Sunday, November 21, 2010

TCPTRACK a server monotoring tool

TCPTRACK

Tcptrack provides a packet sniffer that displays TCP connections similarly to ‘top’.
tcptrack is a packet sniffer, which passively watches for connections on a specified network interface, tracks their states, and lists them in a manner similar to the Unix ‘top’ command.

It displays source and destination addresses and ports, connection state, idle time, and bandwidth usage.

 The following screenshot explains a lot:





Installation Steps:

kishore.kb@3wing57:~$ wget   http://www.rhythm.cx/~steve/devel/tcptrack/release/1.4.0/source/tcptrack-1.4.0.tar.gz
 kishore.kb@3wing57:~$ tar -xvzf tcptrack-1.4.0.tar.gz
 kishore.kb@3wing57:~$cd tcptrack-1.4.0
 kishore.kb@3wing57:~/tcptrack-1.4.0$ ./configure
 kishore.kb@3wing57:~/tcptrack-1.4.0$ make
kishore.kb@3wing57:~/tcptrack-1.4.0$ make install

 Some steps are given below to how to use the Tcptrack:


To run tcptrack, you need to specify an interface for it to sniff:

        tcptrack -i eth0

You can also provide a pcap filter expression:
   
        tcptrack -i eth0 src or dst 192.168.33.92 and port 80
       
That will make tcptrack only monitor web connections to or from 192.168.33.92 on eth0. The expression syntax is the same as you'd use for tcpdump and possibly other pcap-based sniffers.
   
While in tcptrack, hit 'q' to exit.

Commands and option:

   tcptrack [ -dfhvp ] [ -r seconds ] -i interface
        [ filter expression ]

       - d     Only track connections that were started after tcp-
              track was started. Do not try  to  detect  existing
              connections.

       -f     Enable  fast  average  recalculation. TCPTrack will
              calculate the  average  speeds  of  connections  by
              using  a  running  average.  TCPTrack will use more
              memory and CPU time, but averages will seem  closer
              to real time and will be updated more than once per
              second and may be more accurate under  heavy  load.
              The  number  of times per second that averages will
              be recalculated in fast mode is a compile-time set-
              ting that defaults to 10 times per second.

       -h     Display command line help

       -i [interface]
              Sniff packets from the specified network interface.

       -p     Do not put the interface being sniffed into promis-
              cuous mode.

       -r [seconds]
              Wait  this  many  seconds  before removing a closed
              connection from the display.  Defaults  to  2  sec-
              onds.  

Kishore
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)