Date: Tue, 16 Jan 2007 13:00:56 +0000 From: Joe Holden <joe@joeholden.co.uk> To: Ricardo Nabinger Sanchez <rnsanchez@wait4.org> Cc: freebsd-net@FreeBSD.ORG Subject: Re: Viewing established tcp connections Message-ID: <45ACCC88.8020902@joeholden.co.uk> In-Reply-To: <20070116104910.d7530a5d.rnsanchez@wait4.org> References: <45ACBFCC.3030506@joeholden.co.uk> <20070116104910.d7530a5d.rnsanchez@wait4.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Ricardo Nabinger Sanchez wrote: > On Tue, 16 Jan 2007 12:06:36 +0000 > Joe Holden <joe@joeholden.co.uk> wrote: > >> I'm after a tool to view tcp sessions passing through a router, however >> dsniff is marked as BROKEN. Are there any alternatives? > > If you don't need to inspect the sessions, netstat can show you that: > > % netstat -p tcp -n > Active Internet connections > Proto Recv-Q Send-Q Local Address Foreign Address (state) > tcp4 0 0 192.168.1.100.56965 192.168.1.1.23 ESTABLISHED > tcp4 0 0 192.168.1.100.61375 208.97.136.18.5222 ESTABLISHED > tcp4 0 0 192.168.1.100.54996 208.245.212.98.5223 ESTABLISHED > tcp4 0 0 192.168.1.100.51672 72.14.253.125.5223 ESTABLISHED > > Otherwise, you can still use tcpdump: > > # tcpdump -n tcp > > You can even use a SNMP daemon and query TCP-MIB if you don't want ssh > sessions. > > I couldn't infer details about what you really want to do, and feel like > these suggestions are not what you're looking for (YMMV), although they work > very well for my needs. > Hi, I was looking into using tcpdump, but I was really after something that outputs the session in readable format. I used to use a port that would output the session, ie; an IRC session, it would output all the NICK changes etc, that was sent between client/server. Can't for the life of me remember what it was called. Cheers, Joe
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45ACCC88.8020902>