Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

show conn flags dont make sense


I am seeing strange flags in the output of 'show conn' that seem incorrect to me, and I'm hoping someone can explain why.

According to command ref:

f =inside FIN

F =outside FIN

r =inside acknowledged FIN

R =outside acknowledged FIN

I =inbound data

O =outbound data

U =up, how can I have connections with flags of: UFRIO ??

To me, this translates to a connection that is Up, has had data both In and Out, has seen a FIN from the outside, has seen the outside Acknowledge a FIN, but has NOT seen a FIN from the inside. How can the outside acknowledge a FIN that hasn't been sent?!

These connections eventually close with FIN timeout, so there is something blocking the FIN in one direction.

I have configured 'sysopt connection timewait' on all the Cisco firewalls along the path just in case these are simultaneous closes, but I still see these connections stuck for 10 minutes. I suspect a Juniper firewall, but this does not explain the odd FLAGS...

Any suggestions very welcome!


New Member

Re: show conn flags dont make sense

Time to open a case then?! :)

New Member

Re: show conn flags dont make sense

You've got my interests peaked, please update if you find out more.