Network traffic

From HPCWIKI
Jump to navigation Jump to search

Real time each connection tracking (Conntrack)

In freebsd, session table provides real time rx/tx information for each connection. InLinux netfilter router, connections table only includes information on end of connections by default.

from Linux kernel version >= 2.6.18, we can use conntract or conntrackd daemon[1], This tool can be used tosearch, list, inspect and maintain the connection tracking subsystem of the Linux kernel.

Conntrack points in Netfilter[2]

conntrack module traces the connection status of trackable protocols (specific protocols, not all.)

setup conntrack

Set nf_contrack_acct

$ sysctl -w net.netfilter.nf_conntrack_acct=1[3]


Install contrack utility, if you do not have yet

$sudo apt-get install conntrack

List the existing flows

# conntrack -L

Filter out the listing

#conntrack -L -p tcp --dport 22

Update the ct mark

#conntrack -U -p tcp --dport 22 --mark 10

delete entries,

it can also block TCP traffic when

  • stateful rule-set that drops traffic in INVALID state
  • /proc/sys/net/netfilter/nf_conntrack_tcp_loose to zero.
  • # conntrack -D -p tcp --dport 22

Listen to the connection tracking events

#conntrack -E

Network monitoring tools

Therer are bunch of tools are available in termal as well[4]


References

  1. https://conntrack-tools.netfilter.org/manual.html
  2. https://arthurchiao.art/blog/conntrack-design-and-implementation/#3-implementation-netfilter-conntrack
  3. https://serverfault.com/questions/449250/monitoring-rx-tx-stats-of-current-connections-on-linux
  4. https://askubuntu.com/questions/257263/how-to-display-network-traffic-in-the-terminal
Retrieved from "http://wiki.hpcmate.com/index.php?title=Network_traffic&oldid=848"