On Sat, 1 Dec 2001, Oded Arbel wrote: > I don't have that file, but I have /proc/net/ip_conntrack which under > correct analyzis will yield the list of NATed connections. > (kernel 2.4.13, iptables)
i must have looked at it the other time when no internal client was connected, since i only saw the linux router's ip in there and assumed it was only for local connections. anyway, thanks. here's a small script i wrote now to only show you tcp connections where the src or dst match a certain regexp [1] [1] yes, i know grep can do it too. dont you think i would've used it, if it suited my purpose? the owls are calling again, and the script is not what it seems. #!/usr/bin/perl -w # # $Id: listcons.pl,v 1.1 2001/12/01 12:01:37 mulix Exp $ # # print all tcp connections going through the box. if a parameter # is given, only print a connection where the src or dst is this regexp. # mulix <[EMAIL PROTECTED]> # # fields explanation at # http://lists.samba.org/pipermail/netfilter/2001-February/007830.html # use strict; my $proc_file_name = "/proc/net/ip_conntrack"; my @connections; my $filter = $ARGV[0]; open (PROC, $proc_file_name) or die "couldn't open $proc_file_name - $!"; while (<PROC>) { if (/^tcp/) { #only handle tcp connections for now if (/^\s*(\S*)\s*(\d*) (\d*) (\S*) src=([\d\.]*) dst=([\d\.]*) sport=(\d*) dport=(\d*) src=([\d\.]*) dst=([\d\.]*) sport=(\d*) dport=(\d*)/) { my $con_stat = { PROTO => $1, PROTO_NUM => $2, TTL => $3, TCP_STATUS => $4, SRC1 => $5, DST1 => $6, SPORT1 => $7, DPORT1 => $8, SRC2 => $9, DST2 => $10, SPORT2 => $11, DPORT2 => $12, }; push @connections, $con_stat; } else { print "parsed unknown line: $_\n"; } } } print_connections(); sub print_connections() { my $c; foreach $c (@connections){ if (defined $filter) { next unless (($c->{SRC1} =~ /$filter/) or ($c->{DST1} =~ /$filter/)); } print "$c->{PROTO}: $c->{SRC1}:$c->{SPORT1} <=> ", "$c->{DST1}:$c->{DPORT1}\n"; } } -- mulix http://www.pointer.co.il/~mulix/ http://syscalltrack.sf.net/ ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
