Viewing established tcp connections
Joe Holden
joe at joeholden.co.uk
Tue Jan 16 13:01:12 UTC 2007
Ricardo Nabinger Sanchez wrote:
> On Tue, 16 Jan 2007 12:06:36 +0000
> Joe Holden <joe at joeholden.co.uk> wrote:
>
>> I'm after a tool to view tcp sessions passing through a router, however
>> dsniff is marked as BROKEN. Are there any alternatives?
>
> If you don't need to inspect the sessions, netstat can show you that:
>
> % netstat -p tcp -n
> Active Internet connections
> Proto Recv-Q Send-Q Local Address Foreign Address (state)
> tcp4 0 0 192.168.1.100.56965 192.168.1.1.23 ESTABLISHED
> tcp4 0 0 192.168.1.100.61375 208.97.136.18.5222 ESTABLISHED
> tcp4 0 0 192.168.1.100.54996 208.245.212.98.5223 ESTABLISHED
> tcp4 0 0 192.168.1.100.51672 72.14.253.125.5223 ESTABLISHED
>
> Otherwise, you can still use tcpdump:
>
> # tcpdump -n tcp
>
> You can even use a SNMP daemon and query TCP-MIB if you don't want ssh
> sessions.
>
> I couldn't infer details about what you really want to do, and feel like
> these suggestions are not what you're looking for (YMMV), although they work
> very well for my needs.
>
Hi, I was looking into using tcpdump, but I was really after something
that outputs the session in readable format. I used to use a port that
would output the session, ie; an IRC session, it would output all the
NICK changes etc, that was sent between client/server. Can't for the
life of me remember what it was called.
Cheers,
Joe
More information about the freebsd-net
mailing list