Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1869
Views
0
Helpful
2
Replies

PIX connection TCP flags

r.perera
Level 1
Level 1

‎06-04-2006 09:04 PM

Hi,

Could I have a URL to find explanation for these TCP flags in PIX

TCP out 10.49.50.61:7500 in 10.49.53.230:2723 idle 0:09:18 Bytes 225 flags UfrIO

best regards

Labels:
0 Helpful
2 Replies 2

mpalardy
Level 3
Level 3

‎06-05-2006 06:10 AM

Do a "show conn detail" command. The output from the pix will add the the following:

FW# s conn det

Flags: A - awaiting inside ACK to SYN, a - awaiting outside ACK to SYN,

B - initial SYN from outside, C - CTIQBE media, D - DNS, d - dump,

E - outside back connection, F - outside FIN, f - inside FIN,

G - group, g - MGCP, H - H.323, h - H.225.0, I - inbound data, i - incomp

lete,

k - Skinny media, M - SMTP data, m - SIP media, O - outbound data,

P - inside back connection, q - SQL*Net data, R - outside acknowledged FI

N,

R - UDP RPC, r - inside acknowledged FIN, S - awaiting inside SYN,

s - awaiting outside SYN, T - SIP, t - SIP transient, U - up

In your case the flags UfrIO means your outside host does not respond to close the connection. Eventualy the connection will time-out and will be dropped by the pix.

A netstat command on hosts (in a DOS prompt) may help you diagnose the problem.

HTH

Mike

0 Helpful
Customers Also Viewed These Support Documents