Tracking TCP Connections With tcptrack

por | 18 septiembre, 2008

Basically, tcptrack is a sniffer which will show the information about TCP connections on a specific interface. tcptrack will watch all the connections that occur and show the information in a nice interface. Although it’s on a text user interface but it’s simple and easy to understand. tcptrack has been packaged on several popular Linux distributions. The latest version of tcptrack is 1.2.0 released on December 20, 2006. You can download the source code from the tcptrack website.

tcptrack provides some useful information for administrators to track every single connection to their servers. I use tcptrack to watch my proxy to make sure that every user gets an apropriate bandwidth, no one saturates the whole bandiwdth. It just gives me a way to watch the traffic. The information that tcptrack provides are:

  • source address and port
  • destination address and port
  • connection state
  • idle time
  • bandwidth usage

tcptrack also has a filtering feature, it uses the pcap filtering standard (it’s identic with the one used in tcpdump).

Installation

tcptrack installation is fairly easy, on Debian GNU/Linux or ubuntu you can simply use

apt-get install tcptrack

Searching on rpmfind.net I found the one matching my needs, tcptrack for CentOS. I use rpm for RHEL 4. I took the rpm and installed it manually. If you want to use yum, you have to enable the DAG repository. If you want to build it from source, you can read the INSTALL file in the package or read it online.

Using tcptrack

You have to be a superuser to run tcptrack, the basic usage of tcptrack is using such a command:

# tcptrack -i <networkInterface>

For example:

# tcptrack -i eth1

After invoking such a command tcptrack will run, capturing all TCP connections, and show it to you with an easy-to-understand interface. Another option that might be useful is -r and port. -r will make tcptrack wait for a given time (in seconds) before it deletes the closed connection from the screen. For example:

# tcptrack -i eth0 -r 10

port will do a filtering for you based on port number. For example:

# tcptrack -i eth1 port 22

You can read the manual for the complete options of tcptrack or read it online.