Network traffic

Real time each connection tracking

In freebsd, session table provides real time rx/tx information for each connection. InLinux netfilter router, connections table only includes information on end of connections by default.

from Linux kernel version >= 2.6.18, we can use conntract or conntrackd daemon, conntrack provides a full featured command line utility to interact with the connection tracking system^[1]

setup conntrack

Set nf_contrack_acct

$ sysctl -w net.netfilter.nf_conntrack_acct=1^[2]

Install contrack utility, if you do not have yet

$sudo apt-get install conntrack

List the existing flows

# conntrack -L

Filter out the listing

#conntrack -L -p tcp --dport 22

Update the ct mark

#conntrack -U -p tcp --dport 22 --mark 10

delete entries,

it can also block TCP traffic when

stateful rule-set that drops traffic in INVALID state
/proc/sys/net/netfilter/nf_conntrack_tcp_loose to zero.
# conntrack -D -p tcp --dport 22

Listen to the connection tracking events

#conntrack -E

References

[1] ttps://conntrack-tools.netfilter.org/manual.html

[2] ttps://serverfault.com/questions/449250/monitoring-rx-tx-stats-of-current-connections-on-linux

[1]

[2]

Network traffic

Contents

Real time each connection tracking

setup conntrack

List the existing flows

Filter out the listing

Update the ct mark

delete entries,

Listen to the connection tracking events

References

Navigation menu

Network traffic

Real time each connection tracking

setup conntrack

List the existing flows

Filter out the listing

Update the ct mark

delete entries,

Listen to the connection tracking events

References

Navigation menu

Search