conntrack 实用程序为 Netfilter 连接跟踪系统提供了一个功能齐全的用户空间界面,旨在取代旧的 /proc/net/ip_conntrack 界面。 该工具可用于搜索、列出、检查和维护 Linux 内核的连接跟踪子系统。
使用 conntrack,您可以转储所有(或筛选出的)当前跟踪连接的列表,从状态表中删除连接,甚至添加新连接。
此外,您还可以监控连接跟踪事件,例如 每个新建立的连接显示一个事件消息(一行)。
查看连接跟踪
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
| # conntrack -L
udp 17 59 src=192.168.1.55 dst=192.168.1.255 sport=137 dport=137 [UNREPLIED] src=192.168.1.255 dst=192.168.1.55 sport=137 dport=137 mark=0 use=1
udp 17 20 src=192.168.1.55 dst=192.168.1.1 sport=63254 dport=53 src=192.168.1.1 dst=192.168.1.55 sport=53 dport=63254 mark=0 use=1
tcp 6 80 TIME_WAIT src=192.168.1.55 dst=192.168.1.1 sport=1148 dport=53 src=192.168.1.1 dst=192.168.1.55 sport=53 dport=1148 [ASSURED] mark=0 use=1
udp 17 19 src=192.168.1.1 dst=255.255.255.255 sport=67 dport=68 [UNREPLIED] src=255.255.255.255 dst=192.168.1.1 sport=68 dport=67 mark=0 use=1
udp 17 32 src=192.168.1.55 dst=192.168.1.1 sport=65523 dport=53 src=192.168.1.1 dst=192.168.1.55 sport=53 dport=65523 mark=0 use=1
udp 17 20 src=192.168.1.55 dst=192.168.1.1 sport=53188 dport=53 src=192.168.1.1 dst=192.168.1.55 sport=53 dport=53188 mark=0 use=1
udp 17 30 src=192.168.1.55 dst=239.255.255.250 sport=65519 dport=1900 [UNREPLIED] src=239.255.255.250 dst=192.168.1.55 sport=1900 dport=65519 mark=0 use=1
unknown 2 193 src=0.0.0.0 dst=224.0.0.1 [UNREPLIED] src=224.0.0.1 dst=0.0.0.0 mark=0 use=1
udp 17 12 src=192.168.1.1 dst=239.255.255.250 sport=50253 dport=1900 [UNREPLIED] src=239.255.255.250 dst=192.168.1.1 sport=1900 dport=50253 mark=0 use=1
udp 17 22 src=192.168.1.55 dst=192.168.1.1 sport=55547 dport=53 src=192.168.1.1 dst=192.168.1.55 sport=53 dport=55547 mark=0 use=1
udp 17 22 src=192.168.1.55 dst=192.168.1.1 sport=56381 dport=53 src=192.168.1.1 dst=192.168.1.55 sport=53 dport=56381 mark=0 use=1
udp 17 24 src=192.168.1.55 dst=239.255.255.250 sport=52033 dport=1900 [UNREPLIED] src=239.255.255.250 dst=192.168.1.55 sport=1900 dport=52033 mark=0 use=1
unknown 2 77 src=192.168.1.1 dst=239.255.255.250 [UNREPLIED] src=239.255.255.250 dst=192.168.1.1 mark=0 use=1
udp 17 59 src=192.168.1.55 dst=192.168.1.255 sport=138 dport=138 [UNREPLIED] src=192.168.1.255 dst=192.168.1.55 sport=138 dport=138 mark=0 use=1
udp 17 20 src=192.168.1.55 dst=192.168.1.1 sport=54512 dport=53 src=192.168.1.1 dst=192.168.1.55 sport=53 dport=54512 mark=0 use=1
unknown 2 195 src=192.168.1.55 dst=239.255.255.250 [UNREPLIED] src=239.255.255.250 dst=192.168.1.55 mark=0 use=1
udp 17 20 src=192.168.1.55 dst=192.168.1.1 sport=62502 dport=53 src=192.168.1.1 dst=192.168.1.55 sport=53 dport=62502 mark=0 use=1
tcp 6 80 TIME_WAIT src=192.168.1.55 dst=192.168.1.1 sport=1028 dport=53 src=192.168.1.1 dst=192.168.1.55 sport=53 dport=1028 [ASSURED] mark=0 use=1
udp 17 32 src=192.168.1.55 dst=192.168.1.1 sport=61572 dport=53 src=192.168.1.1 dst=192.168.1.55 sport=53 dport=61572 mark=0 use=1
udp 17 25 src=192.168.1.55 dst=192.168.1.1 sport=58096 dport=53 src=192.168.1.1 dst=192.168.1.55 sport=53 dport=58096 mark=0 use=1
udp 17 19 src=0.0.0.0 dst=255.255.255.255 sport=68 dport=67 [UNREPLIED] src=255.255.255.255 dst=0.0.0.0 sport=67 dport=68 mark=0 use=1
udp 17 25 src=192.168.1.55 dst=192.168.1.1 sport=55209 dport=53 src=192.168.1.1 dst=192.168.1.55 sport=53 dport=55209 mark=0 use=1
udp 17 20 src=192.168.1.55 dst=192.168.1.1 sport=60842 dport=53 src=192.168.1.1 dst=192.168.1.55 sport=53 dport=60842 mark=0 use=1
udp 17 26 src=192.168.1.55 dst=239.255.255.250 sport=56415 dport=1900 [UNREPLIED] src=239.255.255.250 dst=192.168.1.55 sport=1900 dport=56415 mark=0 use=2
udp 17 26 src=192.168.1.55 dst=239.255.255.250 sport=61570 dport=1900 [UNREPLIED] src=239.255.255.250 dst=192.168.1.55 sport=1900 dport=61570 mark=0 use=1
tcp 6 80 TIME_WAIT src=192.168.1.55 dst=192.168.1.1 sport=32936 dport=53 src=192.168.1.1 dst=192.168.1.55 sport=53 dport=32936 [ASSURED] mark=0 use=1
udp 17 20 src=192.168.1.55 dst=192.168.1.1 sport=50469 dport=53 src=192.168.1.1 dst=192.168.1.55 sport=53 dport=50469 mark=0 use=1
udp 17 22 src=192.168.1.55 dst=192.168.1.1 sport=61658 dport=53 src=192.168.1.1 dst=192.168.1.55 sport=53 dport=61658 mark=0 use=1
conntrack v1.0.1 (conntrack-tools): 28 flow entries have been shown.
|
参考链接
https://www.systutorials.com/docs/linux/man/8-conntrack/