08-29-2013 05:54 AM - edited 03-11-2019 07:32 PM
Good day!
Please, help me with correct syntax of show conn command...
I need to show all active tcp connections from inside to outside on port 60565...
Thank you...!
Solved! Go to Solution.
08-29-2013 06:15 AM
Hi,
You can also combine that command with the "port"
show conn protocol tcp port 60565
Perhaps there were no active connections on that port while you took the output of the command. Are you sure the port you saw just wasnt some random source port of the connection rather than the destination?
- Jouni
08-29-2013 06:00 AM
Hi,
Well there are a lot of options.
Below is the basic command
show conn
You can use the below commands to get more detailed information
show conn long
show conn detail
You can show certain port connections with the command (with some added parameters)
show conn detail port 60565
Some variation of the below command might also be helpfull
show local-host
Use the "?" (question mark) after the "show local-host" to see what options you have. Same option naturally applies to any other command on the ASA in general.
I would also suggest checking out the ASA Command Reference when you are unclear of the purpose of a certain command. They are listed in alphabetic order
http://www.cisco.com/en/US/docs/security/asa/command-reference/cmdref.html
- Jouni
08-29-2013 06:10 AM
Strange, but it works on PIX 6.3, but on ASA 8.3 the only output I received after show conn detail port 60565
was:
"10698 in use, 17175 most used"
Additionally, show conn protocol tcp works fine - I get all the list of active TCP connections...
08-29-2013 06:15 AM
Hi,
You can also combine that command with the "port"
show conn protocol tcp port 60565
Perhaps there were no active connections on that port while you took the output of the command. Are you sure the port you saw just wasnt some random source port of the connection rather than the destination?
- Jouni
08-29-2013 06:37 AM
Jouni,
you were right again. There are no such active connections... =) The infested notebook went home perhaps.
Are you CCIE? =)
Many thanks to you!
08-29-2013 07:13 AM
Hi,
Not even close to CCIE
Most of what I know has simply come from using the Cisco firewalls. I would say I still have considerable gaps in my knowledge in general.
I recently decided to start getting the Cisco certifications and finished CCNA R&S last week. Now waiting for CCNA Security book to start heading through the Security path. Perhaps later I will continue R&S depending how everything goes.
- Jouni
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide