I do not understand some colums in the output to ''shorewall show connections'' /root> shorewall show connections Shorewall-2.0.2f Connections at firewall - Mon Jan 3 13:12:52 PST 2005 .. tcp 6 353296 ESTABLISHED src=112.129.244.121 dst=224.81.133.205 sport=3647 dport=443 src=224.81.133.205 dst=112.129.244.121 sport=443 dport=3647 [ASSURED] use=1 I would like to know what the 2nd and 3rd colums (''6'', ''353296''), and the last 2 colums (''[ASSURED]'' and ''use=1'') mean. Can somebody help me or point me to the docs? What could I do if I would like to know how long the connection above has been established? Thank you.
On Mon, 2005-01-03 at 16:52 -0500, M Lu wrote:> I do not understand some colums in the output to ''shorewall show > connections'' > > /root> shorewall show connections > Shorewall-2.0.2f Connections at firewall - Mon Jan 3 13:12:52 PST 2005 > > .. > > tcp 6 353296 ESTABLISHED src=112.129.244.121 dst=224.81.133.205 sport=3647 > dport=443 src=224.81.133.205 dst=112.129.244.121 sport=443 dport=3647 > [ASSURED] use=1 > > > I would like to know what the 2nd and 3rd colums (''6'', ''353296''), and the > last 2 colums > (''[ASSURED]'' and ''use=1'') mean. Can somebody help me or point me to the > docs?"shorewall show connections" is nothing more than "cat /proc/net/ip_conntrack". 6 is the protocol (TCP) and 353296 is the TTL. [ASSURED] means that the three-way handshake has completed (for TCP entries). I''m unsure of the ''use'' item but I believe that it is used to determine when the entry can be deleted.> > What could I do if I would like to know how long the connection above has > been established?There''s no way to do that AFAIK. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
On 04.01.2005 16:12, Tom Eastep wrote:>>What could I do if I would like to know how long the connection above has >>been established? >> >> > >There''s no way to do that AFAIK. > >-Tom > >Just an idea: There might be a way to log the first packet of each tcp connection with shorewall. The log file would give the time of the start of each connection (but also of the already disconnected ones). /ben
On Tue, 2005-01-04 at 16:18 +0100, Ben Greiner wrote:> On 04.01.2005 16:12, Tom Eastep wrote: > > >>What could I do if I would like to know how long the connection above has > >>been established? > >> > >> > > > >There''s no way to do that AFAIK. > > > >-Tom > > > > > Just an idea: There might be a way to log the first packet of each tcp > connection with shorewall.LOG:<level> all all tcp -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Seemingly Similar Threads
- show colums x till end
- how to convert list of matrix (raster:extract o/p) to data table with additional colums (polygon Id, class)
- How to best read in this data / Switching rows and colums
- Deleting rows satisfying a certain condition (sum of some colums>2)
- Removing -Inf values from all the colums in a dataframe