The following is a demonstration of the tcptop command, tcptop will display info on newly established TCP connections, # tcptop -C 10 Tracing... Please wait. 2005 Jul 5 04:55:25, load: 1.11, TCPin: 2 KB, TCPout: 110 KB UID PID LADDR LPORT FADDR FPORT SIZE NAME 100 20876 192.168.1.5 36396 192.168.1.1 79 1160 finger 100 20875 192.168.1.5 36395 192.168.1.1 79 1160 finger 100 20878 192.168.1.5 36397 192.168.1.1 23 1303 telnet 100 20877 192.168.1.5 859 192.168.1.1 514 115712 rcp 2005 Jul 5 04:55:35, load: 1.10, TCPin: 0 KB, TCPout: 0 KB UID PID LADDR LPORT FADDR FPORT SIZE NAME 0 242 192.168.1.5 79 192.168.1.1 54220 272 inetd 0 20879 192.168.1.5 79 192.168.1.1 54220 714 in.fingerd [...] In the above output, we run it with a 10 second interval and with -C so that the screen does not clear. Some traffic was captured, around 110 Kbytes by the rcp process (PID 20877), etc. |