show services stateful-firewall conversations
Syntax
Release Information
Command introduced before Junos OS Release 7.4.
pgcp option introduced in Junos OS Release 8.4.
Description
Display information about stateful firewall conversations.
Options
- none
Display standard information about all stateful firewall conversations.
- brief | extensive | terse
(Optional) Display the specified level of output.
- application-protocol protocol
(Optional) Display information about one of the following application protocols:
- bootp—Bootstrap protocol
- dce-rpc—Distributed Computing Environment-Remote Procedure Call protocols
- dce-rpc-portmap—Distributed Computing Environment-Remote Procedure Call protocols portmap service
- dns—Domain Name System protocol
- exec—Exec
- ftp—File Transfer Protocol
- h323—H.323 standards
- icmp—Internet Control Message Protocol
- iiop—Internet Inter-ORB Protocol
- login—Login
- netbios—NetBIOS
- netshow—NetShow
- realaudio—RealAudio
- rpc—Remote Procedure Call protocol
- rpc-portmap—Remote Procedure Call protocol portmap service
- rtsp—Real-Time Streaming Protocol
- shell—Shell
- sip—Session Initiation Protocol
- snmp—Simple Network Management Protocol
- sqlnet—SQLNet
- tftp—Trivial File Transfer Protocol
- traceroute—Traceroute
- winframe—WinFrame
- destination-port destination-port
(Optional) Display information for a particular destination port. The range of values is 0 to 65535.
- destination-prefix destination-prefix
(Optional) Display information for a particular destination prefix.
- interface interface-name
(Optional) Display information about a particular interface. On M Series and T Series routers, the interface-name can be sp-fpc/pic/port or rspnumber. On J Series routers, the interface-name is sp-pim/0/port.
- limit number
(Optional) Maximum number of entries to display.
- pgcp
(Optional) Display information about stateful firewall conversations for Packet Gateway Control Protocol (PGCP) flows.
- protocol protocol
(Optional) Display information about one of the following IP types:
- number—Numeric protocol value from 0 to 255
- ah—IPsec Authentication Header protocol
- egp—An exterior gateway protocol
- esp—IPsec Encapsulating Security Payload protocol
- gre—A generic routing encapsulation protocol
- icmp—Internet Control Message Protocol
- igmp—Internet Group Management Protocol
- ipip—IP-within-IP Encapsulation Protocol
- ospf—Open Shortest Path First protocol
- pim—Protocol Independent Multicast protocol
- rsvp—Resource Reservation Protocol
- sctp—Stream Control Protocol
- tcp—Transmission Control Protocol
- udp—User Datagram Protocol
- service-set service-set
(Optional) Display information for the specific service set.
- source-port source-port
(Optional) Display information for a particular source port. The range of values is 0 to 65535.
- source-prefix source-prefix
(Optional) Display information for a particular source prefix.
Required Privilege Level
view
List of Sample Output
show services stateful-firewall conversationsshow services stateful-firewall conversations destination-port
Output Fields
Table 1 lists the output fields for the show services stateful-firewall conversations command. Output fields are listed in the approximate order in which they appear.
Table 1: show services stateful-firewall conversations Output Fields
Field Name | Field Description |
|---|---|
Interface | Name of an adaptive services interface. |
Service set | Name of a service set. Individual empty service sets are not displayed, but if no service set has any flows, a flow table header is printed for each service set. |
Conversation | Information about a group of related flows.
|
Flow or Flow Prot | Protocol used for this flow. |
Source | Source prefix of the flow, in the format source-prefix-port. |
Destination | Destination prefix of the flow. |
State | Status of the flow:
|
Dir | Direction of the flow: input (I) or output (O). |
Source NAT | Original and translated source IPv4 or IPv6 addresses are displayed if Network Address Translation (NAT) is configured on this particular flow or conversation. |
Frm Count | Number of frames in the flow. |
Destin NAT | Original and translated destination IPv4 or IPv6 addresses are displayed if NAT is configured on this particular flow or conversation. |
Byte count | Number of bytes forwarded in the flow. |
TCP established | Whether a TCP connection was established: Yes or No. |
TCP window size | Negotiated TCP connection window size, in bytes. |
TCP acknowledge | TCP acknowledgment sequence number. |
TCP tickle | Whether TCP inquiry mode is on (enabled or disabled) and the time remaining to send the next inquiry, in seconds. |
Master flow | Flow that initiated the conversation. |
TImeout | Lifetime of the flow, in seconds. |
Sample Output
show services stateful-firewall conversations
user@host> show services stateful-firewall conversations Interface: sp-1/3/0, Service set: green Conversation: ALG Protocol: any, Number of initiators: 1, Number of responders: 1 Flow Prot Source Dest State Dir Frm count TCP 10.58.255.50:33005-> 10.58.255.178:23 Forward I 13 Source NAT 10.58.255.50:33005-> 10.59.16.100:4000 Destin NAT 10.58.255.178:23 -> 0.0.0.0:4000 Byte count: 918 TCP established, TCP window size: 65535, TCP acknowledge: 2502627025 TCP tickle enabled, 0 seconds, Master flow, Timeout: 30 seconds TCP 10.58.255.178:23 -> 10.59.16.100:4000 Forward O 8
show services stateful-firewall conversations destination-port
user@host> show services stateful-firewall conversations
destination-port 21 Interface: sp-0/3/0, Service set: svc_set_trust Interface: sp-0/3/0, Service set: svc_set_untrust Conversation: ALG protocol: ftp Number of initiators: 1, Number of responders: 1 Flow State Dir Frm count TCP 10.50.10.2:2143 -> 10.50.20.2:21 Watch O 0 TCP 10.50.20.2:21 -> 10.50.10.2:2143 Watch I 0 TCP 10.50.20.2:21 -> 10.50.10.2:2143 Watch I 0
