tcptrack

TCP Track ist ein kleiner Verbindungs und Bandbreitenmonitor für TCP

tcptrack -Displays a TCP connection list

root@sidbomx:~# tcptrack -- help
Usage: tcptrack [-dfhvp] [-r ] -i []

tcptrack -p -i eth0

OPTIONS

       -d     Only track connections that were started after tcp-
             track was started. Do not try  to  detect  existing
             connections.

      -f     Enable  fast  average  recalculation. TCPTrack will
             calculate the  average  speeds  of  connections  by
             using  a  running  average.  TCPTrack will use more
             memory and CPU time, but averages will seem  closer
             to real time and will be updated more than once per
             second and may be more accurate under  heavy  load.
             The  number  of times per second that averages will
             be recalculated in fast mode is a compile-time set-
             ting that defaults to 10 times per second.

      -h     Display command line help

      -i [interface]
             Sniff packets from the specified network interface.

      -p     Do not put the interface being sniffed into promis-
             cuous mode.

      -r [seconds]
             Wait  this  many  seconds  before removing a closed
             connection from the display.  Defaults  to  2  sec-
             onds.   See  also  the  pause  interactive  command
             (below).

      -v     Display tcptrack version

EXAMPLES

tcptrack requires only one parameter to run: the -i flag followed by an interface name that you want tcptrack to monitor. This is the most basic way to run tcptrack: # tcptrack -i eth0 tcptrack can also take a pcap filter expression as an argument. The format of this filter expression is the same as that of tcpdump(8) and other libpcap-based sniffers. The following example will only show connections from host 10.45.165.2: # tcptrack -i eth0 src or dst 10.45.165.2 The next example will only show web traffic (ie, traffic on port 80): # tcptrack -i eth0 port 80