You are not expected to understand this:

An iptables ip_conntrack analysis

This is ancient. It is not wrong. The world has changed a lot, and this was instrumental in a little bit of that change.

Here is some software, cttest-0.4.tar.gz, which can be used to reproduce the following pictures. Both datasets analyzed in the following links, are from real production systems. The first set uses a dataset from a squid+REDIRECT transparent proxy service, serving dialup users. The second set is a consolidated view on all connections at one instant for a large web server farm, with all connections going to one IP's port 80. Both datasets have roughly 70000 entries to hash.

transproxy dataset

large web server

happily working for
Yalwa Branchenbuch Locanto Kleinanzeigen
Branchenbuch Kleinanzeigen

(c) 2003-2020 Patrick Schaaf , last modified Wed Jul 22 20:13:33 CEST 2020