lstf prints host flows
(aggregated network connection flows to the same source or destination ports) by Linux netlink and enables you to simply grasp the network relationship between localhost and other hosts.
friend: yuuki/lsconntrack
- Distinction of
active open
andpassive open
- Print also the number of connections of each flows (the absolute values are meaningless)
- Go portability
- JSON support
- TCP support only
https://github.com/yuuki/lstf/releases
HTTP requests --> Web:80 --> MySQL:3306
$ lstf -n
Local Address:Port <--> Peer Address:Port Connections
10.0.1.9:many --> 10.0.1.10:3306 22
10.0.1.9:many --> 10.0.1.11:3306 14
10.0.2.10:22 <-- 192.168.10.10:many 1
10.0.1.9:80 <-- 10.0.2.13:many 120
10.0.1.9:80 <-- 10.0.2.14:many 202
-->
indicatesactive open
<--
indicatespassive open
Sort flows by the number of connection.
$ lstf -n | sort -nrk4
$ lstf --json | jq -r -M '.'
[
{
"direction": "active",
"local": {
"name"| "app01.local",
"addr": "10.0.1.9",
"port": "many"
},
"peer": {
"name"| "db01.local",
"addr": "10.0.100.1",
"port": "3306"
},
"connections": 20
},
{
"direction": "passive",
"local": {
"name"| "app01.local",
"addr": "10.0.1.9",
"port": "80"
},
"peer": {
"name"| "web01.local",
"addr": "10.0.200.1",
"port": "many"
},
"connections": 27
},
...
]