1The following is a demonstration of the tcpsnoop script. 2 3 4 5Here we run tcpsnoop and wait for new TCP connections to be established, 6 7 # tcpsnoop.d 8 UID PID LADDR LPORT DR RADDR RPORT SIZE CMD 9 100 20892 192.168.1.5 36398 -> 192.168.1.1 79 54 finger 10 100 20892 192.168.1.5 36398 <- 192.168.1.1 79 66 finger 11 100 20892 192.168.1.5 36398 -> 192.168.1.1 79 54 finger 12 100 20892 192.168.1.5 36398 -> 192.168.1.1 79 56 finger 13 100 20892 192.168.1.5 36398 <- 192.168.1.1 79 54 finger 14 100 20892 192.168.1.5 36398 <- 192.168.1.1 79 606 finger 15 100 20892 192.168.1.5 36398 -> 192.168.1.1 79 54 finger 16 100 20892 192.168.1.5 36398 <- 192.168.1.1 79 54 finger 17 100 20892 192.168.1.5 36398 -> 192.168.1.1 79 54 finger 18 100 20892 192.168.1.5 36398 -> 192.168.1.1 79 54 finger 19 100 20892 192.168.1.5 36398 <- 192.168.1.1 79 54 finger 20 0 242 192.168.1.5 23 <- 192.168.1.1 54224 54 inetd 21 0 242 192.168.1.5 23 -> 192.168.1.1 54224 54 inetd 22 0 242 192.168.1.5 23 <- 192.168.1.1 54224 54 inetd 23 0 242 192.168.1.5 23 <- 192.168.1.1 54224 78 inetd 24 0 242 192.168.1.5 23 -> 192.168.1.1 54224 54 inetd 25 0 20893 192.168.1.5 23 -> 192.168.1.1 54224 57 in.telnetd 26 0 20893 192.168.1.5 23 <- 192.168.1.1 54224 54 in.telnetd 27 0 20893 192.168.1.5 23 -> 192.168.1.1 54224 78 in.telnetd 28 0 20893 192.168.1.5 23 <- 192.168.1.1 54224 57 in.telnetd 29 0 20893 192.168.1.5 23 -> 192.168.1.1 54224 54 in.telnetd 30 0 20893 192.168.1.5 23 <- 192.168.1.1 54224 54 in.telnetd 31 0 20893 192.168.1.5 23 -> 192.168.1.1 54224 60 in.telnetd 32 0 20893 192.168.1.5 23 <- 192.168.1.1 54224 63 in.telnetd 33 0 20893 192.168.1.5 23 -> 192.168.1.1 54224 54 in.telnetd 34 0 20893 192.168.1.5 23 <- 192.168.1.1 54224 60 in.telnetd 35 0 20893 192.168.1.5 23 -> 192.168.1.1 54224 60 in.telnetd 36 0 20893 192.168.1.5 23 <- 192.168.1.1 54224 60 in.telnetd 37 0 20893 192.168.1.5 23 -> 192.168.1.1 54224 72 in.telnetd 38 [...] 39 40As new connections are made, each of the TCP packets are traced along with 41the UID, PID and command name. 42