Monitoring Sessions on PIX

kunal.shandil · ‎09-17-2007

Hi everyone,

I just wanna know wht will be the command to monitor the sessions on

the pix.Like on Juniper Netscreen we use get session src-ip X.X.X.X to get the

session details of a particular src-ip to check on which ports it is hitting our firewall, as far as as i know sh conn

will help me in this out.Kindly clarify my doubts

regrds

kunal

JORGE RODRIGUEZ · ‎09-18-2007

That I know of it is show conn as you said

" show conn | inc IP_address "

" show conn " will show all connections and source/destication TCP/UDP ports being hit either inbound or outbound.

Jorge Rodriguez

JORGE RODRIGUEZ · ‎09-19-2007

Kunal,

Also you can used these commands to show detail TCP/UDP connections by particular source IP.

"show local-host IP_Address "

"show local-host IP_Address detail "

Jorge Rodriguez

kunal_shandil · ‎10-20-2007

One more way

Some Gentelman shared it with me on Yahoo Group:-

To use the capture command

if for example you would like to capture http traffic from an internal proxy

server (ip 192.168.0.1) passing the inside interface

Create an ACL of what you would like to capture

access-list 100 permit tcp host 192.168.0.1 any eq www

then create the capture

capture "name" access-list 100 interface inside

then once traffic has been generated type sh capture "name"

Regrds

K

amit.secure1 · ‎10-26-2007

Kunal

It would be work fine but it's costly in terms of PIX cpu and memory usage show it's not goood method to see session of daily traffic.....

kunal_shandil · ‎10-26-2007

Hi Amit,

Yeah thats true but as ASDM has not any function which shows the sessions there itself,we have to use this to see the sessions on CLI and after that we can clear the things. Is there any other way around ??

regrds

K

amit.secure1 · ‎10-26-2007

You can use sh conn command with detail and count and other supported command to clear ur result.let me know if you are qerying for any other thing