Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

show conn in cisco asa

Hi Team,

Does the show conn count includes both tcp + udp + embryonic connections.

Because when i do a calculation in excel from the output of show conn, i got the below output.

It was extracted from the command "show local-host | include host|count/limit"

(A):

   Total Sum of TCP embryonic count to host = 331

(B):

     Total Sum of TCP flow count/limit = 102938

(C):

     Total Sum of UDP flow count/limit = 3512505

firewall#show conn count

1912284 in use, 2000002 most used

Please let me know how this is caluclated. If show conn count = A+B+C, then i am suspecting that old connection entries are not getting flushed out from the connection table in cisco asa 5580 with version 8.3.2.

Really im in need of help...

  • Firewalling
2 REPLIES

show conn in cisco asa

With the show conn on the ASA, it does take all the connections and add them up for you.  This will include any TCP, any UDP, any hung connections, and any static connections.

Thanks and I hope this helps.

Kimberly

Thanks and Cheers! Kimberly Please remember to rate helpful posts.
New Member

show conn in cisco asa

Hi Kimberly,

My question was, the count of show conn & show local-host does not match... More over, as the show conn was showing that the max limit of 2 million will be reaching very soon... So, i would like to troubleshoot the output of show local-host | include host|count/limit, where in i could see that one of the webserver has lots of tcp connection (lets say 35000, then the other two servers are consuming udp connections 7lacs,5lacs & 3 lacs, as given below...

local host: ,

    TCP flow count/limit = 35857/unlimited

    TCP embryonic count to host = 25

    UDP flow count/limit = 0/unlimited

local host: ,

    TCP flow count/limit = 306/unlimited

    TCP embryonic count to host = 8

    UDP flow count/limit = 736807/unlimited

local host: ,

    TCP flow count/limit = 246/unlimited

    TCP embryonic count to host = 2

    UDP flow count/limit = 582010/unlimited

local host: ,

    TCP flow count/limit = 1/unlimited

    TCP embryonic count to host = 0

    UDP flow count/limit = 308412/unlimited

can you pls let me know any other commands can be executed to know if any huge embryonic/virus attacks/too many broad casts...... Once i clear the local-host, the connections get reduced from a huge value to low value. i reallly do not know if these are geniue traffic or fake ? or do not know if the connection table is not flushing out old entries.. please help

4390
Views
0
Helpful
2
Replies
This widget could not be displayed.