show conn details
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-17-2011 03:01 AM - edited 03-11-2019 02:52 PM
Hi
Can u anybody explain what do mean by saA when show connection details command is excuted.
- Labels:
-
NGFW Firewalls

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-17-2011 05:21 AM
You can follow this command reference for the connection flags:
http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/s2.html#wp1396672
Hope that helps.
Thanks,
Varun
Varun Rao
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-17-2011 05:39 AM
Hi Varun,
I geeting the below output
tcp outside 10.17.x.x :3389 inside 172.18.x.x :3166 idle 0:00:00 bytes 0, flags saA
from the above output i think syn request is going to 10.17.x.x but there is no response from that server is it correct ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-17-2011 06:05 AM
Standard TCP protocol requires that the receiver respond to an initial SYN packet with a SYN ACK.
The flags saA indicate that we saw a SYN from an inside client and are awaiting the SYN ACK (sa) from the outside host
and then the ACK (A) from the inside host in response to the SYN ACK.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-17-2011 06:17 AM
so that is what i want to know request is going from inside but there is no response from outside (far end)
is it correct
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-17-2011 06:20 AM
thats correct.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-17-2011 09:04 PM
Thank you
