![connection states unreplied connection states unreplied](https://cdncontribute.geeksforgeeks.org/wp-content/uploads/CN-1.png)
On one hand it's good, since it allows you to bring conntrack up without disturbing all connections I don't know if this is a good or bad thing. default is a SYN scan, but -sA does an ACK scan.īut conntrack's behaviour is understandable: it asumes that the connection was already there before he was there, and thus asumes ESTABLISHED. You can choose what scan to do with nmap. The prob now is that I know a way to flood the conntrack with a simple nmap command, if an expert knows something more about this, plz reply here, but conntrack is NOT reporting wrongly as there was no SYN packet sent. I dont know why nmap is doing this or why the connection tracking system takes it as an ESTABLISHED connection but its not SYN_SENT for sure. BUT the first packet of nmap was not SYN (as I thought), it was an ACK! I was trying with nmap to scan random hosts for port 80. I have no clue, but I'm also interested in the solution I have checked and rechecked the kernel configuration, I have tryied many configuration combination but no hope! Last edited by sque on Mon 3:56 am edited 2 times in totalĪfter more reading on the conntrack system, I discovered that the 3rd entry is the time-out in seconds, so at the previous example This connection should timeout in 2 minutes, but it will timeout in more than a couple of hours!!!!Īs you can imagine, this can eat up all my resources. My prob is not the name, but the time out. The problem is that at /proc/net/ip_conntrack connections are reported as ESTABLISHED rather than SYN_SETĮ.g. Hi I have setup a gentoo machine with kernel 2.6.16-r7 (from gentoo sources). Posted: Fri 10:18 am Post subject: KERNEL Conntrack system reporting wrongly Gentoo Forums Forum Index Networking & Security KERNEL Conntrack system reporting wrongly Gentoo Forums :: View topic - KERNEL Conntrack system reporting wrongly