Home | History | Annotate | Line # | Download | only in Examples 
      1 The following is a demonstration of the tcpsnoop script.
      2 
      3 
      4 
      5 Here we run tcpsnoop and wait for new TCP connections to be established,
      6 
      7    # tcpsnoop.d
      8      UID    PID LADDR           LPORT DR RADDR           RPORT  SIZE CMD
      9      100  20892 192.168.1.5     36398 -> 192.168.1.1        79    54 finger
     10      100  20892 192.168.1.5     36398 <- 192.168.1.1        79    66 finger
     11      100  20892 192.168.1.5     36398 -> 192.168.1.1        79    54 finger
     12      100  20892 192.168.1.5     36398 -> 192.168.1.1        79    56 finger
     13      100  20892 192.168.1.5     36398 <- 192.168.1.1        79    54 finger
     14      100  20892 192.168.1.5     36398 <- 192.168.1.1        79   606 finger
     15      100  20892 192.168.1.5     36398 -> 192.168.1.1        79    54 finger
     16      100  20892 192.168.1.5     36398 <- 192.168.1.1        79    54 finger
     17      100  20892 192.168.1.5     36398 -> 192.168.1.1        79    54 finger
     18      100  20892 192.168.1.5     36398 -> 192.168.1.1        79    54 finger
     19      100  20892 192.168.1.5     36398 <- 192.168.1.1        79    54 finger
     20        0    242 192.168.1.5        23 <- 192.168.1.1     54224    54 inetd
     21        0    242 192.168.1.5        23 -> 192.168.1.1     54224    54 inetd
     22        0    242 192.168.1.5        23 <- 192.168.1.1     54224    54 inetd
     23        0    242 192.168.1.5        23 <- 192.168.1.1     54224    78 inetd
     24        0    242 192.168.1.5        23 -> 192.168.1.1     54224    54 inetd
     25        0  20893 192.168.1.5        23 -> 192.168.1.1     54224    57 in.telnetd
     26        0  20893 192.168.1.5        23 <- 192.168.1.1     54224    54 in.telnetd
     27        0  20893 192.168.1.5        23 -> 192.168.1.1     54224    78 in.telnetd
     28        0  20893 192.168.1.5        23 <- 192.168.1.1     54224    57 in.telnetd
     29        0  20893 192.168.1.5        23 -> 192.168.1.1     54224    54 in.telnetd
     30        0  20893 192.168.1.5        23 <- 192.168.1.1     54224    54 in.telnetd
     31        0  20893 192.168.1.5        23 -> 192.168.1.1     54224    60 in.telnetd
     32        0  20893 192.168.1.5        23 <- 192.168.1.1     54224    63 in.telnetd
     33        0  20893 192.168.1.5        23 -> 192.168.1.1     54224    54 in.telnetd
     34        0  20893 192.168.1.5        23 <- 192.168.1.1     54224    60 in.telnetd
     35        0  20893 192.168.1.5        23 -> 192.168.1.1     54224    60 in.telnetd
     36        0  20893 192.168.1.5        23 <- 192.168.1.1     54224    60 in.telnetd
     37        0  20893 192.168.1.5        23 -> 192.168.1.1     54224    72 in.telnetd
     38    [...]
     39 
     40 As new connections are made, each of the TCP packets are traced along with
     41 the UID, PID and command name.
     42