Tcptrack

From Notes_Wiki
Revision as of 04:42, 7 April 2014 by Saurabh (talk | contribs)

<yambe:breadcrumb>Network related tools</yambe:breadcrumb>

tcptrack

'tcptrack' can be used to track TCP connections of a host over a particular interface. To monitor all TCP connections over 'eth0' we can use

tcptrack -i eth0

and see all the incoming, outgoing, and even half-established connections. SYN_SENT etc. for connections being attempted to be established is also shown.

'tcptrack' also provides other command line options like

  • '-d' to track only the connections that start after tcptrack has been started.
  • '-r <seconds>' wait specified seconds before removing a closed connection from list (Default: 2)

When we are running tcptrack we can use shortcuts 'p' for pausing display so that we can look at the list of connections without connections jumping here and there. This just pauses the display, background capturing and processing of information by tcptrack continues even after pausing display.

We can also use 's' to toggle between various sorting options like no sorting, sorting by rate, sorting by total bytes, etc.