Connection Tracking

The Connection Tracking panel allows you to view and interact with the in-kernel connection tracking system to get a list of all active connections on your LANCOM R&S®Unified Firewall.

Navigate to Monitoring & Statistics > Connection Tracking to open an editor panel to view all connections tracked in the system.

The filter section allows you to narrow the list of results in the table below it. First, select one of the options in a drop-down list or type in one of the input fields. Then, click Reload to refresh the list to show only those entries that contain the selected option or the characters you have typed. Click in the drop-down list or in the input field to delete the selected option or the search string or click Reset Filter to delete all entries and display an unfiltered view of the list.

Note:

Filter options are AND-connected.

The table columns of the currently active connections list contain the following information:

Column Description
# Displays a consecutive number for the table row.
Protocol Displays the IP protocol type used by the connection. The type can either be TCP or UDP.
TTL Displays the lifetime of the conntrack entry in seconds. Once this time span has elapsed, the entry is discarded.
TCP State Displays the current state of the TCP connection. The TCP state can be as follows:
  • SYN_SENT
  • SYN_RECV
  • ESTABLISHED
  • FIN_WAIT
  • CLOSE_WAIT
  • LAST_ACK
  • TIME_WAIT
  • CLOSE
  • LISTEN
Source Displays the source IP address and port of the connection request.
Destination Displays the destination IP address and port of the connection request.
Packets Displays the number of packets sent in the original direction for the given connection. In this case, original direction means from source to destination.
Bytes Displays the number of bytes sent in the original direction for the given connection. In this case, original direction means from source to destination.
State Displays the state of the connection in the original direction. In this case, original direction means from source to destination.The state can be one of the following:
  • ASSURED
  • ESTABLISHED - This connection has been established.
  • EXPECTED - This is an expected connection. There have not yet been any matching packets, but the firewall expects such packets soon.
  • FIXED_TIMEOUT
  • INVALID - This connection does not follow the expected behavior of a connection and is, therefore, considered invalid.
  • NEW - This connection is starting.
  • RELATED - This connection has already been expected.
  • SEEN_REPLY - The first answer packet from the destination was seen, but the handshake has not yet been completed.
  • UNREPLIED - An initial packet from the source was seen, but it has not yet been replied.
  • UNSET
  • UNTRACKED - This connection is not tracked.
State (Reply) Displays the state of the connection in the reply direction. In this case, reply direction means from destination to source. The status can be one of the following:
  • ASSURED
  • ESTABLISHED - This connection has been established.
  • EXPECTED - This is an expected connection. There have not yet been any matching packets, but the firewall expects such packets soon.
  • FIXED_TIMEOUT
  • INVALID - This connection does not follow the expected behavior of a connection and is, therefore, considered invalid.
  • NEW - This connection is starting.
  • RELATED - This connection has already been expected.
  • SEEN_REPLY - The first answer packet from the source was seen, but the handshake has not yet been completed.
  • UNREPLIED - An initial packet from the source was seen, but it has not yet been replied.
  • UNSET
  • UNTRACKED - This connection is not tracked.
Source (Reply) Displays the source IP address and port expected of the return packets (usually the same as under Destination).
Destination (Reply) Displays the destination IP address and port expected of the return packets (usually the same as under Source).
Packets (Reply) Displays the number of packets sent in the reply direction for the given connection. In this case, reply direction means from destination to source.
Bytes (Reply) Displays the number of bytes sent in the reply direction for the given connection. In this case, reply direction means from destination to source.
Mark Displays the connection mark. The mark is set by your LANCOM R&S®Unified Firewall.
Used Displays the conntrack Use field.

Click Reload to refresh the connections list in the table.

The Close button at the bottom of the editor panel allows you to shut the panel and return to the complete overview of your entire configured network.

www.lancom-systems.com

LANCOM Systems GmbH | Adenauerstr. 20/B2 | 52146 Wuerselen | Germany | E-Mail info@lancom.de

LANCOM Logo