conntrack -E problem

Linux Netfilter discussions
 help / color / mirror / Atom feed

* conntrack -E problem
@ 2009-04-20 15:01 Paddie O'Brien
  2009-04-20 15:20 ` Gáspár Lajos
  0 siblings, 1 reply; 4+ messages in thread
From: Paddie O'Brien @ 2009-04-20 15:01 UTC (permalink / raw)
  To: netfilter

Hi,

I asked iptables to log all inbound connection attempts:

iptables -I INPUT 1 -d myipaddress  -m state --state NEW -j LOG

I then asked conntrack to report the same events:

conntrack -E --event-mask NEW -d myipaddress

I assumed the above were equivalent but conntrack
does not report the same events as iptables, it seems
to miss unsuccessful connections.

I'd be grateful if anyone could tell me what's going on...
How can I get conntrack to report everything that iptables
does?

Thanks,
P

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: conntrack -E problem
  2009-04-20 15:01 conntrack -E problem Paddie O'Brien
@ 2009-04-20 15:20 ` Gáspár Lajos
  2009-04-20 16:15   ` Paddie O'Brien
  0 siblings, 1 reply; 4+ messages in thread
From: Gáspár Lajos @ 2009-04-20 15:20 UTC (permalink / raw)
  To: Paddie O'Brien; +Cc: netfilter

Paddie O'Brien írta:
> it seems to miss unsuccessful connections.
>   
Just a question:
Why would you track unsuccessful connections?
If a connection ATTEMPT is unsuccessful then there is no CONNECTION -> 
so there is nothing to track about....

Or am I wrong??? :D

Swifty


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: conntrack -E problem
  2009-04-20 15:20 ` Gáspár Lajos
@ 2009-04-20 16:15   ` Paddie O'Brien
  2009-04-21 10:56     ` Pablo Neira Ayuso
  0 siblings, 1 reply; 4+ messages in thread
From: Paddie O'Brien @ 2009-04-20 16:15 UTC (permalink / raw)
  To: Gáspár Lajos; +Cc: netfilter

> Just a question:
> Why would you track unsuccessful connections?
> If a connection ATTEMPT is unsuccessful then there is no CONNECTION -> so
> there is nothing to track about....

I want to know who on our wireless network at work
is attempting to connect to my machine.

My (shaky) understanding was that with conntrack I would
get a NEW event for any inbound first packet irrespective
of whether it led to the creation of an ESTABLISHED
connection or not.

> Or am I wrong??? :D

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: conntrack -E problem
  2009-04-20 16:15   ` Paddie O'Brien
@ 2009-04-21 10:56     ` Pablo Neira Ayuso
  0 siblings, 0 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2009-04-21 10:56 UTC (permalink / raw)
  To: Paddie O'Brien; +Cc: Gáspár Lajos, netfilter

Paddie O'Brien wrote:
>> Just a question:
>> Why would you track unsuccessful connections?
>> If a connection ATTEMPT is unsuccessful then there is no CONNECTION -> so
>> there is nothing to track about....
> 
> I want to know who on our wireless network at work
> is attempting to connect to my machine.
> 
> My (shaky) understanding was that with conntrack I would
> get a NEW event for any inbound first packet irrespective
> of whether it led to the creation of an ESTABLISHED
> connection or not.

No, at least the first packet must succesfully go through the whole
firewall code, otherwise it is not logged by the conntrack code.

-- 
"Los honestos son inadaptados sociales" -- Les Luthiers

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2009-04-21 10:56 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-04-20 15:01 conntrack -E problem Paddie O'Brien
2009-04-20 15:20 ` Gáspár Lajos
2009-04-20 16:15   ` Paddie O'Brien
2009-04-21 10:56     ` Pablo Neira Ayuso

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox