Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2200
Views
0
Helpful
5
Replies

Right syntax of show conn command

Go to solution
Ilya Semenov
Level 1
Level 1

‎08-29-2013 05:54 AM - edited ‎03-11-2019 07:32 PM

Good day!

Please, help me with correct syntax of show conn command...

I need to show all active tcp connections from inside to outside on port 60565...

Thank you...!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni
In response to Ilya Semenov

‎08-29-2013 06:15 AM

Hi,

You can also combine that command with the "port"

show conn protocol tcp port 60565

Perhaps there were no active connections on that port while you took the output of the command. Are you sure the port you saw just wasnt some random source port of the connection rather than the destination?

- Jouni

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎08-29-2013 06:00 AM

Hi,

Well there are a lot of options.

Below is the basic command

show conn

You can use the below commands to get more detailed information

show conn long

show conn detail

You can show certain port connections with the command (with some added parameters)

show conn detail port 60565

Some variation of the below command might also be helpfull

show local-host

Use the "?" (question mark) after the "show local-host" to see what options you have. Same option naturally applies to any other command on the ASA in general.

I would also suggest checking out the ASA Command Reference when you are unclear of the purpose of a certain command. They are listed in alphabetic order

http://www.cisco.com/en/US/docs/security/asa/command-reference/cmdref.html

- Jouni

0 Helpful

Go to solution
Ilya Semenov
Level 1
Level 1
In response to Jouni Forss

‎08-29-2013 06:10 AM

Strange, but it works on PIX 6.3, but on ASA 8.3 the only output I received after show conn detail port 60565
was:

"10698 in use, 17175 most used"

Additionally, show conn protocol tcp works fine - I get all the list of active TCP connections...

0 Helpful

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni
In response to Ilya Semenov

‎08-29-2013 06:15 AM

Hi,

You can also combine that command with the "port"

show conn protocol tcp port 60565

Perhaps there were no active connections on that port while you took the output of the command. Are you sure the port you saw just wasnt some random source port of the connection rather than the destination?

- Jouni

0 Helpful

Go to solution
Ilya Semenov
Level 1
Level 1
In response to Jouni Forss

‎08-29-2013 06:37 AM

Jouni,

you were right again. There are no such active connections... =) The infested notebook went home perhaps.

Are you CCIE? =)

Many thanks to you!

0 Helpful

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni
In response to Ilya Semenov

‎08-29-2013 07:13 AM

Hi,

Not even close to CCIE

Most of what I know has simply come from using the Cisco firewalls. I would say I still have considerable gaps in my knowledge in general.

I recently decided to start getting the Cisco certifications and finished CCNA R&S last week. Now waiting for CCNA Security book to start heading through the Security path. Perhaps later I will continue R&S depending how everything goes.

- Jouni

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card