tcptrack

tcptrack for SFOS is a packet sniffer, which passively watches for connections on
a specified network interface, tracks their states, and lists them in a
manner similar to the Unix 'top' command. It displays source and destination
addresses and ports, connection state, idle time, and bandwidth usage.

Compiled from original source with sdk 3.0.0.8 I only reduced the required screen columns width from 80 to 79. Start in landscape and then rotate to prevent keyboard screen overlay.

example: tcptrack -i wlan0

Synopsis

tcptrack [ -dfhvp ] [ -r seconds ] -i interface [filter expression ]

Description

tcptrack displays the status of TCP connections that it sees on a given network interface. tcptrack monitors their state and displays information such as state, source/destination addresses and bandwidth usage in a sorted, updated list very much like the top(1) command.

The filter expression is a standard pcap filter expression (identical to the expressions used by tcpdump(8)) which can be used to filter down the characteristics of TCP connections that tcptrack will see. See tcpdump(8) for more information about the syntax of this expression.

Options

-d

Only track connections that were started after tcptrack was started. Do not try to detect existing connections.

-f

Enable fast average recalculation. TCPTrack will calculate the average speeds of connections by using a running average. TCPTrack will use more memory and CPU time, but averages will seem closer to real time and will be updated more than once per second and may be more accurate under heavy load. The number of times per second that averages will be recalculated in fast mode is a compile-time setting that defaults to 10 times per second.

-h

Display command line help

-i [interface]

Sniff packets from the specified network interface.

-T [pcap file]

Read packets from the specified file instead of sniffing from the network. Useful for testing.

-p

Do not put the interface being sniffed into promiscuous mode.

-r [seconds]

Wait this many seconds before removing a closed connection from the display. Defaults to 2 seconds. See also the pause interactive command (below).

-v

Display tcptrack version

Interactive Commands

The following keys may be pressed while tcptrack is running to change runtime options:

p - Pause/unpause display. No new connections will be added to the display, and all currently displayed connections will remain in the display.

q - Quit tcptrack.

s - Cycle through the sorting options: unsorted, sorted by rate, sorted by total bytes.