Tcptrack – Monitor TCP connections on the network
The filter expression is a standard pcap filter expression which can be used to filter down the characteristics of TCP connections that tcptrack will see.
Install Tcptrack on ubuntu
Open the terminal and run the following command
sudo apt-get install tcptrack
tcptrack [ -dfhvp ] [ -r seconds ] -i interface [ filter expression ]
-d -- Only track connections that were started after tcptrack was started. Do not try to detect existing connections.
-f -- Enable fast average recalculation. TCPTrack will calculate the average speeds of connections by using a running average.TCPTrack will use more memory and CPU time, but averages will seem closer to real time and will be updated more than once per second and may be more accurate under heavy load. The number of times per second that averages will be recalculated in fast mode is a compile-time setting that defaults to 10 times per second.
-h -- Display command line help
-i [interface] -- Sniff packets from the specified network interface.
-p -- Do not put the interface being sniffed into promiscuous mode.
-r [seconds] -- Wait this many seconds before removing a closed connection from the display. Defaults to 2 seconds.
-v -- Display tcptrack version
Tcptrack Interactive commands
The following keys may be pressed while tcptrack is running to change runtime options:
p -- Pause/unpause display. No new connections will be added to the display, and all currently displayed connections will remain in the
q -- Quit tcptrack.
s -- Enable/disable sorting.
tcptrack -i eth0 -f
tcptrack -i eth0 dst 172.30.21.1
tcptrack -i eth0 port 80
tcptrack -T network.pcap > network.txt