Yes, I'm using svn checked out versions of your libnfnetlink and
libnetfilter_conntrack, so let me know when you check in your changes and
I'll update. Thanks ! --alan
On Thursday 09 November 2006 09:10, Pablo Neira Ayuso wrote:
> Alan Ezust wrote:
> > Thanks for the reply. Ok, I can see how I can generate some IDs, but I
> > first want to make sure i have all of the information I need.
> >
> > When I run conntrack, I only see one protocol number. I think it is a
> > layer4 protocol (tcp vs udp). If I'm not seeing an l3proto in my output,
> > why might that be?
> >
> > udp 17 12 src=10.10.201.2 dst=204.174.64.1 sport=54475 dport=53
> > src=204.174.64.1 dst=209.53.156.2 sport=53 dport=54475 use=1 mark=0
> > tcp 6 420332 ESTABLISHED src=10.10.100.3 dst=10.10.1.22 sport=1356
> > dport=5432 src=10.10.1.22 dst=10.10.100.3 sport=5432 dport=1356 [ASSURED]
> > use=1 mark=0
>
> Are you using nf_conntrack? If so, l3protonum is not shown yet but it
> would not be hard to cook a patch to show it. I'll introduce this change
> in the new libnetfilter_conntrack API.
--
Alan Ezust www.presinet.com
Presinet, inc alan.ezust@xxxxxxxxxxxx
Victoria, BC,Canada
Attachment:
pgpB5E5zahsAK.pgp
Description: PGP signature
