In order to see the traffic that passes through the PIX Firewall and to determine its status, issue the show conn command.
This is sample output from the show conn command for TCP connections:
PixFirewall# show conn protocol TCP detail
2 in use, 2 most used
Flags: A - awaiting inside ACK to SYN, a - awaiting outside ACK to SYN,
B - initial SYN from outside, C - CTIBQE media, D - DNS, d - dump,
E - outside back connection, f - inside FIN, F - outside FIN,
G - group, g - MGCP, H - H.323, h - H.255.0, I - inbound data, i - incomplete,
k - Skinny media, M - SMTP data, m - SIP media
O - outbound data, P - inside back connection,
q - SQL*Net data, R - outside acknowledged FIN,
R - UDP RPC, r - inside acknowledged FIN, S - awaiting inside SYN,
s - awaiting outside SYN, T - SIP, t - SIP transient, U - up
X - inspected by service module
TCP out 126.96.36.199:80 in 10.3.3.4:1404 idle 0:00:00 flags UIO
TCP out 188.8.131.52:80 in 10.3.3.4:1405 idle 0:00:00 flags UIO
In this example, host 10.3.3.4 on the inside has accessed a website at 184.108.40.206.
Various arguments can be passed to the show conn command in order to provide additional information about the connections through the PIX.
Note: In order to show information for all protocols, for example, TCP and UDP, use the show conn detail command.