show conn

Display all active connections. (Privileged mode.) 

show conn [count] 
          [foreign | local ip [-ip2]] 
          [netmask mask] 
          [protocol tcp | udp | protocol] 
          [fport | lport port1 
          [-port2]] 
          [state [up [,finin] [,finout] 
          [,http_get] 
          [,sip] 
          [,smtp_data] 
          [,smtp_banner] 
          [,smtp_incomplete] 
          [,nojava] 
          [,data_in] 
          [,data_out] 
          [,sqlnet_fixup_data] 
          [,conn_inbound] 
          [,rpc] 
          [,h323] 
          [,dump]]


show conn [count] | [protocol <tcp|udp>] 
             [foreign|local <ip1[-ip2]> [netmask <mask>]] 
             [lport|fport <port1[-port2]>] 
             [state <up[,finin][,finout]
             [,http_get]
             [,smtp_data] 
             [,nojava]
             [,data_in]
             [,data_out]
             [,rpc]
             [,h323] 
             [,sqlnet_fixup_data]
             [,conn_inbound]
             [,sip]>]




show conn state <up[,finin][,finout]
             [,http_get]
             [,smtp_data] 
             [,nojava]
             [,data_in]
             [,data_out]
             [,rpc]
             [,h323] 
             [,sqlnet_fixup_data]
             [,conn_inbound]
             [,sip]>]

Syntax

count Display only the number of used connections. The precision of the displayed count may vary depending on traffic volume and the type of traffic passing through the firewall unit.
foreign | local ip [-ip2] netmask mask Display active connections by the foreign IP address or by local IP address. Qualify foreign or local active connections by network mask.
protocol tcp | udp | protocol Display active connections by protocol type. protocol is a protocol specified by number.
fport | lport port1 [-port2] Display foreign or local active connections by port.
state Display active connections by their current state:
up up
finin FIN inbound
finout FIN outbound
http_get HTTP get
smtp_data SMTP mail data
sip SIP connection
smtp_banner SMTP mail banner
smtp_incomplete Incomplete SMTP mail connection
nojava An outbound command denying access to Java applets
data_in Inbound data
data_out Outbound data
sqlnet_fixup_data SQL*Net data fix up
conn_inbound Onbound connection
rpc RPC connection
h323 H.323 connection
dump Dump clean up connection

Usage Guidelines

The show conn command displays the number and information about the active TCP connections.

You can also view the connection count information from the show conn command using SNMP.

Examples

The following is sample output from the show conn command: 

    show conn
    6 in use, 6 most used
    TCP out 209.165.201.1:80 in 10.3.3.4:1404 idle 0:00:00 Bytes 11391 
    TCP out 209.165.201.1:80 in 10.3.3.4:1405 idle 0:00:00 Bytes 3709 
    TCP out 209.165.201.1:80 in 10.3.3.4:1406 idle 0:00:01 Bytes 2685 
    TCP out 209.165.201.1:80 in 10.3.3.4:1407 idle 0:00:01 Bytes 2683 
    TCP out 209.165.201.1:80 in 10.3.3.4:1403 idle 0:00:00 Bytes 15199 
    TCP out 209.165.201.1:80 in 10.3.3.4:1408 idle 0:00:00 Bytes 2688 
     UDP out 209.165.201.7:24 in 10.3.3.4:1402 idle 0:01:30 
     UDP out 209.165.201.7:23 in 10.3.3.4:1397 idle 0:01:30 
     UDP out 209.165.201.7:22 in 10.3.3.4:1395 idle 0:01:30

In this example, host 10.3.3.4 on the inside has accessed a website at 209.165.201.1. The global address on the outside interface is 209.165.201.7.