Instead of running a sniffer (like tcpdump and Co) and manually decode the traffic, I want to use
the "nf_conntrack" module to track new, incoming packets at my firewall, because conntrack already
knows, which packets are "cross-firewall". But conntrack does not give packet information.
If one runs:
Code: Select all
conntrack -E -e new -o id,timestamp,ktimestamp
Code: Select all
[NEW] ipv4 2 udp 17 30 src=192.168.26.150 dst=192.168.26.254 sport=123 dport=123 [UNREPLIED] src=192.168.26.254 dst=192.168.26.150 sport=123 dport=123 id=1339159792
beeing one (1), but there is a payload, which is not given!
If one may wait for the "destroy" event, these information are there:
Code: Select all
[DESTROY] ipv4 2 udp 17 src=192.168.26.150 dst=192.168.26.254 sport=123 dport=123 packets=1 bytes=76 src=192.168.26.254 dst=192.168.26.150 sport=123 dport=123 packets=1 bytes=76 delta-time=30 id=91791024
If there is no way to configure "nf_conntrack", which other tool can be used for this ??
Thanks anyway,
Manfred