LinuxCommandLibrary

conntrack

Track network connections

TLDR

List all currently tracked connections

$ conntrack [[-L|--dump]]
copy

Display a real-time event log of connection changes
$ conntrack [[-E|--event]]
copy

Display a real-time event log of connection changes and associated timestamps
$ conntrack [[-E|--event]] [[-o|--output]] timestamp
copy

Display a real-time event log of connection changes for a specific IP address
$ conntrack [[-E|--event]] [[-s|--orig-src]] [ip_address]
copy

Delete all flows for a specific source IP address
$ conntrack [[-D|--delete]] [[-s|--orig-src]] [ip_address]
copy

SYNOPSIS

conntrack [options] [command]

PARAMETERS

-p protocol
    Specify the protocol (e.g., tcp, udp, icmp).

-f family
    Specify the address family (e.g., ipv4, ipv6).

-s src-ip
    Filter by source IP address.

-d dst-ip
    Filter by destination IP address.

--orig-src src-ip
    Filter by original source IP address.

--orig-dst dst-ip
    Filter by original destination IP address.

--src-port port
    Filter by source port.

--dst-port port
    Filter by destination port.

-j target
    Specify the target for the connection (e.g., ACCEPT, DROP).

-t timeout
    Specify timeout for the connection in seconds.

-L
    List existing connections. This is the most used option.

-D
    Delete existing connections.

-F
    Flush all connection tracking entries. Use with caution!

-I
    Show statistics.

-h
    Display help message.

DESCRIPTION

conntrack is a command-line interface to the Linux kernel's connection tracking (conntrack) subsystem. Connection tracking is crucial for stateful packet filtering, Network Address Translation (NAT), and other network functions. conntrack allows you to inspect the state of tracked network connections, list existing connections, create new entries, delete existing entries, and even flush the entire connection tracking table.

It's a powerful tool for network administrators and developers to understand and debug network behavior. You can use it to see what connections are active, how long they've been active, and what kind of traffic is flowing through them. This information is invaluable for troubleshooting network issues and optimizing network performance. The tool also allows to set several parameters, like timeouts.

CAVEATS

Flushing the connection tracking table (-F) can disrupt active network connections. Use this option with caution, especially in production environments. The conntrack table has a limited size, so excessive connections can lead to performance issues or dropped packets.

EXAMPLES

  • List all TCP connections: conntrack -L -p tcp
  • Delete a specific connection: conntrack -D -p tcp -s 192.168.1.100 -d 8.8.8.8
  • Flush all connections for a specific protocol: conntrack -F -p udp

    • KERNEL REQUIREMENTS

    The 'nf_conntrack' kernel module (or similar module, based on distribution) must be loaded for conntrack to function properly. Ensure your kernel configuration includes connection tracking support.

    SEE ALSO

    iptables(8), netstat(1), ss(8)

    Copied to clipboard