SRX Services Gateway
Highlighted
SRX Services Gateway

How to show half-wing session

‎02-08-2018 02:18 AM

Hi all,

I was wondering if there is a way to show the half wing sessions that for any reason are not compleated ad installed in flow session table. Basically I want see the SYN packets sent from internet host to my server behing SRX even if the server didn't reply to the syn.

Thanks

Federico

4 REPLIES 4
Highlighted
SRX Services Gateway

Re: How to show half-wing session

[ Edited ]
‎02-08-2018 03:10 AM

Hi

 

-> show system connection

-> show security flow session protocol tcp

 

lab@test> show system connections
Active Internet connections (including servers)
Proto Recv-Q Send-Q  Local Address                                 Foreign Address                               (state)
tcp4       0      0  128.0.0.4.53378                               128.0.0.4.41883                               SYN_SENT
tcp4       0      0  10.xxx.xx.147.52788                          172.xx.xx.x.xx                               SYN_SENT
tcp4       0      0  10.xxx.xx.xx.22                              10.xx.xx.xx.57826                           ESTABLISHED
tcp4       0      0  128.0.0.1.6988                                128.0.0.20.14350                              ESTABLISHED
tcp4       0      0  128.0.0.1.6987                                128.0.0.20.14349                              ESTABLISHED
tcp4       0      0  128.0.0.1.6985                                128.0.0.20.14348                              ESTABLISHED
tcp4       0      0  128.0.0.1.6011                                128.0.0.20.14347                              ESTABLISHED
tcp4       0      0  128.0.0.1.6986                                128.0.0.20.14345                              ESTABLISHED

 

 

 

 

/Karan Dhanak
Highlighted
SRX Services Gateway

Re: How to show half-wing session

‎02-08-2018 03:52 AM

Hi<
Thanks for your reply

show system connection is for the conenctions directed to SRX itslef not for the server sitting behind it. Correct?   
show security flow session protocol tcp shows just the session established not the half-wing. Correct?

Highlighted
SRX Services Gateway

Re: How to show half-wing session

‎02-08-2018 04:07 AM

wrote:

Hi

 

-> show system connection

-> show security flow session protocol tcp

  

Neither of those commands shows session state of transit flows. Show system connections shows sessions terminating on the srx, and security flow session protocol tcp simply filters the session table to tcp-based sessions. Unfortunately I don't know how to display session state of flows. It's possible one of the 'session states' shown by explicitly specifying a session-identifyier corresponds to a half-open session.

 

https://www.juniper.net/documentation/en_US/junos/topics/reference/command-summary/show-security-flo...

Highlighted
SRX Services Gateway

Re: How to show half-wing session

‎02-08-2018 04:10 AM

Hi Federico,

 

yes, thats correct..all the show command are local to node & in adjacency of remote. and I read SRX being server here..my bad. 

So if connection (say TCP) between the host and server is half-open & SRX here is in between that makes SRX a transit node.  In that case, i think a port mirror should help to capture transit flow.

 

 

 

 

 

 

/Karan Dhanak
Feedback