Created
December 3, 2019 12:47
-
-
Save dvandok/a9b59c1700879501f3fbfc73f70c3194 to your computer and use it in GitHub Desktop.
connection tracking tester
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # compare established connections between netstat and conntrack | |
| # first argument is interface name, assume eth0 if not given | |
| if=eth0 | |
| if [ ! -z $1 ] ; then | |
| if=$1 | |
| fi | |
| ip=`ip addr show dev $if | awk '$1 == "inet" { split($2,ip,"/"); print ip[1] }'` | |
| if [ -z $ip ] ; then | |
| echo "give the interface name as the first argument" >&2 | |
| exit 1 | |
| fi | |
| # conntrack -L output format: | |
| # tcp 6 431997 ESTABLISHED src=172.23.65.2 dst=172.23.65.4 sport=57922 dport=6802 src=172.23.65.4 dst=172.23.65.2 sport=6802 dport=57922 [ASSURED] mark=0 use=1 | |
| # flow is shown both directions, so src of our ip may be in field 5 or field 9. | |
| conntrack -L 2>/dev/null | awk ' | |
| $5 == "src='$ip'" { | |
| split($5,src,"=");split($6,dst,"=");split($7,sport,"=");split($8,dport,"="); | |
| print src[2],sport[2],dst[2],dport[2]} | |
| $9 == "src='$ip'" { | |
| split($9,src,"=");split($10,dst,"=");split($11,sport,"=");split($12,dport,"="); | |
| print src[2],sport[2],dst[2],dport[2]} | |
| ' | sort > conntrack-connections | |
| netstat -tanp | grep $ip | awk '{split($4,a,":");split($5,b,":");print a[1],a[2],b[1],b[2]}' | sort > netstat-connections | |
| diff -u conntrack-connections netstat-connections | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment