Am Sam, 2003-08-30 um 14.37 schrieb Jonas Lindborg: > Hello, > > When comparing the output of /proc/net/ip_conntrack with the "netstat" > command, I'm seeing a few established connections in ip_conntrack that are > not presented by netstat. > > These are familiar connections (ssh, imap) to known hosts that could very > well have been done by me but not in the last 24 hrs so they should have > timed out a long time ago. It takes five days for an established TCP connection to time out in the conntrack table. Cheers, Ralf -- Ralf Spenneberg RHCE, RHCX Book: Intrusion Detection für Linux Server http://www.spenneberg.com IPsec-Howto http://www.ipsec-howto.org Honeynet Project Mirror: http://honeynet.spenneberg.org
