Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 16 Jan 2007 08:08:14 -0500
From:      Randall Stewart <rrs@cisco.com>
To:        Joe Holden <joe@joeholden.co.uk>
Cc:        freebsd-net@freebsd.org, Ricardo Nabinger Sanchez <rnsanchez@wait4.org>
Subject:   Re: Viewing established tcp connections
Message-ID:  <45ACCE3E.1060500@cisco.com>
In-Reply-To: <45ACCC88.8020902@joeholden.co.uk>
References:  <45ACBFCC.3030506@joeholden.co.uk>	<20070116104910.d7530a5d.rnsanchez@wait4.org> <45ACCC88.8020902@joeholden.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help 
Joe Holden wrote:
> Ricardo Nabinger Sanchez wrote:
>> On Tue, 16 Jan 2007 12:06:36 +0000
>> Joe Holden <joe@joeholden.co.uk> wrote:
>>
>>> I'm after a tool to view tcp sessions passing through a router, 
>>> however dsniff is marked as BROKEN. Are there any alternatives?
>>
>> If you don't need to inspect the sessions, netstat can show you that:
>>
>> % netstat -p tcp -n
>> Active Internet connections
>> Proto Recv-Q Send-Q  Local Address          Foreign Address        
>> (state)
>> tcp4       0      0  192.168.1.100.56965    192.168.1.1.23         
>> ESTABLISHED
>> tcp4       0      0  192.168.1.100.61375    208.97.136.18.5222     
>> ESTABLISHED
>> tcp4       0      0  192.168.1.100.54996    208.245.212.98.5223    
>> ESTABLISHED
>> tcp4       0      0  192.168.1.100.51672    72.14.253.125.5223     
>> ESTABLISHED
>>
>> Otherwise, you can still use tcpdump:
>>
>> # tcpdump -n tcp
>>
>> You can even use a SNMP daemon and query TCP-MIB if you don't want ssh
>> sessions.
>>
>> I couldn't infer details about what you really want to do, and feel like
>> these suggestions are not what you're looking for (YMMV), although 
>> they work
>> very well for my needs.
>>
> Hi, I was looking into using tcpdump, but I was really after something 
> that outputs the session in readable format.  I used to use a port that 
> would output the session, ie; an IRC session, it would output all the 
> NICK changes etc, that was sent between client/server.  Can't for the 
> life of me remember what it was called.
> 
> Cheers,
> Joe
> _______________________________________________
> freebsd-net@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
> 
Wireshark is what I like..

It allows you to analyze stuff as well.. you select
a packet from a TCP flow (or SCTP) and tell it
to analyze it... really cool :-)

R

-- 
Randall Stewart
NSSTG - Cisco Systems Inc.
803-345-0369 <or> 803-317-4952 (cell)

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45ACCE3E.1060500>