Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

How to display the status of all the TCP connections on the PIX Firewall

Resolution

In order to see the traffic that passes through the PIX Firewall and to determine its status, issue the show conn command.

This is sample output from the show conn command for TCP connections:

PixFirewall# show conn protocol TCP detail

2 in use, 2 most used

Flags: A - awaiting inside ACK to SYN, a - awaiting outside ACK to SYN,

B - initial SYN from outside, C - CTIBQE media, D - DNS, d - dump,

E - outside back connection, f - inside FIN, F - outside FIN,

G - group, g - MGCP, H - H.323, h - H.255.0, I - inbound data, i - incomplete,

k - Skinny media, M - SMTP data, m - SIP media

O - outbound data, P - inside back connection,

q - SQL*Net data, R - outside acknowledged FIN,

R - UDP RPC, r - inside acknowledged FIN, S - awaiting inside SYN,

s - awaiting outside SYN, T - SIP, t - SIP transient, U - up

X - inspected by service module

TCP out 209.165.201.1:80 in 10.3.3.4:1404 idle 0:00:00 flags UIO

TCP out 209.165.201.1:80 in 10.3.3.4:1405 idle 0:00:00 flags UIO



In this example, host 10.3.3.4 on the inside has accessed a website at 209.165.201.1.

Various arguments can be passed to the show conn command in order to provide additional information about the connections through the PIX.


Note: In order to show information for all protocols, for example, TCP and UDP, use the show conn detail command.

Version history
Revision #:
1 of 1
Last update:
‎06-22-2009 03:32 PM
Updated by:
 
Labels (1)