Conntrack Viewer is created by Patrick Lagace

www.patricklagace.com    |    Intellos Network    

>> News

24th November 2002, New web site

Conntrack Viewer's webiste has been improved!


25th September 2002, 1.3 Release!

Conntrack Viewer 1.3 has been released

>> Description

Conntrack Viewer is a perl script to view the masquerading connections with kernel 2.4.x, it uses /proc/net/ip_conntrack

With kernel 2.2.x, it was extremely easy to view the masquerading connections, 'netstat -M' or 'netstat --masquerade' gave you the result right away.

But since generation 2.4, if you try this you will get: "netstat: no support for `ip_masquerade' on this system.". With kernel 2.4.x, the informations regarding the masquerading connections are accesible via /proc/net/ip_conntrack wich is extremely hard to read.

And here is where Conntrack Viewer become so usefull.

Conntrack viewer is free and protected by the GPL license.

>> Download

conntrack-viewer 1.3
conntrack-viewer-1.3.tar.gz | conntrack-viewer-1.3.pl

conntrack-viewer 1.2
conntrack-viewer-1.2.tar.gz | conntrack-viewer-1.2.pl

conntrack-viewer 1.1
conntrack-viewer-1.1.tar.gz | conntrack-viewer-1.1.pl

conntrack-viewer 1.0
conntrack-viewer-1.0.tar.gz | conntrack-viewer-1.0.pl


>> Contact

For questions, suggestion or support, please contact the author,
Patrick Lagacé
("cv" at "patricklagace" dot "com")
http://www.patricklagace.com/

>> Changelog

1.3

  • changed the service detection to use distant AND source port

    • 1.2

  • added the masqueraded connections display only

  • added the direct connections display only

  • added the header feature

  • changed the columns spacing

  • improved the code efficacity and legibility with comments

    • 1.1

  • added the -n switch to view in numeric format

  • removed the $status in the result cause it's directly related to the connection state

    • 1.0

  • initial release

    • >> Usage

    usage: ./conntrack-viewer [-n][-m][-d][-nh][-h]

    -n

    Numeric form only, no dns resolution (this is faster)

    -m

    Shows Masqueraded connections only, no direct connections

    -d

    Shows Direct connections only, no masqueraded connections

    -nh

    NoHeader, shows only the results without any header

    -h

    Print this help

    >> Example of cat ip_conntrack

    cat /proc/net/ip_conntrack
    tcp 6 432000 ESTABLISHED src=192.168.0.3 dst=207.6.235.85 sport=1708 dport=1214 src=207.6.235.85 dst=64.39.176.22 sport=1214 dport=1708 [ASSURED] use=1
    tcp 6 28 SYN_SENT src=192.168.0.3 dst=192.168.1.103 sport=1717 dport=1214 [UNREPLIED] src=192.168.1.103 dst=64.39.176.22 sport=1214 dport=1717 use=1
    tcp 6 51 SYN_SENT src=192.168.0.3 dst=192.168.1.100 sport=1721 dport=1214 [UNREPLIED] src=192.168.1.100 dst=64.39.176.22 sport=1214 dport=1721 use=1
    tcp 6 431976 ESTABLISHED src=192.168.0.3 dst=68.10.104.11 sport=1373 dport=1214 src=68.10.104.11 dst=64.39.176.22 sport=1214 dport=1373 [ASSURED] use=1
    tcp 6 431976 ESTABLISHED src=192.168.0.3 dst=64.12.25.116 sport=1030 dport=5190 src=64.12.25.116 dst=64.39.176.22 sport=5190 dport=1030 [ASSURED] use=1
    tcp 6 10 TIME_WAIT src=192.168.0.3 dst=24.66.255.215 sport=1718 dport=1214 src=24.66.255.215 dst=64.39.176.22 sport=1214 dport=1718 [ASSURED] use=1
    tcp 6 74 TIME_WAIT src=192.168.0.3 dst=216.191.240.2 sport=1730 dport=110 src=216.191.240.2 dst=64.39.176.22 sport=110 dport=1730 [ASSURED] use=1
    tcp 6 74 TIME_WAIT src=192.168.0.3 dst=216.191.240.2 sport=1731 dport=110 src=216.191.240.2 dst=64.39.176.22 sport=110 dport=1731 [ASSURED] use=1
    tcp 6 44 SYN_SENT src=192.168.0.3 dst=192.168.2.31 sport=1720 dport=1214 [UNREPLIED] src=192.168.2.31 dst=64.39.176.22 sport=1214 dport=1720 use=1
    tcp 6 421689 ESTABLISHED src=213.233.73.121 dst=64.39.176.22 sport=32871 dport=80 src=64.39.176.22 dst=213.233.73.121 sport=80 dport=32871 [ASSURED]
    use=1

    >> Example of conntrack-viewer

    result of conntrack-viewer This is why Conntrack Viewer is so helpfull, it make those criptic results a lot more legible, like this: 

    
      ./conntrack-viewer
      Active Connections according to /proc/net/ip_conntrack
      Proto   Source Address           Remote Address           Service     State          Name Resolution
      tcp     192.168.0.3:1708         207.6.235.85:1214        kazaa       ESTABLISHED    simba > f.bc.hsia.telus.net
      tcp     192.168.0.3:1717         192.168.1.103:1214       kazaa       SYN_SENT       simba > UNRESOLVED!
      tcp     192.168.0.3:1721         192.168.1.100:1214       kazaa       SYN_SENT       simba > UNRESOLVED!
      tcp     192.168.0.3:1373         68.10.104.11:1214        kazaa       ESTABLISHED    simba > a4-11.hr.hr.cox.net
      tcp     192.168.0.3:1030         64.12.25.116:5190        icq         ESTABLISHED    simba > UNRESOLVED!
      tcp     192.168.0.3:1718         24.66.255.215:1214       kazaa       TIME_WAIT      simba > a5.ss.shawcable.net
      tcp     192.168.0.3:1730         216.191.240.2:110        pop3        TIME_WAIT      simba > comnet.ca
      tcp     192.168.0.3:1731         216.191.240.2:110        pop3        TIME_WAIT      simba > comnet.ca
      tcp     192.168.0.3:1720         192.168.2.31:1214        kazaa       SYN_SENT       simba > UNRESOLVED!
      tcp     213.233.73.121:32871     64.39.176.22:80          http        ESTABLISHED    d1.xnet.ro > 22.comnet.ca

    >> Example of conntrack-viewer -n

    result of conntrack-viewer -n For better performance, you can add the switch -n for numeric only, this will prevent conntrack viewer to do any name resolution: 

    
      ./conntrack-viewer -n
      Active Connections according to /proc/net/ip_conntrack
      Proto   Source Address           Remote Address           Service     State          
      tcp     192.168.0.3:1708         207.6.235.85:1214        kazaa       ESTABLISHED    
      tcp     192.168.0.3:1717         192.168.1.103:1214       kazaa       SYN_SENT       
      tcp     192.168.0.3:1721         192.168.1.100:1214       kazaa       SYN_SENT       
      tcp     192.168.0.3:1373         68.10.104.11:1214        kazaa       ESTABLISHED    
      tcp     192.168.0.3:1030         64.12.25.116:5190        icq         ESTABLISHED    
      tcp     192.168.0.3:1718         24.66.255.215:1214       kazaa       TIME_WAIT      
      tcp     192.168.0.3:1730         216.191.240.2:110        pop3        TIME_WAIT      
      tcp     192.168.0.3:1731         216.191.240.2:110        pop3        TIME_WAIT      
      tcp     192.168.0.3:1720         192.168.2.31:1214        kazaa       SYN_SENT       
      tcp     213.233.73.121:32871     64.39.176.22:80          http        ESTABLISHED

    As you can see, it still keeps the important information (eliminating the useless one) but displays it in a more friendly way. It detects the service by using /etc/service and can do a name resolution for every address.




    Conntrack Viewer is part of the Intellos Network
    Conntrack Viewer Website is created by Patrick Lagacé
    November 2002