Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

Connection state information?

I am trying to figure out how to display TCP connections that were initiated from an outside interface. Maybe I am missing something, but I can't seem to find this in the "show conn" command. I tried the "show conn state conn_inbound", but that just gives me this:

121 in use, 4202 most used

I want to see the connection detail. I also don't see anything in the description of the "flags" output that tells me if the connection were initiated from the outside or the inside. Am I missing something or is there just no way to do this?

Thanks,

-Jeff

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: Connection state information?

You can find the meaning of flags using this command-

Flags: A - awaiting inside ACK to SYN, a - awaiting outside ACK to SYN,

B - initial SYN from outside, C - CTIQBE media, D - DNS, d - dump,

E - outside back connection, F - outside FIN, f - inside FIN,

G - group, g - MGCP, H - H.323, h - H.225.0, I - inbound data,

i - incomplete, J - GTP, j - GTP data, K - GTP t3-response

k - Skinny media, M - SMTP data, m - SIP media, O - outbound data,

P - inside back connection, q - SQL*Net data, R - outside acknowledged FIN,

R - UDP SUNRPC, r - inside acknowledged FIN, S - awaiting inside SYN,

s - awaiting outside SYN, T - SIP, t - SIP transient, U - up

X - inspected by service module

ASA-5520-CSC-Standalone#

Now .. when you do a "show conn", you'll recieve the connections with the Flags at the end of it. In the flags field, if you see "B", it means connection was initiated from a lower security level interface, i.e, outside to inside.

B - initial SYN from outside

Hope this clears the question.

Regards,

Vibhor.

3 REPLIES
Silver

Re: Connection state information?

You can find the meaning of flags using this command-

Flags: A - awaiting inside ACK to SYN, a - awaiting outside ACK to SYN,

B - initial SYN from outside, C - CTIQBE media, D - DNS, d - dump,

E - outside back connection, F - outside FIN, f - inside FIN,

G - group, g - MGCP, H - H.323, h - H.225.0, I - inbound data,

i - incomplete, J - GTP, j - GTP data, K - GTP t3-response

k - Skinny media, M - SMTP data, m - SIP media, O - outbound data,

P - inside back connection, q - SQL*Net data, R - outside acknowledged FIN,

R - UDP SUNRPC, r - inside acknowledged FIN, S - awaiting inside SYN,

s - awaiting outside SYN, T - SIP, t - SIP transient, U - up

X - inspected by service module

ASA-5520-CSC-Standalone#

Now .. when you do a "show conn", you'll recieve the connections with the Flags at the end of it. In the flags field, if you see "B", it means connection was initiated from a lower security level interface, i.e, outside to inside.

B - initial SYN from outside

Hope this clears the question.

Regards,

Vibhor.

Silver

Re: Connection state information?

Forgot .. the command to get the meaning of flags is-

show conn detail

New Member

Re: Connection state information?

Ok, thanks Vibhor! When I read the "B - initial SYN from outside" I took it to mean that this was an embryonic connection (handshake not complete).

268
Views
5
Helpful
3
Replies
CreatePlease to create content