Ping a Specific Port

Question

dorian

Asked: 2016-07-04 23:52:24 +0800 CST2016-07-04 23:52:24 +0800 CST 2016-07-04 23:52:24 +0800 CST

Why do the numbers shown in ip_conntrack_count and conntrack -L differ

772

I noticed the following today on our router:

user@router:~$ cat /proc/sys/net/ipv4/netfilter/ip_conntrack_count 
28141

However:

user@router:~$ sudo conntrack -L > /dev/null 
conntrack v1.2.1 (conntrack-tools): 4652 flow entries have been shown.

user@router:~$ sudo conntrack -L expect > /dev/null 
conntrack v1.2.1 (conntrack-tools): 1 expectations have been shown.

My understanding is that ip_conntrack_count shows the number of entries of the conntrack table. What am I missing?

1 Answers

Voted

dorian · Answer 1 · 2016-07-05T01:33:29+08:00

Best Answer

dorian

2016-07-05T01:33:29+08:002016-07-05T01:33:29+08:00

The answer is that conntrack only lists IPv4 connections by default. If I do

user@router:~$ sudo conntrack -L -f ipv6 > /dev/null 
conntrack v1.2.1 (conntrack-tools): 23864 flow entries have been shown.

user@router:~$ sudo conntrack -L  > /dev/null 
conntrack v1.2.1 (conntrack-tools): 6713 flow entries have been shown.

then the sum of the two results add up to the number in /proc/sys/net/ipv4/netfilter/ip_conntrack_count.

The pathname of this proc entry is actually pretty misleading as the count is for both IPv4 and IPv6.

0

Why do the numbers shown in ip_conntrack_count and conntrack -L differ

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?