In situations when it is required to identify which device from your local network is generating a specific data flow, it is possible to check the temporary conntrack-storage of
netfilter: /proc/net/ip_conntrack file.

This is applicable for most of the Linux based systems and in this particular case the output is from an Debian Wheezy system.

 cat /proc/net/ip_conntrack

The expected output will be:

tcp      6 11 TIME_WAIT src= dst= sport=57691 dport=80 src= dst= sport=80 dport=57691 [ASSURED] mark=0 use=2
tcp      6 107 TIME_WAIT src= dst= sport=57750 dport=443 src= dst= sport=443 dport=57750 [ASSURED] mark=0 use=2
tcp      6 431974 ESTABLISHED src= dst= sport=64503 dport=443 src= dst= sport=443 dport=64503 [ASSURED] mark=0 use=2
tcp      6 431478 ESTABLISHED src= dst= sport=53570 dport=12350 src= dst= sport=12350 dport=53570 [ASSURED] mark=0 use=2
tcp      6 431974 ESTABLISHED src= dst= sport=64501 dport=443 src= dst= sport=443 dport=64501 [ASSURED] mark=0 use=2
udp      17 3 src= dst= sport=55967 dport=53 src= dst= sport=53 dport=55967 mark=0 use=2
tcp      6 431962 ESTABLISHED src= dst= sport=49837 dport=443 src= dst= sport=443 dport=49837 [ASSURED] mark=0 use

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.