04-14-2009 07:10 AM - edited 03-11-2019 08:18 AM
Hi,
I am seeing strange flags in the output of 'show conn' that seem incorrect to me, and I'm hoping someone can explain why.
According to command ref:
f =inside FIN
F =outside FIN
r =inside acknowledged FIN
R =outside acknowledged FIN
I =inbound data
O =outbound data
U =up
...so, how can I have connections with flags of: UFRIO ??
To me, this translates to a connection that is Up, has had data both In and Out, has seen a FIN from the outside, has seen the outside Acknowledge a FIN, but has NOT seen a FIN from the inside. How can the outside acknowledge a FIN that hasn't been sent?!
These connections eventually close with FIN timeout, so there is something blocking the FIN in one direction.
I have configured 'sysopt connection timewait' on all the Cisco firewalls along the path just in case these are simultaneous closes, but I still see these connections stuck for 10 minutes. I suspect a Juniper firewall, but this does not explain the odd FLAGS...
Any suggestions very welcome!
-phil
04-16-2009 04:55 AM
Time to open a case then?! :)
04-16-2009 12:56 PM
You've got my interests peaked, please update if you find out more.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide