Connection status

Unanswered Question
Sep 28th, 2007
User Badges:

Hi, need help

In my firewall i have no rule play in inside interface for outbound traffic but i have a rule play for inbound traffic in outside interface saying that from my particular branch network can access my server through SMTP.Just i wanted to know the connections..


But i use the command sh conn state data_out | grep 172.30.x.x,It showing the details given bellow


TCP out 172.x.x.x:1198 in 172.30.x.x:25 idle 8:40:06 Bytes 630 flags UFROB


if i use the command sh conn state data_in | grep 172.30.x.x also, It showing the details same given bellow


TCP out 172.x.x.x:1198 in 172.30.x.x:25 idle 8:40:06 Bytes 630 flags UFROB


Kinldy provide me information..there is no difference in the above connection status in and out inforamtion. Y is it so?..Then how can find which source is generating traffic?

Data_in==inbound conn

Data_out=outbund conn...




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sundar.palaniappan Fri, 09/28/2007 - 11:15
User Badges:
  • Green, 3000 points or more

The flags should help you deteremine whether the connection was initiated from inside or outside.


In your scenario the connection was initiated from outside based on the flag B.


UFROB --> (B) indicates initial SYN from outside


show conn detail would show the flags information.


HTH


Sundar

Actions

This Discussion