network_connections
Prototype: network_connections(regex)
Return type: data
Description: Return the list of current network connections.
This function looks in /proc/net to find the current network connections.
The returned data container has four keys:
tcphas all the TCP connections over IPv4tcp6has all the TCP connections over IPv6udphas all the UDP connections over IPv4udp6has all the UDP connections over IPv6
Under each key, there's an array of connection objects that all look like this:
All the data is collected from the files /proc/net/tcp,
/proc/net/tcp6, /proc/net/udp, and /proc/net/udp6.
The address will be either IPv4 or IPv6 as appropriate. The port will
be an integer stored as a string. The state will be a string like
UNKNOWN.
On Linux, usually a state of UNKNOWN and a remote address 0.0.0.0
or 0:0:0:0:0:0:0:0 with port 0 mean this is a listening IPv4 and
IPv6 server. In addition, usually a local address of 0.0.0.0 or
0:0:0:0:0:0:0:0 means the server is listening on every IPv4 or IPv6
interface, while 127.0.0.1 (the IPv4 localhost address) or
0:100:0:0:0:0:0:0 means the server is only listening to connections
coming from the same machine.
A state of ESTABLISHED usually means you're looking at a live
connection.
Example:
vars:
"connections" data => network_connections();
Output:
The SSH daemon:
The printer daemon listening only to local IPv6 connections on port 631:
An established connection on port 2200:
History: Introduced in CFEngine 3.9