tcptop_example.txt   [plain text]

The following is a demonstration of the tcptop command,


tcptop will display info on newly established TCP connections,

   # tcptop -C 10
   Tracing... Please wait.
   2005 Jul  5 04:55:25,  load: 1.11,  TCPin:      2 KB,  TCPout:    110 KB
   
    UID    PID LADDR           LPORT FADDR           FPORT      SIZE NAME
    100  20876 192.168.1.5     36396 192.168.1.1        79      1160 finger
    100  20875 192.168.1.5     36395 192.168.1.1        79      1160 finger
    100  20878 192.168.1.5     36397 192.168.1.1        23      1303 telnet
    100  20877 192.168.1.5       859 192.168.1.1       514    115712 rcp
   
   2005 Jul  5 04:55:35,  load: 1.10,  TCPin:      0 KB,  TCPout:      0 KB
   
    UID    PID LADDR           LPORT FADDR           FPORT      SIZE NAME
      0    242 192.168.1.5        79 192.168.1.1     54220       272 inetd
      0  20879 192.168.1.5        79 192.168.1.1     54220       714 in.fingerd
   
   [...]


In the above output, we run it with a 10 second interval and with -C so
that the screen does not clear. Some traffic was captured, around 110 Kbytes
by the rcp process (PID 20877), etc.