13.3. 查看命令-白红宇

show ver（查看系统信息）show run（查看防火墙运行配置）show ip address（查看防火墙IP地址）show nameifshow conduitshow configshow runshow staticshow globalshow dhcpdshow natSince it shows connection by hostshow local-hostshow connshow xlate detail# show cpu usageCPU utilization for 5 seconds = 6%; 1 minute: 6%; 5 minutes: 7%# sh trafficoutside:        received (in 1806806.980 secs):                3051312134 packets      3372506524 bytes                1001 pkts/sec   1001 bytes/sec        transmitted (in 1806806.980 secs):                3680162240 packets      3426881395 bytes                2001 pkts/sec   1000 bytes/secinside:        received (in 1806806.980 secs):                3633230948 packets      1921928934 bytes                2001 pkts/sec   1001 bytes/sec        transmitted (in 1806806.980 secs):                2935232007 packets      2574723752 bytes                1001 pkts/sec   1001 bytes/sec

13.3.1. show interface

firewall(config)# show interfaceinterface ethernet0 "outside" is up, line protocol is up  Hardware is i82559 ethernet, address is 001c.58b5.6e80  IP address 120.13.14.30, subnet mask 255.255.255.192  MTU 1500 bytes, BW 100000 Kbit full duplex        2813730585 packets input, 322384351 bytes, 0 no buffer        Received 38464886 broadcasts, 0 runts, 0 giants        16601 input errors, 0 CRC, 0 frame, 16601 overrun, 0 ignored, 0 abort        1938316742 packets output, 958234027 bytes, 0 underruns        0 output errors, 0 collisions, 0 interface resets        0 babbles, 0 late collisions, 0 deferred        0 lost carrier, 0 no carrier        input queue (curr/max blocks): hardware (128/128) software (3/144)        output queue (curr/max blocks): hardware (0/128) software (0/278)interface ethernet1 "inside" is up, line protocol is up  Hardware is i82559 ethernet, address is 001c.58b5.6e81  IP address 172.16.0.254, subnet mask 255.255.255.0  MTU 1500 bytes, BW 100000 Kbit full duplex        2015029888 packets input, 2028029332 bytes, 0 no buffer        Received 27779782 broadcasts, 0 runts, 0 giants        32841 input errors, 0 CRC, 0 frame, 32841 overrun, 0 ignored, 0 abort        2392423441 packets output, 4158892725 bytes, 0 underruns        0 output errors, 0 collisions, 0 interface resets        0 babbles, 0 late collisions, 0 deferred        0 lost carrier, 0 no carrier        input queue (curr/max blocks): hardware (128/128) software (0/154)        output queue (curr/max blocks): hardware (2/128) software (0/353)

13.3.2. show static

firewall(config)# show staticstatic (inside,outside) 120.12.14.6 172.16.0.6 netmask 255.255.255.255 0 0static (inside,outside) 120.12.14.7 172.16.0.7 netmask 255.255.255.255 0 0static (inside,outside) 120.12.14.8 172.16.0.8 netmask 255.255.255.255 0 0static (inside,outside) 120.12.14.10 172.16.0.10 netmask 255.255.255.255 0 0

13.3.3. show ip

firewall(config)# show ipSystem IP Addresses:        ip address outside 120.12.14.3 255.255.255.192        ip address inside 172.16.0.254 255.255.255.0Current IP Addresses:        ip address outside 120.12.14.3 255.255.255.192        ip address inside 172.16.0.254 255.255.255.0

13.3.4. show cpu usage

firewall(config)# show cpu usageCPU utilization for 5 seconds = 18%; 1 minute: 20%; 5 minutes: 20%

13.3.5. show conn count

firewall(config)# show conn count5661 in use, 117879 most used

13.3.6. show blocks

firewall(config)# show blocks  SIZE    MAX    LOW    CNT     4   1600   1424   1600    80    400    394    398   256    500    442    500  1550    933      0    618

13.3.7. show mem

firewall(config)# show memFree memory:        75529176 bytesUsed memory:        58688552 bytes-------------     ----------------Total memory:      134217728 bytes

13.3.8. show traffic

firewall(config)# show trafficoutside:        received (in 1812494.446 secs):                2813262888 packets      253141259 bytes                1000 pkts/sec   2 bytes/sec        transmitted (in 1812494.446 secs):                1937679278 packets      288527512 bytes                1000 pkts/sec   0 bytes/secinside:        received (in 1812494.446 secs):                2014390684 packets      1357597340 bytes                1000 pkts/sec   0 bytes/sec        transmitted (in 1812494.446 secs):                2391958734 packets      4089671095 bytes                1002 pkts/sec   2000 bytes/sec

13.3.9. show xlate

firewall(config)# show xlate64 in use, 1051 most usedGlobal 120.13.14.10 Local 172.16.0.10Global 120.13.14.18 Local 172.16.0.48Global 120.13.14.28 Local 172.16.0.28Global 120.13.14.35 Local 172.16.0.35Global 120.13.14.24 Local 172.16.0.41Global 120.13.14.13 Local 172.16.0.33Global 120.13.14.7 Local 172.16.0.7Global 120.13.14.6 Local 172.16.0.6PAT Global 120.13.14.30(23951) Local 172.16.0.42(61748)Global 120.13.14.21 Local 172.16.0.24Global 120.13.14.23 Local 172.16.0.23Global 120.13.14.25 Local 172.16.0.54Global 120.13.14.14 Local 172.16.0.34Global 120.13.14.27 Local 172.16.0.27Global 120.13.14.22 Local 172.16.0.22Global 120.13.14.5 Local 172.16.0.13Global 120.13.14.15 Local 172.16.0.15Global 120.13.14.4 Local 172.16.0.4Global 120.13.14.26 Local 172.16.0.26PAT Global 120.13.14.30(31707) Local 172.16.0.101(63573)PAT Global 120.13.14.30(31705) Local 172.16.0.51(46332)PAT Global 120.13.14.30(31709) Local 172.16.0.101(63587)PAT Global 120.13.14.30(31708) Local 172.16.0.101(51612)Global 120.13.14.16 Local 172.16.0.56Global 120.13.14.20 Local 172.16.0.20Global 120.13.14.12 Local 172.16.0.12Global 120.13.14.8 Local 172.16.0.8Global 120.13.14.38 Local 172.16.0.38Global 120.13.14.29 Local 172.16.0.2PAT Global 120.13.14.30(61715) Local 172.16.0.47(35662)PAT Global 120.13.14.30(61714) Local 172.16.0.37(5809)PAT Global 120.13.14.30(61713) Local 172.16.0.141(55314)PAT Global 120.13.14.30(61712) Local 172.16.0.141(55313)PAT Global 120.13.14.30(61699) Local 172.16.0.47(46235)PAT Global 120.13.14.30(61698) Local 172.16.0.47(52197)PAT Global 120.13.14.30(61696) Local 172.16.0.37(43727)PAT Global 120.13.14.30(61703) Local 172.16.0.47(49113)PAT Global 120.13.14.30(61702) Local 172.16.0.141(55309)PAT Global 120.13.14.30(61700) Local 172.16.0.47(44744)PAT Global 120.13.14.30(61707) Local 172.16.0.47(56175)PAT Global 120.13.14.30(61706) Local 172.16.0.47(50588)PAT Global 120.13.14.30(61705) Local 172.16.0.47(58676)PAT Global 120.13.14.30(61704) Local 172.16.0.141(55310)PAT Global 120.13.14.30(61711) Local 172.16.0.47(39698)PAT Global 120.13.14.30(61710) Local 172.16.0.141(55312)PAT Global 120.13.14.30(61709) Local 172.16.0.141(55311)PAT Global 120.13.14.30(61708) Local 172.16.0.47(54897)PAT Global 120.13.14.30(391) Local 172.16.0.49(123)PAT Global 120.13.14.30(389) Local 172.16.0.161(137)PAT Global 120.13.14.30(393) Local 172.16.0.37(123)PAT Global 120.13.14.30(392) Local 172.16.0.5(123)Global 120.13.14.19 Local 172.16.0.19Global 120.13.14.9 Local 172.16.0.9Global 120.13.14.11 Local 172.16.0.11PAT Global 120.13.14.30(61682) Local 172.16.0.37(44507)PAT Global 120.13.14.30(61681) Local 172.16.0.37(1561)PAT Global 120.13.14.30(61684) Local 172.16.0.141(55307)PAT Global 120.13.14.30(61694) Local 172.16.0.141(55308)PAT Global 120.13.14.30(61693) Local 172.16.0.47(49428)PAT Global 120.13.14.30(61692) Local 172.16.0.37(46051)PAT Global 120.13.14.30(61667) Local 172.16.0.141(55306)PAT Global 120.13.14.30(61666) Local 172.16.0.47(39924)PAT Global 120.13.14.30(61670) Local 172.16.0.37(62964)

原文出处：Netkiller 系列手札

本文作者：陈景峯

转载请与作者联系，同时请务必标明文章原始出处和作者信息及本声明。