Cisco ASA – show local-host, show nat, show conn, clear conn

Cisco ASA connection related commands

Cisco ASA commands - techpain.com

Some useful commands for troubleshooting connections on a Cisco ASA – How to show and clear existing connections, show NAT details, and more.

show local-host all

This command shows local host connections grouped by interface, like so:

hostname# show local-host all
Interface outside: 1 active, 2 maximum active, 0 denied
local host: ,
TCP flow count/limit = 0/unlimited
TCP embryonic count to host = 0
TCP intercept watermark = unlimited
UDP flow count/limit = 0/unlimited
Conn:
105 out 11.0.0.4 in 11.0.0.3 idle 0:01:42 bytes 4464
105 out 11.0.0.4 in 11.0.0.3 idle 0:01:44 bytes 4464
Interface inside: 1 active, 2 maximum active, 0 denied
local host: ,
TCP flow count/limit = 0/unlimited
TCP embryonic count to host = 0
TCP intercept watermark = unlimited
UDP flow count/limit = 0/unlimited
Conn:
105 out 17.3.8.2 in 17.3.8.1 idle 0:01:42 bytes 4464
105 out 17.3.8.2 in 17.3.8.1 idle 0:01:44 bytes 4464
Interface NP Identity Ifc: 2 active, 4 maximum active, 0 denied
local host: ,
TCP flow count/limit = 0/unlimited
TCP embryonic count to host = 0
TCP intercept watermark = unlimited
UDP flow count/limit = 0/unlimited
Conn:
105 out 11.0.0.4 in 11.0.0.3 idle 0:01:44 bytes 4464
105 out 11.0.0.4 in 11.0.0.3 idle 0:01:42 bytes 4464
local host: ,
TCP flow count/limit = 0/unlimited
TCP embryonic count to host = 0
TCP intercept watermark = unlimited
UDP flow count/limit = 0/unlimited
Conn:
105 out 17.3.8.2 in 17.3.8.1 idle 0:01:44 bytes 4464
105 out 17.3.8.2 in 17.3.8.1 idle 0:01:42 bytes 4464
hostname# show local-host 10.1.1.91
Interface third: 0 active, 0 maximum active, 0 denied
Interface inside: 1 active, 1 maximum active, 0 denied
local host: ,
TCP flow count/limit = 1/unlimited
TCP embryonic count to (from) host = 0 (0)
TCP intercept watermark = unlimited
UDP flow count/limit = 0/unlimited
Xlate:
PAT Global 192.150.49.1(1024) Local 10.1.1.91(4984)
Conn:
TCP out 192.150.49.10:21 in 10.1.1.91:4984 idle 0:00:07 bytes 75 flags UI Interface
outside: 1 active, 1 maximum active, 0 denied
hostname# show local-host 10.1.1.91 detail
Interface third: 0 active, 0 maximum active, 0 denied
Interface inside: 1 active, 1 maximum active, 0 denied
local host: ,
TCP flow count/limit = 1/unlimited
TCP embryonic count to (from) host = 0 (0)
TCP intercept watermark = unlimited
UDP flow count/limit = 0/unlimited
Xlate:
TCP PAT from inside:10.1.1.91/4984 to outside:192.150.49.1/1024 flags ri
Conn:
TCP outside:192.150.49.10/21 inside:10.1.1.91/4984 flags UI Interface outside: 1 active, 1
maximum active, 0 denied

More details on this command can be found at Cisco.com’s ASA command reference

show conn, clear conn

The ‘show conn’ command show active connection, and the ‘clear conn’ command will remove those connections. This can be useful if you need to reset a connection because your configuration has changed. Here are some examples:

ASA-host1# clear conn ?

address Enter this keyword to specify IP address
all Enter this keyword to clear all conns
port Enter this keyword to specify port
protocol Enter this keyword to specify conn protocol
security-group Enter this keyword to specify security-group attributes
user Enter this keyword to specify conn user
user-group Enter this keyword to specify conn user group

ASA-host1# show conn address 192.168.0.2 | inc outside
TCP outside 8.9.10.11:24460 INT_NAME 192.168.0.2:443, idle 0:00:22, bytes 4827, flags UFRIOB
TCP outside 1.1.1.1:47166 INT_NAME 192.168.0.2:443, idle 0:00:41, bytes 6409, flags UFRIOB
TCP outside 1.2.3.4:1928 INT_NAME 192.168.0.2:443, idle 0:00:13, bytes 20147, flags UIOB
TCP outside 6.7.8.9:60002 INT_NAME 192.168.0.2:443, idle 0:01:02, bytes 6434, flags UFRIOB
TCP outside 9.12.10.11:443 INT_NAME 192.168.0.2:63079, idle 0:00:11, bytes 178430, flags UIO
TCP outside 6.4.5.3:443 INT_NAME 192.168.0.2:63464, idle 0:00:14, bytes 2830, flags UIO
TCP outside 7.4.7.4:443 INT_NAME 192.168.0.2:63426, idle 0:00:20, bytes 2709, flags UIO

ASA-host1# clear conn address 6.7.8.9 port 60002 address 192.168.0.2 port 443
1 connection(s) deleted.

ASA-host1# show conn address 192.168.0.2 | inc outside
TCP outside 8.9.10.11:24460 INT_NAME 192.168.0.2:443, idle 0:00:27, bytes 4827, flags UFRIOB
TCP outside 1.1.1.1:47166 INT_NAME 192.168.0.2:443, idle 0:01:12, bytes 6409, flags UFRIOB
TCP outside 1.2.3.4:1928 INT_NAME 192.168.0.2:443, idle 0:00:33, bytes 42223, flags UIOB
TCP outside 9.12.10.11:443 INT_NAME 192.168.0.2:63079, idle 0:00:42, bytes 178430, flags UIO
TCP outside 6.4.5.3:443 INT_NAME 192.168.0.2:63464, idle 0:00:26, bytes 7477, flags UIO
TCP outside 7.4.7.4:443 INT_NAME 192.168.0.2:63426, idle 0:01:24, bytes 2709, flags UIO

ASA-host1# clear conn address 1.1.1.1 port 47166 address 192.168.0.2 port 443
1 connection(s) deleted.

ASA-host1# show conn address 192.168.0.2 | inc outside
TCP outside 8.9.10.11:24460 INT_NAME 192.168.0.2:443, idle 0:01:30, bytes 4827, flags UFRIOB
TCP outside 1.2.3.4:1928 INT_NAME 192.168.0.2:443, idle 0:01:06, bytes 42223, flags UIOB
TCP outside 9.12.10.11:443 INT_NAME 192.168.0.2:63079, idle 0:00:18, bytes 188600, flags UIO
TCP outside 6.4.5.3:443 INT_NAME 192.168.0.2:63464, idle 0:00:00, bytes 12418, flags UIO

ASA-host1# clear conn address 8.9.10.11 port 24460 address 192.168.0.2 port 443
1 connection(s) deleted.

ASA-host1# clear conn address 192.168.0.2 port 443
2 connection(s) deleted.

ASA-host1# show conn address 192.168.0.2 | inc outside
TCP outside 9.12.10.11:443 INT_NAME 192.168.0.2:63079, idle 0:00:18, bytes 198807, flags UIO
TCP outside 6.4.5.3:443 INT_NAME 192.168.0.2:63464, idle 0:00:13, bytes 22300, flags UIO

show nat

This will show nat statistics, and hits for the NAT rules

show xlate

Shows current translated connections

Share

Running the Dig utility from Windows command line

How to install and use the dig utility on a Windows system

The dig (domain information groper) utility is something I use on my Linux hosts so often that I miss it when I move back to a Windows host. Here’s how to install and use the dig utility on a Windows system:

  1. Download the BIND package from the Internet Systems Consortium web site for your Windows
  2. Extract to the directory that you’d like to run the program from, probably C:UsersMyUsername
  3. Run the dig command

Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:Userstechpain>dig mx msn.com ; <<>> DiG 9.9.5-W1 <<>> mx msn.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<
Dan Esparza’s blog has a great post on different ways to use the dig utility and understanding the output.

Also, check out how to run the WhoIs utility from Windows command line.


Windows dig command options

Share

WhoIs lookup from Windows command line

A WhoIs lookup will show the registration record for a domain name, and being able to run this right from the command line is really convenient.

This utility will run on Windows XP and higher (client) and Windows Server 2003 and higher (server).

Download the utility from the Windows Sysinternals site and copy it to the path that you want to use (probably C:\Users\MyUsername). After that you can run the WhoIs utility like this:

Windows WhoIs - Command line example
An example whois lookup from the Windows command line

 

WhoIS command and output

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Users\techpain>whois techpain.com

Whois v1.11 - Domain information lookup utility
Sysinternals - www.sysinternals.com
Copyright (C) 2005-2012 Mark Russinovich

Connecting to COM.whois-servers.net...
Connecting to whois.name.com...

Domain Name: TECHPAIN.COM
Registrar WHOIS Server: whois.name.com
Registrar URL: http://www.name.com
Updated Date: 2013-10-22T03:40:00-06:00
Creation Date: 2010-08-04T00:59:03-06:00
Registrar Registration Expiration Date: 2017-08-04T00:59:03-06:00
Registrar: Name.com, Inc.
Registrar IANA ID: 625
Registrar Abuse Contact Email: abuse@name.com
Registrar Abuse Contact Phone: +1.17202492374
Resellser:
Domain Status: clientTransferProhibited
Registrant Name: Whois Agent
Registrant Organization: Whois Privacy Protection Service, Inc.
Registrant Street: PO Box 639
Registrant City: Kirkland
Registrant State/Province: WA
Registrant Postal Code: 98083
Registrant Country: US
Registrant Phone: +1.4252740657
Registrant Fax: +1.4259744730
Registrant Email: techpain.com@protecteddomainservices.com
Admin Name: Whois Agent
Admin Organization: Whois Privacy Protection Service, Inc.
Admin Street: PO Box 639
Admin City: Kirkland
Admin State/Province: WA
Admin Postal Code: 98083
Admin Country: US
Admin Phone: +1.4252740657
Admin Fax: +1.4259744730
Admin Email: techpain.com@protecteddomainservices.com
Tech Name: Whois Agent
Tech Organization: Whois Privacy Protection Service, Inc.
Tech Street: PO Box 639
Tech City: Kirkland
Tech State/Province: WA
Tech Postal Code: 98083
Tech Country: US
Tech Phone: +1.4252740657
Tech Fax: +1.4259744730
Tech Email: techpain.com@protecteddomainservices.com
Name Server: ns2.reachone.com
Name Server: ns1.reachone.com
DNSSEC: NotApplicable
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/

>>> Last update of WHOIS database: 2014-02-15T13:50:43-07:00 <<< The Data in the Name.com, Inc. WHOIS database is provided by Name.com, Inc. for information purposes, and to assist persons in obtaining information about or re lated to a domain name registration record. Name.com, Inc. does not guarantee i ts accuracy. By submitting a WHOIS query, you agree that you will use this Data only for lawful purposes and that, under no circumstances will you use this Dat a to: (1) allow, enable, or otherwise support the transmission of mass unsolici ted, commercial advertising or solicitations via e-mail (spam); or (2) enable hi gh volume, automated, electronic processes that apply to Name.com, Inc. (or its systems). Name.com, Inc. reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy.

Also, check out how to run the dig utility from Windows command line.

Share

MSTSC/RDP: Bypassing “The terminal server has exceeded the maximum number of allowed connections”

The quick and dirty MSTSC command

mstsc /v:192.168.1.100 /admin

Getting more information

Look at current remote sessions:
query session /server:servername

Now disconnect the session of your choice by specifying the session ID in the following command:
reset session [ID] /server:servername

RDP/MSTSC

Share

Find Dell service tag from within the OS – Linux and Windows

Get your Dell service tag (sometimes referred to as a serial number) from inside your operating system. Here are the Windows and Linux commands you’ll need.

Windows command

wmic bios get serialnumber
wmic bios get serialnumber - techpain.com

Linux command

dmidecode -s system-serial-number  or lshw

Details on these and other similar commands can be found at thegeekstuff.com

Additional Notes

These commands pull the serial number from the BIOS. A SuperMicro server of mine shows serial number 1234567890 while a VM running in VirtualBox shows 0. If you receive unexpected output, try running the commands without the extra options to get more information, for example: dmidecode | less or wmic bios

Share

Timestamp your bash history – Modify .bashrc

Need a date and/or time stamp in your bash history? Simply set the HISTTIMEFORMAT in your (or other users) .bashrc file:

HISTTIMEFORMAT="%D %T "

Now the ‘history’ command shows your timestamp next to the command issued:

[root@hostname ~]# history | tail -n4
998 05/21/12 11:25:41 vi .bashrc
999 05/21/12 11:25:41 exit
1000 05/21/12 11:25:43 ls
1001 05/21/12 11:25:46 history | tail -n5

history timestamp - techpain.com

Share

df error – ‘df: cannot read table of mounted file systems’

[root@host]# df -h
df: cannot read table of mounted file systems
[root@host]# cat etc/mtab
(nothing)
[root@host]# lvdisplay
Parse error at byte 6 (line 1): unexpected token

This is often related to a disk space issue. A post from insanelabs.com recommended freeing up space and then rebuilding /etc/mtab from /proc/mounts like so:
[root@host]# grep -v rootfs /proc/mounts > /etc/mtab
Seemed to do the trick, df is now returning expected results.

df - techpain.com

Share

Windows ‘forfiles’: Show or Delete files older than X days

Using ‘forefiles’ for file management and cleanup

forfiles - show or delete files older than X days

Use forfiles to show and/or delete files older than X amount of days:

/p = path
/s = subdirectories (recursive)
/m = mask
/d = days
/c = cmd to be run

Show .log files in C:LogFiles (recursively) older than 1 year:
forfiles /p C:LogFiles /s /m *.log /d -365 /c "cmd /c echo @file is at least 1 year old."

Remove .log files in C:LogFiles (recursively) older than 1 year:
forfiles /p C:LogFiles /s /m *.log /d -365 /c "cmd /c del @file"

Save as a .bat and schedule it.

Share

Domain Controller Troubleshooting with DCDIAG , REPADMIN , and NETDIAG

Useful tools for troubleshooting Windows domain issues

windows-server-01

DCDIAG

DCDIAG analyzes the state of domain controllers in a forest or enterprise and reports any problems to help in troubleshooting.

Details available at MS TechNet.

Example: dcdiag.exe /V /D /C /E > c:dcdiag.log

REPADMIN

Repadmin.exe is a Microsoft Windows 2000 Resource Kit tool that is available in the Support Tools folder on the Windows 2000 CD-ROM. It is a command-line interface to Active Directory replication. This tool provides a powerful interface into the inner workings of Active Directory replication, and is useful for troubleshooting Active Directory replication problems.

Example: repadmin.exe /showrepl dc* /verbose /all /intersite > c:repl.txt

Details available at MS TechNet.

NETDIAG

This command-line diagnostic tool helps to isolate networking and connectivity problems by performing a series of tests to determine the state of your network client. These tests and the key network status information they expose give network administrators and support personnel a more direct means of identifying and isolating network problems. Moreover, because this tool does not require parameters or switches to be specified, support personnel and network administrators can focus on analyzing the output rather than on training users how to use the tool.

Example (to be run on each DC): netdiag.exe /v > c:netdiag.log

Details available at MS TechNet.

Share

Bash Scripting repetitive tasks – while read x; do

Use a “while loop” type bash script for repetitive Linux tasks

More “while loop” bash scripting examples at tldp.org

An audit on a Linux server made it necessary to get information regarding every user on the machine, and match those users to a mail directory (which may or may not have a different name). Instead of running the ‘finger’ command three hundred times and copying the output somewhere I used this:
#! /bin/sh
while read username; do
finger ${username}
done < inputfile > outputfile
exit 0

I saved this as finger_script.sh and copied each of the usernames to the file ‘inputfile’. The ‘inputfile’ contained just the usernames that I cut and pasted from the mail directory in question, and looked like this:
bill frank keith user01 user05 user09
carl gary larry user02 user06 user10
dan heather mary user03 user07 user11
denise joe nancy user04 user08 user12

Running finger_script.sh ran the finger command on each user in the ‘inputfile’ and immediately output a list of users that did not exist. It also created ‘outputfile’, which contained a list of the information on each user:
Login: bill Name: Bill Person
Directory: /home/b/bill Shell: /bin/nologon
Never logged in.
No mail.
No Plan.
Login: carl Name: Carl Guy
Directory: /users/carl Shell: /bin/nologon
Never logged in.
No mail.
No Plan.
Login: dan Name: Dan Theman
Directory: /users/dan Shell: /bin/nologon
Never logged in.
No mail.
No Plan.

Share