See amount of connections per IP?

Hi,
Is there a way to see the amount of connections per IP?
For example:
192.168.1.3 -- 33 TCP connection, 2 UDP connections
192.168.1.4 -- 170 TCP connections, 50 UDP connections

I can see the IPs and to where they connected to in this page:
http://192.168.1.1/cgi-bin/luci/admin/status/realtime/connections
But I would like to see a summary as I described.

Thanks.

See https://manpages.ubuntu.com/manpages/trusty/man8/conntrack.8.html and https://conntrack-tools.netfilter.org/manual.html

conntrack bin/command doesn't exist, and "cat /proc/net/nf_conntrack" doesn't output the required data

What data do you require?

What other data are you seeking?

cat /proc/net/nf_conntrack | awk -F ' *|=' '{print $8}' | sort | uniq -c | sort -rn from https://unixetc.co.uk/2019/07/02/how-to-protect-a-lamp-server-against-nf_conntrack-flood-attacks/ could be helpful.

conntrack is an utility you need to install from the repo.

Not perfect (count "dst" as IP, see output below), but give partial image of the required.

I wish that the connections GUI page will have an option to show the connections per IP.


202 192.168.1.87
125 192.168.1.77
 85 dst
 34 192.168.1.67

What other data are you seeking?

A short summary/table of the IPs and number of connections per IP, as seen in the example that I have shared

then add another pipe, and grep it out.

I would like to display the connections. the "dst" line seems to be the total udp connections (I understood this by comparing with the GUI status/realtime/connections page), but not per IP.

I understand that there is nothing like what I was looking for, so I have created a code to paste in the shell that gives the required info, feel free to use it for your needs (update the IP in the first line, to your network IP

"src=192\.168\.1\."

I hope that in the future this info will be visible in the GUI connections page.

This is the output:

32 192.168.1.77 tcp
118 192.168.1.87 tcp
8 192.168.1.77 udp
32 192.168.1.87 udp

Summary:
all connections: 190
tcp connections: 150
udp connections: 40

This is the code:

grep -E "src=192\.168\.1\." /proc/net/nf_conntrack | awk '
{
    split($0, arr, " ");
    for (i in arr) {
        if (arr[i] ~ /^src=/) {
            split(arr[i], src, "=");
            ip = src[2];
        } else if (arr[i] ~ /^(tcp|udp)$/) {
            protocol = arr[i];
        } else if (arr[i] ~ /^status=/) {
            split(arr[i], status, "=");
            state = status[2];
        }
    }
    connection[ip, protocol, state]++;
    total[protocol]++;
    total["all"]++;
}
END {
    for (key in connection) {
        split(key, arr, SUBSEP);
        print connection[key], arr[1], arr[2], arr[3];
    }
    print "\nSummary:";
    for (key in total) {
        print key " connections: " total[key];
    }
}'
1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.