How to get a list of IP addresses connected to a WISP home broadband router?

How do I find what machines are connected & their traffic?

I can log into my ubiquiti Rocket M2 radio from Linux using: $ ssh -l ubnt

Once in the "ash" shell, I see this: BusyBox v1.11.2 (2013-05-28 17:52:06 EEST) built-in shell (ash) Enter 'help' for a list of built-in commands. XM.v5.5.6#

Typing "help", I get these commands only: Built-in commands: ------------------- . : [ [[ alias bg break cd chdir command continue echo eval exec exit export false fg getopts hash help jobs kill let local printf pwd read readonly return set shift source test times trap true type ulimit umask unalias unset wait

I know the IP address of the home broadband router ( which is connected to the radio, but my first question is how I would find that router IP address if I didn't already know it?

Route -n doesn't seem to report the router (which is XM.v5.5.6# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface U 0 0 0 eth0 U 0 0 0 eth0 U 0 0 0 ath0 UG 0 0 0 ath0

My next question is the more important one.

How do I find the IP addresses of the machines that are connected *to* that router? And how do I find their traffic?

I tried "netstat -n", "ifconfig", etc., but none tell me the IP addresses connected to the home broadband router, nor their traffic IP addresses.

Any ideas how to get a list of the IP addresses connected to the home broadband router?

Reply to
Cl?ment Durand
Loading thread data ...

Hopefully you can add more commands than those it says you have. I use curl for this:

$ curl -s

Something would need to be monitoring such a thing so you could recall that logged data.

I use nmap for this. And I am assuming you would just scan whatever the particular network happens to be. My internal network is for example. So I'd see what is on it with nmap:

# nmap -sn

You can download a fun little script I put together with the help of a few friends on the Ubuntu group. It shows various info about your machine using common commands.

You can download it here:

formatting link

and the code is posted below in case you want to skim it.

#!/bin/bash ############################################# # # Name : linfo # Version : 1.7 # About : Simple System Information # Updated : 2014-AUG-02 # # Written by : Marek Novotny # Contributors : Chris Davies # Contributors : Jonathan N. Little # Contributors : Bit Twister # #############################################

# version info Ver='1.7' VDate='2014-AUG-02'

# user info HostName=$(hostname --short) UserName=$(id -un) UserID=$(id -u) FullName=$(grep $UserName /etc/passwd | cut -d':' -f5)

GetGroups() { # get group name and GIDs IFS=$'\r\n'; Groups=($(grep $UserName /etc/group | sort \ | cut -d':' -f1,3)) #IFS=$'\r\n'; Groups=($(cat /etc/group | sort | grep $UserName \ # | cut -d':' -f1,3)) for i in ${Groups[@]}; do printf "%s\n" "Group Membership: $i" done }

# Environment Variables EnvTerm=$(echo $TERM) if [[ $EnvTerm == "" ]]; then EnvTerm="Not Set" fi EnvCol=$(tput cols) EnvLines=$(tput lines) EnvShell=$(echo $SHELL) EnvEditor=$(echo $EDITOR) if [[ $EnvEditor == "" ]]; then EnvEditor="Not Set" fi EnvLang=$(echo $LANG) if [[ $EnvLang == "" ]]; then EnvLang="Not Set" fi EnvNNTP=$(echo $NNTPSERVER) if [[ $EnvNNTP == "" ]]; then EnvNNTP="Not Set" fi

# machine info KernelRelease=$(uname -r) TaintStatus=$(cat /proc/sys/kernel/tainted) if [ $TaintStatus != 0 ] ; then TaintResults="Tainted ($TaintStatus)" else TaintResults="Not Tainted ($TaintStatus)" fi Mem=$(grep MemTotal /proc/meminfo | awk '{print $2}') CPU=$(grep -m 1 "model name" /proc/cpuinfo | cut -f2 | cut -c 3-) Cores=$(grep -m 1 "cpu cores" /proc/cpuinfo | cut -f2 | cut -c 3-) Siblings=$(grep -m 1 "siblings" /proc/cpuinfo | cut -f2 | cut -c 3-) if [[ $Cores == "" ]] && [[ $Siblings == "" ]]; then Cores="Not Detected" Siblings="Not Detected" HyperValue=0 else HyperValue=$(($Siblings/$Cores)) fi if [[ $HyperValue == 2 ]];then HyperThreading="True" else HyperThreading="False" fi UpTime=$(uptime | cut -d',' -f1 | cut -c 2-) LoadAverage=$(uptime | cut -d',' -f3,4,5 | cut -d':' -f2,3,4 | cut -c 2-) VGA=$(lspci | grep VGA | cut -d':' -f3 | cut -c 2-) if [ -f /proc/asound/modules ]; then SoundMod=$(grep -m 1 . /proc/asound/modules | cut -d' ' -f3) else SoundMod="Not Detected" fi if [[ $SoundMod == "" ]]; then SoundMod="Not Detected" fi if [ -f /proc/asound/version ]; then SoundDrv=$(cat /proc/asound/version) else SoundDrv="Not Detected" fi if [[ $SoundDrv == "" ]]; then SoundDrv="Not Detected" fi

# Determine the Distro type and store results as Distro if [ -f /etc/release ]; then Distro=$(cat /etc/release) # mageia elif [ -f /etc/system-release ]; then Distro=$(cat /etc/system-release) # rhel elif [ -f /etc/slackware-version ]; then Distro=$(cat /etc/slackware-version) # slackware elif [ -f /etc/issue ]; then Distro=$(cat /etc/issue | cut -d' ' -f1,2,3) # debian / ubuntu fi

# Check if the Nouveau Kernel driver is in use TestForNouveau=$(lspci -k | grep "Kernel driver in use: nouveau" \ | awk '{print $5}') if [[ $TestForNouveau == "nouveau" ]]; then NouveauResults="Enabled" else NouveauResults="Blacklisted" fi

TaintDescription() { # Describe Kernel Taint Status if Kernel is tainted TaintArray=( " 1 - A module with a non-GPL license has been loaded, this includes modules with no license. Set by modutils >= 2.4.9 and module-init-tools." " 2 - A module was force loaded by insmod -f. Set by modutils >= 2.4.9 and module-init-tools." " 4 - Unsafe SMP processors: SMP with CPUs not designed for SMP." " 8 - A module was forcibly unloaded from the system by rmmod -f." " 16 - A hardware machine check error occurred on the system." " 32 - A bad page was discovered on the system." " 64 - The user has asked that the system be marked tainted. This could be because they are running software that directly modifies the hardware, or for other reasons." " 128 - The system has died." " 256 - The ACPI DSDT has been overridden with one supplied by the user instead of using the one provided by the hardware." " 512 - A kernel warning has occurred." "1024 - A module from drivers/staging was loaded." "2048 - The system is working around a severe firmware bug." "4096 - An out-of-tree module has been loaded." )

printf "%s\n" "Linux Kernel Taint Status Description" FWLine ix=0 for Mask in 1 2 4 8 16 32 64 128 256 512 1024 2048 4096 ; do (($TaintStatus & $Mask)) && printf "%s\n\n" "${TaintArray[$ix]}" ((ix++)) done }

# Network info FQDN=$(hostname -f) DomainName=$(dnsdomainname) DomainIP=$(dig +short $DomainName | grep -m 1 [1,9]) AssignedIP=$(ip route get | awk 'NR==1 {print $7}') Gateway=$(ip route | grep default | cut -d' ' -f3) ExternalIP=$(curl -s ReverseLookup=$(dig +short -x $ExternalIP) MailExchange=$(dig +short $DomainName MX | grep -m 1 [10,50] \ | awk '{print $2}') NameServer=$(dig +short $DomainName NS | grep -m 1 [1,9]) DigForDNS=$(dig | grep SERVER | cut -d'#' -f1 | cut -d' ' -f3) ISP=$(curl -s$ExternalIP/org) GeoCountry=$(curl -s$ExternalIP/country) GeoRegion=$(curl -s$ExternalIP/region) GeoCity=$(curl -s$ExternalIP/city)

FWLine() { # draw line across screen printf "%*s\n" "${COLUMNS:-$(tput cols)}" '' | tr ' ' = }

# print output printf "%*s\n" "${COLUMNS:-$(tput cols)}" "$(date)" printf "%*s\n" "${COLUMNS:-$(tput cols)}" "Version $Ver, released: $VDate" printf "%s\n" "User Info" FWLine printf "%s\n" " Hostnane: $HostName" printf "%s\n" " Full Name: $FullName" printf "%s\n" " User Name: $UserName" printf "%s\n" " UserID: $UserID" GetGroups printf "%s\n\n" " Home Dir: $HOME" printf "%s\n" "Environment Variables" FWLine printf "%s\n" " Term: $EnvTerm" printf "%s\n" " Term Size: $EnvCol x $EnvLines" printf "%s\n" " Shell: $EnvShell" printf "%s\n" " Language: $EnvLang" printf "%s\n" " News Server: $EnvNNTP" printf "%s\n\n" " Editor: $EnvEditor" printf "%s\n" "Machine Info" FWLine printf "%s\n" " Total Memory: $Mem" printf "%s\n" " Processor: $CPU" printf "%s\n" " CPU Cores: $Cores" printf "%s\n" " Siblings: $Siblings" printf "%s\n" " HyperThreading: $HyperThreading" printf "%s\n" " Distribution: $Distro" printf "%s\n" " Kernel Release: $KernelRelease" printf "%s\n" " Taint Status: $TaintResults" printf "%s\n" " Uptime: $UpTime" printf "%s\n" " Load Average: $LoadAverage" printf "%s\n" " VGA Adapter: $VGA" printf "%s\n" " Nouveau: $NouveauResults" printf "%s\n" " Sound Module: $SoundMod" printf "%s\n\n" " Sound Driver: $SoundDrv"

# Kernel Taint Status Description if [ $TaintStatus != 0 ]; then TaintDescription fi

printf "%s\n" "Network Info" FWLine printf "%s\n" " FQDN: $FQDN" printf "%s\n" " IP Address: $AssignedIP" printf "%s\n" " Gateway: $Gateway" printf "%s\n" " External IP: $ExternalIP" printf "%s\n" " Reverse Lookup: $ReverseLookup" printf "%s\n\n" " DNS: $DigForDNS" printf "%s\n" "Domain Info" FWLine printf "%s\n" " Domain Name: $DomainName" printf "%s\n" " Mail Exchange: $MailExchange" printf "%s\n\n" " NameServer: $NameServer" printf "%s\n" "Internet Service Provider" FWLine printf "%s\n" " Provider: $ISP" printf "%s\n" " Country: $GeoCountry" printf "%s\n" " Region: $GeoRegion" printf "%s\n\n" " City: $GeoCity" printf "%s\n" "Volume Info" FWLine df -hTP echo ""

Reply to
Marek Novotny

Marek Novotny wrote, on Sat, 09 Aug 2014 17:11:02 -0500:

Curl is not on the "busybox" Linux of the Ubiquiti Rocket M2 radio: XM.v5.5.6# curl -sh: curl: not found

But, its an interesting command for Linux, which seems to report your own IP address (as if you had gone to

formatting link
which is nice to be able to get YOUR OWN ip address from the command line.

I'll log into the Rocket M2 radio web interface and see if I can turn on all the logs that it can turn on.

Unfortunately nmap isn't found either: XM.v5.5.6# nmap -sh: nmap: not found

But, again, that's a nice Linux command! $ nmap -sn

Starting Nmap 6.40 (

formatting link
) at 2014-08-09 15:42 PDT Nmap scan report for Host is up (0.0051s latency). Nmap scan report for Host is up (0.029s latency). Nmap scan report for Host is up (0.000082s latency). Nmap scan report for Host is up (0.087s latency). Nmap scan report for Host is up (0.27s latency). Nmap scan report for Host is up (0.0052s latency). Nmap scan report for Host is up (0.013s latency). Nmap done: 256 IP addresses (7 hosts up) scanned in 10.26 seconds

The linfo also was a good command, but it didn't seem to tell me the IP addresses connected to the router as the nmap command did.

Reply to
Cl?ment Durand

I'm reluctant to add anything that requires root to the script. I like it to be something anyone can use to gain some basic insights into the machine they are sitting on regardless of their permissions level.

Reply to
Marek Novotny

I'm surprised Jeff Liebermann hasn't responded, since he knows everything about setting up WiFi security, but, luckily, I *think* I have figured out one potential way to tell what the home broadband router IP address might be from the Ubiquiti AirOS command line.

Assuming the rooftop antenna Rocket M2 is at IP and the home broadband router connected to it by wire is at ... $ ssh -l ubnt XM.v5.5.8#

At that prompt, cat this file: XM.v5.5.8# cat /tmp/dhcpd.leases

More often than not, that file seems to contain the IP address of the home broadband router which is connected to the rooftop transceiver.

If you know of a *better* way to find the IP address of the router which is connected to your Ubiquiti AirOS device, please let me know.

The router IP address will also be in the radio /proc/net/nf_conntrack file, so, I think we can grep for it using a syntax sort of like the following:

XM.v5.5.8# grep 192.168.1. /proc/net/nf_conntrack

Reply to
Cl?ment Durand

I wish Jeff Liebermann would weigh in, because I'm way out of my league here, but, the /proc/net/nf_conntrack (and /proc/net/ip_conntrack) file on the rooftop Ubiquiti Rocket M2 radio seems to be logging some sort of IP connections.

Let's say a home has two PCs attached wirelessly to one home broadband router ( which itself is attached by cat5 cable to the rooftop Ubiquiti Rocket M2 radio ( which I can ssh into.

Logging into port 22 (ssh) as user "ubnt" of that radio is as simple as: $ ssh -l ubnt -p 22

Then, I'm at the "XM.v5.5.8#" prompt.

From there, I *think* I can get the IP address of the home broadband router (if I didn't know it) by running "cat /tmp/dhcpd.leases".

But, more importantly, I *think* I can get all the IP addresses that the two PCs are connecting to by running either of these two commands:

# cat /proc/net/nf_conntrack (for ipv6) # cat /proc/net/ip_conntrack (for ipv4))

Is that the easiest way to figure out what IP addresses are being connected to at any one time, while logged into the rooftop transceiver (i.e., modem)?

Reply to
Cl?ment Durand

I don't do security. I hate security. I'm also busy, lazy, bored, and playing with a few new toys and software. However, I don't have a Ubiquiti M2 handy to test my guesswork.

Try: arp -a and see what it produces. You might get lucky.

Also, play with iwlist and iwconfig to see if they show connected wireless devices (by MAC address).

Otherwise, try a bash script that pings everything in your IP block. Something like this (untested):

#!/bin/bash test_with_ping() { ping -c 1 $1 > /dev/null [ $? -eq 0 ] && echo $IP,UP [ $? -eq 1 ] && echo $IP,dn }

for IP in 192.168.1.{1..254} do test_with_ping $IP & disown # run in background done

Use "nohup" if your bash doesn't do "disown". To run 254 IP's, at about 1 second per IP, will take about 5 minutes. There's also no guarantee that the connected machine will respond to an ICMP ping request.

Are you perhaps trying to build a network map from scratch? If so, there are network mapping tools that will do the heavy lifting for you.

"Russia Bans Anonymous Access To Wi-Fi"

Reply to
Jeff Liebermann

Jeff Liebermann wrote, on Mon, 11 Aug 2014 09:43:50 -0700:

Hi Jeff, I had tried that. While "route" exists, "arp" is not installed on the default Ubiquiti Rocket M2 2.4GHz WiFi radio: $ ssh -l ubnt -p 22 BusyBox v1.11.2 (2014-02-05 18:21:05 EET) built-in shell (ash) Enter 'help' for a list of built-in commands. XM.v5.5.8# arp

-sh: arp: not found

Both iwlist & iwconfig exist, so I will try to learn their syntax.

I'm mainly trying to understand what's going on, by looking at whatever information is available to me as I log into the rooftop radio.

Some of the key stuff I'm trying to figure out remotely is what IP addresses are connected to the home broadband router, and, what destination IP addresses those clients are attempting to visit.

I think I have made headway on finding the home broadband router IP address by lookint at the /etc/dnsmasq.conf file.

I think there's a ton of information about the destination IP addresses in the /proc/net/nf_conntrack file.

Since there is so much IP information in the conntrack file, I'm now looking for a command-line method of querying the destination IP addresses found (some of which are suspiciously from China and Russia) in the conntrack file, to find out who they belong to.

The one problem with the huge amount of IP data found in the conntrack file is that I can't tell which client device initiated the connection to those IP addresses.

So, I have a long way to go ... but every bit of advice helps, and, I, for my part, will echo back what I've learned to the group by way of payback.

Reply to
Cl?ment Durand

Jeff Liebermann wrote, on Mon, 11 Aug 2014 09:43:50 -0700:

I think I can figure out the IP addresses connected to the home broadband router by looking for src=192.168.1.XXX addresses in the previously mentioned /proc/net/nf_conntrack file.

I did try the script on the Ubiquiti Rocket M2 2.5GHz radio, but, bash wasn't found (so I changed the shell to "ash") and neither "disown" nor "nohup" were found.

The script did run, but it didn't output anything (so I need to debug it further).

But, I think the main issue now is to glean all the information I need out of the /proc/net/nf_conntrack file because it *seems* to contain every IP address that goes in and out of the rooftop radio.

While this is WISP, for people with DSL or cable, logging into that rooftop transceiver would be equivalent to logging into their modem.

Reply to
Cl?ment Durand

Running iwconfig first, it tells me "ath0" is the NIC of interest:

$ ssh -l ubnt

XM.v5.5.8# iwconfig lo no wireless extensions. eth0 no wireless extensions. eth1 no wireless extensions. wifi0 no wireless extensions. br0 no wireless extensions. ath0 IEEE 802.11ng ESSID:"ROCKET_M2" Nickname:"Rocket_WiFi" Mode:Managed Frequency:2.417 GHz Access Point: 00:AF:00:BF:DA:48 Bit Rate:104 Mb/s Tx-Power=26 dBm Sensitivity:0/0 Retry:off RTS thr:off Fragment thr:off Encryption key:0922-02A0-4792-CBFA-A89F-1CDC Security mode:restricted Power Management:off Link Quality=40/94 Signal level=-56 dBm Noise level=-88 dBm Rx invalid nwid:7 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:0 Missed beacon:0

Then, running "iwlist ath0", I find out some information.

This looks like it gives me the local access points nearby:

XM.v5.5.8# iwlist ath0 ap ath0 Peers/Access-Points in range: DA:8F:DC:14:E2:BC Quality=46/94 Signal level=-50 dBm Noise level=-96 dBm 10:57:22:9F:AC:5E Quality=41/94 Signal level=-55 dBm Noise level=-88 dBm 10:90:48:69:92:33 Quality=22/94 Signal level=-74 dBm Noise level=-88 dBm CC:C8:55:8C:6F:41 Quality=18/94 Signal level=-78 dBm Noise level=-88 dBm CA:8F:15:27:97:68 Quality=18/94 Signal level=-78 dBm Noise level=-96 dBm 61:3A:4C:E5:B9:D1 Quality=16/94 Signal level=-80 dBm Noise level=-88 dBm 91:72:4F:1F:91:1C Quality=16/94 Signal level=-80 dBm Noise level=-88 dBm 15:80:4E:69:92:34 Quality=16/94 Signal level=-80 dBm Noise level=-88 dBm 10:15:8D:AC:03:88 Quality=15/94 Signal level=-81 dBm Noise level=-88 dBm F1:D1:F9:12:9D:1E Quality=15/94 Signal level=-81 dBm Noise level=-88 dBm 21:C9:80:F3:98:7C Quality=10/94 Signal level=-86 dBm Noise level=-88 dBm 1B:12:C6:22:24:9F Quality=09/94 Signal level=-87 dBm Noise level=-88 dBm 10:1C:63:2B:4F:47 Quality=09/94 Signal level=-87 dBm Noise level=-88 dBm F1:13:4E:10:35:4F Quality=09/94 Signal level=-87 dBm Noise level=-88 dBm 18:0F:C3:F3:D0:66 Quality=07/94 Signal level=-89 dBm Noise level=-96 dBm 1A:23:87:1C:F7:17 Quality=07/94 Signal level=-89 dBm Noise level=-96 dBm

This seems to list the rooftop radio transmit power: XM.v5.5.8# iwlist ath0 txpower ath0 8 available transmit-powers : 10 dBm (10 mW) 16 dBm (39 mW) 18 dBm (63 mW) 20 dBm (100 mW) 22 dBm (158 mW) 24 dBm (251 mW) 26 dBm (398 mW) 28 dBm (630 mW) Current Tx-Power=24 dBm (251 mW)

This seems to scan for all the WiFi routers in the vicinity of the rooftop radio: XM.v5.5.8# iwlist ath0 scanning It lists dozens of "cells", here's just one example: Cell 02 - Address: 00:A0:55:AC:83:2A ESSID:"Netgear" Mode:Master Frequency:2.417 GHz (Channel 2) Quality=15/94 Signal level=-81 dBm Noise level=-88 dBm Encryption key:on Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 6 Mb/s 9 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s; 36 Mb/s 48 Mb/s; 54 Mb/s Extra:bcn_int=100 IE: IEEE 802.11i/WPA2 Version 1 Group Cipher : TKIP Pairwise Ciphers (2) : CCMP TKIP Authentication Suites (1) : PSK Extra:mtik_ie=really long number

In summary, these two commands (iwconfig & iwlist) are interesting, as they provide information about signal strengths of nearby access points, none seem to tell me which PCs are attached to the home broadband router, nor what destination IP addresses those devices are going to.

Nice commands otherwise!

Reply to
Cl?ment Durand

Try: cat /proc/net/arp or: ip neigh show dev br0 br0 might be eth0 or something else if your M2 is setup as a router.

One must suffer before enlightenment.

I usually use SNMP in the router in order to get that info. If (and only if) your Ubiquiti is setup as a bridge, you can sniff the traffic between the wireless bridge and the router (on the router WAN port), and get the same information. Insert a HUB (not a SWITCH) between the Ubiquiti M2 and your unspecified router. Add a PC running WireShark or your favorite sniffer software, and you should get something useable.

You can also sniff just the HTTP traffic with: Take a good look at Nir Sofer's tools. They're quite useful:

Go thee unto Google at:

formatting link
Inscribe into the designated search box the words of empowerment: "what is my IP" Through the magic of Google, your WAN IP address will be displayed.

Dunno. I don't have any Ubiquiti hardware handy to test it.

Learn by destroying, which means that if you haven't broken something, you don't really understand how it works.

Now, go away so I can get some paying work done.

Reply to
Jeff Liebermann

On my desktop, I run zenmap, which is a gui version of nmap. Familiarize yourself with zenmap on your lan. Once you know how it works, you can just copy the nmap commands that it issues. They are displayed by the program.

Reply to

Jeff Liebermann wrote, on Mon, 11 Aug 2014 16:19:40 -0700:

Thanks for your help. I do appreciate it. Since the documentation on interpreting the nf_conntrack file was so dismal, I wrote my own documentation, from many sources.

Here is it, as payback, for all the help from others.

Here's my first attempt at an interpretation of a sample line from my nf_conntrack file:

ipv4 2 tcp 6 56808 ESTABLISHED src= dst= sport=80 dport=49437 [UNREPLIED] src= dst= sport=49437 dport=80 mark=0 use=2 My interpretation: An ESTABLISHED TCP connection from source host, port 80 To destination host, port 49437 From which responses are sent to host, port 49437 Timing out in 56808 seconds (i.e., more than 15 hours) UNREPLIED means traffic hasn't been seen in the response direction yet In addition, the: Network layer protocol name is ipv4 Network layer protocol number is 2 Transmission layer protocol name is tcp Transmission layer protocol number is 6 Seconds until the entry is invalidated is 56808 (i.e., more than 15 hours)

Here is another attempt at interpreting an example from my nf_conntrack log file:

ipv4 2 icmp 1 16 src= dst= type=8 code=0 id=39196 src= dst= type=0 code=0 id=39196 mark=0 use=2 My interpretation: An ICMP echo request packet from source host To destination host With an expected echo reply packet from source hosts To destination host Timing out in 16 seconds In addition, the: Network layer protocol name is ipv4 Network layer protocol number is 2 Transmission layer protocol name is icmp Transmission layer protocol number is 1 Seconds until the entry is invalidated is 16 seconds

It seems both ip_conntrack & nf_conntrack are similar in format, where nf_conntrack simply has two extra columns at the beginning of each line, so this list below attempts to describe the first six nf_conntrack columns, as I understand them:

  1. Network layer protocol name (e.g., ipv4)
  2. Network layer protocol number (e.g., 2)
  3. Transmission layer protocol name (e.g., tcp)Transmission layer protocol number (e.g., 6)
  4. Seconds until the entry is invalidated (e.g., 75114)
  5. The connection state (e.g., ESTABLISHED, but this is not always there for all protocols)

It seems that the #5 connection state can be any of the following:





Reply to
Cl?ment Durand Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.