Enhanced nf_conntrack configuration

Kernels & Hardware, configuring network, installing services

Enhanced nf_conntrack configuration

Postby mabra » 2017-02-12 21:36

Hello!

Instead of running a sniffer (like tcpdump and Co) and manually decode the traffic, I want to use
the "nf_conntrack" module to track new, incoming packets at my firewall, because conntrack already
knows, which packets are "cross-firewall". But conntrack does not give packet information.
If one runs:
Code: Select all
conntrack -E -e new -o id,timestamp,ktimestamp

it returns output like this:
Code: Select all
[NEW] ipv4     2 udp      17 30 src=192.168.26.150 dst=192.168.26.254 sport=123 dport=123 [UNREPLIED] src=192.168.26.254 dst=192.168.26.150 sport=123 dport=123 id=1339159792

This output has no packet information. Though, for the first packet it is to expect
beeing one (1), but there is a payload, which is not given!
If one may wait for the "destroy" event, these information are there:
Code: Select all
[DESTROY] ipv4     2 udp      17 src=192.168.26.150 dst=192.168.26.254 sport=123 dport=123 packets=1 bytes=76 src=192.168.26.254 dst=192.168.26.150 sport=123 dport=123 packets=1 bytes=76 delta-time=30 id=91791024

But this is really a bad idea - it requires me to wait, at least for tcp-connections, for hours.
If there is no way to configure "nf_conntrack", which other tool can be used for this ??

Thanks anyway,
Manfred
User avatar
mabra
 
Posts: 74
Joined: 2010-10-16 16:53

Return to System configuration

Who is online

Users browsing this forum: No registered users and 7 guests

fashionable