From owner-freebsd-net@FreeBSD.ORG Tue Jan 16 13:37:39 2007 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D3AF516A412 for ; Tue, 16 Jan 2007 13:37:39 +0000 (UTC) (envelope-from rrs@cisco.com) Received: from sj-iport-5.cisco.com (sj-iport-5.cisco.com [171.68.10.87]) by mx1.freebsd.org (Postfix) with ESMTP id B0DEA13C45A for ; Tue, 16 Jan 2007 13:37:39 +0000 (UTC) (envelope-from rrs@cisco.com) Received: from sj-dkim-2.cisco.com ([171.71.179.186]) by sj-iport-5.cisco.com with ESMTP; 16 Jan 2007 05:09:13 -0800 Received: from sj-core-2.cisco.com (sj-core-2.cisco.com [171.71.177.254]) by sj-dkim-2.cisco.com (8.12.11/8.12.11) with ESMTP id l0GD9DvD014067; Tue, 16 Jan 2007 05:09:13 -0800 Received: from xbh-sjc-221.amer.cisco.com (xbh-sjc-221.cisco.com [128.107.191.63]) by sj-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id l0GD9DGk009353; Tue, 16 Jan 2007 05:09:13 -0800 (PST) Received: from xfe-sjc-212.amer.cisco.com ([171.70.151.187]) by xbh-sjc-221.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 16 Jan 2007 05:09:12 -0800 Received: from [127.0.0.1] ([171.68.225.134]) by xfe-sjc-212.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 16 Jan 2007 05:09:12 -0800 Message-ID: <45ACCE3E.1060500@cisco.com> Date: Tue, 16 Jan 2007 08:08:14 -0500 From: Randall Stewart User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.8) Gecko/20061029 FreeBSD/i386 SeaMonkey/1.0.6 MIME-Version: 1.0 To: Joe Holden References: <45ACBFCC.3030506@joeholden.co.uk> <20070116104910.d7530a5d.rnsanchez@wait4.org> <45ACCC88.8020902@joeholden.co.uk> In-Reply-To: <45ACCC88.8020902@joeholden.co.uk> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 16 Jan 2007 13:09:12.0505 (UTC) FILETIME=[842D1A90:01C7396F] DKIM-Signature: v=0.5; a=rsa-sha256; q=dns/txt; l=2068; t=1168952953; x=1169816953; c=relaxed/simple; s=sjdkim2002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=rrs@cisco.com; z=From:=20Randall=20Stewart=20 |Subject:=20Re=3A=20Viewing=20established=20tcp=20connections |Sender:=20; bh=vpmIQHGXpRvhgP4Jiy9s5Cly7LgLfGFpzqNn7e6agrM=; b=zOCeWhpH6kkRdYo/Tv68LpHfyXLIysec7k8LoppOelMLHSjWcof2+k+bNzSqdGTxZdtBb3Pf eUF0RjDEnVT+Z6ppv5rQid7/xs5GhrOAtwcg0wt1EGCJYiBR1taTea2A; Authentication-Results: sj-dkim-2; header.From=rrs@cisco.com; dkim=pass (sig from cisco.com/sjdkim2002 verified; ); Cc: freebsd-net@freebsd.org, Ricardo Nabinger Sanchez Subject: Re: Viewing established tcp connections X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Jan 2007 13:37:39 -0000 Joe Holden wrote: > Ricardo Nabinger Sanchez wrote: >> On Tue, 16 Jan 2007 12:06:36 +0000 >> Joe Holden wrote: >> >>> I'm after a tool to view tcp sessions passing through a router, >>> however dsniff is marked as BROKEN. Are there any alternatives? >> >> If you don't need to inspect the sessions, netstat can show you that: >> >> % netstat -p tcp -n >> Active Internet connections >> Proto Recv-Q Send-Q Local Address Foreign Address >> (state) >> tcp4 0 0 192.168.1.100.56965 192.168.1.1.23 >> ESTABLISHED >> tcp4 0 0 192.168.1.100.61375 208.97.136.18.5222 >> ESTABLISHED >> tcp4 0 0 192.168.1.100.54996 208.245.212.98.5223 >> ESTABLISHED >> tcp4 0 0 192.168.1.100.51672 72.14.253.125.5223 >> ESTABLISHED >> >> Otherwise, you can still use tcpdump: >> >> # tcpdump -n tcp >> >> You can even use a SNMP daemon and query TCP-MIB if you don't want ssh >> sessions. >> >> I couldn't infer details about what you really want to do, and feel like >> these suggestions are not what you're looking for (YMMV), although >> they work >> very well for my needs. >> > Hi, I was looking into using tcpdump, but I was really after something > that outputs the session in readable format. I used to use a port that > would output the session, ie; an IRC session, it would output all the > NICK changes etc, that was sent between client/server. Can't for the > life of me remember what it was called. > > Cheers, > Joe > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > Wireshark is what I like.. It allows you to analyze stuff as well.. you select a packet from a TCP flow (or SCTP) and tell it to analyze it... really cool :-) R -- Randall Stewart NSSTG - Cisco Systems Inc. 803-345-0369 803-317-4952 (cell)