show ver(查看系统信息)
show run(查看防火墙运行配置)
show ip address(查看防火墙IP地址)
show nameif
show conduit
show config
show run
show static
show global
show dhcpd
show nat
Since it shows connection by host
show local-host
show conn
show xlate detail
# show cpu usage
CPU utilization for 5 seconds = 6%; 1 minute: 6%; 5 minutes: 7%
# sh traffic
outside:
received (in 1806806.980 secs):
3051312134 packets 3372506524 bytes
1001 pkts/sec 1001 bytes/sec
transmitted (in 1806806.980 secs):
3680162240 packets 3426881395 bytes
2001 pkts/sec 1000 bytes/sec
inside:
received (in 1806806.980 secs):
3633230948 packets 1921928934 bytes
2001 pkts/sec 1001 bytes/sec
transmitted (in 1806806.980 secs):
2935232007 packets 2574723752 bytes
1001 pkts/sec 1001 bytes/sec
firewall(config)# show interface
interface ethernet0 "outside" is up, line protocol is up
Hardware is i82559 ethernet, address is 001c.58b5.6e80
IP address 120.13.14.30, subnet mask 255.255.255.192
MTU 1500 bytes, BW 100000 Kbit full duplex
2813730585 packets input, 322384351 bytes, 0 no buffer
Received 38464886 broadcasts, 0 runts, 0 giants
16601 input errors, 0 CRC, 0 frame, 16601 overrun, 0 ignored, 0 abort
1938316742 packets output, 958234027 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
input queue (curr/max blocks): hardware (128/128) software (3/144)
output queue (curr/max blocks): hardware (0/128) software (0/278)
interface ethernet1 "inside" is up, line protocol is up
Hardware is i82559 ethernet, address is 001c.58b5.6e81
IP address 172.16.0.254, subnet mask 255.255.255.0
MTU 1500 bytes, BW 100000 Kbit full duplex
2015029888 packets input, 2028029332 bytes, 0 no buffer
Received 27779782 broadcasts, 0 runts, 0 giants
32841 input errors, 0 CRC, 0 frame, 32841 overrun, 0 ignored, 0 abort
2392423441 packets output, 4158892725 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
input queue (curr/max blocks): hardware (128/128) software (0/154)
output queue (curr/max blocks): hardware (2/128) software (0/353)
firewall(config)# show static static (inside,outside) 120.12.14.6 172.16.0.6 netmask 255.255.255.255 0 0 static (inside,outside) 120.12.14.7 172.16.0.7 netmask 255.255.255.255 0 0 static (inside,outside) 120.12.14.8 172.16.0.8 netmask 255.255.255.255 0 0 static (inside,outside) 120.12.14.10 172.16.0.10 netmask 255.255.255.255 0 0
firewall(config)# show ip
System IP Addresses:
ip address outside 120.12.14.3 255.255.255.192
ip address inside 172.16.0.254 255.255.255.0
Current IP Addresses:
ip address outside 120.12.14.3 255.255.255.192
ip address inside 172.16.0.254 255.255.255.0
firewall(config)# show cpu usage CPU utilization for 5 seconds = 18%; 1 minute: 20%; 5 minutes: 20%
firewall(config)# show blocks
SIZE MAX LOW CNT
4 1600 1424 1600
80 400 394 398
256 500 442 500
1550 933 0 618
firewall(config)# show mem Free memory: 75529176 bytes Used memory: 58688552 bytes ------------- ---------------- Total memory: 134217728 bytes
firewall(config)# show traffic
outside:
received (in 1812494.446 secs):
2813262888 packets 253141259 bytes
1000 pkts/sec 2 bytes/sec
transmitted (in 1812494.446 secs):
1937679278 packets 288527512 bytes
1000 pkts/sec 0 bytes/sec
inside:
received (in 1812494.446 secs):
2014390684 packets 1357597340 bytes
1000 pkts/sec 0 bytes/sec
transmitted (in 1812494.446 secs):
2391958734 packets 4089671095 bytes
1002 pkts/sec 2000 bytes/sec
firewall(config)# show xlate 64 in use, 1051 most used Global 120.13.14.10 Local 172.16.0.10 Global 120.13.14.18 Local 172.16.0.48 Global 120.13.14.28 Local 172.16.0.28 Global 120.13.14.35 Local 172.16.0.35 Global 120.13.14.24 Local 172.16.0.41 Global 120.13.14.13 Local 172.16.0.33 Global 120.13.14.7 Local 172.16.0.7 Global 120.13.14.6 Local 172.16.0.6 PAT Global 120.13.14.30(23951) Local 172.16.0.42(61748) Global 120.13.14.21 Local 172.16.0.24 Global 120.13.14.23 Local 172.16.0.23 Global 120.13.14.25 Local 172.16.0.54 Global 120.13.14.14 Local 172.16.0.34 Global 120.13.14.27 Local 172.16.0.27 Global 120.13.14.22 Local 172.16.0.22 Global 120.13.14.5 Local 172.16.0.13 Global 120.13.14.15 Local 172.16.0.15 Global 120.13.14.4 Local 172.16.0.4 Global 120.13.14.26 Local 172.16.0.26 PAT Global 120.13.14.30(31707) Local 172.16.0.101(63573) PAT Global 120.13.14.30(31705) Local 172.16.0.51(46332) PAT Global 120.13.14.30(31709) Local 172.16.0.101(63587) PAT Global 120.13.14.30(31708) Local 172.16.0.101(51612) Global 120.13.14.16 Local 172.16.0.56 Global 120.13.14.20 Local 172.16.0.20 Global 120.13.14.12 Local 172.16.0.12 Global 120.13.14.8 Local 172.16.0.8 Global 120.13.14.38 Local 172.16.0.38 Global 120.13.14.29 Local 172.16.0.2 PAT Global 120.13.14.30(61715) Local 172.16.0.47(35662) PAT Global 120.13.14.30(61714) Local 172.16.0.37(5809) PAT Global 120.13.14.30(61713) Local 172.16.0.141(55314) PAT Global 120.13.14.30(61712) Local 172.16.0.141(55313) PAT Global 120.13.14.30(61699) Local 172.16.0.47(46235) PAT Global 120.13.14.30(61698) Local 172.16.0.47(52197) PAT Global 120.13.14.30(61696) Local 172.16.0.37(43727) PAT Global 120.13.14.30(61703) Local 172.16.0.47(49113) PAT Global 120.13.14.30(61702) Local 172.16.0.141(55309) PAT Global 120.13.14.30(61700) Local 172.16.0.47(44744) PAT Global 120.13.14.30(61707) Local 172.16.0.47(56175) PAT Global 120.13.14.30(61706) Local 172.16.0.47(50588) PAT Global 120.13.14.30(61705) Local 172.16.0.47(58676) PAT Global 120.13.14.30(61704) Local 172.16.0.141(55310) PAT Global 120.13.14.30(61711) Local 172.16.0.47(39698) PAT Global 120.13.14.30(61710) Local 172.16.0.141(55312) PAT Global 120.13.14.30(61709) Local 172.16.0.141(55311) PAT Global 120.13.14.30(61708) Local 172.16.0.47(54897) PAT Global 120.13.14.30(391) Local 172.16.0.49(123) PAT Global 120.13.14.30(389) Local 172.16.0.161(137) PAT Global 120.13.14.30(393) Local 172.16.0.37(123) PAT Global 120.13.14.30(392) Local 172.16.0.5(123) Global 120.13.14.19 Local 172.16.0.19 Global 120.13.14.9 Local 172.16.0.9 Global 120.13.14.11 Local 172.16.0.11 PAT Global 120.13.14.30(61682) Local 172.16.0.37(44507) PAT Global 120.13.14.30(61681) Local 172.16.0.37(1561) PAT Global 120.13.14.30(61684) Local 172.16.0.141(55307) PAT Global 120.13.14.30(61694) Local 172.16.0.141(55308) PAT Global 120.13.14.30(61693) Local 172.16.0.47(49428) PAT Global 120.13.14.30(61692) Local 172.16.0.37(46051) PAT Global 120.13.14.30(61667) Local 172.16.0.141(55306) PAT Global 120.13.14.30(61666) Local 172.16.0.47(39924) PAT Global 120.13.14.30(61670) Local 172.16.0.37(62964)
原文出处:Netkiller 系列 手札
本文作者:陈景峯
转载请与作者联系,同时请务必标明文章原始出处和作者信息及本声明。
