Network traffic: Difference between revisions
| Line 4: | Line 4: | ||
from [[Linux]] kernel version >= 2.6.18, we can use conntract or ''conntrackd'' daemon<ref>https://conntrack-tools.netfilter.org/manual.html</ref>, This tool can be used tosearch, list, inspect and maintain the ''connection tracking'' subsystem of the ''Linux'' kernel. | from [[Linux]] kernel version >= 2.6.18, we can use conntract or ''conntrackd'' daemon<ref>https://conntrack-tools.netfilter.org/manual.html</ref>, This tool can be used tosearch, list, inspect and maintain the ''connection tracking'' subsystem of the ''Linux'' kernel. | ||
[[File:Conntrack points in Netfilter.png|thumb|Conntrack points in Netfilter<ref>https://arthurchiao.art/blog/conntrack-design-and-implementation/#3-implementation-netfilter-conntrack</ref>]] | |||
conntrack module traces the '''<mark> | conntrack module traces the connection status of '''<mark>trackable protocols (specific protocols, not all.)</mark>''' | ||
=== setup conntrack === | === setup conntrack === | ||
| Line 34: | Line 34: | ||
==== Listen to the connection tracking events ==== | ==== Listen to the connection tracking events ==== | ||
<nowiki>#</nowiki>conntrack -E | <nowiki>#</nowiki>conntrack -E | ||
== Network monitoring tools == | |||
Therer are bunch of tools are available in termal as well<ref>https://askubuntu.com/questions/257263/how-to-display-network-traffic-in-the-terminal</ref> | |||
== References == | ==References== | ||
<references /> | <references /> | ||
Revision as of 12:09, 18 May 2023
Real time each connection tracking (Conntrack)
In freebsd, session table provides real time rx/tx information for each connection. InLinux netfilter router, connections table only includes information on end of connections by default.
from Linux kernel version >= 2.6.18, we can use conntract or conntrackd daemon[1], This tool can be used tosearch, list, inspect and maintain the connection tracking subsystem of the Linux kernel.
conntrack module traces the connection status of trackable protocols (specific protocols, not all.)
setup conntrack
Set nf_contrack_acct
$ sysctl -w net.netfilter.nf_conntrack_acct=1[3]
Install contrack utility, if you do not have yet
$sudo apt-get install conntrack
List the existing flows
# conntrack -L
Filter out the listing
#conntrack -L -p tcp --dport 22
Update the ct mark
#conntrack -U -p tcp --dport 22 --mark 10
delete entries,
it can also block TCP traffic when
- stateful rule-set that drops traffic in INVALID state
- /proc/sys/net/netfilter/nf_conntrack_tcp_loose to zero.
- # conntrack -D -p tcp --dport 22
Listen to the connection tracking events
#conntrack -E
Network monitoring tools
Therer are bunch of tools are available in termal as well[4]
References
- ↑ https://conntrack-tools.netfilter.org/manual.html
- ↑ https://arthurchiao.art/blog/conntrack-design-and-implementation/#3-implementation-netfilter-conntrack
- ↑ https://serverfault.com/questions/449250/monitoring-rx-tx-stats-of-current-connections-on-linux
- ↑ https://askubuntu.com/questions/257263/how-to-display-network-traffic-in-the-terminal