Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2269
Views
0
Helpful
7
Replies

Show Connections - No Flags?

Go to solution
grizzlyfireguy
Level 1
Level 1

‎04-07-2011 02:18 PM - edited ‎03-11-2019 01:18 PM

Hi all,

I have an old Cisco PIX (I know, out of support, replacing later this year) - and was wondering if anyone would know why when I type in the option "show conn", some connections come back with no flags?

TCP out xxx.xxx.xxx.xxx:443 in xxx.xxx.xxx.xxx:7102 idle 0:01:12 Bytes 7543 flags UIO
UDP out xxx.xxx.xxx.xxx:12001 in xxx.xxx.xxx.xxx:12001 idle 0:01:24 flags -

You see above with flags UIO, but then next one has no flags at all. I am having an issue connecting with a remote server, and I'm not sure but I think this may be one of the reasons?

Any advice/feedback would be much appreciated. I have a PIX 506E 6.3(3).

thanks!

Richard

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Shrikant Sundaresh
Cisco Employee
Cisco Employee

‎04-07-2011 02:34 PM

Hi Richard,

TCP connections have a list of Flags associated with them, since they can be in various stages of a connection.

The second connection is a UDP connection and therefore does not have any flags associated with it.

-Shrikant

P.S.: Please mark the question resolved, if it has been answered. Do rate helpful posts. Thanks.

View solution in original post

0 Helpful
7 Replies 7

Go to solution
grizzlyfireguy
Level 1
Level 1

‎04-07-2011 02:22 PM

It should be noted also that I'm not getting any bytes showing either if you compare the TCP to the UDP above.

0 Helpful

Go to solution
Shrikant Sundaresh
Cisco Employee
Cisco Employee

‎04-07-2011 02:34 PM

Hi Richard,

TCP connections have a list of Flags associated with them, since they can be in various stages of a connection.

The second connection is a UDP connection and therefore does not have any flags associated with it.

-Shrikant

P.S.: Please mark the question resolved, if it has been answered. Do rate helpful posts. Thanks.

0 Helpful

Go to solution
grizzlyfireguy
Level 1
Level 1
In response to Shrikant Sundaresh

‎04-07-2011 02:38 PM

Thanks so much! I hope there's no such think as a silly question!

0 Helpful

Go to solution
Shrikant Sundaresh
Cisco Employee
Cisco Employee
In response to grizzlyfireguy

‎04-07-2011 02:43 PM

Hi Richard,

I firmly believe that there is no such thing as a silly question.

There are actually some flags you may see on a UDP connection though.

D - DNS connection

t,T - SIP connection (t indicates timeout is set to 1 minute; T indicates there is a user defined timeout).

However the usual flags you see beside TCP connections don't apply to UDP connections.

Happy to help.

-Shrikant

0 Helpful

Go to solution
grizzlyfireguy
Level 1
Level 1
In response to Shrikant Sundaresh

‎04-07-2011 02:45 PM

Hi Shrikant,

Should I be concerned if I do not see any flags at all? No bytes as well?

0 Helpful

Go to solution
Shrikant Sundaresh
Cisco Employee
Cisco Employee
In response to grizzlyfireguy

‎04-07-2011 03:21 PM

Hi Richard,

To the best of my knowledge, UDP connections won't show bytes transferred. And there is no concern if there are no flags. Most UDP connections (other than DNS and SIP) will not have any flags associated with them.

-Shrikant

0 Helpful

Go to solution
fernandodeandradework34210
Level 1
Level 1

‎06-03-2024 01:24 PM

Hi Team, 

Just updating, on ASA deployments with dual-imaged SFR modules, UDP connections can also have a X flag, indicating that is 'inspected by service module'.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card