Right syntax of show conn command

Similar Messages

• Question about ACE show Conn command (tcp duration)

  Hello,
  I was checking connections and noticed that I would see the initial connection, but after a short time the connection quits showing up in the counters and the “show conn” command. However the user is still up and working.
  This is the command I used:
  sho conn serverfarm STAGING-HTTPS detail
  The output shows all the connection info from source to destination, and in the ESTABLISHED state.
  However, after maybe 2~3 minutes, when I up arrow I don't see any connection info. The web page is still up. If I refresh the web page, I do see the connections come in.
  Can someone kindly point me to a document or provide an answer on how long should the connection be stored before they are flushed?
  Config profile:
  4 real servers
  HTTPS protocol
  Leastconn for predictor
  sticky based on src/dst IP
  Thanks,
  Raman

  Raman,
  If you would play with a sniffer capture, you could answer the question yourself.
  If the browser loads a flash object or a java applet, once it is loaded, you can still work on the page but there is no data transfer.
  with a sniffer tool you could see the browser closing the connections.
  The default TCP idle timeout on ACE is 1 hour.
  Gilles.

• Cisco ACE - "show conn" command queries

  Hi all,
  i have some queries regarding the "show conn" command in Cisco ACE.
  Working Scenario:
  VIP : 10.10.10.1
  Server 1 : 10.10.20.1
  Server 2 : 10.10.20.2
  Client: 30.30.30.1
  When a client 30.30.30.1 initiates a connection to the VIP on 10.10.10.1, the ACE load balances it to Server 1, 10.10.20.1. Looking at the "show conn" table, it shows that Server 1 is replying back to the Client 30.30.30.1 through the ACE.
  Now, my question is when the ACE returns the traffic to the Client, should the Client be seeing the source IP coming from the VIP or Server 1? My understanding is that the Client should be seeing traffic returning from the VIP. But the show conn table does not seem to suggest so.
  show conn table
  conn-id    np dir proto vlan source                destination           state
  ----------+--+---+-----+----+---------------------+---------------------+------+
  1768       1  in  TCP   10   30.30.30.1:9221   10.10.10.1:80       ESTAB
  41         1  out TCP   52    10.10.20.1:80    30.30.30.1:9221   CLOSED

  Daniel,
  The client is expecting a response from the VIP otherwise there would be an asymmetrical routing problem and conns will never complete.
  The fact that you're seeing 30.30.30.1 as the destination address is just that the server is able to see client's IP address on the request, when your backend servers sends the reply back to the client this response is forced to go through the ACE, when the ACE looks at the packet it matches with a previously conn created on the flow table so it "NATs"  the reply so now the source of the packet is the VIP and destination is 30.30.30.1.
  This is a expected behavior as you're not using S-NAT on your network.
  HTH.
  Pablo

• ACE Sticky Connections, Show Conn Output and Show serverfarm

  Hi Community,
  I'm deploying a Cisco ACE module and I have some questions about sticky connections and about the output of the show conn command and show serverfarm command.
  I have the follwoing configuration:
  rserver host srv_1  ip address 10.4.11.14  inservicerserver host srv_2  ip address 10.4.11.18  inserviceserverfarm host farm_144  rserver srv_1 144    weight 1    inservice  rserver srv_2 144    weight 3    inservice
  sticky ip-netmask 255.255.255.255 address source st_host144
    timeout 10080
    serverfarm farm_144
  class-map match-all vip_144
    2 match virtual-address 10.4.11.208 tcp eq 143
  policy-map type loadbalance first-match lb_144
    class class-default
  policy-map multi-match policy_vip_webcache
    class vip_webcache_144
      loadbalance vip inservice
      loadbalance policy lb_144
      loadbalance vip icmp-reply active
      nat dynamic 411 vlan 411
  We can assume that service policy was applied at the interface vlan. So, let's go to the questions:
  1- If sticky is enabled the output command "show conn" should show just one entry by ip address?
  The real output is:
  DC01-ACE-01-PRIMARY-SW1/context_servidores# show conn | inc :143333046     1  in  TCP   411  10.2.158.87:3616      10.4.11.208:143       ESTAB 286390     3  in  TCP   411  10.2.158.87:3562      10.4.11.208:143       ESTAB310233     1  in  TCP   411  10.1.5.87:3424        10.4.11.208:143       ESTAB
  Look that the ip address 10.2.158.87 is shown 2 times. In same times, the same ip address is shown 4 times to the same VIP and the same port. Is it a normal behavior?
  2- According to the configuration, the srv_2 has weight 3 and srv_1 has weigth 1, but the output of show serverfarm show somethin strange:
  DC01-ACE-01-PRIMARY-SW1/context_servidores# show serverfarm farm_144 serverfarm     : farm_144, type: HOST total rservers : 2 state          : ACTIVE DWS state      : DISABLED ---------------------------------                                                ----------connections-----------       real                  weight state        current    total      failures    ---+---------------------+------+------------+----------+----------+---------   rserver: srv_1       10.4.11.14:144        1   OPERATIONAL     11         386        0   rserver: srv_2       10.4.11.18:144        3   OPERATIONAL     35         66         0
  We can see that the weight is working good, but the total of connections is higher at srv_1 than srv_2. Why?
  Somebody can help me to understand better this problem of if its a normal behavior?
  Thanks in advance!!

  Hi Gaurav,
  About question 1, I got some informations too. It's perfectly normal the client open 2 or more connections at the same time. The client's application is the responsable. We removed the ACE and put the client directly to the server and the result of the total connections opened was the same.
  About question 2, I made some "clears" on the serverfarm, the sticky database and after that, the numbers were more real.
  DC01-ACE-02-SECONDARY-SW1/context_servidores# sh serverfarm farm_webcache_144
  serverfarm     : farm_webcache_144, type: HOST
  total rservers : 2
  state          : ACTIVE
  DWS state      : DISABLED
                                                  ----------connections-----------
         real                  weight state        current    total      failures
     ---+---------------------+------+------------+----------+----------+---------
     rserver: srv_webcache_1
         10.4.11.14:144        1   OPERATIONAL     1025       15499      4436
     rserver: srv_webcache_2
         10.4.11.18:144        2   OPERATIONAL     1794       33471      471
  DC01-ACE-02-SECONDARY-SW1/context_servidores#
  Anyway thank you very much for your feedback.
  Plínio Monteiro

• Show conn info via snmp

  Hi,
  Does the ASA have an SNMP OID which will provide information like the show conn command ?

  2 years later, how's LLDP support via SNMP?
  If Cisco does not support LLDP via SNMP, please remove the wrong information from
  http://tools.cisco.com/ITDIT/MIBS/MainServlet?ReleaseSel=2514&PlatformSel=231&fsSel=705
  Stop lying!

• Show conn state and fix-ups

  Can the show conn state command be used to monitor the connections for fix-up protocols?

  Use the show port status command to display port status information.
  show port status [mod_num[/port_num]]
  Syntax Description
  mod_num
  (Optional) Number of the module.
  /port_num
  (Optional) Number of the port on the module.
  This example shows how to display port status information for all ports:
  Console> show port status
  Port Name Status Vlan Level Duplex Speed Type
  1/1 connected 523 normal half 100 100BaseTX
  1/2 notconnect 1 normal half 100 100BaseTX
  2/1 connected trunk normal half 400 Route Switch
  3/1 notconnect trunk normal full 155 OC3 MMF ATM
  5/1 notconnect 1 normal half 100 FDDI
  5/2 notconnect 1 normal half 100 FDDI

• Show conn in cisco asa

  Hi Team,
  Does the show conn count includes both tcp + udp + embryonic connections.
  Because when i do a calculation in excel from the output of show conn, i got the below output.
  It was extracted from the command "show local-host | include host|count/limit"
  (A):
     Total Sum of TCP embryonic count to host = 331
  (B):
       Total Sum of TCP flow count/limit = 102938
  (C):
       Total Sum of UDP flow count/limit = 3512505
  firewall#show conn count
  1912284 in use, 2000002 most used
  Please let me know how this is caluclated. If show conn count = A+B+C, then i am suspecting that old connection entries are not getting flushed out from the connection table in cisco asa 5580 with version 8.3.2.
  Really im in need of help...

  Hi Kimberly,
  My question was, the count of show conn & show local-host does not match... More over, as the show conn was showing that the max limit of 2 million will be reaching very soon... So, i would like to troubleshoot the output of show local-host | include host|count/limit, where in i could see that one of the webserver has lots of tcp connection (lets say 35000, then the other two servers are consuming udp connections 7lacs,5lacs & 3 lacs, as given below...
  local host: ,
      TCP flow count/limit = 35857/unlimited
      TCP embryonic count to host = 25
      UDP flow count/limit = 0/unlimited
  local host: ,
      TCP flow count/limit = 306/unlimited
      TCP embryonic count to host = 8
      UDP flow count/limit = 736807/unlimited
  local host: ,
      TCP flow count/limit = 246/unlimited
      TCP embryonic count to host = 2
      UDP flow count/limit = 582010/unlimited
  local host: ,
      TCP flow count/limit = 1/unlimited
      TCP embryonic count to host = 0
      UDP flow count/limit = 308412/unlimited
  can you pls let me know any other commands can be executed to know if any huge embryonic/virus attacks/too many broad casts...... Once i clear the local-host, the connections get reduced from a huge value to low value. i reallly do not know if these are geniue traffic or fake ? or do not know if the connection table is not flushing out old entries.. please help

• Cisco ASA get 'show conn all long' info through snmp

  Hi,
  I would need to gather the info about all established connections that I can see on the ASA terminal by using the command
  show conn all long
  for monitoring purposes through snmp. I am browsing several MIBs&OIDs but no one seems to contain this info.
  Does anyone know if this is possible ?
  Thanks.
  Vlad

  im looking for the solution ? did u ever find out if this was possible?

• Where is the "show duplicates" command in iTunes 11?

  I can't find the "show dupicates" command in iTunes 11 and I have a number I want to delete.

  https://discussions.apple.com/message/20438897?ac_cid=op123456#20438897

• IPS Tech Tip - "show tech" command part 2 - IPS dev team webinar

  Hi Folks,
  The IPS product management and development team would like to invite you to this 30-40 minute webinar followed by Q&A sessions. These will be recorded and put on this forum as well. We hope you can attend.
  -Robert
  Robert Albach invites you to attend a Web seminar using WebEx. This event requires registration.
  Topic: Cisco IPS Tech Tips - show tech part 2
  Host: Robert Albach
  This month's Cisco IPS Tech Tip will continue December's show tech command discussion. The show tech command holds a wealth of information regarding your IPS's performance and status. Cisco IPS development team members will continue to talk about what all this information means to you and then answers your questions.
  Date and Time:
  January 27, 2011 10:00 am, Central Standard Time (Chicago, GMT-06:00)
  To register for the online event
  1. Go to https://cisco.webex.com/ciscosales/onstage/g.php?d=202882129&t=a&EA=ralbach%40cisco.com&ET=85576c2dbfd6dca4b756de40b6728a2b&ETR=5d7e40b0e38f564be0a8bd55114369fc&RT=MiM3&p
  2. Click "Register".
  3. On the registration form, enter your information and then click "Submit".
  Once the host approves your registration, you will receive a confirmation email message with instructions on how to join the event.

  Sadly we did not get the recording done. The presentation and the example pcaps  however are on this forum now.
  -Robert

• Clarification on the SHOW TOP command

  Does anyone know much about the Show Top command? I am trying to get specs on the bandwidth utilization of a port. When
  I do the Top command it tells me a percent of utilization. However it looks to be too low. I verified the util using a traffic generator test set and it has results of almost double the util. that the Top command stated. So my thoughts are that if the port is set for 100/Full then the Top stats for Util show only half Dux. Is this so??? I think that I need to double the Top results for util and that will be the true Util for the port. Can anyone verify this????

  you are kind of correct, that it will look like a half duplex utilization because process actually bundles the TX AND rx into the same counter and it also looks at the full duplex bandwidth when calculating the % utilization. So a GE port is really 2000Mbps full-duplex. so, from the traffic generator you are sending at line rate of 1 Gig, the TOP will see that as 50% utilization. Does that make sense. This is how I understand it.

• "SHOW ALL" command in RMAN

  Hi
  I need to understand, what does RMAN use to read configuration info in case of No Recovery catalog.
  We all know that it read from Control file about backup information.
  But, when my database is in NOMOUNT mode, I connect to rman target /
  Then I run show all; command.
  It displays RMAN configuration, Where is this information stored?
  Any idea?
  Thanks in advance

  Hi,
  Did you compare the output of the <show all ;> commands in nomount and mount (or open) mode?
  In nomount you get the defaults :
  RMAN configuration parameters are:
  CONFIGURE RETENTION POLICY TO REDUNDANCY 1; # default
  CONFIGURE BACKUP OPTIMIZATION OFF; # default
  CONFIGURE DEFAULT DEVICE TYPE TO DISK; # default
  CONFIGURE CONTROLFILE AUTOBACKUP OFF; # default
  CONFIGURE CONTROLFILE AUTOBACKUP FORMAT FOR DEVICE TYPE DISK TO '%F'; # default
  CONFIGURE DEVICE TYPE DISK PARALLELISM 1 BACKUP TYPE TO BACKUPSET; # default
  CONFIGURE DATAFILE BACKUP COPIES FOR DEVICE TYPE DISK TO 1; # default
  CONFIGURE ARCHIVELOG BACKUP COPIES FOR DEVICE TYPE DISK TO 1; # default
  CONFIGURE MAXSETSIZE TO UNLIMITED; # default
  CONFIGURE ENCRYPTION FOR DATABASE OFF; # default
  CONFIGURE ENCRYPTION ALGORITHM 'AES128'; # default
  CONFIGURE ARCHIVELOG DELETION POLICY TO NONE; # default
  In mount mode you get the actual settings:
  using target database control file instead of recovery catalog
  RMAN configuration parameters are:
  CONFIGURE RETENTION POLICY TO REDUNDANCY 1; # default
  CONFIGURE BACKUP OPTIMIZATION OFF; # default
  CONFIGURE DEFAULT DEVICE TYPE TO DISK; # default
  CONFIGURE CONTROLFILE AUTOBACKUP ON;
  CONFIGURE CONTROLFILE AUTOBACKUP FORMAT FOR DEVICE TYPE DISK TO '%F'; # default
  CONFIGURE DEVICE TYPE DISK PARALLELISM 1 BACKUP TYPE TO BACKUPSET; # default
  CONFIGURE DATAFILE BACKUP COPIES FOR DEVICE TYPE DISK TO 1; # default
  CONFIGURE ARCHIVELOG BACKUP COPIES FOR DEVICE TYPE DISK TO 1; # default
  CONFIGURE CHANNEL DEVICE TYPE DISK FORMAT '/backup/DB10G/%U';
  CONFIGURE MAXSETSIZE TO UNLIMITED; # default
  CONFIGURE ENCRYPTION FOR DATABASE OFF; # default
  CONFIGURE ENCRYPTION ALGORITHM 'AES128'; # default
  CONFIGURE ARCHIVELOG DELETION POLICY TO NONE; # default
  CONFIGURE SNAPSHOT CONTROLFILE NAME TO '/u01/appl/ora102/product/10.2.0/dbs/snapcf_DB10G.f'; # default
  Regards,
  Tycho

• ORA-12012: error on auto execute of job 754461 ORA-29279: SMTP permanent error: ORA-29279: SMTP permanent error: 501 Syntax error, parameters in command "RCPT TO:" unrecognized or missing ORA-06512: at "SYS.UTL_SMTP", line 20 ORA-06512: at "SYS.UTL_SMTP",

  Hi ,
  I am getting below error frequently in alert log of database.
  ORA-12012: error on auto execute of job 754461
  ORA-29279: SMTP permanent error: ORA-29279: SMTP permanent error: 501 Syntax error, parameters in command "RCPT TO:" unrecognized or missing
  ORA-06512: at "SYS.UTL_SMTP", line 20
  ORA-06512: at "SYS.UTL_SMTP", line 98
  ORA-06512: at "SYS.UTL_SMTP", line 240
  ORA-06512: at "APPS.EIS_UTIL_PKG", line 94
  ORA-06512: at "APPS.HKD_PO_ADDON_PKG", line 110
  ORA-06512: at line 1

  You have a job running in the database. Its job ID is 754461
  It looks as if that job runs APPS.HKD_PO_ADDON_PKG
  That job is attempting to send mail using UTL_SMTP and apparently passing some strange value to SMTP server for the RCPT TO: parameter.

• "Show Diag" command on 3750 IOS 12.1(19)EA1c

  Hi,
  I'm trying to run the "show diag" command on a 3750 with IOS 12.1(19)EA1c and the command is not recongised. I'm in enable mode and cannot find an equivalent command.
  I need to do this as the Cisco Software Advisor is asking for a copy of the output.
  Any pointers gladly recived.
  Cheers,
  Gareth

  Hi,
  The tool you need is the "Feature Navigator" which can be found here:
  http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp
  Launch the tool by selecting "Search by Feature"
  Searching for "802.1x" gives a list of all those features, select "Wake on LAN support" (for example) and click add, then continue.
  The platform box gives a list of all platforms that support the feature, so select 3750.
  The lowest feature set is IP Base (you might have something else but worth checking this first as it's the lowest feature set)
  This gives a list of about 20 versions of software which support the feature so you can see you need at least 12.2(25)SEC to get this particular feature.
  The process is pretty much the same for any feature. If you know the actual command you need (in this case it's "dot1x control-direction" then you could get the same info by just looking it up in the latest command reference as that will also tell you when the feature first appeared.
  Finally, if you just want a list of features for a particular release then use the same link and choose search by platform, but be aware this will be a *long* list.
  HTH
  Andrew.

• Show log command on 4500

  Dear all,
  If I do a show log command on switch it starts showing logs which are several months old.
  How can I filter those to show only last month log -like pipe is one way or anything to be set on switch.
  Also if I do sh log and if it starts showing logs for last 6 months then i can't break it and hence might b causing overhead.
  Please advise.
  Sent from Cisco Technical Support iPhone App

  Hi,
  I believe there is no other options to view the logs options apart from using the pipe filter.
  or we can tune the logging level in such a way to capture only the interested message by applying the below options.
  There are eight levels of logging. If you specify a particular level of logging for console logging, for example the messages of that level and of the higher levels (numerically lower) are forwarded to the console.
  Level
  Logging Message
  0
  Emergencies
  1
  Alerts
  2
  Critical
  3
  Errors
  4
  Warnings
  5
  Notifications
  6
  Informational
  7
  Debugging
  Router(config)# logging monitor error
  Now let us discuss the anatomy of the logging messages. Each message is associated with one of the eight levels of logging, which is referred to as the severity of the message
  Level Name
  Severity
  Description
  Syslog Definition
  Emergencies
  0
  System unusable
  LOG_EMERG
  Alerts
  1
  Immediate action needed
  LOG_ALERT
  Critical
  2
  Critical conditions
  LOG_CRIT
  Errors
  3
  Error conditions
  LOG_ERR
  Warnings
  4
  Warning conditions
  LOG_WARNING
  Notifications
  5
  Normal significant conditions
  LOG_NOTICE
  Informational
  6
  Informational messages only
  LOG_INFO
  Debugging
  7
  Debugging messages
  LOG_DEBUG
  Hope this helps
  Cheers
  Somu
  Rate helpful posts