Viewing established tcp connections
rrs at cisco.com
Tue Jan 16 13:37:39 UTC 2007
Joe Holden wrote:
> Ricardo Nabinger Sanchez wrote:
>> On Tue, 16 Jan 2007 12:06:36 +0000
>> Joe Holden <joe at joeholden.co.uk> wrote:
>>> I'm after a tool to view tcp sessions passing through a router,
>>> however dsniff is marked as BROKEN. Are there any alternatives?
>> If you don't need to inspect the sessions, netstat can show you that:
>> % netstat -p tcp -n
>> Active Internet connections
>> Proto Recv-Q Send-Q Local Address Foreign Address
>> tcp4 0 0 192.168.1.100.56965 192.168.1.1.23
>> tcp4 0 0 192.168.1.100.61375 18.104.22.168.5222
>> tcp4 0 0 192.168.1.100.54996 22.214.171.124.5223
>> tcp4 0 0 192.168.1.100.51672 126.96.36.199.5223
>> Otherwise, you can still use tcpdump:
>> # tcpdump -n tcp
>> You can even use a SNMP daemon and query TCP-MIB if you don't want ssh
>> I couldn't infer details about what you really want to do, and feel like
>> these suggestions are not what you're looking for (YMMV), although
>> they work
>> very well for my needs.
> Hi, I was looking into using tcpdump, but I was really after something
> that outputs the session in readable format. I used to use a port that
> would output the session, ie; an IRC session, it would output all the
> NICK changes etc, that was sent between client/server. Can't for the
> life of me remember what it was called.
> freebsd-net at freebsd.org mailing list
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
Wireshark is what I like..
It allows you to analyze stuff as well.. you select
a packet from a TCP flow (or SCTP) and tell it
to analyze it... really cool :-)
NSSTG - Cisco Systems Inc.
803-345-0369 <or> 803-317-4952 (cell)
More information about the freebsd-net