Tracking TCP Connections With tcptrack

Want to support HowtoForge? Become a subscriber!
 
Submitted by sumodirjo (Contact Author) (Forums) on Mon, 2007-07-30 18:12. :: Linux

Tracking TCP Connections With tcptrack

Basically, tcptrack is a sniffer which will show the information about TCP connections on a specific interface. tcptrack will watch all the connections that occur and show the information in a nice interface. Although it's on a text user interface but it's simple and easy to understand. tcptrack has been packaged on several popular Linux distributions. The latest version of tcptrack is 1.2.0 released on December 20, 2006. You can download the source code from the tcptrack website.

tcptrack provides some useful information for administrators to track every single connection to their servers. I use tcptrack to watch my proxy to make sure that every user gets an apropriate bandwidth, no one saturates the whole bandiwdth. It just gives me a way to watch the traffic. The information that tcptrack provides are:

  • source address and port
  • destination address and port
  • connection state
  • idle time
  • bandwidth usage

tcptrack also has a filtering feature, it uses the pcap filtering standard (it's identic with the one used in tcpdump).

 

Installation

tcptrack installation is fairly easy, on Debian GNU/Linux or ubuntu you can simply use

apt-get install tcptrack

Searching on rpmfind.net I found the one matching my needs, tcptrack for CentOS. I use rpm for RHEL 4. I took the rpm and installed it manually. If you want to use yum, you have to enable the DAG repository. If you want to build it from source, you can read the INSTALL file in the package or read it online.

 

Using tcptrack

You have to be a superuser to run tcptrack, the basic usage of tcptrack is using such a command:

# tcptrack -i <networkInterface>

For example:

# tcptrack -i eth1

After invoking such a command tcptrack will run, capturing all TCP connections, and show it to you with an easy-to-understand interface. Another option that might be useful is -r and port. -r will make tcptrack wait for a given time (in seconds) before it deletes the closed connection from the screen. For example:

# tcptrack -i eth0 -r 10

port will do a filtering for you based on port number. For example:

# tcptrack -i eth1 port 22

You can read the manual for the complete options of tcptrack or read it online.

Muhammad Panji is an Computer Lab assistant on Unit Pengembangan Komputer Fakultas Ekonomi, Diponegoro University, semarang.


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by Samir Aliyev (not registered) on Thu, 2012-02-09 20:03.
tcptrack very ease for use, useful tool.  but it does not track  dissallowed, denied connections, unfortunately.
Submitted by Anonymous (not registered) on Wed, 2011-06-22 04:11.

nice post..

very usefull

Submitted by Borderamigos (not registered) on Sun, 2009-06-07 18:47.

In my Debian Lenny setup I have a launcher in a panel for tcptrack with sudo powers.  This lets me click quickly and see what's connected or trying to connect.  Keeping the -r value fairly high lets me catch the quick connection attempts (which I seem to get a lot of from China?).

 [code]

gksu "x-terminal-emulator -e tcptrack -i eth0 -r 10"

[/code]

 

Submitted by nicolargo (registered user) on Tue, 2007-07-31 10:29.