Connection list

The connection list monitors the source address, destination address, protocol, source port, destination port, etc. of a connection, along with any actions that may be executed. This list is sorted by the source address, destination address, protocol, source port and destination port of the packet that caused the entry in the list.

Under WEBconfig the filter list is structured as follows:





The list contains the following elements:

Element Meaning
Src address Source address of the connection
Dst address Destination address of the connection
Prot. Protocol used (TCP/UDP, etc.), shown as a decimal
Src port Source port of the connection. The port is only shown for port-related protocols (TCP/UDP) or protocols that have a comparable field (ICMP/GRE)
Dst port Destination port of the connection (in the case of UDP connections, this contains the first answer only)
Timeout Each entry ages out of this list over time, which prevents the list from overflowing with "dead" connections.
Flags The flags are used to store information on the connection state and other (internal) information to a bit field. The states can have the following values: New, establish, open, closing, closed, rejected (corresponding to the TCP flags: SYN, SYN ACK, ACK, FIN, FIN ACK and RST) UDP connections know the states, open and closing (the latter only if the UDP connection is linked by a stateful control channel.
Src route Name of the remote site from which the first packet was received.
Dst route Name of the remote site to which the first packet is sent.
Filter rule Name of the rule that created the entry. It also determines the actions to take when a matching packet is received.

Meaning of the flags in the connection list

Flag Meaning
00000001 TCP: SYN sent
00000002 TCP: SYN/ACK received
00000004 TCP: Waiting for ACK from server
00000008 All: Connection open
00000010 TCP: FIN received
00000020 TCP: FIN sent
00000040 TCP: RST sent or received
00000080 TCP: Session being restored
00000100 FTP: Passive FTP connection being established
00000400 H.323: Related T.120 connection
00000800 Connection via loopback interface
00001000 Checking linked rules
00002000 Rule is linked
00010000 Destination is on "local route"
00020000 Destination is on default route
00040000 Destination is on VPN route
00080000 No physical connection established
00100000 Source is on default route
00200000 Source is on VPN route
00800000 No route to destination
01000000 Contains global action with condition

www.lancom-systems.com

LANCOM Systems GmbH | A Rohde & Schwarz Company | Adenauerstr. 20/B2 | 52146 Wuerselen | Germany | E‑Mail info@lancom.de

LANCOM Logo