117

GitHub - yuuki/lstf: The Linux /proc/net/tcp based host-to-host connection flow...

 6 years ago
source link: https://github.com/yuuki/lstf
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

README.md

lstf

lstf prints host flows (aggregated network connection flows to the same source or destination ports) by Linux /proc/net/tcp (netstat -tan) and enables you to simply grasp the network relationship between localhost and other hosts.

friend: yuuki/lsconntrack

Features

  • Distinction of active open and passive open
  • Print also the number of connections of each flows (the absolute values are meaningless)
  • Go portability
  • JSON support
  • TCP support only

How to use

HTTP requests --> Web:80 --> MySQL:3306

$ lstf -n
Local Address:Port   <-->   Peer Address:Port     Connections
10.0.1.9:many        -->    10.0.1.10:3306        22
10.0.1.9:many        -->    10.0.1.11:3306        14
10.0.2.10:22         <--    192.168.10.10:many    1
10.0.1.9:80          <--    10.0.2.13:many        120
10.0.1.9:80          <--    10.0.2.14:many        202
  • --> indicates active open
  • <-- indicates passive open

JSON format

$ lstf -n --json | jq -r -M '.'
[
  {
    "direction": "active",
    "local": {
      "Addr": "10.0.1.9",
      "Port": "many"
    },
    "peer": {
      "addr": "10.0.100.1",
      "port": "3306"
    },
    "connections": 20
  },
  {
    "direction": "passive",
    "local": {
      "addr": "10.0.1.9",
      "port": "80"
    },
    "peer": {
      "addr": "10.0.200.1",
      "port": "many"
    },
    "connections": 27
  },
  ...
]

License

MIT

Author

yuuki


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK