fw ctl conntab

Description

Shows formatted list of current connections from the Connections kernel table (ID 8158).

Use this command if you want to see the simplified information about the current connections.

Best Practices:

  • Use the "fw ctl conntab" command to see the simplified information about the current connections.

  • Use the "fw tab -t connections -f" command (fw tab) to see the detailed (and more technical) information about the current connections.

Syntax

Important - You can specify many parameters at the same time.

fw [-d] ctl conntab

      {-h | -help}

      -sip=<Source IP Address in Decimal Format>

      -sport=<Port Number in Decimal Format>

      -dip=<Destination IP Address>

      -dport=<Port Number in Decimal Format>

      -proto=<Protocol Name>

      -service=<Name of Service>

      -rule=<Rule Number in Decimal Format>

Parameters

Parameter

Description

{-h | -help}

Shows the built-in usage.

-d

Runs the command in debug mode.

Use only if you troubleshoot the command itself.

Best Practice - If you use this parameter, then redirect the output to a file, or use the script command to save the entire CLI session.

-sip=<Source IP Address in Decimal Format>

Filters the output by the specified Source IP address.

-sport=<Port Number in Decimal Format>

Filters the output by the specified Source Port number.

See IANA Service Name and Port Number Registry.

-dip=<Destination IP Address in Decimal Format>

Filters the output by the specified Destination IP address.

-dport=<Port Number in Decimal Format>

Filters the output by the specified Destination Port number.

See IANA Service Name and Port Number Registry.

-proto=<Protocol Name>

Filters the output by the specified Protocol name.

For example:

  • TCP

  • UDP

  • ICMP

See IANA Protocol Numbers.

-service=<Name of Service>

See the names of Services in SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on., or in the output of this command.

-rule=<Rule Number in Decimal Format>

See your Rule BaseClosed All rules configured in a given Security Policy. Synonym: Rulebase. in SmartConsole, or in the output of the command.

Examples

[Expert@MyGW:0]# fw ctl conntab

<(inbound, src=[192.168.204.1,54201], dest=[192.168.204.40,22], TCP); 3593/3600, rule=2, tcp state=TCP_ESTABLISHED, service=ssh(481), Ifncin=1, Ifncout=1, conn modules: Authentication, FG-1>

<(outbound, src=[192.168.204.40,59249], dest=[192.168.204.1,53], UDP); 20/40, rule=0, service=domain-udp(335), Ifnsout=1, conn modules: Authentication, FG-1>

<(outbound, src=[192.168.204.40,37892], dest=[192.168.204.1,53], UDP); 20/40, rule=0, service=domain-udp(335), Ifnsin=1, Ifnsout=1, conn modules: Authentication, FG-1>

[Expert@MyGW:0]#

[Expert@MyGW:0]# fw ctl conntab -dport=22

<(inbound, src=[192.168.204.1,54201], dest=[192.168.204.40,22], TCP); 3594/3600, rule=2, tcp state=TCP_ESTABLISHED, service=ssh(481), Ifncin=1, Ifncout=1, conn modules: Authentication, FG-1>

[Expert@MyGW:0]#

[Expert@MyGW:0]# fw ctl conntab -dport=53

<(outbound, src=[192.168.204.40,33585], dest=[192.168.204.1,53], UDP); 39/40, rule=0, service=domain-udp(335), Ifnsout=1, conn modules: Authentication, FG-1>

<(outbound, src=[192.168.204.40,56661], dest=[192.168.204.1,53], UDP); 39/40, rule=0, service=domain-udp(335), Ifnsin=1, Ifnsout=1, conn modules: Authentication, FG-1>

[Expert@MyGW:0]#

[Expert@MyGW:0]# fw ctl conntab -sport=54201

<(inbound, src=[192.168.204.1,54201], dest=[192.168.204.40,22], TCP); 3600/3600, rule=2, tcp state=TCP_ESTABLISHED, service=ssh(481), Ifncin=1, Ifncout=1, conn modules: Authentication, FG-1>

[Expert@MyGW:0]#

[Expert@MyGW:0]# fw ctl conntab -proto=UDP

<(outbound, src=[192.168.204.40,44966], dest=[192.168.204.1,53], UDP); 37/40, rule=0, service=domain-udp(335), Ifnsin=1, Ifnsout=1, conn modules: Authentication, FG-1>

[Expert@MyGW:0]#

[Expert@MyGW:0]# fw ctl conntab -proto=TCP

<(inbound, src=[192.168.204.1,54201], dest=[192.168.204.40,22], TCP); 3596/3600, rule=2, tcp state=TCP_ESTABLISHED, service=ssh(481), Ifncin=1, Ifncout=1, conn modules: Authentication, FG-1>

[Expert@MyGW:0]#

[Expert@MyGW:0]# fw ctl conntab -service=domain-udp

<(outbound, src=[192.168.204.40,44966], dest=[192.168.204.1,53], UDP); 35/40, rule=0, service=domain-udp(335), Ifnsin=1, Ifnsout=1, conn modules: Authentication, FG-1>

[Expert@MyGW:0]#

[Expert@MyGW:0]# fw ctl conntab -rule=2

<(inbound, src=[192.168.204.1,54201], dest=[192.168.204.40,22], TCP); 3597/3600, rule=2, tcp state=TCP_ESTABLISHED, service=ssh(481), Ifncin=1, Ifncout=1, conn modules: Authentication, FG-1>

[Expert@MyGW:0]#

[Expert@MyGW:0]# fw ctl conntab -dip=192.168.204.40 -dport=22 -proto=TCP -service=ssh

<(inbound, src=[192.168.204.1,54201], dest=[192.168.204.40,22], TCP); 3599/3600, rule=2, tcp state=TCP_ESTABLISHED, service=ssh(481), Ifncin=1, Ifncout=1, conn modules: Authentication, FG-1>

[Expert@MyGW:0]#

[Expert@MyGW:0]# fw tab -t connections -f

 

Formatting table's data - this might take a while...

 

localhost:

Date: Sep 10, 2018

11:30:56 5 N/A N/A 192.168.204.40 > N/A LogId: <max_null>; ContextNum: <max_null>; OriginSicName: cn=cp_mgmt,o=MyGW..44jkyv; : (+)====================================(+); Table_Name: connections; : (+); Attributes: dynamic, id 8158, attributes: keep, sync, aggressive aging, kbufs 21 22 23 24 25 26 27 28 29 30 31 32 33 34, expires 25, refresh, , hashsize 2097152, unlimited; LastUpdateTime: 10Sep2018 11:30:56; ProductName: VPN-1 & FireWall-1; ProductFamily: Network;

 

11:30:56 5 N/A N/A 192.168.204.40 > N/A LogId: <max_null>; ContextNum: <max_null>; OriginSicName: cn=cp_mgmt,o=MyGW..44jkyv; : -----------------------------------(+); Direction: 1; Source: 192.168.204.40; SPort: 54201; Dest: 192.168.204.1; DPort: 53; Protocol: udp; CPTFMT_sep: ;; Type: 131073; Rule: 0; Timeout: 335; Handler: 0; Ifncin: -1; Ifncout: -1; Ifnsin: -1; Ifnsout: 1; Bits: 0000780000000000; Expires: 23/40; LastUpdateTime: 10Sep2018 11:30:56; ProductName: VPN-1 & FireWall-1; ProductFamily: Network;

 

11:30:56 5 N/A N/A 192.168.204.40 > N/A LogId: <max_null>; ContextNum: <max_null>; OriginSicName: cn=cp_mgmt,o=MyGW..44jkyv; : -----------------------------------(+); Direction: 0; Source: 192.168.204.1; SPort: 53; Dest: 192.168.204.40; DPort: 54201; Protocol: udp; CPTFMT_sep_1: ->; Direction_1: 1; Source_1: 192.168.204.40; SPort_1: 54201; Dest_1: 192.168.204.1; DPort_1: 53; Protocol_1: udp; FW_symval: 2054; LastUpdateTime: 10Sep2018 11:30:56; ProductName: VPN-1 & FireWall-1; ProductFamily: Network;

 

11:30:56 5 N/A N/A 192.168.204.40 > N/A LogId: <max_null>; ContextNum: <max_null>; OriginSicName: cn=cp_mgmt,o=MyGW..44jkyv; : -----------------------------------(+); Direction: 1; Source: 192.168.204.40; SPort: 22; Dest: 192.168.204.1; DPort: 54201; Protocol: tcp; CPTFMT_sep_1: ->; Direction_2: 0; Source_2: 192.168.204.1; SPort_2: 54201; Dest_2: 192.168.204.40; DPort_2: 22; Protocol_2: tcp; FW_symval: 2053; LastUpdateTime: 10Sep2018 11:30:56; ProductName: VPN-1 & FireWall-1; ProductFamily: Network;

 

11:30:56 5 N/A N/A 192.168.204.40 > N/A LogId: <max_null>; ContextNum: <max_null>; OriginSicName: cn=cp_mgmt,o=MyGW..44jkyv; : -----------------------------------(+); Direction: 0; Source: 192.168.204.1; SPort: 54201; Dest: 192.168.204.40; DPort: 22; Protocol: tcp; CPTFMT_sep: ;; Type: 114689; Rule: 2; Timeout: 481; Handler: 0; Ifncin: 1; Ifncout: 1; Ifnsin: -1; Ifnsout: -1; Bits: 02007800000f9000; Expires: 3596/3600; LastUpdateTime: 10Sep2018 11:30:56; ProductName: VPN-1 & FireWall-1; ProductFamily: Network;

 

11:30:56 5 N/A N/A 192.168.204.40 > N/A LogId: <max_null>; ContextNum: <max_null>; OriginSicName: cn=cp_mgmt,o=MyGW..44jkyv; : -----------------------------------(+); Direction: 0; Source: 192.168.204.1; SPort: 53; Dest: 192.168.204.40; DPort: 44966; Protocol: udp; CPTFMT_sep_1: ->; Direction_1: 1; Source_1: 192.168.204.40; SPort_1: 44966; Dest_1: 192.168.204.1; DPort_1: 53; Protocol_1: udp; FW_symval: 2054; LastUpdateTime: 10Sep2018 11:30:56; ProductName: VPN-1 & FireWall-1; ProductFamily: Network;

 

11:30:56 5 N/A N/A 192.168.204.40 > N/A LogId: <max_null>; ContextNum: <max_null>; OriginSicName: cn=cp_mgmt,o=MyGW..44jkyv; : -----------------------------------(+); Direction: 1; Source: 192.168.204.40; SPort: 44966; Dest: 192.168.204.1; DPort: 53; Protocol: udp; CPTFMT_sep: ;; Type: 131073; Rule: 0; Timeout: 335; Handler: 0; Ifncin: -1; Ifncout: -1; Ifnsin: 1; Ifnsout: 1; Bits: 0000780000000000; Expires: 23/40; LastUpdateTime: 10Sep2018 11:30:56; ProductName: VPN-1 & FireWall-1; ProductFamily: Network;

 

[Expert@MyGW:0]#