Skip to content
/ lsconntrack Public

The Linux netfilter conntrack-based connection flows pretty printer.

License

MIT license
41 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

yuuki/lsconntrack

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

104 Commits
_tools
_tools
 
 
conntrack
conntrack
 
 
netutil
netutil
 
 
vendor
vendor
 
 
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
CHANGELOG.md
CHANGELOG.md
 
 
Gopkg.lock
Gopkg.lock
 
 
Gopkg.toml
Gopkg.toml
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
cli.go
cli.go
 
 
cli_test.go
cli_test.go
 
 
main.go
main.go
 
 
version.go
version.go
 
 

Repository files navigation

lsconntrack

Build Status Go Report Card

lsconntrack prints host flows (aggregated connection flows to the same source or destination ports) tracked by Linux netfilter conntrack and enables you to simply grasp the network relationship between localhost and other hosts.

friend: yuuki/lstf

Features

  • Distinction of active opens and passive opens
  • Print also packets and bytes of each flows (the absolute values are meaningless)
  • Go portability
  • Filter by ports (--active-ports and --passive-ports)
  • stdin support (combination with conntrack-tools)
  • JSON support
  • TCP support only
  • TODO: streaming support

Environment

  • Linux only
    • Tested on CentOS5, Debian7, Debian8

Setup

How to use

$ lsconntrack -n
Local Address:Port   <-->   Peer Address:Port     Inpkts  Inbytes   Outpkts Outbytes
localhost:many       -->    10.0.1.10:3306        5521792 123258667 5423865 282041045
localhost:many       -->    10.0.1.11:3306        58800   3062451   58813   3061627
localhost:many       -->    10.0.1.20:8080        123     169638    62      3580
localhost:80         <--    10.0.2.10:80          23      6416      25      25460
localhost:80         <--    10.0.2.11:80          38      8574      34      32752
# Prints active open connections from localhost to destination hosts.
$ lsconntrack --active
Local Address:Port   <-->   Peer Address:Port     Inpkts  Inbytes   Outpkts Outbytes
localhost:many       -->    10.0.1.10:3306        5521792 123258667 5423865 282041045
localhost:many       -->    10.0.1.11:3306        58800   3062451   58813   3061627
localhost:many       -->    10.0.1.20:8080        123     169638    62      3580
...
# Prints passive open connections from destination hosts to localhost.
$ lsconntrack --passive
Local Address:Port   <-->   Peer Address:Port   Inpkts  Inbytes   Outpkts Outbytes
localhost:80         <--    10.0.2.10:many      23      6416      25      25460
localhost:80         <--    10.0.2.11:many      38      8574      34      32752
...

filter by port

$ lsconntrack --active --aport 3306 --aport 11211

via stdin

$ cat /proc/net/nf_conntrack | lsconntrack --stdin

JSON format

$ lsconntrack --json | jq -r -M '.'
[
  {
    "direction": "active",
    "local": {
      "Addr": "localhost",
      "Port": "many"
    },
    "peer": {
      "addr": "10.0.100.1",
      "port": "3306"
    },
    "stat": {
      "total_inbound_packets": 1491,
      "total_inbound_bytes": 1480239,
      "total_outbound_packets": 1537,
      "total_outbound_bytes": 520613
    }
  },
  {
    "direction": "passive",
    "local": {
      "addr": "localhost",
      "port": "80"
    },
    "peer": {
      "addr": "10.0.200.1",
      "port": "many"
    },
    "stat": {
      "total_inbound_packets": 1491,
      "total_inbound_bytes": 1480239,
      "total_outbound_packets": 1537,
      "total_outbound_bytes": 520613
    }
  },
  ...
]

License

MIT

Author

yuuki

About

The Linux netfilter conntrack-based connection flows pretty printer.

Topics

go linux tcp netfilter conntrack

Resources

Readme

License

MIT license
Activity

Stars

41 stars

Watchers

5 watching

Forks

3 forks
Report repository

Releases 5

v0.3.0 Latest
Mar 4, 2018
+ 4 releases

Packages

No packages published

Languages