top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

correct use of the protocol filter parameter --state

+1 vote
546 views

Could someone help me understand the correct use of the protocol filter parameter --state. I figure it would be something like this "conntrack -L -p TCP --state ESTABLISHED" but 2 different versions of conntrack-tools give the same error (conntrack v1.2.1 (conntrack-tools): unknown option --state, Try conntrack -h or conntrack --help for more information.)

Is ts a deprecated parameter? What I'm trying to do is to selectively delete entries that are in a particular state. For instance TCP SYN_SENT, or UDP UNREPLIED.

posted Sep 13, 2013 by Garima Jain

Share this question
Facebook Share Button Twitter Share Button LinkedIn Share Button

1 Answer

+1 vote
 
Best answer

Don't capitalize the protocol.

 conntrack -L -p tcp --state SYN_SENT
answer Sep 13, 2013 by Meenal Mishra
Thanks, this works.  is there a way to do something similar with UDP. Like to filter the entries in UNREPLIED state?
No, there does not appear to be.
Similar Questions
+1 vote

How do i set tcp flags ? I tried

 nft add rule filter output tcp flags {syn,rst} counter

but failed ... also can some point me to valid syntaxes ..

+4 votes

Out of three prominent advance transport protocols (TCP, UDP and SCTP) which is the best to use and why should i use that protocol ?

+2 votes

What reasoning could be behind not using the TCP/SCTP for GTPv2 protocol ?

+2 votes

I already setup a wlan card in monitor mode, and I can capture the 802.11 frame by wireshark in ubuntu linux.

But I want to transfer (or decode) 802.11 frame into TCP/IP packets. Wireshark seems not support for this function.

Does anyone know which sniffer software or hardware supports? A paid software is OK.

...