Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Enhanced nf_conntrack configuration

Linux Kernel, Network, and Services configuration.
Post Reply
Message
Author
User avatar
mabra
Posts: 110
Joined: 2010-10-16 16:53

Enhanced nf_conntrack configuration

#1 Post by mabra »

Hello!

Instead of running a sniffer (like tcpdump and Co) and manually decode the traffic, I want to use
the "nf_conntrack" module to track new, incoming packets at my firewall, because conntrack already
knows, which packets are "cross-firewall". But conntrack does not give packet information.
If one runs:

Code: Select all

conntrack -E -e new -o id,timestamp,ktimestamp
it returns output like this:

Code: Select all

[NEW] ipv4     2 udp      17 30 src=192.168.26.150 dst=192.168.26.254 sport=123 dport=123 [UNREPLIED] src=192.168.26.254 dst=192.168.26.150 sport=123 dport=123 id=1339159792
This output has no packet information. Though, for the first packet it is to expect
beeing one (1), but there is a payload, which is not given!
If one may wait for the "destroy" event, these information are there:

Code: Select all

[DESTROY] ipv4     2 udp      17 src=192.168.26.150 dst=192.168.26.254 sport=123 dport=123 packets=1 bytes=76 src=192.168.26.254 dst=192.168.26.150 sport=123 dport=123 packets=1 bytes=76 delta-time=30 id=91791024
But this is really a bad idea - it requires me to wait, at least for tcp-connections, for hours.
If there is no way to configure "nf_conntrack", which other tool can be used for this ??

Thanks anyway,
Manfred
Top
Post Reply

Return to “System and Network configuration”