show blocks command is a handy command for checking the memory usage on a Cisco PIX or ASA. But what does the output mean?
Each column has a different meaning.
This column defines where that memory is used within the firewall.
4memory reserved for certain traffic like DNS, IKE, TFTP (Traffic that is small and bursty)
80used to store failover hello’s and TCP intercept acks
256more stateful failover messages
1550memory used to process for Ethernet (10M and 100M) packets as they pass through the firewall
16384memory used for gigabit Ethernet
Shows the max amount of memory available for that function.
Shows the lowest number of blocks that have been available since firewall booted or blocks were cleared.
The available number of blocks right now.
clear blocks to reset the LOW and CNT values.
The following syslog will appear if the ASA starts running low on free memory.
You can see from the output above that memory block 1550 is what is being utilized heavily. This is the gigabit ethernet memory store. Try to find what interface is triggering this high usage with
show blocks interface.