netstat uses files in /proc/net (from netstat man page) : /proc/net/dev -- device information /proc/net/raw -- raw socket information /proc/net/tcp -- TCP socket information /proc/net/udp -- UDP socket information /proc/net/igmp -- IGMP multicast information /proc/net/unix -- Unix domain socket information /proc/net/ipx -- IPX socket information /proc/net/ax25 -- AX25 socket information /proc/net/appletalk -- DDP (appletalk) socket information /proc/net/nr -- NET/ROM socket information /proc/net/route -- IP routing information /proc/net/ax25_route -- AX25 routing information /proc/net/ipx_route -- IPX routing information /proc/net/nr_nodes -- NET/ROM nodelist /proc/net/nr_neigh -- NET/ROM neighbours /proc/net/ip_masquerade -- masqueraded connections /proc/net/snmp -- statistics It doesn't use or know anything about ip_conntrack Therefore any statefull activity cannot be shown in netstat. Maybe it needs re-writing ?? :) Cheers, Michael Leonardo Rodrigues ( listas ) wrote: > Hello Guys, > > I'd like your help to understand this entry from /proc/net/ip_conntrack: > >tcp 6 325849 ESTABLISHED src=192.168.10.1 dst=192.168.229.25 >sport=53699 dport=80 [UNREPLIED] \ > src=192.168.229.25 dst=192.168.10.1 sport=80 dport=53699 use=1 > > > Well ...... 192.168.10.1 is my iptables box and 192.168.229.25 is one of >my remote machines. My question is .... if this connection is marked as >ESTABLISHED, shouldnt it appear on 'netstat -an' entries ??? I think it >should, but it's not appearing there ..... > > Sincerily, > Leonardo Rodrigues > > > > > >
