Softpedia >Linux >System >Monitoring >  conntrack-tools
conntrack-tools icon

conntrack-tools For Linux

  n/a
GPL    

A set of free software userspace tools for Linux that allow system administrators to interact with the Connection Tracking System.. #Connection tracking  #Connection monitoring  #Network  #Connection  #Tracking  #Monitoring  

Description

changelog

Free Download

conntrack-tools screenshot

conntrack-tools offers a set of free software userspace tools for Linux that allow system administrators to interact with the Connection Tracking System, which is the module that provides stateful packet inspection for iptables. The conntrack-tools are the userspace daemon conntrackd and the command line interface conntrack.

The userspace daemon conntrackd can be used to enable high availability cluster-based stateful firewalls and collect statistics of the stateful firewall use. The command line interface conntrack provides a more flexible interface to the connnection tracking system than /proc/net/ip_conntrack.

Lots of cool things. conntrackd covers the specific aspects of stateful Linux firewalls to enable high availability solutions and it can be used as statistics collector of the firewall use as well. The command line interface conntrack provides an interface to add, delete and update flow entries, list current active flows in plain text/XML, current IPv4 NAT'ed flows, reset counters atomically, flush the connection tracking table and monitor connection tracking events among many other.

Yes. conntrackd synchronizes the states among several replica firewalls, so you can deploy failover setups with stateful Linux firewalls. See the support section for more information. However, conntrackd can be also used to collect statistics of the stateful firewall use.

There are several good reasons to do so. The /proc interface offers a quite limited interface to the Connection Tracking System since it only allows you to dump current active network flows. Instead, conntrack allows you to update network flows without adding a new iptables rule, e.g. update the conntrack mark, or dump the connection tracking table in XML format. Moreover, using the /proc interface to dump the connection tracking table under very busy firewalls, i.e. those with tons of connection states, harms performance. Specifically, this becomes a problem if you poll from the /proc interface to get firewall statistics. Also, conntrack offers connection events monitoring which a feature that the /proc interface does not provide.

Yes. You can use conntrack to kill an established TCP connection without adding an iptables rule. Of course, you require a sane stateful ruleset which would block a packet that does not match any existing entry in the Connection Tracking Table. Basically, the idea consists of removing the entry that talks about the victim TCP connection. Thus, the client experiences a connection hang. Moreover, since conntrack is not dependent of the layer 4 protocol, you can use to kill whatever layer 4 network flow (UDP, SCTP, ...).

What's new in conntrack-tools 1.4.1:

  • This version adds support to dump the "dying" and "unconfirmed" list via ctnetlink.
  • A deadlock due to wrong nested signal blocking was resolved.
Read the full changelog

conntrack-tools 1.4.1

 add to watchlist add to download basket send us an update REPORT
  runs on:
Linux
  1 screenshot:
conntrack-tools - screenshot #1
  main category:
System
  developer:
  visit homepage

Zoom Client 6.0.3.37634

The official desktop client for Zoom, the popular video conferencing and collaboration tool used by millions of people worldwide
Zoom Client

Bitdefender Antivirus Free 27.0.35.146

Feather-light and free antivirus solution from renowned developer that keeps the PC protected at all times from malware without requiring user configuration
Bitdefender Antivirus Free

Context Menu Manager 3.3.3.1

Customize Windows’ original right-click context menu using this free, portable and open-source utility meant to enhance your workflow
Context Menu Manager

Windows Sandbox Launcher 1.0.0

Set up the Windows Sandbox parameters to your specific requirements, with this dedicated launcher that features advanced parametrization
Windows Sandbox Launcher

Microsoft Teams 24060.3102.2733.5911 Home / 1.7.00.7956 Work

Effortlessly chat, collaborate on projects, and transfer files within a business-like environment by employing this Microsoft-vetted application
Microsoft Teams

ShareX 16.0.1

Capture your screen, create GIFs, and record videos through this versatile solution that includes various other amenities: an OCR scanner, image uploader, URL shortener, and much more
ShareX

7-Zip 23.01 / 24.04 Beta

An intuitive application with a very good compression ratio that can help you not only create and extract archives, but also test them for errors
7-Zip

IrfanView 4.67

With support for a long list of plugins, this minimalistic utility helps you view images, as well as edit and convert them using a built-in batch mode
IrfanView

4k Video Downloader 1.5.3.0080 Plus / 4.30.0.5655

Export your favorite YouTube videos and playlists with this intuitive, lightweight program, built to facilitate downloading clips from the popular website
4k Video Downloader

calibre 7.9.0

Effortlessly keep your e-book library thoroughly organized with the help of the numerous features offered by this efficient and capable manager
calibre

% discount
IrfanView
  • IrfanView
  • 4k Video Downloader
  • calibre
  • Zoom Client
  • Bitdefender Antivirus Free
  • Context Menu Manager
  • Windows Sandbox Launcher
  • Microsoft Teams
  • ShareX
  • 7-Zip
TRY
essentials
User Comments
This enables Disqus, Inc. to process some of your data. Disqus privacy policy