Format of /proc/net/ip_conntrack

This document describes the format of /proc/net/ip_conntrack as of Linux 2.4.17, and possibly earlier versions.

1. Protocol name.
2. Protocol number. (6 = TCP. 17 = UDP.)
3. Seconds until this entry expires.
4. TCP only: TCP connection state.
5. Source address of “original”-side packets (packets from the side that initiated the connection).
6. Destination address of original-side packets.
7. Source port of original-side packets.
8. Destination port of original-side packets.
9. “[UNREPLIED]”, if this connection has not seen traffic in both directions. Otherwise not present.
10. Source address of “reply”-side packets (packets from the side that received the connection).
11. Destination address of reply-side packets.
12. Source port of reply-side packets.
13. Destination port of reply-side packets.
14. “[ASSURED]”, if this connection has seen traffic in both directions (for UDP) or an ACK in an ESTABLISHED connection (for TCP). Otherwise not present.
15. Use count of this connection structure.