Cisco ASA Firewall TCP Connection
Flags.
When troubleshooting TCP connections through the
ASA, the connection flags shown for each TCP
connection provide a wealth of information about the
state of TCP connections to the ASA. This information can be used to
troubleshoot problems with the ASA, as well as problems elsewhere in the
network.
Here is the output of the show conn protocol tcp command,
which shows the state of all TCP connections through the ASA. These connections
can also be seen with the show conn command.
ASA# show conn
protocol tcp
101 in use, 5589 most
used
TCP outside
10.23.232.59:5223 inside 192.168.1.3:52419, idle 0:00:11, bytes 0, flags saA
TCP outside
192.168.3.5:80 dmz 172.16.103.221:57646, idle 0:00:29, bytes 2176, flags UIO
TCP outside
10.23.232.217:5223 inside 192.168.1.3:52425, idle 0:00:10, bytes 0, flags saA
TCP outside
10.23.232.217:443 inside 192.168.1.3:52427, idle 0:01:02, bytes 4504, flags UIO
TCP outside
10.23.232.57:5223 inside 192.168.1.3:52412, idle 0:00:23, bytes 0, flags saA
TCP outside
10.23.232.116:5223 inside 192.168.1.3:52408, idle 0:00:23, bytes 0, flags saA
TCP outside
10.23.232.60:5223 inside 192.168.1.3:52413, idle 0:00:23, bytes 0, flags saA
TCP outside
10.23.232.96:5223 inside 192.168.1.3:52421, idle 0:00:11, bytes 0, flags saA
TCP outside
10.23.232.190:5223 inside 192.168.1.3:52424, idle 0:00:10, bytes 0, flags saA
The next
picture shows the ASA TCP Connection flags at different stages of the TCP state
machine. The
connection flags can be seen with the show conn command on the ASA.
connection flags can be seen with the show conn command on the ASA.
TCP Connection Flag Values
Additionally, in order to view all of the possible
connection flags issue the show connection detail command
on the command line:
ASA# show conn
detail
84 in use, 1537 most
used
Flags: A − awaiting
inside ACK to SYN, a − awaiting outside ACK to SYN,
B − initial SYN from
outside, b − TCP state−bypass or nailed, C − CTIQBE media,
D − DNS, d − dump, E −
outside back connection, F − outside FIN, f − inside FIN,
G − group, g − MGCP, H −
H.323, h − H.225.0, I − inbound data,
i − incomplete, J −
GTP, j − GTP data, K − GTP t3−response
k − Skinny media, M −
SMTP data, m − SIP media, n − GUP
O − outbound data, P −
inside back connection, p − Phone−proxy TFTP connection,
q − SQL*Net data, R −
outside acknowledged FIN,
R − UDP SUNRPC, r −
inside acknowledged FIN, S − awaiting inside SYN,
s − awaiting outside
SYN, T − SIP, t − SIP transient, U − up,
V − VPN orphan, W −
WAAS,
X − inspected by
service module
No comments:
Post a Comment