How to Monitor Live Sessions in the CLI
Resolution
Details
The following command can be used to monitor real-time sessions:
> show session info
-------------------------------------------------------------------------------
number of sessions supported: 131071
number of active sessions: 7501
number of active TCP sessions: 5503
number of active UDP sessions: 1980
number of active ICMP sessions: 16
number of active BCAST sessions: 0
number of active MCAST sessions: 0
number of predict sessions: 914
session table utilization: 5%
number of sessions created since system bootup: 1054609
Packet rate: 3298/s
Throughput: 20321 Kbps
-------------------------------------------------------------------------------
session timeout
TCP default timeout: 3600 seconds
TCP session timeout before 3-way handshaking: 5 seconds
TCP session timeout after FIN/RST: 30 seconds
UDP default timeout: 30 seconds
ICMP default timeout: 6 seconds
other IP default timeout: 30 seconds
Session timeout in discard state:
TCP: 90 seconds, UDP: 60 seconds, other IP protocols: 60 seconds
-------------------------------------------------------------------------------
session accelerated aging: enabled
accelerated aging threshold: 80% of utilization
scaling factor: 2 X
-------------------------------------------------------------------------------
session setup
TCP - reject non-SYN first packet: no
hardware session offloading: yes
IPv6 firewalling: no
-------------------------------------------------------------------------------
application trickling scan parameters:
timeout to determine application trickling: 10 seconds
resource utilization threshold to start scan: 80%
scan scaling factor over regular aging: 8
-------------------------------------------------------------------------------
To view the current throughput and statistics:
> show system statistics
Device is up : 2 days 23 hours 39 mins 11 sec
Packet rate : 2136/s
Throughput : 9599 Kbps
Total active sessions : 7355
Active TCP sessions : 5248
Active UDP sessions : 2089
Active ICMP sessions : 16
For all information on all sessions:
> show session all
ID/vsys application state type flag src[sport]/zone/proto (translated IP[port])
dst[dport]/zone (translated IP[port]
-------------------------------------------------------------------------------
4583/1 0 ACTIVE FLOW 10.5.20.110[139]/corp-trust/6 (10.5.20.110[139])
192.168.83.1[4907]/corp-untrust (192.168.83.1[4907])
16407/1 0 ACTIVE FLOW 10.16.0.200[1475]/corp-trust/6 (10.16.0.200[1475])
10.5.20.110[139]/corp-untrust (10.5.20.110[139])
119943/1 skype ACTIVE PRED 0.0.0.0[0]/corp-trust/6 (0.0.0.0[0])
75.111.30.222[443]/corp-untrust (75.111.30.222[443])
Display session filter options:
> show session all filter
+ application Application name
+ destination destination IP address
+ destination-port Destination port
+ destination-user Destination user
+ from From zone
+ nat If session is NAT
+ nat-rule NAT rule name
+ protocol IP protocol value
+ proxy session is decrypted
+ rule Rule name
+ source source IP address
+ source-port Source port
+ source-user Source user
+ state flow state
+ to To zone
+ type flow type
| Pipe through a command
Example of a filtered display:
> show session all filter source 10.5.20.110
-------------------------------------------------------------------------------
ID application state type flag src[sport]/zone/proto (translated IP[port])
dst[dport]/zone (translated IP[port]
-------------------------------------------------------------------------------
22306 0 ACTIVE FLOW 10.5.20.110[139]/corp-trust/6 (10.5.20.110[139])
192.168.83.1[4907]/corp-untrust (192.168.83.1[4907])
20318 0 ACTIVE FLOW 10.5.20.110[139]/corp-trust/6 (10.5.20.110[139])
192.168.189.1[4492]/corp-untrust (192.168.189.1[4492])
111056 0 ACTIVE FLOW 10.5.20.110[139]/corp-trust/6 (10.5.20.110[139])
192.168.83.1[3007]/corp-untrust (192.168.83.1[3007])
130911 0 ACTIVE FLOW 10.5.20.110[139]/corp-trust/6 (10.5.20.110[139])
See Also
How to View/Clear Data Sessions
Viewing Active Session Information Using CLI
owner: panagent