The display firewall monitor session command displays IPv4 ACL-matching service flow monitoring records.
The display firewall monitor session ipv6 command displays IPv6 ACL-matching service flow monitoring records.
The display firewall monitor session all command displays IPv4 and IPv6 ACL-matching service flow monitoring records.
| Parameter | Description | Value |
|---|---|---|
ipv6 |
Indicates IPv6 ACL-matching service flow. This parameter is supported in V600R007C20SPC500 and later versions. |
- |
all |
Indicates IPv4 and IPv6 ACL-matching service flow. This parameter is supported in V600R007C20SPC500 and later versions. |
- |
You can use the display firewall monitor session [ ipv6 | all ] command to view ACL-matching service flow monitoring records. The records include the 5-tuples of TCP and SCTP packets, discard cause, time when the packets are discarded, and session creation and forcible aging information.
The display firewall monitor session [ ipv6 | all ] command can display a maximum of 2048 records. The records on latest ACL-matching service flow status are displayed preferentially.
# Display IPv4 ACL-matching service flow monitoring records.
[sysname] display firewall monitor session 2021/12/18 9:51:29 slot 11 CPU 0 receive TCP syn packet, vpn_instance:public src_ip:10.1.1.1 dst_ip:1.1.1.1 src_port:0 dst_port:0 seq_num:0 ack_num:0.
Item |
Description |
|---|---|
slot |
Slot ID. |
CPU |
CPU ID. |
TCP syn packet |
TCP SYN packets. NOTE:
Service flow monitoring records vary according to service flow types. For example:
|
vpn_instance |
VPN instance. |
public |
Public system. |
src_ip |
Source IP address. |
dst_ip |
Destination IP address. |
src_port |
Source port. |
dst_port |
Destination port. |
seq_num |
Sequence number. |
ack_num |
Number of ACK packets. |