Network traffic: Difference between revisions
Jump to navigation
Jump to search
| Line 3: | Line 3: | ||
In freebsd, session table provides real time rx/tx information for each connection. InLinux netfilter router, connections table only includes information on end of connections by default. | In freebsd, session table provides real time rx/tx information for each connection. InLinux netfilter router, connections table only includes information on end of connections by default. | ||
from [[Linux]] kernel version >= 2.6.18, we can use conntract or ''conntrackd'' daemon | from [[Linux]] kernel version >= 2.6.18, we can use conntract or ''conntrackd'' daemon<ref>https://conntrack-tools.netfilter.org/manual.html</ref>, This tool can be used tosearch, list, inspect and maintain the ''connection tracking'' subsystem of the ''Linux'' kernel. | ||
=== setup conntrack === | === setup conntrack === | ||
Revision as of 11:52, 18 May 2023
Real time each connection tracking
In freebsd, session table provides real time rx/tx information for each connection. InLinux netfilter router, connections table only includes information on end of connections by default.
from Linux kernel version >= 2.6.18, we can use conntract or conntrackd daemon[1], This tool can be used tosearch, list, inspect and maintain the connection tracking subsystem of the Linux kernel.
setup conntrack
Set nf_contrack_acct
$ sysctl -w net.netfilter.nf_conntrack_acct=1[2]
Install contrack utility, if you do not have yet
$sudo apt-get install conntrack
List the existing flows
# conntrack -L
Filter out the listing
#conntrack -L -p tcp --dport 22
Update the ct mark
#conntrack -U -p tcp --dport 22 --mark 10
delete entries,
it can also block TCP traffic when
- stateful rule-set that drops traffic in INVALID state
- /proc/sys/net/netfilter/nf_conntrack_tcp_loose to zero.
- # conntrack -D -p tcp --dport 22
Listen to the connection tracking events
#conntrack -E