show security flow session protocol
Syntax
show security flow session protocol(protocol-name|protocol-number) [brief | extensive | summary]
Description
Display information about each session that uses the specified protocol.
Options
protocol-name —(Optional) Protocol to use as a sessions filter.
Information about sessions that use this protocol is displayed. Possible
protocols are:
ah—IP Security Authentication Headeregp—Exterior gateway protocolesp—IPsec Encapsulating Security Payloadgre—Generic routing encapsulationicmp—Internet Control Message Protocoligmp—Internet Group Management Protocolipip—IP over IPospf—Open Shortest Path Firstpim—Protocol Independent Multicastrsvp—Resource Reservation Protocolsctp—Stream Control Transmission Protocoltcp—Transmission Control Protocoludp—User Datagram Protocol
protocol-number —(Optional)
Numeric protocol value. For a complete list of possible numeric values,
see RFC 1700, Assigned Numbers (for
the Internet Protocol Suite).
Range: 0 through 255
| brief | extensive | summary | Display the specified level of output. |
Required Privilege Level
view
Output Fields
Table 1 lists the output
fields for the show security flow session protocol command.
Output fields are listed in the approximate order in which they appear.
Field Name |
Field Description |
|---|---|
|
Number that identifies the session. You can use this ID to get additional information about the session. |
|
Policy that permitted the traffic. |
|
Idle timeout after which the session expires. |
|
Incoming flow (source and destination IP addresses, application protocol, interface, session token, route, gateway, tunnel, port sequence, FIN sequence, FIN state, packets and bytes). |
|
Reverse flow (source and destination IP addresses, application protocol, interface, session token, route, gateway, tunnel, port sequence, FIN sequence, FIN state, packets and bytes). |
|
Total number of sessions. |
|
Session status. |
|
Internal flag depicting the state of the session, used for debugging purposes. |
|
Name and ID of the policy that the first packet of the session matched. |
|
The name of the source pool where NAT is used. |
|
Name of the application. |
|
Maximum session timeout. |
|
Remaining time for the session unless traffic exists in the session. |
|
Session state. |
|
Time when the session was created, offset from the system start time. |
|
Number of unicast sessions. |
|
Number of multicast sessions. |
|
Number of failed sessions. |
|
Number of sessions in use.
|
|
Number of maximum sessions. |
Sample Output
- show security flow session protocol icmp
- show security flow session protocol icmp brief
- show security flow session protocol icmp extensive
- show security flow session protocol icmp summary
show security flow session protocol icmp
root> show security flow session protocol icmp Flow Sessions on FPC10 PIC1: Session ID: 410000654, Policy name: p1/4, Timeout: 2, Valid In: 200.0.0.10/2 --> 60.0.0.2/15685;icmp, If: ge-7/1/0.0, Pkts: 1, Bytes: 84, CP Session ID: 410001264 Out: 60.0.0.2/15685 --> 200.0.0.10/2;icmp, If: ge-7/1/1.0, Pkts: 1, Bytes: 84, CP Session ID: 410001264 Total sessions: 1 Flow Sessions on FPC10 PIC2: Total sessions: 0 Flow Sessions on FPC10 PIC3: Session ID: 430000399, Policy name: p1/4, Timeout: 2, Valid In: 200.0.0.10/3 --> 60.0.0.2/15685;icmp, If: ge-7/1/0.0, Pkts: 1, Bytes: 84, CP Session ID: 430001053 Out: 60.0.0.2/15685 --> 200.0.0.10/3;icmp, If: ge-7/1/1.0, Pkts: 1, Bytes: 84, CP Session ID: 430001053 Total sessions: 1
show security flow session protocol icmp brief
root> show security flow session protocol icmp brief Flow Sessions on FPC10 PIC1: Session ID: 410000658, Policy name: p1/4, Timeout: 4, Valid In: 200.0.0.10/4 --> 60.0.0.2/16453;icmp, If: ge-7/1/0.0, Pkts: 1, Bytes: 84, CP Session ID: 410001268 Out: 60.0.0.2/16453 --> 200.0.0.10/4;icmp, If: ge-7/1/1.0, Pkts: 1, Bytes: 84, CP Session ID: 410001268 Total sessions: 1 Flow Sessions on FPC10 PIC2: Session ID: 420000612, Policy name: p1/4, Timeout: 2, Valid In: 200.0.0.10/5 --> 60.0.0.2/16453;icmp, If: ge-7/1/0.0, Pkts: 1, Bytes: 84, CP Session ID: 420001316 Out: 60.0.0.2/16453 --> 200.0.0.10/5;icmp, If: ge-7/1/1.0, Pkts: 1, Bytes: 84, CP Session ID: 420001316 Total sessions: 1 Flow Sessions on FPC10 PIC3: Session ID: 430000405, Policy name: p1/4, Timeout: 2, Valid In: 200.0.0.10/6 --> 60.0.0.2/16453;icmp, If: ge-7/1/0.0, Pkts: 1, Bytes: 84, CP Session ID: 430001059 Out: 60.0.0.2/16453 --> 200.0.0.10/6;icmp, If: ge-7/1/1.0, Pkts: 1, Bytes: 84, CP Session ID: 430001059 Total sessions: 1
show security flow session protocol icmp extensive
root> show security flow session protocol icmp extensive
Flow Sessions on FPC10 PIC1:
Session ID: 410000660, Status: Normal
Flags: 0x80000040/0x0/0x2800003
Policy name: p1/4
Source NAT pool: Null
Dynamic application: junos:UNKNOWN,
Encryption: Unknown
Application traffic control rule-set: INVALID, Rule: INVALID
Maximum timeout: 4, Current timeout: 2
Session State: Valid
Start time: 153201, Duration: 3
In: 200.0.0.10/8 --> 60.0.0.2/16453;icmp,
Interface: ge-7/1/0.0,
Session token: 0x6, Flag: 0xc0000021
Route: 0x70010, Gateway: 200.0.0.10, Tunnel: 0
Port sequence: 0, FIN sequence: 0,
FIN state: 0,
Pkts: 1, Bytes: 84
CP Session ID: 410001270
Out: 60.0.0.2/16453 --> 200.0.0.10/8;icmp,
Interface: ge-7/1/1.0,
Session token: 0x7, Flag: 0xc0000020
Route: 0x80010, Gateway: 60.0.0.2, Tunnel: 0
Port sequence: 0, FIN sequence: 0,
FIN state: 0,
Pkts: 1, Bytes: 84
CP Session ID: 410001270
Total sessions: 1
Flow Sessions on FPC10 PIC2:
Total sessions: 0
Flow Sessions on FPC10 PIC3:
Total sessions: 0
show security flow session protocol icmp summary
root> show security flow session protocol icmp summary Flow Sessions on FPC10 PIC1: Valid sessions: 2 Pending sessions: 0 Invalidated sessions: 1 Sessions in other states: 0 Total sessions: 3 Flow Sessions on FPC10 PIC2: Valid sessions: 0 Pending sessions: 0 Invalidated sessions: 0 Sessions in other states: 0 Total sessions: 0 Flow Sessions on FPC10 PIC3: Valid sessions: 2 Pending sessions: 0 Invalidated sessions: 1 Sessions in other states: 0 Total sessions: 3
Release Information
Command introduced in Junos OS Release 8.5; Filter and view options introduced in Junos OS Release 10.2.