March 9, 2016

connection tracking on linux conntrack

conntrack is command line interface for netfilter connection tracking. it  can be used to search, list, inspect and maintain the connection tracking subsystem of the Linux kernel.  you can also monitor connection tracking events, e.g. show an event message (one line)  per  newly  established  connection.

1- installation
$ sudo apt-get install conntrack
$ modprobe nf_conntrack nfnetlink nf_conntrack_netlink nf_conntrack_ipv4
- verify the load modules
$ lsmod   | grep -i conn
nf_conntrack_ipv4      15012  0
nf_defrag_ipv4         12758  1 nf_conntrack_ipv4
nf_conntrack_netlink    36223  0
nf_conntrack           97202  2 nf_conntrack_netlink,nf_conntrack_ipv4
nfnetlink              14606  1 nf_conntrack_netlink

2- usages

- view realtime events with timestamp
$ sudo conntrack -E -o timestamp

- List the connection tracking
$ sudo conntrack -L

- Show source NAT connections
$ sudo conntrack -L --src-nat

