show conn flags dont make sense

Unanswered Question
Apr 14th, 2009

Hi,

I am seeing strange flags in the output of 'show conn' that seem incorrect to me, and I'm hoping someone can explain why.

According to command ref:

f =inside FIN

F =outside FIN

r =inside acknowledged FIN

R =outside acknowledged FIN

I =inbound data

O =outbound data

U =up

...so, how can I have connections with flags of: UFRIO ??

To me, this translates to a connection that is Up, has had data both In and Out, has seen a FIN from the outside, has seen the outside Acknowledge a FIN, but has NOT seen a FIN from the inside. How can the outside acknowledge a FIN that hasn't been sent?!

These connections eventually close with FIN timeout, so there is something blocking the FIN in one direction.

I have configured 'sysopt connection timewait' on all the Cisco firewalls along the path just in case these are simultaneous closes, but I still see these connections stuck for 10 minutes. I suspect a Juniper firewall, but this does not explain the odd FLAGS...

Any suggestions very welcome!

-phil

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
lrm001c474 Thu, 04/16/2009 - 12:56

You've got my interests peaked, please update if you find out more.

Actions

This Discussion