http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/s2.html#wp1396672
Table 24-8 Connection Flags Flag Description a awaiting outside ACK to SYN A awaiting inside ACK to SYN b TCP state bypass B initial SYN from outside C Computer Telephony Interface Quick Buffer Encoding (CTIQBE) media connection d dump D DNS E outside back connection f inside FIN F outside FIN g Media Gateway Control Protocol (MGCP) connection G connection is part of a group1 h H.225 H H.323 i incomplete TCP or UDP connection I inbound data k Skinny Client Control Protocol (SCCP) media connection K GTP t3-response m SIP media connection M SMTP data O outbound data p replicated (unused) P inside back connection q SQL*Net data r inside acknowledged FIN R outside acknowledged FIN for TCP connection R UDP RPC2 s awaiting outside SYN S awaiting inside SYN t SIP transient connection3 T SIP connection4 U up V VPN orphan W WAAS X Inspected by the service module, such as a CSC SSM. 1 The G flag indicates the connection is part of a group. It is set by the GRE and FTP Strict fixups to designate the control connection and all its associated secondary connections. If the control connection terminates, then all associated secondary connections are also terminated. 2 Because each row of show conn command output represents one connection (TCP or UDP ), there will be only one R flag per row. 3 For UDP connections, the value t indicates that it will timeout after one minute. 4 For UDP connections, the value T indicates that the connection will timeout according to the value specified using the timeout sip command. ________________________________ From: Kingsley Charles <[email protected]> To: [email protected] Sent: Tue, June 1, 2010 11:47:26 AM Subject: Re: [OSL | CCIE_Security] ASA sh conn flags type it's "sh conn" On Tue, Jun 1, 2010 at 4:16 PM, Kingsley Charles <[email protected]> wrote: Hi all > >Can someone share the link for understanding ASA "ch conn" flags. > >cciedoc would be great..... > >Wtih regards >Kings >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
