G'day Matthew! Yes, I think that they are essentially reporting the same metric: being the number of active connection tracking entries in the connection tracking table at time time of running the command. Keep in mind that connection tracking entries are highly variable, and could easily change by a few hundred connections in just 1 second - so it is unlikely that they will ever be the same even if you run the same command over and over. But assuming you already know that, I think that the get-total-entries does tend to show a higher number on average, and although I can't tell you exactly WHY, I /suspect/ that it will come down to how the two command work: 'print' command, when you run it just like "/ip firewall connection print" dumps a summary of each active connection to the console - but it takes time to run, so while it is running, some connections may have expired, and some that have started might not get counted in the list (because of the way the list is 'ordered', the way 'print' command works, and probably other factors) So it is not unexpected that the print command will not be an accurate measure of how many entries are there at any given time. 'total-entries', however, is a count register that will be incremented by routerOS each time a connection is added and decremented each time one is expired - when you run the get command, it simply reads the value of that register and displays it to the console. Therefore, it will always be a more accurate measure of the actual number of connections present at the time. I honestly don't know for certain why the numbers are different, but I feel confident that the latter is the most accurate measure ; ) Cheers! Mike. -----Original Message----- From: Public <public-bounces@talk.mikrotik.com.au> On Behalf Of Matthew Kobayashi Sent: Thursday, 5 October 2023 1:09 PM To: public@talk.mikrotik.com.au Subject: [MT-AU Public] Conntrack count vs. total-entries, different values? Hi all, I've come across something in RouterOS that I don't quite understand, and I was hoping someone could shed a little light on what I'm seeing. The values for the output of the below commands on my router are always quite different (approx. 150-200 apart) and I'm not sure why. As best I can tell from the documentation, these values should be identical (or at least very close), but they never seem to be close to one another. Does anyone know of a reason why they wouldn't be the same? Does total-entries mean something other than the total number of connections currently in the conntrack table? [matthew@gateway] > /ip/firewall/connection/print count-only 445 [matthew@gateway] > :put [/ip/firewall/connection/tracking/get total-entries] 648 Kind regards, Matthew Kobayashi _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au