[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1029
  • Last Modified:

Show local-host flags?

Does anyone have a list of flags and what they mean for the show local-host command?  Can this be used in trouble shooting?  Any suggestions for troubleshooting besides the logs?

EX:

Interface inside: 10953 active, 127301 maximum active, 0 denied
local host: <150.114.100.242>,
    TCP connection count/limit = 1/unlimited
    TCP embryonic count = 0
    TCP intercept watermark = unlimited
    UDP connection count/limit = 0/unlimited
  AAA:
  Xlate(s):
    Global XXX.XXX.XXX.242 Local XXX.XXX.XXX.242
  Conn(s):
    TCP out XX.XX.183.134:40328 in XXX.XXX.XXX.242:25 idle 0:00:34 Bytes 1830 flags UFIOB

Thanks

Sunny
0
sunnyd24
Asked:
sunnyd24
  • 3
  • 3
1 Solution
 
grbladesCommented:
Hi sunnyd24,
> Interface inside: 10953 active, 127301 maximum active, 0 denied
Not sure what these mean
> local host: <150.114.100.242>,
Interface IP address
>     TCP connection count/limit = 1/unlimited
1 active TCP connection. No maximum limit defined
>     TCP embryonic count = 0
0 'half open' TCP connections. These are connections where a SYN packet has been received but the connection has not yet been fully established.
>     TCP intercept watermark = unlimited
No idea.
>     UDP connection count/limit = 0/unlimited
0 current UDP connections. No maximum limit defined
>   AAA:
No authentication, or authorisatoion listed.
>   Xlate(s):
>     Global XXX.XXX.XXX.242 Local XXX.XXX.XXX.242
Network Address Translation entries
>   Conn(s):
>     TCP out XX.XX.183.134:40328 in XXX.XXX.XXX.242:25 idle 0:00:34
List of current TCP connections.
> Bytes 1830 flags UFIOB
I assume you are specifically asking about this line?
0
 
sunnyd24Author Commented:
grblades,

Thanks for the break down!  Yes, I was referring to the last line.  I couldn't find anything about the flags for this command in any documentation.  I assume they mean something and could be used in some manner, but I can't find anything on it.

Sunny
0
 
sunnyd24Author Commented:
Hey I found it, for anyone's future use here they are.

Flags: A - awaiting inside ACK to SYN, a - awaiting outside ACK to SYN,
       B - initial SYN from outside, C - CTIQBE media, D - DNS, d - dump,
       E - outside back connection, F - outside FIN, f - inside FIN,
       G - group, g - MGCP, H - H.323, h - H.225.0, I - inbound data, i - incomplete,
       k - Skinny media, M - SMTP data, m - SIP media, O - outbound data,
       P - inside back connection, q - SQL*Net data, R - outside acknowledged FIN,
       R - UDP RPC, r - inside acknowledged FIN, S - awaiting inside SYN,
       s - awaiting outside SYN, T - SIP, t - SIP transient, U - up

tell all your friends and neighbors

Sunny
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
grbladesCommented:
Dont forget to post in the support area and ask for a PAQ/Refund :)
0
 
sunnyd24Author Commented:
I forgot to mention...those flags read RIGHT TO LEFT.  Don't forget.

Sunny
0
 
grbladesCommented:
Thats fine with me.
0
 
RomModCommented:
The question has been PAQ'd and the 500 points have been refunded.
RomMod
Community Support Moderator
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now