[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter-devel
Subject:    Re: perl script to neatly watch connections
From:       "Brian J. Murrell" <48af79d0ecc8ae6a3548a1571aedd543 () interlinx ! bc ! ca>
Date:       2001-05-27 18:25:36
[Download RAW message or body]

On Sun, May 27, 2001 at 09:40:40AM -0700, Brian J. Murrell wrote:
> Find attached a small perl script (read: hack) to read the conntrack
> table from /proc and print out a nicely formatted list of connections,
> updated once per second.

OK, so the last one was a bit premature.  Not enough variety in
testing.  This one should be more complete in the entries is supports.
Probably not completely complete :-) but it works with the variety of
connections I see here (tcp, udp, icmp, ipsec).

b.

-- 
Brian J. Murrell


#!/usr/bin/perl


while (1) {
	system("clear");
	open(CONNS, "/proc/net/ip_conntrack") || die "open conntrack table: $!";
	while (<CONNS>) {
		undef $status;
		undef $tcpstatus;
		undef @unknown;
		undef $sport1;
		undef $sport2;
		undef $dport1;
		undef $dport2;
	
		($protoname, $protonum, $secs, @rest) = split;
# print if ($protonum == 1);
		if ($rest[0] eq "ESTABLISHED" ||
		    $rest[0] eq "SYN_SENT" ||
		    $rest[0] eq "CLOSE" ||
		    $rest[0] =~ /.+_WAIT/) {
		    $tcpstatus=shift(@rest);
		}
	
		$src1=shift(@rest); $src1=~s/src=//;
		$dst1=shift(@rest); $dst1=~s/dst=//;
		if ($protonum == 6 or $protonum == 17) {
			$sport1=shift(@rest); $sport1=~s/sport=//;
			$dport1=shift(@rest); $dport1=~s/dport=//;
		} elsif ($protonum == 1) {
			$sport1=shift(@rest); $sport1=~s/type=//;
			$dport1=shift(@rest); $dport1=~s/code=//;
			shift(@rest);
		}
	
		$status=shift(@rest)
			if ($rest[0] =~ /\[.+\]/);
			
		$src2=shift(@rest); $src2=~s/src=//;
		$dst2=shift(@rest); $dst2=~s/dst=//;
		if ($protonum == 6 or $protonum == 17) {
			$sport2=shift(@rest); $sport2=~s/sport=//;
			$dport2=shift(@rest); $dport2=~s/dport=//;
		} elsif ($protonum == 1) {
			$sport2=shift(@rest); $sport2=~s/type=//;
			$dport2=shift(@rest); $dport2=~s/code=//;
			shift(@rest);
		}
	
		$status=shift(@rest)
			if ($rest[0] =~ /\[.+\]/);
	
		while ($#rest > -1) {
			if ($rest[0] =~ /^use=(\d+)$/) {
				shift(@rest);
				next;
			}
			push(@unknown, shift(@rest));
		}
	
		printf ("%4.4s %6d %11s %15s:%-5s %15s:%-5s %15s:%-5s %15s:%-5s %11s\n",
			$protoname, $secs, $tcpstatus, $src1, $sport1, $dst1,
			$dport1, $src2, $sport2, $dst2, $dport2, $status);
		#print @unknown, "\n"
		#	if ($#unknown > -1);
	}
	close(CONNS);
	sleep(1);
}


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic