Q. How do I track and monitor connection for eth1 public network interface under Redhat Enterprise Linux (RHEL) 5 server?
A.You can use netstat command or tcptrack command. Both command can show established TCP connection and provides the ability to monitor the same.
netstat command
netstat command prints information about the Linux networking subsystem. It also works under UNIX and *BSD oses. It can display network connections, routing tables, interface statistics, masquerade connections, and multicast memberships etc.
netstat command to display established connections
Type the command as follows:
$ netstat -nat
Output:
Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 127.0.0.1:2208 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:52459 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:1521 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:3128 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:31323 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:2207 0.0.0.0:* LISTEN tcp 0 0 192.168.1.100:59917 74.86.48.98:291 ESTABLISHED tcp 0 0 127.0.0.1:3128 127.0.0.1:49413 TIME_WAIT tcp 0 0 127.0.1.1:54624 127.0.1.1:1521 ESTABLISHED tcp 0 0 127.0.1.1:1521 127.0.1.1:54624 ESTABLISHED tcp 0 0 192.168.1.100:55914 74.125.19.147:80 ESTABLISHED tcp 0 0 127.0.0.1:3128 127.0.0.1:42471 TIME_WAIT tcp 0 0 192.168.1.100:56357 74.86.48.98:993 ESTABLISHED tcp 0 0 192.168.1.100:56350 74.86.48.98:993 ESTABLISHED tcp6 0 0 :::53 :::* LISTEN tcp6 0 0 :::22 :::* LISTEN
To display client / server ESTABLISHED connections only:
$ netstat -nat | grep 'ESTABLISHED'
tcptrack command
tcptrack command displays the status of TCP connections that it sees on a given network interface. tcptrack monitors their state and displays information such as state, source/destination addresses and bandwidth usage in a sorted, updated list very much like the top command.
Install tcptrack
Redhat (RHEL) / Fedora / CentOS user, download tcptract here. For example download RHEL 64 bit version:
# cd /tmp/
# wget http://dag.wieers.com/rpm/packages/tcptrack/tcptrack-1.1.5-1.2.el5.rf.x86_64.rpm
# rpm -ivh tcptrack-1.1.5-1.2.el5.rf.x86_64.rpm
Debian / Ubuntu Linux user use apt-get as follows:
$ sudo apt-get install tcptrack
How do I use tcptract to monitor and track TCP connections ?
tcptrack requires only one parameter to run i.e. the name of an interface such as eth0, eth1 etc. Use the -i flag followed by an interface name that you want tcptrack to monitor.
# tcptrack -i eth0
# tcptrack -i eth1
You can just monitor TCP port 25 (SMTP)
# tcptrack -i eth0 port 25
The next example will only show web traffic monitoring on port 80:
# tcptrack -i eth1 port 80
tcptrack can also take a pcap filter expression as an argument. The format of this filter expression is the same as that of tcpdump and other libpcap-based sniffers. The following example will only show connections from host 76.11.22.12:
# tcptrack -i eth0 src or dst 76.11.22.12
For further option please refer to man page of netstat and tcptrack command.
Featured Articles:
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- My 10 UNIX Command Line Mistakes
- 10 Greatest Open Source Software Of 2009
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- Top 20 OpenSSH Server Best Security Practices
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Linux Video Editor Software
- Email FAQ to a friend
- Download PDF version
- Printable version
- Comment RSS feed
- Last Updated: 09/5/07



{ 6 comments… read them below or add one }
I am trying to install tcptrack in my linux fedora.
I did:
# yum install tcptrack.x86_64
The system give me the msg:
Error: Missing Dependency: libpcap.so.0.8.3()(64bit) is needed by package tcptrack
Then I tried to install libpcap packet with the command:
# yum install libpcap.x86_64
The system give me the msg:
Package libpcap – 14:0.9.7-1.fc7.x86_64 is already installed.
Nothing to do
Can anyone help me ??
Thanks
Jeferson Passos
try yum –whatprovides libpcap.so.0.8.3, you might need to install libcap.i386 or libcap-devel..
Hi, I want to watch my computer IP & Network.Which DOS command I should use to FIND out that whether someone is connected to my computer or not in intrusion way or not. Tell me the method to preventing un-authorised access to my computer??
thanks for ur information now i monitor my network
I encounter Failed dependencies when trying to rpm the package
# rpm -ivh tcptrack-1.1.5-1.2.el5.rf.x86_64.rpm
warning: tcptrack-1.1.5-1.2.el5.rf.x86_64.rpm: Header V3 DSA signature: NOKEY, key ID 6b8d79e6
error: Failed dependencies:
libc.so.6()(64bit) is needed by tcptrack-1.1.5-1.2.el5.rf.x86_64
libc.so.6(GLIBC_2.2.5)(64bit) is needed by tcptrack-1.1.5-1.2.el5.rf.x86_64
libc.so.6(GLIBC_2.4)(64bit) is needed by tcptrack-1.1.5-1.2.el5.rf.x86_64
libgcc_s.so.1()(64bit) is needed by tcptrack-1.1.5-1.2.el5.rf.x86_64
libgcc_s.so.1(GCC_3.0)(64bit) is needed by tcptrack-1.1.5-1.2.el5.rf.x86_64
libm.so.6()(64bit) is needed by tcptrack-1.1.5-1.2.el5.rf.x86_64
libncurses.so.5()(64bit) is needed by tcptrack-1.1.5-1.2.el5.rf.x86_64
libnsl.so.1()(64bit) is needed by tcptrack-1.1.5-1.2.el5.rf.x86_64
libpcap.so.0.9.4()(64bit) is needed by tcptrack-1.1.5-1.2.el5.rf.x86_64
libpthread.so.0()(64bit) is needed by tcptrack-1.1.5-1.2.el5.rf.x86_64
libpthread.so.0(GLIBC_2.2.5)(64bit) is needed by tcptrack-1.1.5-1.2.el5.rf.x86_64
libpthread.so.0(GLIBC_2.3.2)(64bit) is needed by tcptrack-1.1.5-1.2.el5.rf.x86_64
librt.so.1()(64bit) is needed by tcptrack-1.1.5-1.2.el5.rf.x86_64
libstdc++.so.6()(64bit) is needed by tcptrack-1.1.5-1.2.el5.rf.x86_64
libstdc++.so.6(CXXABI_1.3)(64bit) is needed by tcptrack-1.1.5-1.2.el5.rf.x86_64
libstdc++.so.6(GLIBCXX_3.4)(64bit) is needed by tcptrack-1.1.5-1.2.el5.rf.x86_64
Please help. Thanks
If you got errors on dependencies probably you have a 32bit system so follow these steps:
# cd /tmp/
# wget http://dag.wieers.com/rpm/packages/tcptrack/tcptrack-1.1.5-1.2.el5.rf.i386.rpm
# rpm -hiv tcptrack-1.1.5-1.2.el5.rf.i386.rpm
Have a nice day!