Netstat like show command ?

No. There is no way for you to view all *my* open IP connections, and therefore there is no command available to view ALL open IP connections.

If that wasn't what you were asking about, you might want to try again, being more specific as to the operating system, operating system version, and equipment model that you are concerned about.

Hello Walter,

is it possible to view all open IP connections which the Cisco handles for its "clients" ? I can do it with a SPAN port but what about the IP Accounting feature ? Is it possible to perform logging for all IP connections ?

Georg

Walter Roberson schrieb:

My previous response still sounds appropriate:

"you might want to try again, being more specific as to the operating system, operating system version, and equipment model that you are concerned about."

"the Cisco" could be any of a number of devices, and "clients" of it is not clearly.

Your reference to a SPAN port suggests that you might be talking about a router. If so, then the router may have "ip inspect" (a firewall feature) turned on, or may be doing NAT (network address translation), or may have a "reflexive" ACL configured -- but unless one of those features is active, then the router is just passing packets, not acting as any kind of "server" for any "clients", and not keeping track of the state of any connection.

On an IOS router, as far as the "ip accounting" feature is concerned, and as far as the "log" feature of an access control list is concerned, the *state* of connections is not kept track of; instead, all that is kept track of is the -amount- of traffic that matches the same parameters. If you have 500 short connections with the same protocol parameters, then IOS "ip accounting" cannot tell that situation apart from a single connection of of equal total length:

I do not know what level of detail is tracked for Netflow accounting, but as best I recall from a brief technical investigation I did last year, IOS does not offer a method to display the active Netflow database.

If you aren't using one of the features I list above, then the function of an IOS router is just to pass along packets, making decisions about which destination to send them to, rewriting the destination MAC and the CRC and then releasing the packet and forgetting about it other than the effect the packet had on the statistical counters.

SYN_WAIT states, sequence numbers, and so on, are layer 3 information that an IOS router has no need to track unless the router is acting as a proxy for the packet (such as doing "ip inspect" or port address translation.) IP is end-to-end: except when they are acting as proxies, routers are just pass the data through and it is the two ends that are responsible for figuring out what state the connection is in.

Hello Walter,

thanks for your posting. I just discovered the command I looked for:

show ip nat translations tcp verbose

It does exactly what I want (Monitor NAT Clients).

Georg

Walter Roberson schrieb:

there is another command which might be helpful for you... try that

show IP sockets

But again if you want to verify incoming/outgoing traffic via ports/sockets then you should enable net flow. net flow will give you a better idea of the ip traffic.

-Sikandar Georg D> Hello Walter,

wouldn't "show conn" in Pix do that?

if we knew, that the OP is talking about a pix...

How would "show conn" run on *your* PIX show you what IP connections I have open on *my* devices, here on a different continent than you and with you having nothing to do with my organization?

No? Then you were not able to view "all open IP connections". An unqualified "all" includes each and every one in every possible location in the universe, not just ones for a local device.

Stop being ridiculous. Anyone with half a brain knows that this is not what the OP meant. What are you, an android that only knows how to interpret messages totally literally?

I might have accepted that criticism *if* the original poster had managed to tell us (after being directly asked, repeatedly) what software the question was about.