Re: differences between iptstate and netstat
netstat will only show you connections terminating on the localhost.
the ip_conntrack table will show you connection data for all tcp sessions
travelling through, or to your host.
On Wed, 18 Sep 2002, Dale Amon wrote:
> On Wed, Sep 18, 2002 at 02:31:36PM -0300, Peter Cordes wrote:
> > Are you running a firewall with iptables connection tracking?
>
> Well, yes. I didn't know iptstate would work otherwise.
>
> > Are the
> > extra connections (that don't show up in netstat) from internal addresses to
> > external addresses? (i.e. neither end of the connection is your firewall's
> > IP addr?)
>
> No. They are all external connections to port 80. Nothing about them looks
> particularly invalid, but I can't correlate them. Not entirely anyway.
>
> > If so, then that's normal. netstat only shows connections from the local
> > machine. iptstate reports the state of the netfilter connection tracking
> > stuff.
>
> Yes, one of the things I am wondering is if it remembers connections for a
> longer time for some reason. Still doesn't figure because I have them
> sitting in ESTABLISHED when there is no corresponding one on the netstat.
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
[-] Steve Mickeler [ steve@neptune.ca ]
[|] Todays root password is brought to you by /dev/random
[+] 1024D/9AA80CDF = 4103 9E35 2713 D432 924F 3C2E A7B9 A0FE 9AA8 0CDF
Reply to: