Network traffic: Difference between revisions

From HPCWIKI
Jump to navigation Jump to search
Line 1: Line 1:


== Real time each connection tracking ==
== Real time each connection tracking (Conntrack) ==
In freebsd, session table provides real time rx/tx information for each connection. InLinux netfilter router, connections table only includes information on end of connections by default.
In freebsd, session table provides real time rx/tx information for each connection. InLinux netfilter router, connections table only includes information on end of connections by default.


from [[Linux]] kernel version >= 2.6.18, we can use conntract or ''conntrackd'' daemon<ref>https://conntrack-tools.netfilter.org/manual.html</ref>, This tool can be used tosearch, list, inspect and maintain the ''connection tracking'' subsystem of the ''Linux'' kernel.  
from [[Linux]] kernel version >= 2.6.18, we can use conntract or ''conntrackd'' daemon<ref>https://conntrack-tools.netfilter.org/manual.html</ref>, This tool can be used tosearch, list, inspect and maintain the ''connection tracking'' subsystem of the ''Linux'' kernel.
 
conntrack module traces the '''<mark>connection status of trackable protocols (specific protocols, not all.)</mark>'''


=== setup conntrack ===
=== setup conntrack ===

Revision as of 11:58, 18 May 2023

Real time each connection tracking (Conntrack)

In freebsd, session table provides real time rx/tx information for each connection. InLinux netfilter router, connections table only includes information on end of connections by default.

from Linux kernel version >= 2.6.18, we can use conntract or conntrackd daemon[1], This tool can be used tosearch, list, inspect and maintain the connection tracking subsystem of the Linux kernel.

conntrack module traces the connection status of trackable protocols (specific protocols, not all.)

setup conntrack

Set nf_contrack_acct

$ sysctl -w net.netfilter.nf_conntrack_acct=1[2]


Install contrack utility, if you do not have yet

$sudo apt-get install conntrack

List the existing flows

# conntrack -L

Filter out the listing

#conntrack -L -p tcp --dport 22

Update the ct mark

#conntrack -U -p tcp --dport 22 --mark 10

delete entries,

it can also block TCP traffic when

  • stateful rule-set that drops traffic in INVALID state
  • /proc/sys/net/netfilter/nf_conntrack_tcp_loose to zero.
  • # conntrack -D -p tcp --dport 22

Listen to the connection tracking events

#conntrack -E

References

  1. https://conntrack-tools.netfilter.org/manual.html
  2. https://serverfault.com/questions/449250/monitoring-rx-tx-stats-of-current-connections-on-linux
Retrieved from "http://wiki.hpcmate.com/index.php?title=Network_traffic&oldid=846"