Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
557
Views
0
Helpful
2
Replies

show conn flags dont make sense

pdotchon
Level 1
Level 1

‎04-14-2009 07:10 AM - edited ‎03-11-2019 08:18 AM

Hi,

I am seeing strange flags in the output of 'show conn' that seem incorrect to me, and I'm hoping someone can explain why.

According to command ref:

f =inside FIN

F =outside FIN

r =inside acknowledged FIN

R =outside acknowledged FIN

I =inbound data

O =outbound data

U =up

...so, how can I have connections with flags of: UFRIO ??

To me, this translates to a connection that is Up, has had data both In and Out, has seen a FIN from the outside, has seen the outside Acknowledge a FIN, but has NOT seen a FIN from the inside. How can the outside acknowledge a FIN that hasn't been sent?!

These connections eventually close with FIN timeout, so there is something blocking the FIN in one direction.

I have configured 'sysopt connection timewait' on all the Cisco firewalls along the path just in case these are simultaneous closes, but I still see these connections stuck for 10 minutes. I suspect a Juniper firewall, but this does not explain the odd FLAGS...

Any suggestions very welcome!

-phil

Labels:
0 Helpful
2 Replies 2

pdotchon
Level 1
Level 1

‎04-16-2009 04:55 AM

Time to open a case then?! :)

0 Helpful

lrm001c474
Level 1
Level 1
In response to pdotchon

‎04-16-2009 12:56 PM

You've got my interests peaked, please update if you find out more.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card