Viewing established tcp connections
Ricardo Nabinger Sanchez
rnsanchez at wait4.org
Tue Jan 16 12:49:14 UTC 2007
On Tue, 16 Jan 2007 12:06:36 +0000
Joe Holden <joe at joeholden.co.uk> wrote:
> I'm after a tool to view tcp sessions passing through a router, however
> dsniff is marked as BROKEN. Are there any alternatives?
If you don't need to inspect the sessions, netstat can show you that:
% netstat -p tcp -n
Active Internet connections
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp4 0 0 192.168.1.100.56965 192.168.1.1.23 ESTABLISHED
tcp4 0 0 192.168.1.100.61375 208.97.136.18.5222 ESTABLISHED
tcp4 0 0 192.168.1.100.54996 208.245.212.98.5223 ESTABLISHED
tcp4 0 0 192.168.1.100.51672 72.14.253.125.5223 ESTABLISHED
Otherwise, you can still use tcpdump:
# tcpdump -n tcp
You can even use a SNMP daemon and query TCP-MIB if you don't want ssh
sessions.
I couldn't infer details about what you really want to do, and feel like
these suggestions are not what you're looking for (YMMV), although they work
very well for my needs.
--
Ricardo Nabinger Sanchez <rnsanchez@{gmail.com,wait4.org}>
Powered by FreeBSD
"Left to themselves, things tend to go from bad to worse."
More information about the freebsd-net
mailing list