Versions Compared

Old Version 4

changes.mady.by.user Jean-luc KRIKER

Saved on

compared with

New Version Current

changes.mady.by.user Jean-luc KRIKER

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.



jcluser@JCL-NGFW-99> show services application-identification application detail | find junos:RDP Application Name: junos:RDP Application type: RDP Description: This signature detects Microsoft Remote Desktop (RDP) traffic. RDP is a remote administration tool. Application ID: 159 Priority: high Order: 0 Disabled: No Cacheable: Yes Activation Date: 2003-05-05 Last Modified: 2017-06-28 Number of Parent Group(s): 1 Application Groups: junos:remote-access:interactive-desktop Application Tags: layer : 4 characteristic : Prone to Misuse characteristic : Bandwidth Consumer risk



show security flow session summary


Code Block
titlesummary
jcluser@vSRX1> show security flow session summary
Unicast-sessions: 1
Multicast-sessions: 0
Failed-sessions: 0
Sessions-in-use: 1
  Valid sessions: 1
  Pending sessions: 0
  Invalidated sessions: 0
  Sessions in other states: 0
Maximum-sessions: 524288



show security flow session


Code Block
titleshow sec flow session
[edit security flow aging]
root# run show security flow session
Session ID: 639, Policy name: self-traffic-policy/1, Timeout: 1800, Valid
In: 192.168.70.1/58084 --> 192.168.70.21/22;tcp, If: ge-0/0/2.0, Pkts: 625, Bytes: 40076
Out: 192.168.70.21/22 --> 192.168.70.1/58084;tcp, If: .local..0, Pkts: 375, Bytes: 35161

Session ID: 640, Policy name: self-traffic-policy/1, Timeout: 1256, Valid
In: 192.168.70.1/58086 --> 192.168.70.21/22;tcp, If: ge-0/0/2.0, Pkts: 20, Bytes: 2412
Out: 192.168.70.21/22 --> 192.168.70.1/58086;tcp, If: .local..0, Pkts: 18, Bytes: 4369
Total sessions: 2



jcluser@vSRX1> show security flow session
Session ID: 7, Policy name: default-permit/4, Timeout: 1622, Valid
  In: 10.100.12.2/55497 --> 10.100.11.2/22;tcp, Conn Tag: 0x0, If: ge-0/0/1.0, Pkts: 37, Bytes: 4701,
  Out: 10.100.11.2/22 --> 10.100.12.2/55497;tcp, Conn Tag: 0x0, If: ge-0/0/0.0, Pkts: 33, Bytes: 5041,
Total sessions: 1



show security flow session


Code Block
titleextensive
show security flow session 
jcluser@vSRX1> show security flow session extensive
Session ID: 7, Status: Normal
Flags: 0x40/0x0/0x0/0x8003
Policy name: default-permit/4
Source NAT pool: Null, Application: junos-ssh/22
Dynamic application: junos:UNKNOWN,
Encryption:  Unknown
Application traffic control rule-set: INVALID, Rule: INVALID
Maximum timeout: 1800, Current timeout: 1766
Session State: Valid
Start time: 7383, Duration: 1719
   In: 10.100.12.2/55497 --> 10.100.11.2/22;tcp,
  Conn Tag: 0x0, Interface: ge-0/0/1.0,
    Session token: 0x7, Flag: 0x1021
    Route: 0xd0010, Gateway: 10.100.12.2, Tunnel: 0
    Port sequence: 0, FIN sequence: 0,
    FIN state: 0,
    Pkts: 35, Bytes: 4553
   Out: 10.100.11.2/22 --> 10.100.12.2/55497;tcp,
  Conn Tag: 0x0, Interface: ge-0/0/0.0,
    Session token: 0x7, Flag: 0x1020
    Route: 0xb0010, Gateway: 10.100.11.2, Tunnel: 0
    Port sequence: 0, FIN sequence: 0,
    FIN state: 0,
    Pkts: 32, Bytes: 4953
Total sessions
: 1

show services application-identification application summary | match RDP

Code Block
titleRDP
jcluser@JCL-NGFW-99> show services application-identification  application summary | match RDP                    
  junos:NRDP                                    No               2695    5       
  junos:WORDPRESS                               No               297     5       
  junos:IPP-RDP                                 No               717     1       
  junos:RDP                                     No               159     1

show services application-identification application detail | find junos:RDP

Code Block
titlejunos:RDP
collapsetrue
:
4 subcategory : Interactive-Desktop category : Remote-Access Underlying consolidated Protocols/ports application is dependent on: Protocols: Protocol: junos:UDP / 216 Protocol: junos:SSL / 199 Protocol: junos:TCP / 205 Protocol: junos:SPDY / 1469 Protocol: junos:LIBJINGLE-PSEUDOTCP / 3237 Protocol: junos:STUN / 201 Protocol: junos:HTTPS / 68 Protocol: junos:HTTP / 67 Protocol: junos:NET-PROXY / 2629 Protocol: junos:HTTP2 / 2553 Protocol: junos:HTTP-TUNNEL / 750 Protocol: junos:HTTP-PROXY / 2956 Protocol: junos:HAPROXY / 3331 Protocol: junos:COTP / 22 Protocol: junos:MCS / 112 Protocol: junos:CAPWAP / 1289 TCP Ports: Port: 3389 Layer-7 Immediate Protocol(s): Protocol: UDP / 216 Protocol: SSL / 199 Protocol: MCS / 112 Protocol: COTP / 22 Application Specific Ports: Default ports: TCP/3389 Signature: Port range: N/A Client-to-server Order: 
1