samedi 7 avril 2012

tcptrack 

 
SYNOPSIS
       tcptrack [ -dfhvp ] [ -r seconds ] -i interface         [ filter expression ]   
 
DESCRIPTION
       tcptrack  displays  the  status of TCP connections that it        sees on a given network interface. tcptrack monitors their        state  and displays information such as state, source/des-        tination  addresses  and  bandwidth  usage  in  a  sorted,        updated list very much like the top(1) command.         The filter expression is a standard pcap filter expression        (identical to the expressions used  by  tcpdump(8))  which        can be used to filter down the characteristics of TCP con-        nections that tcptrack will see. See tcpdump(8)  for  more        information about the syntax of this expression.    
 
OPTIONS
       -d     Only track connections that were started after tcp-               track was started. Do not try  to  detect  existing               connections.         -f     Enable  fast  average  recalculation. TCPTrack will               calculate the  average  speeds  of  connections  by               using  a  running  average.  TCPTrack will use more               memory and CPU time, but averages will seem  closer               to real time and will be updated more than once per               second and may be more accurate under  heavy  load.               The  number  of times per second that averages will               be recalculated in fast mode is a compile-time set-               ting that defaults to 10 times per second.         -h     Display command line help         -i [interface]               Sniff packets from the specified network interface.         -p     Do not put the interface being sniffed into promis-               cuous mode.         -r [seconds]               Wait  this  many  seconds  before removing a closed               connection from the display.  Defaults  to  2  sec-               onds.   See  also  the  pause  interactive  command               (below).         -v     Display tcptrack version   
 
INTERACTIVE COMMANDS
       The following keys may be pressed while tcptrack  is  run-        ning to change runtime options:         When paused (via the p command) no new connections will be        displayed, however tcptrack will still monitor  and  track        all  connections it sees as usual. This option affects the        display only, not internals. When you unpause, the display        will be updated with all current information that tcptrack        has been gathering all along.   
 
EXAMPLES
       tcptrack requires only one parameter to run: the  -i  flag        followed  by  an  interface name that you want tcptrack to        monitor. This is the most basic way to run tcptrack:         # tcptrack -i eth0         tcptrack can also take a  pcap  filter  expression  as  an        argument. The format of this filter expression is the same        as that of tcpdump(8) and  other  libpcap-based  sniffers.        The following example will only show connections from host        10.45.165.2:         # tcptrack -i eth0 src or dst 10.45.165.2         The next example will only show web traffic  (ie,  traffic        on port 80):         # tcptrack -i eth0 port 80    sources

 









Publié par



à






































Aucun commentaire:















Enregistrer un commentaire


















        

      









Inscription à :
Publier les commentaires (Atom)