show security flow session extensive node
Syntax
show security flow session extensive node (node-id | all | local | primary)
Description
Display information about all currently active security sessions on the device for the specified node options in extensive mode.
Options
node—(Optional) For chassis cluster configurations,
display session information on a specific node.
node-id—Identification number of the node. It can be 0 or 1.all—Display information about all nodes.local—Display information about the local node.primary—Display information about the primary node.
Required Privilege Level
view
Output Fields
Table 1 lists the output fields for the show security flow session
extensive node command. Output fields are listed in the approximate
order in which they appear.
Field Name |
Field Description |
|---|---|
|
Number that identifies the session. You can use this ID to get additional information about the session. |
|
Session status. |
|
Session state. |
|
Internal flag depicting the state of the session, used for debugging purposes. |
|
Policy that permitted the traffic. |
|
The name of the source pool where NAT is used. |
|
Maximum session timeout. |
|
Remaining time for the session unless traffic exists in the session. |
|
Time when the session was created, offset from the system start time. |
|
Length of time for which the session is active. |
|
Incoming flow (source and destination IP addresses, application protocol, interface, session token, flag, route, gateway, tunnel, port sequence, FIN sequence, FIN state, packets and bytes). |
|
Reverse flow (source and destination IP addresses, application protocol, interface, session token, flag, route, gateway, tunnel, port sequence, FIN sequence, FIN state, packets and bytes). |
|
Total number of sessions. |
|
Number that identifies the central point session. Use this ID to get more information about the central point session. |
Sample Output
- show security flow session extensive node 0
- show security flow session extensive node 1
- show security flow session extensive node all
- show security flow session extensive node local
- show security flow session extensive node primary
- show security flow session extensive node 0 (PowerMode)
show security flow session extensive node 0
root@host> show security flow session extensive node 0
node0:
--------------------------------------------------------------------------
Flow Sessions on FPC0 PIC1:
Session ID: 10000003, Status: Normal, State: Active
Flags: 0x8000042/0x8000000/0x110103
Policy name: default-policy-00/2
Source NAT pool: Null, Application: junos-ftp/1
Dynamic application: junos:UNKNOWN,
Encryption: Unknown
Application traffic control rule-set: INVALID, Rule: INVALID
Maximum timeout: 1800, Current timeout: 1778
Session State: Valid
Start time: 6466, Duration: 28
In: 10.0.2.1/52080 --> 203.0.113.1/24;tcp,
Interface: reth0.0,
Session token: 0x6, Flag: 0x40002621
Route: 0x86193c2, Gateway: 100.0.0.2, Tunnel: 0
Port sequence: 0, FIN sequence: 0,
FIN state: 0,
Pkts: 9, Bytes: 414
CP Session ID: 10000004
Out: 203.0.113.1/24 --> 10.0.2.1/52080;tcp,
Interface: reth1.0,
Session token: 0x6, Flag: 0x40002620
Route: 0x86033c2, Gateway: 120.0.0.2, Tunnel: 0
Port sequence: 0, FIN sequence: 0,
FIN state: 0,
Pkts: 8, Bytes: 420
CP Session ID: 10000004
Total sessions: 1
Flow Sessions on FPC0 PIC2:
Total sessions: 0
Flow Sessions on FPC0 PIC3:
Total sessions: 0
show security flow session extensive node 1
root@host> show security flow session extensive node 1
node1:
--------------------------------------------------------------------------
Flow Sessions on FPC0 PIC1:
Session ID: 10000003, Status: Normal, State: Backup
Flags: 0x10000042/0x0/0x10103
Policy name: default-policy-00/2
Source NAT pool: Null, Application: junos-ftp/1
Dynamic application: junos:UNKNOWN,
Encryption: Unknown
Application traffic control rule-set: INVALID, Rule: INVALID
Maximum timeout: 1800, Current timeout: 14324
Session State: Valid
Start time: 6248, Duration: 90
In: 110.0.2.1/52080 --> 203.0.113.1/24;tcp,
Interface: reth0.0,
Session token: 0x6, Flag: 0x60002621
Route: 0x86193c2, Gateway: 100.0.0.2, Tunnel: 0
Port sequence: 0, FIN sequence: 0,
FIN state: 0,
Pkts: 0, Bytes: 0
CP Session ID: 10000003
Out: 203.0.113.1/24 --> 10.0.2.1/52080;tcp,
Interface: reth1.0,
Session token: 0x6, Flag: 0x60002620
Route: 0x86033c2, Gateway: 120.0.0.2, Tunnel: 0
Port sequence: 0, FIN sequence: 0,
FIN state: 0,
Pkts: 0, Bytes: 0
CP Session ID: 10000003
Total sessions: 1
Flow Sessions on FPC0 PIC2:
Total sessions: 0
Flow Sessions on FPC0 PIC3:
Total sessions: 0
show security flow session extensive node all
root@host> show security flow session extensive node all
node0:
--------------------------------------------------------------------------
Flow Sessions on FPC0 PIC1:
Session ID: 10000003, Status: Normal, State: Active
Flags: 0x8000042/0x8000000/0x110103
Policy name: default-policy-00/2
Source NAT pool: Null, Application: junos-ftp/1
Dynamic application: junos:UNKNOWN,
Encryption: Unknown
Application traffic control rule-set: INVALID, Rule: INVALID
Maximum timeout: 1800, Current timeout: 1692
Session State: Valid
Start time: 6466, Duration: 113
In: 10.0.2.1/52080 --> 203.0.113.1/21;tcp,
Interface: reth0.0,
Session token: 0x6, Flag: 0x40002621
Route: 0x86193c2, Gateway: 100.0.0.2, Tunnel: 0
Port sequence: 0, FIN sequence: 0,
FIN state: 0,
Pkts: 9, Bytes: 414
CP Session ID: 10000004
Out: 203.0.113.1/21 --> 10.0.2.1/52080;tcp,
Interface: reth1.0,
Session token: 0x6, Flag: 0x40002620
Route: 0x86033c2, Gateway: 120.0.0.2, Tunnel: 0
Port sequence: 0, FIN sequence: 0,
FIN state: 0,
Pkts: 8, Bytes: 420
CP Session ID: 10000004
Total sessions: 1
Flow Sessions on FPC0 PIC2:
Total sessions: 0
Flow Sessions on FPC0 PIC3:
Total sessions: 0
node1:
--------------------------------------------------------------------------
Flow Sessions on FPC0 PIC1:
Session ID: 10000003, Status: Normal, State: Backup
Flags: 0x10000042/0x0/0x10103
Policy name: default-policy-00/2
Source NAT pool: Null, Application: junos-ftp/1
Dynamic application: junos:UNKNOWN,
Encryption: Unknown
Application traffic control rule-set: INVALID, Rule: INVALID
Maximum timeout: 1800, Current timeout: 14298
Session State: Valid
Start time: 6248, Duration: 115
In: 10.0.2.1/52080 --> 203.0.113.1/21;tcp,
Interface: reth0.0,
Session token: 0x6, Flag: 0x60002621
Route: 0x86193c2, Gateway: 100.0.0.2, Tunnel: 0
Port sequence: 0, FIN sequence: 0,
FIN state: 0,
Pkts: 0, Bytes: 0
CP Session ID: 10000003
Out: 203.0.113.1/21 --> 10.0.2.1/52080;tcp,
Interface: reth1.0,
Session token: 0x6, Flag: 0x60002620
Route: 0x86033c2, Gateway: 120.0.0.2, Tunnel: 0
Port sequence: 0, FIN sequence: 0,
FIN state: 0,
Pkts: 0, Bytes: 0
CP Session ID: 10000003
Total sessions: 1
Flow Sessions on FPC0 PIC2:
Total sessions: 0
Flow Sessions on FPC0 PIC3:
Total sessions: 0show security flow session extensive node local
root@host> show security flow session extensive node local
node0:
--------------------------------------------------------------------------
Flow Sessions on FPC0 PIC1:
Session ID: 10000003, Status: Normal, State: Active
Flags: 0x8000042/0x8000000/0x110103
Policy name: default-policy-00/2
Source NAT pool: Null, Application: junos-ftp/1
Dynamic application: junos:UNKNOWN,
Encryption: Unknown
Application traffic control rule-set: INVALID, Rule: INVALID
Maximum timeout: 1800, Current timeout: 1584
Session State: Valid
Start time: 6466, Duration: 221
In: 100.0.0.2/52080 --> 120.0.0.2/21;tcp,
Interface: reth0.0,
Session token: 0x6, Flag: 0x40002621
Route: 0x86193c2, Gateway: 100.0.0.2, Tunnel: 0
Port sequence: 0, FIN sequence: 0,
FIN state: 0,
Pkts: 9, Bytes: 414
CP Session ID: 10000004
Out: 120.0.0.2/21 --> 100.0.0.2/52080;tcp,
Interface: reth1.0,
Session token: 0x6, Flag: 0x40002620
Route: 0x86033c2, Gateway: 120.0.0.2, Tunnel: 0
Port sequence: 0, FIN sequence: 0,
FIN state: 0,
Pkts: 8, Bytes: 420
CP Session ID: 10000004
Total sessions: 1
Flow Sessions on FPC0 PIC2:
Total sessions: 0
Flow Sessions on FPC0 PIC3:
Total sessions: 0
show security flow session extensive node primary
root@host> show security flow session extensive node primary
node0:
--------------------------------------------------------------------------
Flow Sessions on FPC0 PIC1:
Session ID: 10000003, Status: Normal, State: Active
Flags: 0x8000042/0x8000000/0x110103
Policy name: default-policy-00/2
Source NAT pool: Null, Application: junos-ftp/1
Dynamic application: junos:UNKNOWN,
Encryption: Unknown
Application traffic control rule-set: INVALID, Rule: INVALID
Maximum timeout: 1800, Current timeout: 1554
Session State: Valid
Start time: 6466, Duration: 252
In: 100.0.0.2/52080 --> 120.0.0.2/21;tcp,
Interface: reth0.0,
Session token: 0x6, Flag: 0x40002621
Route: 0x86193c2, Gateway: 100.0.0.2, Tunnel: 0
Port sequence: 0, FIN sequence: 0,
FIN state: 0,
Pkts: 9, Bytes: 414
CP Session ID: 10000004
Out: 120.0.0.2/21 --> 100.0.0.2/52080;tcp,
Interface: reth1.0,
Session token: 0x6, Flag: 0x40002620
Route: 0x86033c2, Gateway: 120.0.0.2, Tunnel: 0
Port sequence: 0, FIN sequence: 0,
FIN state: 0,
Pkts: 8, Bytes: 420
CP Session ID: 10000004
Total sessions: 1
Flow Sessions on FPC0 PIC2:
Total sessions: 0
Flow Sessions on FPC0 PIC3:
Total sessions: 0
show security flow session extensive node 0 (PowerMode)
root@host> show security flow session extensive node 0
node0:
--------------------------------------------------------------------------
Session ID: 13607, Status: Normal, State: Active
Flags: 0x88000040/0x8000000/0x2/0x908003
Policy name: p1/4
Source NAT pool: Null
Dynamic application: junos:UNKNOWN,
Encryption: Unknown
Url-category: Unknown
Application traffic control rule-set: INVALID, Rule: INVALID
Maximum timeout: 150, Current timeout: 2
Session State: Valid
Start time: 443962, Duration: 3
In: 20.1.1.2/10000 --> 30.1.1.2/2001;tcp,
Conn Tag: 0x0, Interface: reth0.0,
Session token: 0x8, Flag: 0x201021,
Power-Mode Active: True
Route: 0x33a3c2, Gateway: 20.1.1.2, Tunnel ID: 0, Tunnel type: None
Port sequence: 0, FIN sequence: 0,
FIN state: 2,
Pkts: 24, Bytes: 1896
Out: 30.1.1.2/2001 --> 20.1.1.2/10000;tcp,
Conn Tag: 0x0, Interface: reth1.0,
Session token: 0x7, Flag: 0x201020,
Power-Mode Active: True
Route: 0x326bc2, Gateway: 30.1.1.2, Tunnel ID: 0, Tunnel type: None
Port sequence: 0, FIN sequence: 0,
FIN state: 2,
Pkts: 13, Bytes: 1324
Total sessions: 1
Release Information
Command introduced in Junos OS Release 8.5; node options added in Junos OS Release 9.0. Filter options added in Junos OS Release 10.2.