03-13-2018 10:17 PM - edited 02-21-2020 07:30 AM
Hi All,
I have output of "show conn" command as below. How do I check which one is the originator of the traffic ?
TCP LAN_Users 10.149.10.11:50707 Mgmt 10.32.11.100:443, idle 0:00:03, bytes 1752, flags UIOB
03-14-2018 12:13 AM
03-14-2018 01:59 AM
@Mohammed al Baqari wrote:Traffic initiated from mgmt to lan
Hi Mohammed,
How to identify which interface originated traffic ?
From Flags ? or Port numbers ?
03-14-2018 08:33 AM - edited 03-14-2018 08:35 AM
Hi,
My guess it that it's lan to mgmt. Look at the ports.
If there are some ports for which you can't tell, search for the B flag (initial SYN from outside) and you'll get your answer (lower to higher if exists, higher to lower if missing).
Thanks, Octavian
03-15-2018 12:25 AM
07-28-2021 07:35 PM
Sorry to say, this answer is wrong.
The traffic is from LAN to Management. Most of the time, the destination ports will be well-known ports and source ports will be random generated.
Thank you.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
Log in to Community
