With the inital syn from outside being only in B, would that mean that 2 is B, and 1 is A?
On Thu, Jun 3, 2010 at 11:09 AM, Tyson Scott <[email protected]> wrote: > Kings, > > > > Well it is a tough question for sure. The pictures are depicting a TCP > flow. from SYN to FIN. The flags are data giving you detail as to the > state of the connection at the time you use the command "show conn" or "show > conn detail" > > > > So for the SYN packet we have > > saA and saAB which are > > s = awaiting outside SYN > > a = awaiting inside ACK to SYN > > A = awaiting outside ACK to SYN > > B = initial SYN from outside > > > > So the only difference from outside to inside and inside to outside is the > B flag for "initial SYN from outside" > > > > It then gets easier with the SYN+ACK > > A and aB > > Which we have already described what each is above. > > > > And so on and So forth > > > > So for you below you have the UIO which signifies it is Up Inbound Data and > Outbound Data. Meaning the connection is established and data is traversing > both ways. It would be very difficult to get the other flags unless you > just happened to catch it at the right time. Here I did the same test on > our production firewall and it was difficult for me to get an initial SYN > request. > > > > firewall# show conn | incl saA > > firewall# show conn | incl saA > > firewall# show conn | incl saA > > firewall# show conn | incl saA > > firewall# show conn | incl saA > > TCP outside 74.125.95.96:80 inside 10.2.24.121:63283, idle 0:00:00, bytes > 0, flags saA > > firewall# > > > > But here are some more examples of the others as well. > > > > TCP outside 92.233.98.59:50961 inside 209.124.41.100:443, idle 0:00:02, > bytes 2795, flags UIOB > > TCP outside 92.233.98.59:50887 inside 209.124.41.100:443, idle 0:05:06, > bytes 3054, flags UfIOB > > TCP outside 92.233.98.59:50856 inside 209.124.41.100:443, idle 0:07:37, > bytes 3054, flags UfIOB > > TCP outside 92.233.98.59:50841 inside 209.124.41.100:443, idle 0:08:57, > bytes 3054, flags UfFRIOB > > > > > > Regards, > > > > Tyson Scott - CCIE #13513 R&S, Security, and SP > > Managing Partner / Sr. Instructor - IPexpert, Inc. > > Mailto: [email protected] > > Telephone: +1.810.326.1444, ext. 208 > > Live Assistance, Please visit: www.ipexpert.com/chat > > eFax: +1.810.454.0130 > > > > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco > CCIE (R&S, Voice, Security & Service Provider) certification(s) with > training locations throughout the United States, Europe, South Asia and > Australia. Be sure to visit our online communities at > www.ipexpert.com/communities and our public website at www.ipexpert.com > > > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Kingsley Charles > *Sent:* Thursday, June 03, 2010 9:06 AM > *To:* [email protected] > *Subject:* [OSL | CCIE_Security] Flags - sh conn - ASA > > > > Hi > > Flash card - IPS module - 25th question. There is screenshot of sh conn > flags and it asks to map which is inbound and outbound. > Can someone explain that screenshot. I am not able to get that king of O/P > with sh conn options. > > This is what I get in my ASA. > > ciscoasa(config)# sh conn detail > 1 in use, 2 most used > Flags: A - awaiting inside ACK to SYN, a - awaiting outside ACK to SYN, > B - initial SYN from outside, b - TCP state-bypass or nailed, C - > CTIQBE > media, > D - DNS, d - dump, E - outside back connection, F - outside FIN, f - > insi > de FIN, > G - group, g - MGCP, H - H.323, h - H.225.0, I - inbound data, > i - incomplete, J - GTP, j - GTP data, K - GTP t3-response > k - Skinny media, M - SMTP data, m - SIP media, n - GUP > O - outbound data, P - inside back connection, p - Phone-proxy TFTP > conne > ction, > q - SQL*Net data, R - outside acknowledged FIN, > R - UDP SUNRPC, r - inside acknowledged FIN, S - awaiting inside > SYN, > s - awaiting outside SYN, T - SIP, t - SIP transient, U - up, > V - VPN orphan, W - WAAS, > X - inspected by service module > TCP outside:10.20.30.40/23 inside:10.20.30.42/20257, > flags UIO, idle 13m35s, uptime 13m42s, timeout 1h0m, bytes 158 > > > > > With regards > Kings > > No virus found in this incoming message. > Checked by AVG - www.avg.com > Version: 9.0.819 / Virus Database: 271.1.1/2914 - Release Date: 06/03/10 > 02:25:00 > > > > No virus found in this incoming message. > Checked by AVG - www.avg.com > Version: 9.0.819 / Virus Database: 271.1.1/2914 - Release Date: 06/03/10 > 02:25:00 > > > > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
