Getting real-time information about TCP connections

Posted by Renan Rangel

Every sysadmin has a good set of tools that he works with. A nice addition to the Linux sysadmin that usually has to manage a gateway/firewall or other computers with a high number of connections is tcptrack.


It can show you the active TCP connections in real-time, sort them by speed, activity, etc, show how many connections currently exist and also their state. It is a simple tool but very informative - it can be very helpful when you need to find where traffic is coming from. As a bonus, it also supports tcpdump-like filters, so you can display only the connections you are looking for.

If you are using Debian Squeeze, you are out of luck (tcptrack exists in lenny and wheezy, but not in squeeze [?]), you will have to download and compile the lastest version. If you are running Gentoo, just emerge theĀ net-analyzer/tcptrack ebuild.