Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation

show security flow session protocol

Syntax

show security flow session protocol ( protocol-name | protocol-number )[brief | extensive | summary]

Release Information

Command introduced in Release 8.5 of Junos OS; Filter and view options introduced in Release 10.2 of Junos OS.

Description

Display information about each session that uses the specified protocol.

Options

protocol-name —(Optional) Protocol to use as a sessions filter. Information about sessions that use this protocol is displayed. Possible protocols are:

  • ah—IP Security Authentication Header
  • egp—Exterior gateway protocol
  • esp—IPsec Encapsulating Security Payload
  • gre—Generic routing encapsulation
  • icmp—Internet Control Message Protocol
  • igmp—Internet Group Management Protocol
  • ipip—IP over IP
  • ospf—Open Shortest Path First
  • pim—Protocol Independent Multicast
  • rsvp—Resource Reservation Protocol
  • sctp—Stream Control Transmission Protocol
  • tcp—Transmission Control Protocol
  • udp—User Datagram Protocol

protocol-number —(Optional) Numeric protocol value. For a complete list of possible numeric values, see RFC 1700, Assigned Numbers (for the Internet Protocol Suite).

Range: 0 through 255

brief | extensive | summary

Display the specified level of output.

Required Privilege Level

view

 

Related Documentation

 

List of Sample Output

show security flow session protocol icmp
show security flow session protocol icmp brief
show security flow session protocol icmp extensive
show security flow session protocol icmp summary

Output Fields

Table 1 lists the output fields for the show security flow session protocol command. Output fields are listed in the approximate order in which they appear.

Table 1: show security flow session protocol Output Fields

Field Name

Field Description

Session ID

Number that identifies the session. You can use this ID to get additional information about the session.

Policy name

Policy that permitted the traffic.

Timeout

Idle timeout after which the session expires.

In

Incoming flow (source and destination IP addresses, application protocol, interface, session token, route, gateway, tunnel, port sequence, FIN sequence, FIN state, packets and bytes).

Out

Reverse flow (source and destination IP addresses, application protocol, interface, session token, route, gateway, tunnel, port sequence, FIN sequence, FIN state, packets and bytes).

Total sessions

Total number of sessions.

Status

Session status.

Flag

Internal flag depicting the state of the session, used for debugging purposes.

Policy name

Name and ID of the policy that the first packet of the session matched.

Source NAT pool

The name of the source pool where NAT is used.

Application

Name of the application.

Maximum timeout

Maximum session timeout.

Current timeout

Remaining time for the session unless traffic exists in the session.

Session State

Session state.

Start time

Time when the session was created, offset from the system start time.

Unicast-sessions

Number of unicast sessions.

Multicast-sessions

Number of multicast sessions.

Failed-sessions

Number of failed sessions.

Sessions-in-use

Number of sessions in use.

  • Valid sessions
  • Pending sessions
  • Invalidated sessions
  • Sessions in other states

Maximum-sessions

Number of maximum sessions.

Sample Output

show security flow session protocol icmp

root> show security flow session protocol icmp
Flow Sessions on FPC4 PIC1:

Session ID: 170068388, Policy name: default-policy/2, Timeout: 2, Valid
  In: 40.0.0.100/121 --> 30.0.0.100/5907;icmp, If: ge-0/0/2.0, Pkts: 1, Bytes: 84
  Out: 30.0.0.100/5907 --> 40.0.0.100/121;icmp, If: ge-0/0/1.0, Pkts: 1, Bytes: 84
Total sessions: 1

Flow Sessions on FPC5 PIC0:

Session ID: 200067603, Policy name: default-policy/2, Timeout: 2, Valid
  In: 40.0.0.100/119 --> 30.0.0.100/5907;icmp, If: ge-0/0/2.0, Pkts: 1, Bytes: 84
  Out: 30.0.0.100/5907 --> 40.0.0.100/119;icmp, If: ge-0/0/1.0, Pkts: 1, Bytes: 84
Total sessions: 1

Flow Sessions on FPC5 PIC1:

Session ID: 210067588, Policy name: default-policy/2, Timeout: 2, Valid
  In: 40.0.0.100/120 --> 30.0.0.100/5907;icmp, If: ge-0/0/2.0, Pkts: 1, Bytes: 84
  Out: 30.0.0.100/5907 --> 40.0.0.100/120;icmp, If: ge-0/0/1.0, Pkts: 1, Bytes: 84
Total sessions: 1

show security flow session protocol icmp brief

root> show security flow session protocol icmp brief
Flow Sessions on FPC4 PIC1:

Session ID: 170068388, Policy name: default-policy/2, Timeout: 2, Valid
  In: 40.0.0.100/121 --> 30.0.0.100/5907;icmp, If: ge-0/0/2.0, Pkts: 1, Bytes: 84
  Out: 30.0.0.100/5907 --> 40.0.0.100/121;icmp, If: ge-0/0/1.0, Pkts: 1, Bytes: 84
Total sessions: 1

Flow Sessions on FPC5 PIC0:

Session ID: 200067603, Policy name: default-policy/2, Timeout: 2, Valid
  In: 40.0.0.100/119 --> 30.0.0.100/5907;icmp, If: ge-0/0/2.0, Pkts: 1, Bytes: 84
  Out: 30.0.0.100/5907 --> 40.0.0.100/119;icmp, If: ge-0/0/1.0, Pkts: 1, Bytes: 84
Total sessions: 1

Flow Sessions on FPC5 PIC1:

Session ID: 210067588, Policy name: default-policy/2, Timeout: 2, Valid
  In: 40.0.0.100/120 --> 30.0.0.100/5907;icmp, If: ge-0/0/2.0, Pkts: 1, Bytes: 84
  Out: 30.0.0.100/5907 --> 40.0.0.100/120;icmp, If: ge-0/0/1.0, Pkts: 1, Bytes: 84
Total sessions: 1

show security flow session protocol icmp extensive

root> show security flow session protocol icmp extensive
Flow Sessions on FPC4 PIC1:

Session ID: 170068389, Status: Normal
Flag: 0x80000040
Policy name: default-policy/2
Source NAT pool: Null
Maximum timeout: 4, Current timeout: 2
Session State: Valid
Start time: 670605, Duration: 2
   In: 40.0.0.100/124 --> 30.0.0.100/5907;icmp, 
    Interface: ge-0/0/2.0, 
    Session token: 0x180, Flag: 0x0x21
    Route: 0x60010, Gateway: 40.0.0.100, Tunnel: 0
    Port sequence: 0, FIN sequence: 0, 
    FIN state: 0, 
    Pkts: 1, Bytes: 84
   Out: 30.0.0.100/5907 --> 40.0.0.100/124;icmp, 
    Interface: ge-0/0/1.0, 
    Session token: 0x1c0, Flag: 0x0x20
    Route: 0x70010, Gateway: 30.0.0.100, Tunnel: 0
    Port sequence: 0, FIN sequence: 0, 
    FIN state: 0, 
    Pkts: 1, Bytes: 84
Total sessions: 1                       

Flow Sessions on FPC5 PIC0:

Session ID: 200067605, Status: Normal
Flag: 0x80000040
Policy name: default-policy/2
Source NAT pool: Null
Maximum timeout: 4, Current timeout: 4
Session State: Valid
Start time: 670603, Duration: 1
   In: 40.0.0.100/125 --> 30.0.0.100/5907;icmp, 
    Interface: ge-0/0/2.0, 
    Session token: 0x180, Flag: 0x0x21
    Route: 0x60010, Gateway: 40.0.0.100, Tunnel: 0
    Port sequence: 0, FIN sequence: 0, 
    FIN state: 0, 
    Pkts: 1, Bytes: 84
   Out: 30.0.0.100/5907 --> 40.0.0.100/125;icmp, 
    Interface: ge-0/0/1.0, 
    Session token: 0x1c0, Flag: 0x0x20
    Route: 0x70010, Gateway: 30.0.0.100, Tunnel: 0
    Port sequence: 0, FIN sequence: 0, 
    FIN state: 0,                       
    Pkts: 1, Bytes: 84
Total sessions: 1

Flow Sessions on FPC5 PIC1:

Session ID: 210067590, Status: Normal
Flag: 0x80000040
Policy name: default-policy/2
Source NAT pool: Null
Maximum timeout: 4, Current timeout: 4
Session State: Valid
Start time: 670602, Duration: 1
   In: 40.0.0.100/126 --> 30.0.0.100/5907;icmp, 
    Interface: ge-0/0/2.0, 
    Session token: 0x180, Flag: 0x0x21
    Route: 0x60010, Gateway: 40.0.0.100, Tunnel: 0
    Port sequence: 0, FIN sequence: 0, 
    FIN state: 0, 
    Pkts: 1, Bytes: 84
   Out: 30.0.0.100/5907 --> 40.0.0.100/126;icmp, 
    Interface: ge-0/0/1.0, 
    Session token: 0x1c0, Flag: 0x0x20
    Route: 0x70010, Gateway: 30.0.0.100, Tunnel: 0
    Port sequence: 0, FIN sequence: 0, 
    FIN state: 0, 
    Pkts: 1, Bytes: 84
Total sessions: 1

show security flow session protocol icmp summary

root> show security flow session protocol icmp summary
Flow Sessions on FPC4 PIC1:

Valid sessions: 1
Pending sessions: 0
Invalidated sessions: 0
Sessions in other states: 0
Total sessions: 1

Flow Sessions on FPC5 PIC0:

Valid sessions: 1
Pending sessions: 0
Invalidated sessions: 0
Sessions in other states: 0
Total sessions: 1
 
Flow Sessions on FPC5 PIC1:

Valid sessions: 1
Pending sessions: 0
Invalidated sessions: 0
Sessions in other states: 0
Total sessions: 1

Published: 2014-10-19

Supported Platforms

 

Related Documentation

 

Published: 2014-10-19

Previous Page Next Page