Re: Showing PIX traffic

In article <1141146397.951191.305250@e56g2000cwe.googlegroups.com>,
Newbie72 <sjohnson@brookshospital.org> wrote:
>Try show conn

To solve what problem? The previous postings may be immediately
visible to you via googlegroups, but they aren't immediately visible
to the regulars here who use real newsreaders.

Perhaps you are referring to the following:

>In article <yYGdnfqNYekcOp7ZRVn-og@comcast.com>,
>Jon Doe <jdoe@comcast.net> wrote:

>>>I know I can use "show access-list" to show hit counts, but what's a
>>>command
>>>I can type to show a destination address (on my side), who's trying to hit
>>>it (from the outside), and if the traffic was allowed or denied without
>>>leaving the console?

If so then you should be aware that "show conn" only shows -current-
connections, and does not show -previous- connections nor denied
connections. "show conn" is thus not adequate to track particular
incidents from the console.

"logging buffer debug" together with "show log" get you into the
right ballpark, in that the recorded log entries would include the
Built or Deny connection messages, but that log is not very big
and the entries quickly disappear if you have more than a trickle of
traffic.

"logging trap debug" and "logging host IP" allow you to put up a syslog
server on which you could look at historical information, but that
doesn't meet the requirement for "from the console." The logging
information also does not tell you anything about bandwidth usage.

The only PIX facility that combines the ability to snapshot information
and examine it from the console at will, is the "capture" command --
and even then you have to -deduce- what happened rather than having
some kind of transactional annotation per packet.
Received on Mon May 1 00:53:39 2006