ip_conntrack output

Don Lafontaine freefd@freefd.homelinux.com
Wed, 2 Jan 2002 00:53:03 -0500 

This is a multi-part message in MIME format.

------=_NextPart_000_0012_01C19327.D5468220
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

Here's a script I found to monitor the conntrack file.

Don.
----- Original Message ----- 
From: "Don Meyerson" <dmeyerson@biadvantage.com>
To: <netfilter@lists.samba.org>
Sent: Tuesday, January 01, 2002 11:09 PM
Subject: ip_conntrack output


> Hello all,
> 
> Can someone point me to documentation for reading the output of:
> 
> cat /proc/net/ip_conntrack
> 
> I'm having difficulty setting up a VPN client behind my iptables v1.2.4
> firewall and would like to dig deeper. I've read Rusty's guides as well
> as dozens of other documents, but none describe this command.
> 
> TIA,
> 
> Don Meyerson

------=_NextPart_000_0012_01C19327.D5468220
Content-Type: application/x-perl;
	name="connwatcher.pl"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
	filename="connwatcher.pl"

#!/usr/bin/perl=0A=
#=0A=
#=0A=
#                          Firewall Builder=0A=
#=0A=
#                 Copyright (C) 2001 Vadim Kurland=0A=
#=0A=
#  Author:  Vadim Kurland     vadim@vk.crocodile.org=0A=
#=0A=
#####=0A=
#=0A=
#  connwatcher.pl=0A=
#=0A=
# This script processes list of connections established through the=0A=
# firewall to make it more readable.  It also restarts itself via =
watch(1)=0A=
# to show list of connections at regular intervals=0A=
#=0A=
=0A=
=0A=
$arg=3D$ARGV[0];=0A=
=0A=
if ($arg ne "-x") {  exec "watch -n 1 $0 -x"; }=0A=
=0A=
=0A=
printf "Proto\tTimeout\t      Src            \t        Dst          =
\tStatus\n";=0A=
=0A=
open F, "cat /proc/net/ip_conntrack |" || =0A=
  die "Could not open /proc/net/ip_conntrack";=0A=
=0A=
while (<F>) {=0A=
=0A=
  $status=3D"";=0A=
=0A=
  if ($_=3D~/^tcp/ || $_=3D~/^udp/) {=0A=
    $_ =3D~ /\[(\S+)\]/;=0A=
    $status =3D $1;=0A=
=0A=
    $_ =3D~ /^(\S+)/;=0A=
    $proto =3D $1;=0A=
=0A=
    $_ =3D~ /\S+\s+\d+\s+(\d+)/;=0A=
    $n     =3D $1;=0A=
=0A=
    $_ =3D~ /src=3D(\d+\.\d+\.\d+\.\d+)/;=0A=
    $src   =3D $1;=0A=
=0A=
    $_ =3D~ /dst=3D(\d+\.\d+\.\d+\.\d+)/;=0A=
    $dst   =3D $1;=0A=
=0A=
    $_ =3D~ /sport=3D(\d+)/;=0A=
    $sport =3D $1;=0A=
=0A=
    $_ =3D~ /dport=3D(\d+)/;=0A=
    $dport =3D $1;=0A=
=0A=
  }=0A=
=0A=
  printf =
"%s\t%d\t%15s:%-5s\t%15s:%-5s\t%s\n",$proto,$n,$src,$sport,$dst,$dport,$s=
tatus;=0A=
=0A=
}=0A=
=0A=
close F;=0A=
=0A=

------=_NextPart_000_0012_01C19327.D5468220--