Date: Tue, 16 Jan 2007 10:49:10 -0200 From: Ricardo Nabinger Sanchez <rnsanchez@wait4.org> To: Joe Holden <joe@joeholden.co.uk> Cc: freebsd-net@FreeBSD.ORG Subject: Re: Viewing established tcp connections Message-ID: <20070116104910.d7530a5d.rnsanchez@wait4.org> In-Reply-To: <45ACBFCC.3030506@joeholden.co.uk> References: <45ACBFCC.3030506@joeholden.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 16 Jan 2007 12:06:36 +0000
Joe Holden <joe@joeholden.co.uk> wrote:
> I'm after a tool to view tcp sessions passing through a router, however
> dsniff is marked as BROKEN. Are there any alternatives?
If you don't need to inspect the sessions, netstat can show you that:
% netstat -p tcp -n
Active Internet connections
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp4 0 0 192.168.1.100.56965 192.168.1.1.23 ESTABLISHED
tcp4 0 0 192.168.1.100.61375 208.97.136.18.5222 ESTABLISHED
tcp4 0 0 192.168.1.100.54996 208.245.212.98.5223 ESTABLISHED
tcp4 0 0 192.168.1.100.51672 72.14.253.125.5223 ESTABLISHED
Otherwise, you can still use tcpdump:
# tcpdump -n tcp
You can even use a SNMP daemon and query TCP-MIB if you don't want ssh
sessions.
I couldn't infer details about what you really want to do, and feel like
these suggestions are not what you're looking for (YMMV), although they work
very well for my needs.
--
Ricardo Nabinger Sanchez <rnsanchez@{gmail.com,wait4.org}>
Powered by FreeBSD
"Left to themselves, things tend to go from bad to worse."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070116104910.d7530a5d.rnsanchez>