From owner-freebsd-net@FreeBSD.ORG Tue Jan 16 12:49:14 2007 Return-Path: X-Original-To: freebsd-net@FreeBSD.ORG Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B7D9916A416 for ; Tue, 16 Jan 2007 12:49:14 +0000 (UTC) (envelope-from rnsanchez@wait4.org) Received: from spunkymail-a15.dreamhost.com (sd-green-bigip-207.dreamhost.com [208.97.132.207]) by mx1.freebsd.org (Postfix) with ESMTP id A6E7213C441 for ; Tue, 16 Jan 2007 12:49:14 +0000 (UTC) (envelope-from rnsanchez@wait4.org) Received: from sauron.lan.box (unknown [200.203.30.109]) by spunkymail-a15.dreamhost.com (Postfix) with ESMTP id 79CB67F021; Tue, 16 Jan 2007 04:49:13 -0800 (PST) Date: Tue, 16 Jan 2007 10:49:10 -0200 From: Ricardo Nabinger Sanchez To: Joe Holden Message-Id: <20070116104910.d7530a5d.rnsanchez@wait4.org> In-Reply-To: <45ACBFCC.3030506@joeholden.co.uk> References: <45ACBFCC.3030506@joeholden.co.uk> Organization: SYS_WAIT4 X-Mailer: Sylpheed 2.3.0+svn (GTK+ 2.10.6; i386-unknown-freebsd6.1) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: freebsd-net@FreeBSD.ORG Subject: Re: Viewing established tcp connections X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Jan 2007 12:49:14 -0000 On Tue, 16 Jan 2007 12:06:36 +0000 Joe Holden wrote: > I'm after a tool to view tcp sessions passing through a router, however > dsniff is marked as BROKEN. Are there any alternatives? If you don't need to inspect the sessions, netstat can show you that: % netstat -p tcp -n Active Internet connections Proto Recv-Q Send-Q Local Address Foreign Address (state) tcp4 0 0 192.168.1.100.56965 192.168.1.1.23 ESTABLISHED tcp4 0 0 192.168.1.100.61375 208.97.136.18.5222 ESTABLISHED tcp4 0 0 192.168.1.100.54996 208.245.212.98.5223 ESTABLISHED tcp4 0 0 192.168.1.100.51672 72.14.253.125.5223 ESTABLISHED Otherwise, you can still use tcpdump: # tcpdump -n tcp You can even use a SNMP daemon and query TCP-MIB if you don't want ssh sessions. I couldn't infer details about what you really want to do, and feel like these suggestions are not what you're looking for (YMMV), although they work very well for my needs. -- Ricardo Nabinger Sanchez Powered by FreeBSD "Left to themselves, things tend to go from bad to worse."