Knowing ports used by ip address

In article , jaisol wrote: :How can I know the ports used by some ip address from telnet session?

:I'm using PIX 506E.

I gather you mean "if you telnet to the PIX, how can you find out the ports in use by a particular IP address" ?

If it is an inside IP address, then the answer is

show local-host IPADDRESS

This will show you a summary of what that address is doing.

Beyond that, you can also get information from show conn and show xlate both of which take optional parameters that allow you to narrow down to specific local or global addresses. Caution: show xlate will not have any entries for any static IP mapping or for any 'nat 0 access-list' exemption. And I've hit a couple of times where it looked like "show conn" was not giving full information, but I'm not sure on that.

Exactly.

Using show local-host IP I get:

pixfirewall# show local-host 10.195.190.2 Interface inside: 58 active, 67 maximum active, 0 denied local host: , TCP connection count/limit = 1/unlimited TCP embryonic count = 0 TCP intercept watermark = unlimited UDP connection count/limit = 0/unlimited AAA: Xlate(s): PAT Global 198.40.79.18(20912) Local 10.195.190.2(1590) PAT Global 198.40.79.18(20914) Local 10.195.190.2(1591) PAT Global 198.40.79.18(20916) Local 10.195.190.2(1592) PAT Global 198.40.79.18(20920) Local 10.195.190.2(1593) PAT Global 198.40.79.18(20922) Local 10.195.190.2(1594) PAT Global 198.40.79.18(20926) Local 10.195.190.2(1595) PAT Global 198.40.79.18(20929) Local 10.195.190.2(1596) PAT Global 198.40.79.18(20934) Local 10.195.190.2(1597) PAT Global 198.40.79.18(20938) Local 10.195.190.2(1598) PAT Global 198.40.79.18(20941) Local 10.195.190.2(1600) PAT Global 198.40.79.18(20945) Local 10.195.190.2(1601) PAT Global 198.40.79.18(20948) Local 10.195.190.2(1602) PAT Global 198.40.79.18(20951) Local 10.195.190.2(1603) PAT Global 198.40.79.18(20986) Local 10.195.190.2(1604) PAT Global 198.40.79.18(20987) Local 10.195.190.2(1605) PAT Global 198.40.79.18(20989) Local 10.195.190.2(1606) PAT Global 198.40.79.18(20991) Local 10.195.190.2(1607) PAT Global 198.40.79.18(20993) Local 10.195.190.2(1608) PAT Global 198.40.79.18(20996) Local 10.195.190.2(1609) PAT Global 198.40.79.18(20998) Local 10.195.190.2(1610) PAT Global 198.40.79.18(20999) Local 10.195.190.2(1611) PAT Global 198.40.79.18(21001) Local 10.195.190.2(1612) PAT Global 198.40.79.18(21003) Local 10.195.190.2(1613) PAT Global 198.40.79.18(21004) Local 10.195.190.2(1614) PAT Global 198.40.79.18(21007) Local 10.195.190.2(1616) PAT Global 198.40.79.18(21009) Local 10.195.190.2(1617) PAT Global 198.40.79.18(21011) Local 10.195.190.2(1618) PAT Global 198.40.79.18(21012) Local 10.195.190.2(1619) Conn(s): TCP out 207.68.172.249:80 in 10.195.190.2:1619 idle 0:00:00 Bytes

What mean the numbers between "( )" at Xlate section?

What mean the numbers after ":" at Conn section?

Thanks again.

In article , jaisol wrote: :Using show local-host IP I get:

:pixfirewall# show local-host 10.195.190.2

: Xlate(s): : PAT Global 198.40.79.18(20912) Local 10.195.190.2(1590)

: Conn(s): : TCP out 207.68.172.249:80 in 10.195.190.2:1619 idle 0:00:00 Bytes 1303 flags UfFRIO

:What mean the numbers between "( )" at Xlate section?

Port numbers. In what I quoted above, local host 10.195.190.2 port 1590 is being translated to global IP 198.40.79.18 port 20912 on outgoing connections. These lines do not give you information about where the connections are -to-: you have to look at the connection information for that.

The ones right after the IP addresses are port numbers.

The ones after the word 'idle' are hours, minutes, and seconds.