How to display the status of all the TCP connections on the PIX Firewall

TCC_2 · ‎06-22-2009

In order to see the traffic that passes through the PIX Firewall and to determine its status, issue the show conn command.

This is sample output from the show conn command for TCP connections:

PixFirewall# show conn protocol TCP detail

2 in use, 2 most used

Flags: A - awaiting inside ACK to SYN, a - awaiting outside ACK to SYN,

B - initial SYN from outside, C - CTIBQE media, D - DNS, d - dump,

E - outside back connection, f - inside FIN, F - outside FIN,

G - group, g - MGCP, H - H.323, h - H.255.0, I - inbound data, i - incomplete,

k - Skinny media, M - SMTP data, m - SIP media

O - outbound data, P - inside back connection,

q - SQL*Net data, R - outside acknowledged FIN,

R - UDP RPC, r - inside acknowledged FIN, S - awaiting inside SYN,

s - awaiting outside SYN, T - SIP, t - SIP transient, U - up

X - inspected by service module

TCP out 209.165.201.1:80 in 10.3.3.4:1404 idle 0:00:00 flags UIO

TCP out 209.165.201.1:80 in 10.3.3.4:1405 idle 0:00:00 flags UIO

In this example, host 10.3.3.4 on the inside has accessed a website at 209.165.201.1.

Various arguments can be passed to the show conn command in order to provide additional information about the connections through the PIX.

Note: In order to show information for all protocols, for example, TCP and UDP, use the show conn detail command.