De aceeasi problema m-am izbit si eu. Din cite am vazut, nu exista un
astfel de program. Informatia pe care o vrei tu se gaseste in
/proc/net/ip_conntrack.
Eu am facut un program in C care interpreteaza mai sus amintitul fisier.
Problema e ca iti trebuie un xterm pentru a vedea informatia asta intr-un
mod cit de cit lizibil (vreo 120 de coloane :)).
Iata programu':
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <netdb.h>
#include <sys/socket.h>
#include <netinet/in.h>
struct tagEntry
{
char proto_name[10];
int proto_num;
int timeout;
char status[20];
char src1[20];
char dst1[20];
int sport1;
int dport1;
char state1[20];
char src2[20];
char dst2[20];
int sport2;
int dport2;
char state2[20];
int use;
} entry;
int useresolv = 1;
void print_header(void)
{
printf("%9s %10s %12s %40s %40s %s\n", "Proto", "Timeout", "Status", "Source",
"Destination", "State");
}
void print_entry(void)
{
char src[60], dst[60], *state;
if(strcmp(entry.src1, entry.dst2) == 0 && entry.sport1 == entry.dport2)
sprintf(src, "%s:%d", entry.src1, entry.sport1);
else
sprintf(src, "%s:%d(%s:%d)", entry.src1, entry.sport1, entry.dst2,
entry.dport2);
if(strcmp(entry.dst1, entry.src2) == 0 && entry.dport1 == entry.sport2)
sprintf(dst, "%s:%d", entry.dst1, entry.dport1);
else
sprintf(dst, "%s:%d(%s:%d)", entry.dst1, entry.dport1, entry.src2,
entry.sport2);
if(entry.state1 == '\0')
state = entry.state1;
else
state = entry.state2;
printf("%5s(%2d) %10d %12s %40s %40s %s\n", entry.proto_name, entry.proto_num,
entry.timeout, entry.status,
src, dst, state);
}
void try_resolv(char* pAddr)
{
struct hostent* pHost;
struct in_addr addr;
unsigned char *p;
int a[4], i;
p = (unsigned char*) & addr.s_addr;
if(sscanf(pAddr, "%d.%d.%d.%d", &a[0], &a[1], &a[2], &a[3]) != 4)
return;
for(i=0; i<=3; i++)
{
if(a[i] != (unsigned char)a[i])
return;
p[i] = (unsigned char)a[i];
}
pHost = gethostbyaddr(&addr, sizeof(addr), AF_INET);
if(pHost)
{
strncpy(pAddr, pHost->h_name, 19);
}
}
int main(int argc, char *argv[])
{
FILE* pFile = NULL;
char pszLine[256];
int nPos;
char *psztok;
if(argc > 2 ||
( argc == 2 && (strcmp(argv[1], "-h") == 0 || strcmp(argv[1], "-n") !=
0)))
{
printf("%s usage:\n\t%s [-h | -n]\n", argv[0], argv[0]);
return 0;
}
if(argc == 2 && strcmp(argv[1], "-n") == 0)
{
useresolv = 0;
}
pFile = fopen("/proc/net/ip_conntrack", "r");
if(pFile==NULL)
{
perror("cannot open /proc/net/ip_conntrack");
return 1;
}
print_header();
if(useresolv)
sethostent(1);
while(fgets(pszLine, 256, pFile))
{
psztok = strtok(pszLine, " \t\n");
nPos = 0;
while(psztok != NULL)
{
switch(nPos)
{
case 0:
strcpy(entry.proto_name,psztok);
break;
case 1:
if(sscanf(psztok, "%d", &entry.proto_num) !=
1) nPos = -2;
break;
case 2:
if(sscanf(psztok, "%d", &entry.timeout) != 1)
nPos = -2;
break;
case 3:
if(strncmp(psztok, "src=", 4))
{
strcpy(entry.status,psztok);
break;
}
entry.status[0] = '\0';
nPos++;
case 4:
if(sscanf(psztok, "src=%s", entry.src1) != 1)
nPos = -2;
break;
case 5:
if(sscanf(psztok, "dst=%s", entry.dst1) != 1)
nPos = -2;
break;
case 6:
if(sscanf(psztok, "sport=%d", &entry.sport1)
!= 1) nPos = -2;
break;
case 7:
if(sscanf(psztok, "dport=%d", &entry.dport1)
!= 1) nPos = -2;
break;
case 8:
if(psztok[0]=='[')
{
strcpy(entry.state1,psztok);
break;
}
entry.state1[0] = '\0';
nPos++;
case 9:
if(sscanf(psztok, "src=%s", entry.src2) != 1)
nPos = -2;
break;
case 10:
if(sscanf(psztok, "dst=%s", entry.dst2) != 1)
nPos = -2;
break;
case 11:
if(sscanf(psztok, "sport=%d", &entry.sport2)
!= 1) nPos = -2;
break;
case 12:
if(sscanf(psztok, "dport=%d", &entry.dport2)
!= 1) nPos = -2;
break;
case 13:
if(psztok[0]=='[')
{
strcpy(entry.state2,psztok);
break;
}
entry.state2[0] = '\0';
nPos++;
case 14:
if(sscanf(psztok, "use=%d", &entry.use) != 1)
nPos = -2;
default:
}
if(nPos < 0)
{
perror("unknown format");
/*print_entry();*/
return -nPos;
}
nPos++;
psztok = strtok(NULL, " \t\n");
}
if(useresolv)
{
try_resolv(entry.src1);
try_resolv(entry.dst1);
try_resolv(entry.src2);
try_resolv(entry.dst2);
}
print_entry();
}
if(useresolv)
endhostent();
fclose(pFile);
return EXIT_SUCCESS;
}
On Mon, 14 May 2001, Mihai Badici wrote:
>
> Cand foloseam kernel 2.2.17, puteam sa vad utilizatorii conectati in
> spatele masqueradei cu netstat -M. Trecand la 2.4.x si folosind NAT
> care pare o chestie desteapta si vad ca mai si merge :) nu mai pot sa
> folosesc -M.
> Cum pot sa vad utilizatorii din spatele NAT? Exista un netstat mai
> nou? Sau o optiune peste care am trecut prea repede?
>
> ---
> Send e-mail to '[EMAIL PROTECTED]' with 'unsubscribe rlug' to
> unsubscribe from this list.
>
---
Send e-mail to '[EMAIL PROTECTED]' with 'unsubscribe rlug' to
unsubscribe from this list.
