Skip to content

Instantly share code, notes, and snippets.

@iamtakingiteasy

iamtakingiteasy/009_actual-values.md

Last active August 27, 2019 22:43
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save iamtakingiteasy/ba038c7e7c4f39a93090064af832e9ef to your computer and use it in GitHub Desktop.
Save iamtakingiteasy/ba038c7e7c4f39a93090064af832e9ef to your computer and use it in GitHub Desktop.
Download ZIP
Raw
009_actual-values.md 
# for v in /proc/sys/net/netfilter/nf_*; do [ -d $v ] && continue; echo $v; cat $v; done
/proc/sys/net/netfilter/nf_conntrack_acct
0
/proc/sys/net/netfilter/nf_conntrack_buckets
65536
/proc/sys/net/netfilter/nf_conntrack_checksum
1
/proc/sys/net/netfilter/nf_conntrack_count
650
/proc/sys/net/netfilter/nf_conntrack_dccp_loose
1
/proc/sys/net/netfilter/nf_conntrack_dccp_timeout_closereq
64
/proc/sys/net/netfilter/nf_conntrack_dccp_timeout_closing
64
/proc/sys/net/netfilter/nf_conntrack_dccp_timeout_open
43200
/proc/sys/net/netfilter/nf_conntrack_dccp_timeout_partopen
480
/proc/sys/net/netfilter/nf_conntrack_dccp_timeout_request
240
/proc/sys/net/netfilter/nf_conntrack_dccp_timeout_respond
480
/proc/sys/net/netfilter/nf_conntrack_dccp_timeout_timewait
240
/proc/sys/net/netfilter/nf_conntrack_events
1
/proc/sys/net/netfilter/nf_conntrack_expect_max
1024
/proc/sys/net/netfilter/nf_conntrack_frag6_high_thresh
4194304
/proc/sys/net/netfilter/nf_conntrack_frag6_low_thresh
3145728
/proc/sys/net/netfilter/nf_conntrack_frag6_timeout
60
/proc/sys/net/netfilter/nf_conntrack_generic_timeout
600
/proc/sys/net/netfilter/nf_conntrack_gre_timeout
30
/proc/sys/net/netfilter/nf_conntrack_gre_timeout_stream
180
/proc/sys/net/netfilter/nf_conntrack_helper
0
/proc/sys/net/netfilter/nf_conntrack_icmp_timeout
30
/proc/sys/net/netfilter/nf_conntrack_icmpv6_timeout
30
/proc/sys/net/netfilter/nf_conntrack_log_invalid
0
/proc/sys/net/netfilter/nf_conntrack_max
262144
/proc/sys/net/netfilter/nf_conntrack_sctp_timeout_closed
10
/proc/sys/net/netfilter/nf_conntrack_sctp_timeout_cookie_echoed
3
/proc/sys/net/netfilter/nf_conntrack_sctp_timeout_cookie_wait
3
/proc/sys/net/netfilter/nf_conntrack_sctp_timeout_established
432000
/proc/sys/net/netfilter/nf_conntrack_sctp_timeout_heartbeat_acked
210
/proc/sys/net/netfilter/nf_conntrack_sctp_timeout_heartbeat_sent
30
/proc/sys/net/netfilter/nf_conntrack_sctp_timeout_shutdown_ack_sent
3
/proc/sys/net/netfilter/nf_conntrack_sctp_timeout_shutdown_recd
0
/proc/sys/net/netfilter/nf_conntrack_sctp_timeout_shutdown_sent
0
/proc/sys/net/netfilter/nf_conntrack_tcp_be_liberal
0
/proc/sys/net/netfilter/nf_conntrack_tcp_loose
1
/proc/sys/net/netfilter/nf_conntrack_tcp_max_retrans
3
/proc/sys/net/netfilter/nf_conntrack_tcp_timeout_close
10
/proc/sys/net/netfilter/nf_conntrack_tcp_timeout_close_wait
60
/proc/sys/net/netfilter/nf_conntrack_tcp_timeout_established
432000
/proc/sys/net/netfilter/nf_conntrack_tcp_timeout_fin_wait
120
/proc/sys/net/netfilter/nf_conntrack_tcp_timeout_last_ack
30
/proc/sys/net/netfilter/nf_conntrack_tcp_timeout_max_retrans
300
/proc/sys/net/netfilter/nf_conntrack_tcp_timeout_syn_recv
60
/proc/sys/net/netfilter/nf_conntrack_tcp_timeout_syn_sent
120
/proc/sys/net/netfilter/nf_conntrack_tcp_timeout_time_wait
120
/proc/sys/net/netfilter/nf_conntrack_tcp_timeout_unacknowledged
300
/proc/sys/net/netfilter/nf_conntrack_timestamp
0
/proc/sys/net/netfilter/nf_conntrack_udp_timeout
30
/proc/sys/net/netfilter/nf_conntrack_udp_timeout_stream
120
/proc/sys/net/netfilter/nf_log_all_netns
0
Raw
010_conntrack_L.md 
tcp      6 430903 ESTABLISHED src=192.168.1.96 dst=192.168.1.1 sport=43814 dport=22 src=192.168.1.1 dst=192.168.1.96 sport=22 dport=43814 [ASSURED] mark=0 use=1
udp      17 23 src=69.113.63.231 dst=94.29.75.38 sport=64844 dport=8999 [UNREPLIED] src=94.29.75.38 dst=69.113.63.231 sport=8999 dport=64844 mark=0 delta-time=6 use=1
tcp      6 431963 ESTABLISHED src=192.168.1.96 dst=13.94.251.244 sport=48910 dport=443 src=13.94.251.244 dst=94.29.75.38 sport=443 dport=48910 [ASSURED] mark=0 delta-time=36 use=1
tcp      6 430016 ESTABLISHED src=192.168.1.96 dst=192.168.1.1 sport=39940 dport=22 src=192.168.1.1 dst=192.168.1.96 sport=22 dport=39940 [ASSURED] mark=0 use=1
tcp      6 431960 ESTABLISHED src=192.168.1.96 dst=151.101.1.69 sport=35890 dport=443 src=151.101.1.69 dst=94.29.75.38 sport=443 dport=35890 [ASSURED] mark=0 delta-time=132 use=1
udp      17 24 src=192.168.1.96 dst=8.8.4.4 sport=47027 dport=53 src=8.8.4.4 dst=94.29.75.38 sport=53 dport=47027 mark=0 delta-time=5 use=1
tcp      6 286 ESTABLISHED src=192.168.1.96 dst=140.82.114.25 sport=42912 dport=443 src=140.82.114.25 dst=94.29.75.38 sport=443 dport=42912 [ASSURED] mark=0 delta-time=130 use=1
tcp      6 431997 ESTABLISHED src=192.168.1.96 dst=195.137.187.200 sport=57044 dport=443 src=195.137.187.200 dst=94.29.75.38 sport=443 dport=57044 [ASSURED] mark=0 delta-time=18 use=1
tcp      6 431999 ESTABLISHED src=192.168.1.96 dst=192.168.1.1 sport=59058 dport=4713 src=192.168.1.1 dst=192.168.1.96 sport=4713 dport=59058 [ASSURED] mark=0 use=1
tcp      6 431999 ESTABLISHED src=139.59.105.141 dst=94.29.75.38 sport=35206 dport=22 src=94.29.75.38 dst=139.59.105.141 sport=22 dport=35206 [ASSURED] mark=0 delta-time=1 use=1
tcp      6 431985 ESTABLISHED src=192.168.1.96 dst=35.244.165.121 sport=57540 dport=443 src=35.244.165.121 dst=94.29.75.38 sport=443 dport=57540 [ASSURED] mark=0 delta-time=14 use=1
tcp      6 431955 ESTABLISHED src=192.168.1.96 dst=198.252.206.25 sport=40744 dport=443 src=198.252.206.25 dst=94.29.75.38 sport=443 dport=40744 [ASSURED] mark=0 delta-time=91 use=1
tcp      6 431993 ESTABLISHED src=192.168.1.96 dst=13.69.188.18 sport=53469 dport=443 src=13.69.188.18 dst=94.29.75.38 sport=443 dport=53469 [ASSURED] mark=0 delta-time=117 use=1
tcp      6 431988 ESTABLISHED src=192.168.1.115 dst=74.125.205.188 sport=37580 dport=5228 src=74.125.205.188 dst=94.29.75.38 sport=5228 dport=37580 [ASSURED] mark=0 delta-time=12 use=1
tcp      6 8 TIME_WAIT src=46.105.94.103 dst=94.29.75.38 sport=33818 dport=22 src=94.29.75.38 dst=46.105.94.103 sport=22 dport=33818 [ASSURED] mark=0 delta-time=117 use=1
icmp     1 1 src=93.158.153.76 dst=94.29.75.38 type=8 code=0 id=11916 src=94.29.75.38 dst=93.158.153.76 type=0 code=0 id=11916 mark=0 delta-time=29 use=1
tcp      6 431339 ESTABLISHED src=192.168.1.96 dst=192.168.1.1 sport=54432 dport=22 src=192.168.1.1 dst=192.168.1.96 sport=22 dport=54432 [ASSURED] mark=0 use=1
tcp      6 5 CLOSE src=218.92.0.187 dst=94.29.75.38 sport=61003 dport=22 src=94.29.75.38 dst=218.92.0.187 sport=22 dport=61003 [ASSURED] mark=0 delta-time=31 use=2
tcp      6 431961 ESTABLISHED src=192.168.1.96 dst=192.30.253.125 sport=49722 dport=443 src=192.30.253.125 dst=94.29.75.38 sport=443 dport=49722 [ASSURED] mark=0 delta-time=93 use=1
tcp      6 431968 ESTABLISHED src=192.168.1.96 dst=173.194.222.188 sport=56728 dport=5228 src=173.194.222.188 dst=94.29.75.38 sport=5228 dport=56728 [ASSURED] mark=0 delta-time=124 use=1
tcp      6 431960 ESTABLISHED src=192.168.1.96 dst=104.16.24.34 sport=35600 dport=443 src=104.16.24.34 dst=94.29.75.38 sport=443 dport=35600 [ASSURED] mark=0 delta-time=132 use=1
tcp      6 431999 ESTABLISHED src=218.92.0.187 dst=94.29.75.38 sport=14297 dport=22 src=94.29.75.38 dst=218.92.0.187 sport=22 dport=14297 [ASSURED] mark=0 delta-time=14 use=1
udp      17 28 src=10.142.128.1 dst=255.255.255.255 sport=67 dport=68 [UNREPLIED] src=255.255.255.255 dst=10.142.128.1 sport=68 dport=67 mark=0 use=1
tcp      6 275 ESTABLISHED src=192.168.1.96 dst=198.252.206.25 sport=33208 dport=443 src=198.252.206.25 dst=94.29.75.38 sport=443 dport=33208 [ASSURED] mark=0 delta-time=95 use=1
tcp      6 431999 ESTABLISHED src=192.168.1.96 dst=162.159.134.234 sport=59946 dport=443 src=162.159.134.234 dst=94.29.75.38 sport=443 dport=59946 [ASSURED] mark=0 delta-time=125 use=1
tcp      6 431963 ESTABLISHED src=192.168.1.96 dst=68.232.34.200 sport=52844 dport=443 src=68.232.34.200 dst=94.29.75.38 sport=443 dport=52844 [ASSURED] mark=0 delta-time=36 use=1
udp      17 18 src=195.66.201.230 dst=94.29.75.38 sport=40373 dport=8999 [UNREPLIED] src=94.29.75.38 dst=195.66.201.230 sport=8999 dport=40373 mark=0 delta-time=11 use=1
tcp      6 88 TIME_WAIT src=154.70.200.111 dst=94.29.75.38 sport=35196 dport=22 src=94.29.75.38 dst=154.70.200.111 sport=22 dport=35196 [ASSURED] mark=0 delta-time=37 use=1
icmp     1 3 src=80.239.201.237 dst=94.29.75.38 type=8 code=0 id=43654 src=94.29.75.38 dst=80.239.201.237 type=0 code=0 id=43654 mark=0 delta-time=26 use=1
tcp      6 1 TIME_WAIT src=34.245.173.39 dst=94.29.75.38 sport=42694 dport=22 src=94.29.75.38 dst=34.245.173.39 sport=22 dport=42694 [ASSURED] mark=0 delta-time=121 use=1
tcp      6 431999 ESTABLISHED src=192.168.1.1 dst=192.168.1.96 sport=4713 dport=59054 src=192.168.1.96 dst=192.168.1.1 sport=59054 dport=4713 [ASSURED] mark=0 use=1
tcp      6 261 ESTABLISHED src=192.168.1.96 dst=140.82.113.25 sport=44152 dport=443 src=140.82.113.25 dst=94.29.75.38 sport=443 dport=44152 [ASSURED] mark=0 delta-time=102 use=1
udp      17 24 src=37.79.68.162 dst=94.29.75.38 sport=8621 dport=8999 [UNREPLIED] src=94.29.75.38 dst=37.79.68.162 sport=8999 dport=8621 mark=0 delta-time=5 use=1
tcp      6 431985 ESTABLISHED src=192.168.1.96 dst=198.252.206.25 sport=35242 dport=443 src=198.252.206.25 dst=94.29.75.38 sport=443 dport=35242 [ASSURED] mark=0 delta-time=132 use=1
tcp      6 431988 ESTABLISHED src=192.168.1.115 dst=173.194.73.94 sport=44749 dport=80 src=173.194.73.94 dst=94.29.75.38 sport=80 dport=44749 [ASSURED] mark=0 delta-time=12 use=1
udp      17 18 src=192.168.1.115 dst=8.8.8.8 sport=17394 dport=53 src=8.8.8.8 dst=94.29.75.38 sport=53 dport=17394 mark=0 delta-time=12 use=1
tcp      6 262 ESTABLISHED src=192.168.1.96 dst=52.171.217.9 sport=46688 dport=443 src=52.171.217.9 dst=94.29.75.38 sport=443 dport=46688 [ASSURED] mark=0 delta-time=122 use=1
tcp      6 65 TIME_WAIT src=45.178.128.41 dst=94.29.75.38 sport=38684 dport=22 src=94.29.75.38 dst=45.178.128.41 sport=22 dport=38684 [ASSURED] mark=0 delta-time=59 use=1
tcp      6 42 TIME_WAIT src=192.168.1.96 dst=35.244.165.121 sport=57256 dport=443 src=35.244.165.121 dst=94.29.75.38 sport=443 dport=57256 [ASSURED] mark=0 delta-time=107 use=1
udp      17 117 src=192.168.1.51 dst=155.133.248.52 sport=49894 dport=27017 src=155.133.248.52 dst=94.29.75.38 sport=27017 dport=26974 [ASSURED] mark=0 delta-time=129 use=1
tcp      6 430645 ESTABLISHED src=192.168.1.96 dst=192.168.1.1 sport=58856 dport=22 src=192.168.1.1 dst=192.168.1.96 sport=22 dport=58856 [ASSURED] mark=0 delta-time=1413 use=1
tcp      6 104 TIME_WAIT src=192.168.1.96 dst=35.244.165.121 sport=57444 dport=443 src=35.244.165.121 dst=94.29.75.38 sport=443 dport=57444 [ASSURED] mark=0 delta-time=45 use=1
tcp      6 249 ESTABLISHED src=192.168.1.96 dst=195.137.187.200 sport=56608 dport=443 [UNREPLIED] src=195.137.187.200 dst=94.29.75.38 sport=443 dport=56608 mark=0 delta-time=121 use=1
tcp      6 73 TIME_WAIT src=192.168.1.96 dst=35.244.165.121 sport=57350 dport=443 src=35.244.165.121 dst=94.29.75.38 sport=443 dport=57350 [ASSURED] mark=0 delta-time=76 use=1
tcp      6 44 TIME_WAIT src=119.2.84.138 dst=94.29.75.38 sport=43052 dport=22 src=94.29.75.38 dst=119.2.84.138 sport=22 dport=43052 [ASSURED] mark=0 delta-time=79 use=1
udp      17 28 src=94.29.72.1 dst=255.255.255.255 sport=67 dport=68 [UNREPLIED] src=255.255.255.255 dst=94.29.72.1 sport=68 dport=67 mark=0 delta-time=29 use=1
tcp      6 292 ESTABLISHED src=192.168.1.96 dst=52.114.77.33 sport=41342 dport=443 src=52.114.77.33 dst=94.29.75.38 sport=443 dport=41342 [ASSURED] mark=0 delta-time=129 use=1
tcp      6 431995 ESTABLISHED src=192.168.1.96 dst=13.107.3.128 sport=57078 dport=443 src=13.107.3.128 dst=94.29.75.38 sport=443 dport=57078 [ASSURED] mark=0 delta-time=5 use=1
udp      17 18 src=192.168.1.115 dst=8.8.8.8 sport=12780 dport=53 src=8.8.8.8 dst=94.29.75.38 sport=53 dport=12780 mark=0 delta-time=12 use=1
tcp      6 431978 ESTABLISHED src=192.168.1.96 dst=52.171.217.9 sport=46994 dport=443 src=52.171.217.9 dst=94.29.75.38 sport=443 dport=46994 [ASSURED] mark=0 delta-time=68 use=1
tcp      6 260 ESTABLISHED src=192.168.1.96 dst=140.82.113.25 sport=44146 dport=443 src=140.82.113.25 dst=94.29.75.38 sport=443 dport=44146 [ASSURED] mark=0 delta-time=103 use=1
tcp      6 65 TIME_WAIT src=139.59.4.57 dst=94.29.75.38 sport=34638 dport=22 src=94.29.75.38 dst=139.59.4.57 sport=22 dport=34638 [ASSURED] mark=0 delta-time=60 use=1
tcp      6 431988 ESTABLISHED src=192.168.1.115 dst=8.8.4.4 sport=49788 dport=853 src=8.8.4.4 dst=94.29.75.38 sport=853 dport=49788 [ASSURED] mark=0 delta-time=12 use=1
tcp      6 431988 ESTABLISHED src=192.168.1.115 dst=64.233.165.105 sport=44226 dport=443 src=64.233.165.105 dst=94.29.75.38 sport=443 dport=44226 [ASSURED] mark=0 delta-time=12 use=1
udp      17 26 src=10.108.192.1 dst=255.255.255.255 sport=67 dport=68 [UNREPLIED] src=255.255.255.255 dst=10.108.192.1 sport=68 dport=67 mark=0 delta-time=3 use=2
tcp      6 300 ESTABLISHED src=192.168.1.96 dst=192.168.1.1 sport=60226 dport=22 src=192.168.1.1 dst=192.168.1.96 sport=22 dport=60226 [ASSURED] mark=0 delta-time=981 use=2
tcp      6 431987 ESTABLISHED src=192.168.1.96 dst=94.29.74.28 sport=48484 dport=22 src=94.29.74.28 dst=94.29.75.38 sport=22 dport=48484 [ASSURED] mark=0 delta-time=134 use=1
tcp      6 430019 ESTABLISHED src=192.168.1.96 dst=192.168.1.1 sport=40432 dport=22 src=192.168.1.1 dst=192.168.1.96 sport=22 dport=40432 [ASSURED] mark=0 use=1
tcp      6 13 CLOSE src=192.168.1.96 dst=13.107.4.52 sport=40088 dport=80 src=13.107.4.52 dst=94.29.75.38 sport=80 dport=40088 [ASSURED] mark=0 delta-time=72 use=1
tcp      6 431960 ESTABLISHED src=192.168.1.96 dst=23.46.121.122 sport=40476 dport=443 src=23.46.121.122 dst=94.29.75.38 sport=443 dport=40476 [ASSURED] mark=0 delta-time=132 use=1
Raw
interesting.md

Some additional patterns:

[secs=1566942595 nanos=280434408] [NEW] tcp      6 120 SYN_SENT src=192.168.1.96 dst=109.74.196.48 sport=43848 dport=8267 [UNREPLIED] src=109.74.196.48 dst=94.29.75.38 sport=8267 dport=43848
[secs=1566942595 nanos=335179428] [UPDATE] tcp      6 60 SYN_RECV src=192.168.1.96 dst=109.74.196.48 sport=43848 dport=8267 src=109.74.196.48 dst=94.29.75.38 sport=8267 dport=43848
[secs=1566942595 nanos=336996960] [UPDATE] tcp      6 431999 ESTABLISHED src=192.168.1.96 dst=109.74.196.48 sport=43848 dport=8267 src=109.74.196.48 dst=94.29.75.38 sport=8267 dport=43848 [ASSURED]
[secs=1566942624 nanos=457613498] [DESTROY] tcp      6 src=192.168.1.96 dst=109.74.196.48 sport=43848 dport=8267 src=109.74.196.48 dst=94.29.75.38 sport=8267 dport=43848 [ASSURED] delta-time=29
[secs=1566942624 nanos=503484087] [NEW] tcp      6 300 ESTABLISHED src=192.168.1.96 dst=109.74.196.48 sport=43848 dport=8267 [UNREPLIED] src=109.74.196.48 dst=94.29.75.38 sport=8267 dport=43848
[secs=1566942624 nanos=567847943] [UPDATE] tcp      6 300 src=192.168.1.96 dst=109.74.196.48 sport=43848 dport=8267 src=109.74.196.48 dst=94.29.75.38 sport=8267 dport=43848
[secs=1566942624 nanos=629811625] [UPDATE] tcp      6 432000 src=192.168.1.96 dst=109.74.196.48 sport=43848 dport=8267 src=109.74.196.48 dst=94.29.75.38 sport=8267 dport=43848 [ASSURED]
[secs=1566942771 nanos=450694002] [DESTROY] tcp      6 src=192.168.1.96 dst=109.74.196.48 sport=43848 dport=8267 src=109.74.196.48 dst=94.29.75.38 sport=8267 dport=43848 [ASSURED] delta-time=147
[secs=1566942771 nanos=503377099] [NEW] tcp      6 300 ESTABLISHED src=192.168.1.96 dst=109.74.196.48 sport=43848 dport=8267 [UNREPLIED] src=109.74.196.48 dst=94.29.75.38 sport=8267 dport=43848
[secs=1566942771 nanos=595106952] [UPDATE] tcp      6 300 src=192.168.1.96 dst=109.74.196.48 sport=43848 dport=8267 src=109.74.196.48 dst=94.29.75.38 sport=8267 dport=43848
[secs=1566942771 nanos=660147761] [UPDATE] tcp      6 432000 src=192.168.1.96 dst=109.74.196.48 sport=43848 dport=8267 src=109.74.196.48 dst=94.29.75.38 sport=8267 dport=43848 [ASSURED]
[secs=1566942919 nanos=752107672] [DESTROY] tcp      6 src=192.168.1.96 dst=109.74.196.48 sport=43848 dport=8267 src=109.74.196.48 dst=94.29.75.38 sport=8267 dport=43848 [ASSURED] delta-time=148
[secs=1566942919 nanos=814892655] [NEW] tcp      6 300 ESTABLISHED src=109.74.196.48 dst=94.29.75.38 sport=8267 dport=43848 [UNREPLIED] src=94.29.75.38 dst=109.74.196.48 sport=43848 dport=8267
[secs=1566942919 nanos=816622510] [DESTROY] tcp      6 src=109.74.196.48 dst=94.29.75.38 sport=8267 dport=43848 [UNREPLIED] src=94.29.75.38 dst=109.74.196.48 sport=43848 dport=8267 delta-time=0
[secs=1566942919 nanos=984190771] [NEW] tcp      6 300 ESTABLISHED src=109.74.196.48 dst=94.29.75.38 sport=8267 dport=43848 [UNREPLIED] src=94.29.75.38 dst=109.74.196.48 sport=43848 dport=8267
[secs=1566942919 nanos=985900796] [DESTROY] tcp      6 src=109.74.196.48 dst=94.29.75.38 sport=8267 dport=43848 [UNREPLIED] src=94.29.75.38 dst=109.74.196.48 sport=43848 dport=8267 delta-time=0
[secs=1566942920 nanos=287644276] [NEW] tcp      6 300 ESTABLISHED src=109.74.196.48 dst=94.29.75.38 sport=8267 dport=43848 [UNREPLIED] src=94.29.75.38 dst=109.74.196.48 sport=43848 dport=8267
[secs=1566942920 nanos=289343491] [DESTROY] tcp      6 src=109.74.196.48 dst=94.29.75.38 sport=8267 dport=43848 [UNREPLIED] src=94.29.75.38 dst=109.74.196.48 sport=43848 dport=8267 delta-time=0
[secs=1566942980 nanos=476878015] [NEW] tcp      6 300 ESTABLISHED src=192.168.1.96 dst=109.74.196.48 sport=43848 dport=8267 [UNREPLIED] src=109.74.196.48 dst=94.29.75.38 sport=8267 dport=43848
[secs=1566942980 nanos=531602791] [DESTROY] tcp      6 src=192.168.1.96 dst=109.74.196.48 sport=43848 dport=8267 [UNREPLIED] src=109.74.196.48 dst=94.29.75.38 sport=8267 dport=43848 delta-time=0
Raw
log.md

Info

Local interface (NATed client) tshark -f 'tcp port 8267'

tshark -l -i br0 -f 'tcp port 8267' 2>/dev/null | while read line; do echo "$(date +'[secs=%s nanos=%N]') $line"; done

... normal conversation skip ...

[secs=1566941143 nanos=495972510] 1174 79.662242577 192.168.1.96 → 109.74.196.48 TCP 66 39134 → 8267 [ACK] Seq=98 Ack=898905 Win=460672 Len=0 TSval=2163745769 TSecr=4026821142
[secs=1566941143 nanos=497785746] 1175 79.820686287 109.74.196.48 → 192.168.1.96 TCP 1319 8267 → 39134 [PSH, ACK] Seq=898905 Ack=98 Win=65152 Len=1253 TSval=4026821302 TSecr=2163745769 [TCP segment of a reassembled PDU]
[secs=1566941143 nanos=499434226] 1176 79.822029067 192.168.1.96 → 109.74.196.48 TCP 66 39134 → 8267 [ACK] Seq=98 Ack=900158 Win=460672 Len=0 TSval=2163745928 TSecr=4026821302
[secs=1566941143 nanos=501108943] 1177 79.981287802 109.74.196.48 → 192.168.1.96 TCP 1529 8267 → 39134 [PSH, ACK] Seq=900158 Ack=98 Win=65152 Len=1463 TSval=4026821463 TSecr=2163745928 [TCP segment of a reassembled PDU]
[secs=1566941143 nanos=502755781] 1178 79.983946900 192.168.1.96 → 109.74.196.48 TCP 66 39134 → 8267 [ACK] Seq=98 Ack=901621 Win=460288 Len=0 TSval=2163746090 TSecr=4026821463
[secs=1566941144 nanos=024024714] 1179 80.292358511 109.74.196.48 → 192.168.1.96 TCP 1514 8267 → 39134 [ACK] Seq=901621 Ack=98 Win=65152 Len=1448 TSval=4026821774 TSecr=2163746090 [TCP segment of a reassembled PDU]
[secs=1566941144 nanos=025896324] 1180 80.292608483 109.74.196.48 → 192.168.1.96 TCP 708 8267 → 39134 [PSH, ACK] Seq=903069 Ack=98 Win=65152 Len=642 TSval=4026821774 TSecr=2163746090 [TCP segment of a reassembled PDU]
[secs=1566941144 nanos=027520301] 1181 80.374625164 192.168.1.96 → 109.74.196.48 TCP 66 39134 → 8267 [ACK] Seq=98 Ack=903711 Win=458624 Len=0 TSval=2163746481 TSecr=4026821774
[secs=1566941144 nanos=029181506] 1182 80.458230140 109.74.196.48 → 192.168.1.96 TCP 1514 8267 → 39134 [ACK] Seq=903711 Ack=98 Win=65152 Len=1448 TSval=4026821940 TSecr=2163746481 [TCP segment of a reassembled PDU]
[secs=1566941144 nanos=030910265] 1183 80.458472575 109.74.196.48 → 192.168.1.96 TCP 290 8267 → 39134 [PSH, ACK] Seq=905159 Ack=98 Win=65152 Len=224 TSval=4026821940 TSecr=2163746481 [TCP segment of a reassembled PDU]
[secs=1566941144 nanos=032604519] 1184 80.460491353 192.168.1.96 → 109.74.196.48 TCP 66 39134 → 8267 [ACK] Seq=98 Ack=905383 Win=458624 Len=0 TSval=2163746567 TSecr=4026821940
[secs=1566941144 nanos=557428633] 1185 80.619269852 109.74.196.48 → 192.168.1.96 TCP 1320 8267 → 39134 [PSH, ACK] Seq=905383 Ack=98 Win=65152 Len=1254 TSval=4026822101 TSecr=2163746567 [TCP segment of a reassembled PDU]
[secs=1566941144 nanos=559157813] 1186 80.621561587 192.168.1.96 → 109.74.196.48 TCP 66 39134 → 8267 [ACK] Seq=98 Ack=906637 Win=460672 Len=0 TSval=2163746728 TSecr=4026822101
[secs=1566941144 nanos=560950912] 1187 80.781958784 109.74.196.48 → 192.168.1.96 TCP 1320 8267 → 39134 [PSH, ACK] Seq=906637 Ack=98 Win=65152 Len=1254 TSval=4026822264 TSecr=2163746728 [TCP segment of a reassembled PDU]
[secs=1566941144 nanos=562570094] 1188 80.783714625 192.168.1.96 → 109.74.196.48 TCP 66 39134 → 8267 [ACK] Seq=98 Ack=907891 Win=460672 Len=0 TSval=2163746890 TSecr=4026822264
[secs=1566941144 nanos=564273494] 1189 80.941599560 109.74.196.48 → 192.168.1.96 TCP 1320 8267 → 39134 [PSH, ACK] Seq=907891 Ack=98 Win=65152 Len=1254 TSval=4026822423 TSecr=2163746890 [TCP segment of a reassembled PDU]
[secs=1566941144 nanos=566017304] 1190 80.944427469 192.168.1.96 → 109.74.196.48 TCP 66 39134 → 8267 [ACK] Seq=98 Ack=909145 Win=460672 Len=0 TSval=2163747051 TSecr=4026822423
[secs=1566941144 nanos=567654813] 1191 81.102350485 109.74.196.48 → 192.168.1.96 TCP 1319 8267 → 39134 [PSH, ACK] Seq=909145 Ack=98 Win=65152 Len=1253 TSval=4026822584 TSecr=2163747051 [TCP segment of a reassembled PDU]
[secs=1566941144 nanos=569280027] 1192 81.103624604 192.168.1.96 → 109.74.196.48 TCP 66 39134 → 8267 [ACK] Seq=98 Ack=910398 Win=460672 Len=0 TSval=2163747210 TSecr=4026822584

long pause here

[secs=1566941206 nanos=140903213] 1193 142.362651441 192.168.1.96 → 109.74.196.48 TCP 66 [TCP Keep-Alive] 39134 → 8267 [ACK] Seq=97 Ack=910398 Win=460672 Len=0 TSval=2163808469 TSecr=4026822584
[secs=1566941206 nanos=142507954] 1194 142.413080492 109.74.196.48 → 192.168.1.96 TCP 54 8267 → 39134 [RST] Seq=910398 Win=0 Len=0

External interface (WAN) tshark -f 'tcp port 8267'

tshark -l -i enp0s31f6 -f 'tcp port 8267' 2>/dev/null | while read line; do echo "$(date +'[secs=%s nanos=%N]') $line"; done

... normal conversation skip ...

[secs=1566941143 nanos=732469189] 1176 79.821987315  94.29.75.38 → 109.74.196.48 TCP 66 39134 → 8267 [ACK] Seq=98 Ack=900158 Win=460672 Len=0 TSval=2163745928 TSecr=4026821302
[secs=1566941143 nanos=734139184] 1177 79.981208188 109.74.196.48 → 94.29.75.38  TCP 1529 8267 → 39134 [PSH, ACK] Seq=900158 Ack=98 Win=65152 Len=1463 TSval=4026821463 TSecr=2163745928 [TCP segment of a reassembled PDU]
[secs=1566941143 nanos=735765003] 1178 79.983904681  94.29.75.38 → 109.74.196.48 TCP 66 39134 → 8267 [ACK] Seq=98 Ack=901621 Win=460288 Len=0 TSval=2163746090 TSecr=4026821463
[secs=1566941143 nanos=737504820] 1179 80.292282689 109.74.196.48 → 94.29.75.38  TCP 1514 8267 → 39134 [ACK] Seq=901621 Ack=98 Win=65152 Len=1448 TSval=4026821774 TSecr=2163746090 [TCP segment of a reassembled PDU]
[secs=1566941143 nanos=739219284] 1180 80.292538323 109.74.196.48 → 94.29.75.38  TCP 708 8267 → 39134 [PSH, ACK] Seq=903069 Ack=98 Win=65152 Len=642 TSval=4026821774 TSecr=2163746090 [TCP segment of a reassembled PDU]
[secs=1566941144 nanos=264015594] 1181 80.374592171  94.29.75.38 → 109.74.196.48 TCP 66 39134 → 8267 [ACK] Seq=98 Ack=903711 Win=458624 Len=0 TSval=2163746481 TSecr=4026821774
[secs=1566941144 nanos=265740702] 1182 80.458154559 109.74.196.48 → 94.29.75.38  TCP 1514 8267 → 39134 [ACK] Seq=903711 Ack=98 Win=65152 Len=1448 TSval=4026821940 TSecr=2163746481 [TCP segment of a reassembled PDU]
[secs=1566941144 nanos=267362859] 1183 80.458408099 109.74.196.48 → 94.29.75.38  TCP 290 8267 → 39134 [PSH, ACK] Seq=905159 Ack=98 Win=65152 Len=224 TSval=4026821940 TSecr=2163746481 [TCP segment of a reassembled PDU]
[secs=1566941144 nanos=268933937] 1184 80.460450115  94.29.75.38 → 109.74.196.48 TCP 66 39134 → 8267 [ACK] Seq=98 Ack=905383 Win=458624 Len=0 TSval=2163746567 TSecr=4026821940
[secs=1566941144 nanos=270545470] 1185 80.619193271 109.74.196.48 → 94.29.75.38  TCP 1320 8267 → 39134 [PSH, ACK] Seq=905383 Ack=98 Win=65152 Len=1254 TSval=4026822101 TSecr=2163746567 [TCP segment of a reassembled PDU]
[secs=1566941144 nanos=272184935] 1186 80.621519621  94.29.75.38 → 109.74.196.48 TCP 66 39134 → 8267 [ACK] Seq=98 Ack=906637 Win=460672 Len=0 TSval=2163746728 TSecr=4026822101
[secs=1566941144 nanos=273850833] 1187 80.781884165 109.74.196.48 → 94.29.75.38  TCP 1320 8267 → 39134 [PSH, ACK] Seq=906637 Ack=98 Win=65152 Len=1254 TSval=4026822264 TSecr=2163746728 [TCP segment of a reassembled PDU]
[secs=1566941144 nanos=275539031] 1188 80.783661449  94.29.75.38 → 109.74.196.48 TCP 66 39134 → 8267 [ACK] Seq=98 Ack=907891 Win=460672 Len=0 TSval=2163746890 TSecr=4026822264
[secs=1566941144 nanos=797407156] 1189 80.941524321 109.74.196.48 → 94.29.75.38  TCP 1320 8267 → 39134 [PSH, ACK] Seq=907891 Ack=98 Win=65152 Len=1254 TSval=4026822423 TSecr=2163746890 [TCP segment of a reassembled PDU]
[secs=1566941144 nanos=799181634] 1190 80.944388012  94.29.75.38 → 109.74.196.48 TCP 66 39134 → 8267 [ACK] Seq=98 Ack=909145 Win=460672 Len=0 TSval=2163747051 TSecr=4026822423
[secs=1566941144 nanos=800896773] 1191 81.102273960 109.74.196.48 → 94.29.75.38  TCP 1319 8267 → 39134 [PSH, ACK] Seq=909145 Ack=98 Win=65152 Len=1253 TSval=4026822584 TSecr=2163747051 [TCP segment of a reassembled PDU]
[secs=1566941144 nanos=802506376] 1192 81.103584950  94.29.75.38 → 109.74.196.48 TCP 66 39134 → 8267 [ACK] Seq=98 Ack=910398 Win=460672 Len=0 TSval=2163747210 TSecr=4026822584
[secs=1566941144 nanos=804145448] 1193 81.263200260 109.74.196.48 → 94.29.75.38  TCP 1529 8267 → 39134 [PSH, ACK] Seq=910398 Ack=98 Win=65152 Len=1463 TSval=4026822745 TSecr=2163747210 [TCP segment of a reassembled PDU]
[secs=1566941144 nanos=805888665] 1194 81.263241849  94.29.75.38 → 109.74.196.48 TCP 54 39134 → 8267 [RST] Seq=98 Win=0 Len=0

long pause here

[secs=1566941205 nanos=863900325] 1195 142.362641292  94.29.75.38 → 109.74.196.48 TCP 66 [TCP Keep-Alive] 39134 → 8267 [ACK] Seq=97 Ack=910398 Win=460672 Len=0 TSval=2163808469 TSecr=4026822584
[secs=1566941205 nanos=865648229] 1196 142.412997393 109.74.196.48 → 94.29.75.38  TCP 60 8267 → 39134 [RST] Seq=910398 Win=0 Len=0

conntrack

conntrack -E 2>/dev/null | grep 8267 --line-buffered | while read line; do echo "$(date +'[secs=%s nanos=%N]') $line"; done
[secs=1566941063 nanos=181003573] [NEW] tcp      6 120 SYN_SENT src=192.168.1.96 dst=109.74.196.48 sport=39134 dport=8267 [UNREPLIED] src=109.74.196.48 dst=94.29.75.38 sport=8267 dport=39134
[secs=1566941063 nanos=231437164] [UPDATE] tcp      6 60 SYN_RECV src=192.168.1.96 dst=109.74.196.48 sport=39134 dport=8267 src=109.74.196.48 dst=94.29.75.38 sport=8267 dport=39134
[secs=1566941063 nanos=233310685] [UPDATE] tcp      6 432000 ESTABLISHED src=192.168.1.96 dst=109.74.196.48 sport=39134 dport=8267 src=109.74.196.48 dst=94.29.75.38 sport=8267 dport=39134 [ASSURED]
[secs=1566941144 nanos=408407707] [DESTROY] tcp      6 src=192.168.1.96 dst=109.74.196.48 sport=39134 dport=8267 src=109.74.196.48 dst=94.29.75.38 sport=8267 dport=39134 [ASSURED]
[secs=1566941144 nanos=444074059] [NEW] tcp      6 300 ESTABLISHED src=109.74.196.48 dst=94.29.75.38 sport=8267 dport=39134 [UNREPLIED] src=94.29.75.38 dst=109.74.196.48 sport=39134 dport=8267
[secs=1566941144 nanos=445895530] [DESTROY] tcp      6 src=109.74.196.48 dst=94.29.75.38 sport=8267 dport=39134 [UNREPLIED] src=94.29.75.38 dst=109.74.196.48 sport=39134 dport=8267

long pause here

[secs=1566941205 nanos=543763130] [NEW] tcp      6 300 ESTABLISHED src=192.168.1.96 dst=109.74.196.48 sport=39134 dport=8267 [UNREPLIED] src=109.74.196.48 dst=94.29.75.38 sport=8267 dport=39134
[secs=1566941205 nanos=593823277] [DESTROY] tcp      6 src=192.168.1.96 dst=109.74.196.48 sport=39134 dport=8267 [UNREPLIED] src=109.74.196.48 dst=94.29.75.38 sport=8267 dport=39134

Conntrack config

# for v in  /proc/sys/net/netfilter/nf_conntrack_*; do echo $v; cat $v; done
/proc/sys/net/netfilter/nf_conntrack_acct
0
/proc/sys/net/netfilter/nf_conntrack_buckets
65536
/proc/sys/net/netfilter/nf_conntrack_checksum
1
/proc/sys/net/netfilter/nf_conntrack_count
55
/proc/sys/net/netfilter/nf_conntrack_dccp_loose
1
/proc/sys/net/netfilter/nf_conntrack_dccp_timeout_closereq
64
/proc/sys/net/netfilter/nf_conntrack_dccp_timeout_closing
64
/proc/sys/net/netfilter/nf_conntrack_dccp_timeout_open
43200
/proc/sys/net/netfilter/nf_conntrack_dccp_timeout_partopen
480
/proc/sys/net/netfilter/nf_conntrack_dccp_timeout_request
240
/proc/sys/net/netfilter/nf_conntrack_dccp_timeout_respond
480
/proc/sys/net/netfilter/nf_conntrack_dccp_timeout_timewait
240
/proc/sys/net/netfilter/nf_conntrack_events
1
/proc/sys/net/netfilter/nf_conntrack_expect_max
1024
/proc/sys/net/netfilter/nf_conntrack_frag6_high_thresh
4194304
/proc/sys/net/netfilter/nf_conntrack_frag6_low_thresh
3145728
/proc/sys/net/netfilter/nf_conntrack_frag6_timeout
60
/proc/sys/net/netfilter/nf_conntrack_generic_timeout
600
/proc/sys/net/netfilter/nf_conntrack_gre_timeout
30
/proc/sys/net/netfilter/nf_conntrack_gre_timeout_stream
180
/proc/sys/net/netfilter/nf_conntrack_helper
0
/proc/sys/net/netfilter/nf_conntrack_icmp_timeout
30
/proc/sys/net/netfilter/nf_conntrack_icmpv6_timeout
30
/proc/sys/net/netfilter/nf_conntrack_log_invalid
0
/proc/sys/net/netfilter/nf_conntrack_max
262144
/proc/sys/net/netfilter/nf_conntrack_sctp_timeout_closed
10
/proc/sys/net/netfilter/nf_conntrack_sctp_timeout_cookie_echoed
3
/proc/sys/net/netfilter/nf_conntrack_sctp_timeout_cookie_wait
3
/proc/sys/net/netfilter/nf_conntrack_sctp_timeout_established
432000
/proc/sys/net/netfilter/nf_conntrack_sctp_timeout_heartbeat_acked
210
/proc/sys/net/netfilter/nf_conntrack_sctp_timeout_heartbeat_sent
30
/proc/sys/net/netfilter/nf_conntrack_sctp_timeout_shutdown_ack_sent
3
/proc/sys/net/netfilter/nf_conntrack_sctp_timeout_shutdown_recd
0
/proc/sys/net/netfilter/nf_conntrack_sctp_timeout_shutdown_sent
0
/proc/sys/net/netfilter/nf_conntrack_tcp_be_liberal
1
/proc/sys/net/netfilter/nf_conntrack_tcp_loose
1
/proc/sys/net/netfilter/nf_conntrack_tcp_max_retrans
3
/proc/sys/net/netfilter/nf_conntrack_tcp_timeout_close
10
/proc/sys/net/netfilter/nf_conntrack_tcp_timeout_close_wait
60
/proc/sys/net/netfilter/nf_conntrack_tcp_timeout_established
432000
/proc/sys/net/netfilter/nf_conntrack_tcp_timeout_fin_wait
120
/proc/sys/net/netfilter/nf_conntrack_tcp_timeout_last_ack
30
/proc/sys/net/netfilter/nf_conntrack_tcp_timeout_max_retrans
300
/proc/sys/net/netfilter/nf_conntrack_tcp_timeout_syn_recv
60
/proc/sys/net/netfilter/nf_conntrack_tcp_timeout_syn_sent
120
/proc/sys/net/netfilter/nf_conntrack_tcp_timeout_time_wait
120
/proc/sys/net/netfilter/nf_conntrack_tcp_timeout_unacknowledged
300
/proc/sys/net/netfilter/nf_conntrack_timestamp
0
/proc/sys/net/netfilter/nf_conntrack_udp_timeout
30
/proc/sys/net/netfilter/nf_conntrack_udp_timeout_stream
120
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment