Monitoring Sessions on PIX

Unanswered Question
Sep 17th, 2007

Hi everyone,

I just wanna know wht will be the command to monitor the sessions on

the pix.Like on Juniper Netscreen we use get session src-ip X.X.X.X to get the

session details of a particular src-ip to check on which ports it is hitting our firewall, as far as as i know sh conn

will help me in this out.Kindly clarify my doubts

regrds

kunal

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
JORGE RODRIGUEZ Tue, 09/18/2007 - 06:20

That I know of it is show conn as you said

" show conn | inc IP_address "

" show conn " will show all connections and source/destication TCP/UDP ports being hit either inbound or outbound.

JORGE RODRIGUEZ Wed, 09/19/2007 - 08:31

Kunal,

Also you can used these commands to show detail TCP/UDP connections by particular source IP.

"show local-host IP_Address "

"show local-host IP_Address detail "

kunal_shandil Sat, 10/20/2007 - 22:15

One more way

Some Gentelman shared it with me on Yahoo Group:-

To use the capture command

if for example you would like to capture http traffic from an internal proxy

server (ip 192.168.0.1) passing the inside interface

Create an ACL of what you would like to capture

access-list 100 permit tcp host 192.168.0.1 any eq www

then create the capture

capture "name" access-list 100 interface inside

then once traffic has been generated type sh capture "name"

Regrds

K

amit.secure1 Fri, 10/26/2007 - 01:20

Kunal

It would be work fine but it's costly in terms of PIX cpu and memory usage show it's not goood method to see session of daily traffic.....

kunal_shandil Fri, 10/26/2007 - 10:23

Hi Amit,

Yeah thats true but as ASDM has not any function which shows the sessions there itself,we have to use this to see the sessions on CLI and after that we can clear the things. Is there any other way around ??

regrds

K

amit.secure1 Fri, 10/26/2007 - 21:00

You can use sh conn command with detail and count and other supported command to clear ur result.let me know if you are qerying for any other thing

Actions

This Discussion