https://community.cisco.com/t5/network-security/connection-state-information/m-p/623870#M1025466 <HTML><HEAD></HEAD><BODY><P>Forgot .. the command to get the meaning of flags is-</P><P></P><P>show conn detail</P></BODY></HTML> Tue, 20 Feb 2007 20:19:51 GMT vitripat 2007-02-20T20:19:51Z https://community.cisco.com/t5/network-security/connection-state-information/m-p/623868#M1025462 <P>I am trying to figure out how to display TCP connections that were initiated from an outside interface. Maybe I am missing something, but I can't seem to find this in the "show conn" command. I tried the "show conn state conn_inbound", but that just gives me this:</P><P></P><P>121 in use, 4202 most used</P><P></P><P>I want to see the connection detail. I also don't see anything in the description of the "flags" output that tells me if the connection were initiated from the outside or the inside. Am I missing something or is there just no way to do this?</P><P></P><P>Thanks,</P><P>-Jeff</P> Mon, 11 Mar 2019 09:36:05 GMT https://community.cisco.com/t5/network-security/connection-state-information/m-p/623868#M1025462 jedavis 2019-03-11T09:36:05Z https://community.cisco.com/t5/network-security/connection-state-information/m-p/623869#M1025464 <HTML><HEAD></HEAD><BODY><P>You can find the meaning of flags using this command-</P><P></P><P>Flags: A - awaiting inside ACK to SYN, a - awaiting outside ACK to SYN,</P><P> B - initial SYN from outside, C - CTIQBE media, D - DNS, d - dump,</P><P> E - outside back connection, F - outside FIN, f - inside FIN,</P><P> G - group, g - MGCP, H - H.323, h - H.225.0, I - inbound data,</P><P> i - incomplete, J - GTP, j - GTP data, K - GTP t3-response</P><P> k - Skinny media, M - SMTP data, m - SIP media, O - outbound data,</P><P> P - inside back connection, q - SQL*Net data, R - outside acknowledged FIN,</P><P> R - UDP SUNRPC, r - inside acknowledged FIN, S - awaiting inside SYN,</P><P> s - awaiting outside SYN, T - SIP, t - SIP transient, U - up</P><P> X - inspected by service module</P><P>ASA-5520-CSC-Standalone#</P><P></P><P></P><P>Now .. when you do a "show conn", you'll recieve the connections with the Flags at the end of it. In the flags field, if you see "B", it means connection was initiated from a lower security level interface, i.e, outside to inside.</P><P></P><P>B - initial SYN from outside</P><P></P><P>Hope this clears the question.</P><P></P><P>Regards,</P><P>Vibhor.</P></BODY></HTML> Tue, 20 Feb 2007 20:19:20 GMT https://community.cisco.com/t5/network-security/connection-state-information/m-p/623869#M1025464 vitripat 2007-02-20T20:19:20Z https://community.cisco.com/t5/network-security/connection-state-information/m-p/623870#M1025466 <HTML><HEAD></HEAD><BODY><P>Forgot .. the command to get the meaning of flags is-</P><P></P><P>show conn detail</P></BODY></HTML> Tue, 20 Feb 2007 20:19:51 GMT https://community.cisco.com/t5/network-security/connection-state-information/m-p/623870#M1025466 vitripat 2007-02-20T20:19:51Z https://community.cisco.com/t5/network-security/connection-state-information/m-p/623871#M1025467 <HTML><HEAD></HEAD><BODY><P>Ok, thanks Vibhor! When I read the "B - initial SYN from outside" I took it to mean that this was an embryonic connection (handshake not complete).</P></BODY></HTML> Tue, 20 Feb 2007 20:30:16 GMT https://community.cisco.com/t5/network-security/connection-state-information/m-p/623871#M1025467 jedavis 2007-02-20T20:30:16Z