lost and found ( for me ? )

lost and found ( for me ? )

↑ Grab this Headline Animator

Ubuntu 13.04 : conntrack tool

conntrack is connection tracking tools. You can track both TCP and UDP.
http://conntrack-tools.netfilter.org/manual.html
# tail -1 /etc/lsb-release ;uname -ri
DISTRIB_DESCRIPTION="Ubuntu 13.04"
3.8.0-34-generic x86_64
install conntrack via apt-get.
# apt-get install conntrack
count total number of entries.
# conntrack -C
30
flush all entries.
# conntrack -F
conntrack v1.2.1 (conntrack-tools): connection tracking table has been emptied.
dump all connections table
# conntrack -L
unknown  2 36 src=192.168.20.74 dst=224.0.0.251 [UNREPLIED] src=224.0.0.251 dst=192.168.20.74 mark=0 use=1
tcp      6 431981 ESTABLISHED src=10.41.118.103 dst=192.168.20.75 sport=54300 dport=22 src=192.168.20.75 dst=10.41.118.103 sport=22 dport=54300 [ASSURED] mark=0 use=1
unknown  2 413 src=192.168.20.75 dst=224.0.0.251 [UNREPLIED] src=224.0.0.251 dst=192.168.20.75 mark=0 use=1
unknown  89 593 src=192.168.10.254 dst=224.0.0.5 [UNREPLIED] src=224.0.0.5 dst=192.168.10.254 mark=0 use=1
tcp      6 299 ESTABLISHED src=127.0.0.1 dst=127.0.0.1 sport=58827 dport=5018 src=127.0.0.1 dst=127.0.0.1 sport=5018 dport=58827 [ASSURED] mark=0 use=1
list specific TCP
# conntrack -L -p tcp --dport 80
tcp      6 74 TIME_WAIT src=192.168.10.15 dst=173.194.38.95 sport=40552 dport=80 src=173.194.38.95 dst=192.168.10.15 sport=80 dport=40552 [ASSURED] mark=0 use=1
tcp      6 64 TIME_WAIT src=192.168.10.15 dst=173.194.38.82 sport=38108 dport=80 src=173.194.38.82 dst=192.168.10.15 sport=80 dport=38108 [ASSURED] mark=0 use=1
list established state TCP connections.
# conntrack -L -p tcp --state ESTABLISHED | head -2
conntrack v1.2.1 (conntrack-tools): 10 flow entries have been shown.
tcp      6 431962 ESTABLISHED src=10.41.118.103 dst=192.168.20.75 sport=54300 dport=22 src=192.168.20.75 dst=10.41.118.103 sport=22 dport=54300 [ASSURED] mark=0 use=1
tcp      6 431999 ESTABLISHED src=127.0.0.1 dst=127.0.0.1 sport=58827 dport=5018 src=127.0.0.1 dst=127.0.0.1 sport=5018 dport=58827 [ASSURED] mark=0 use=1
list specific UDP
# conntrack -L -p udp --dport 53
udp      17 28 src=192.168.10.15 dst=192.168.10.14 sport=34289 dport=53 src=192.168.10.14 dst=192.168.10.15 sport=53 dport=34289 mark=0 use=1
udp      17 21 src=192.168.10.15 dst=192.168.10.14 sport=48437 dport=53 src=192.168.10.14 dst=192.168.10.15 sport=53 dport=48437 mark=0 use=1
delete an entry
# conntrack -L -p tcp --dport 80 --sport=38122
tcp      6 27 TIME_WAIT src=192.168.10.15 dst=173.194.38.82 sport=38122 dport=80 src=173.194.38.82 dst=192.168.10.15 sport=80 dport=38122 [ASSURED] mark=0 use=1
conntrack v1.2.1 (conntrack-tools): 1 flow entries have been shown.

# conntrack -D -p tcp --dport 80 --sport=38122
tcp      6 21 TIME_WAIT src=192.168.10.15 dst=173.194.38.82 sport=38122 dport=80 src=173.194.38.82 dst=192.168.10.15 sport=80 dport=38122 [ASSURED] mark=0 use=1
conntrack v1.2.1 (conntrack-tools): 1 flow entries have been deleted.

# conntrack -L -p tcp --dport 80 --sport=38122
conntrack v1.2.1 (conntrack-tools): 0 flow entries have been shown.
#
display events
# conntrack –E
[DESTROY] udp      17 src=127.0.0.1 dst=127.0.0.1 sport=45747 dport=53 src=127.0.0.1 dst=127.0.0.1 sport=53 dport=45747 [ASSURED]
[DESTROY] udp      17 src=127.0.0.1 dst=127.0.0.1 sport=35708 dport=53 src=127.0.0.1 dst=127.0.0.1 sport=53 dport=35708 [ASSURED]
   [NEW] udp      17 30 src=192.168.10.205 dst=255.255.255.255 sport=3490 dport=3490 [UNREPLIED] src=255.255.255.255 dst=192.168.10.205 sport=3490 dport=3490

Labels: , , ,

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)