initial SYN from outside

Hope this clears the question.

Regards,

Vibhor.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
vitripat Tue, 02/20/2007 - 12:19

You can find the meaning of flags using this command-

Flags: A - awaiting inside ACK to SYN, a - awaiting outside ACK to SYN,

B - initial SYN from outside, C - CTIQBE media, D - DNS, d - dump,

E - outside back connection, F - outside FIN, f - inside FIN,

G - group, g - MGCP, H - H.323, h - H.225.0, I - inbound data,

i - incomplete, J - GTP, j - GTP data, K - GTP t3-response

k - Skinny media, M - SMTP data, m - SIP media, O - outbound data,

P - inside back connection, q - SQL*Net data, R - outside acknowledged FIN,

R - UDP SUNRPC, r - inside acknowledged FIN, S - awaiting inside SYN,

s - awaiting outside SYN, T - SIP, t - SIP transient, U - up

X - inspected by service module

ASA-5520-CSC-Standalone#

Now .. when you do a "show conn", you'll recieve the connections with the Flags at the end of it. In the flags field, if you see "B", it means connection was initiated from a lower security level interface, i.e, outside to inside.

B - initial SYN from outside

Hope this clears the question.

Regards,

Vibhor.

vitripat Tue, 02/20/2007 - 12:19

Forgot .. the command to get the meaning of flags is-

show conn detail

jedavis Tue, 02/20/2007 - 12:30

Ok, thanks Vibhor! When I read the "B - initial SYN from outside" I took it to mean that this was an embryonic connection (handshake not complete).

Actions

This Discussion