From owner-freebsd-net@FreeBSD.ORG Tue Jan 16 13:01:12 2007 Return-Path: X-Original-To: freebsd-net@FreeBSD.ORG Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 64E4E16A40F for ; Tue, 16 Jan 2007 13:01:12 +0000 (UTC) (envelope-from joe@joeholden.co.uk) Received: from claire.ber.rewt.org.uk (claire.ber.rewt.org.uk [217.160.200.67]) by mx1.freebsd.org (Postfix) with ESMTP id 051D113C44B for ; Tue, 16 Jan 2007 13:01:10 +0000 (UTC) (envelope-from joe@joeholden.co.uk) Received: from localhost (localhost [127.0.0.1]) by claire.ber.rewt.org.uk (Postfix) with ESMTP id 0AE1AB952; Tue, 16 Jan 2007 13:01:10 +0000 (GMT) X-Virus-Scanned: amavisd-new at claire.ber.rewt.org.uk Received: from claire.ber.rewt.org.uk ([127.0.0.1]) by localhost (claire.ber.rewt.org.uk [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8-6OAHohaYdH; Tue, 16 Jan 2007 13:01:00 +0000 (GMT) Received: from [195.28.169.201] (jwh.lon.rewt.org.uk [195.28.169.201]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by claire.ber.rewt.org.uk (Postfix) with ESMTP id 70BD0B913; Tue, 16 Jan 2007 13:00:59 +0000 (GMT) Message-ID: <45ACCC88.8020902@joeholden.co.uk> Date: Tue, 16 Jan 2007 13:00:56 +0000 From: Joe Holden User-Agent: Thunderbird 2.0b1 (Windows/20061206) MIME-Version: 1.0 To: Ricardo Nabinger Sanchez References: <45ACBFCC.3030506@joeholden.co.uk> <20070116104910.d7530a5d.rnsanchez@wait4.org> In-Reply-To: <20070116104910.d7530a5d.rnsanchez@wait4.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@FreeBSD.ORG Subject: Re: Viewing established tcp connections X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Jan 2007 13:01:12 -0000 Ricardo Nabinger Sanchez wrote: > On Tue, 16 Jan 2007 12:06:36 +0000 > Joe Holden wrote: > >> I'm after a tool to view tcp sessions passing through a router, however >> dsniff is marked as BROKEN. Are there any alternatives? > > If you don't need to inspect the sessions, netstat can show you that: > > % netstat -p tcp -n > Active Internet connections > Proto Recv-Q Send-Q Local Address Foreign Address (state) > tcp4 0 0 192.168.1.100.56965 192.168.1.1.23 ESTABLISHED > tcp4 0 0 192.168.1.100.61375 208.97.136.18.5222 ESTABLISHED > tcp4 0 0 192.168.1.100.54996 208.245.212.98.5223 ESTABLISHED > tcp4 0 0 192.168.1.100.51672 72.14.253.125.5223 ESTABLISHED > > Otherwise, you can still use tcpdump: > > # tcpdump -n tcp > > You can even use a SNMP daemon and query TCP-MIB if you don't want ssh > sessions. > > I couldn't infer details about what you really want to do, and feel like > these suggestions are not what you're looking for (YMMV), although they work > very well for my needs. > Hi, I was looking into using tcpdump, but I was really after something that outputs the session in readable format. I used to use a port that would output the session, ie; an IRC session, it would output all the NICK changes etc, that was sent between client/server. Can't for the life of me remember what it was called. Cheers, Joe