/lstf

The Linux /proc/net/tcp based host-to-host connection flow printer
  1. Go 86.1%
  2. Makefile 8.4%
  3. Shell 5.5%
Go Makefile Shell
Clone or download

Clone with HTTPS

Use Git or checkout with SVN using the web URL.

Download ZIP

Launching GitHub Desktop...

If nothing happens, download GitHub Desktop and try again.

Launching GitHub Desktop...

If nothing happens, download GitHub Desktop and try again.

Launching Xcode...

If nothing happens, download Xcode and try again.

Launching Visual Studio...

If nothing happens, download the GitHub extension for Visual Studio and try again.

Find file
Switch branches/tags
Nothing to show
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
_tools Prepare binary release Mar 4, 2018
netutil Remove unused code Mar 15, 2018
tcpflow Add AddrPort.PortInt() Mar 22, 2018
vendor Import gopsutil/net Mar 4, 2018
.gitignore Ignore dist/ Mar 4, 2018
.travis.yml Add .travis.yml Mar 4, 2018
CHANGELOG.md Bump version 0.3.0 Mar 22, 2018
Gopkg.lock Import gopsutil/net Mar 4, 2018
Gopkg.toml dep ensure github.com/shirou/gopsutil Mar 4, 2018
LICENSE Add README and LICENSE Mar 4, 2018
Makefile Prepare binary release Mar 4, 2018
README.md Update README Mar 22, 2018
cli.go Fix missing table header 'Connections' Mar 15, 2018
main.go Add cli template Mar 4, 2018
version.go Bump version 0.3.0 Mar 22, 2018

README.md

lstf

lstf prints host flows (aggregated network connection flows to the same source or destination ports) by Linux /proc/net/tcp (netstat -tan) and enables you to simply grasp the network relationship between localhost and other hosts.

friend: yuuki/lsconntrack

Features

  • Distinction of active open and passive open
  • Print also the number of connections of each flows (the absolute values are meaningless)
  • Go portability
  • JSON support
  • TCP support only

How to use

HTTP requests --> Web:80 --> MySQL:3306

$ lstf -n
Local Address:Port   <-->   Peer Address:Port     Connections
10.0.1.9:many        -->    10.0.1.10:3306        22
10.0.1.9:many        -->    10.0.1.11:3306        14
127.0.0.1:many       -->    10.0.1.20:8080        99
10.0.1.9:80          <--    10.0.2.10:80          120
10.0.1.9:80          <--    10.0.2.11:80          202
  • --> indicates active open
  • <-- indicates passive open

JSON format

$ lstf -n --json | jq -r -M '.'
[
  {
    "direction": "active",
    "local": {
      "Addr": "localhost",
      "Port": "many"
    },
    "peer": {
      "addr": "10.0.100.1",
      "port": "3306"
    },
    "connections": 20
  },
  {
    "direction": "passive",
    "local": {
      "addr": "localhost",
      "port": "80"
    },
    "peer": {
      "addr": "10.0.200.1",
      "port": "many"
    },
    "connections": 27
  },
  ...
]

License

MIT

Author

yuuki