table of contents
TCPREEN(1) | System Manager's Manual | TCPREEN(1) |
NAME¶
tcpreen - TCP stream monitoring toolSYNOPSIS¶
tcpreen [-cdflnqv] [-b maxbytes] [ -f format] [-F maxclients] [-m maxconnect] [ -o logfile] [-u user] [-a bindaddress] [ -s servername] [-p proto1/proto2] serverport [localport]DESCRIPTON¶
TCPreen monitors and let the user analyse data transmitted between clients and servers via TCP connections. It focuses on the data stream and operates at the software layer, not on lower level transmission protocols as a packet sniffers do.OPTIONS¶
- -a interface, --accept interface or --bind interface
- Specify an interface that will be used to listen for client
connections. By default, all network interfaces are used.
- -b bytecount or --bytes bytecount
- Limit the length of a TCP session to bytecount
bytes. If a session exceeds this quantity, it will be closed on the next
data packet boundary.
- -c or --connect
- Connect to the specified client instead of waiting for the
client to connect. This is meant for expert users who know what they are
doing only. If no hostname is specified, TCPreen will try to connect to
the local host.
- -d or --daemon
- Turn on daemon mode. When this option is selected,
TCPreen will run in the background and send informations to
syslog instead of the console. This enables quiet mode and
multiple clients mode automatically.
- -f logformat or --format logformat
- Selects a format for output. Supported formats includes:
C (C source strings-like encoding), hex (hexadecimal data
dump), count (write quantities of data), null (only displays
new connections addresses), password (basic password capture,
unfinished yet), raw (write data as is, even if it is not 7-bit
clean), strip (replace non printable characters with dots).
- -F nproc or --fork nproc
- Specifies the maximum number of sessions that can be
treated at the same time. By default, only one session is allowed at a
time not so as to keep the program output easy to read.
- -h or --help
- Display some help and exit.
- -l or --listen
- Listen for the "server" instead of connecting to
it. This can be used by advanced users to run a human brain-powered server
by telnet-ing to TCPreen server address. An optionnal listening
interface address can be specified.
- -m conn_num or --maxconn conn_num
- Handle conn_num consecutive client connections
before exiting. When this option is not used, the program will run forever
(until interrupted).
- -n or --numeric
- Disable reverse DNS lookup and service name resolution.
Node names and port numbers will appear in numeric form. This option will
speed up connections a little.
- -o logfile or --output logfile
- Save data to file logfile. If it already exists, it
will be overwritten. "-" is used for stdout.
- -p or --protocol
- Specifies which network protocol(s) is/are going to be
used. If a single protocol name is specified, it will be used both ways.
Two different protocols can be used on each side by separating them with a
slash like this: 'tcp/tcp6'. The first protocol will then be used to
communicate with the server, the last one will be used to exchange data
with the client.
- -q or --quiet
- Turn on quiet mode: Do not write anything on the
standard output (stdout).
- -s hostname or --server hostname
- Connect to the specified server instead of the local host
which is used by default.
- -u user or --user user
- When run as super-user, drop privilege and set UID to that
of user (it must be a valid username). That is highly recommended
if tcpreen is to be bound to a reserved port, which only root can
bind on Unix systems.
- -v or --verbose
- Increase program verbosity. This can be cumulated.
- -V or --version
- Display program version and license and exit.
DIAGNOSTICS¶
These are common problems:The client is communicating with the server
correctly, but TCPreen stays quiet. Make sure you told the client to connect
to TCPreen address rather than the actual server address.
Make sure you have enabled verbose mode.
Strange port names:
Have a look at /etc/services and you
will realize what this means. Alternatively, you may want to use -n.
SECURITY¶
tcpreen requires root privileges to be bound to a reserved TCP port (under 1024). If you really need to do so, you may run tcpreen Set-UID root. In such circumstances, you must ensure that only trustworthy users can run tcpreen, as it could be used to divert traffic to any reserved ports on the system.SEE ALSO¶
nc(1), nc6(1), tcpflow(1), tcpdump(8), tethereal(1)AUTHOR¶
Remi Denis-Courmont <rdenis at simphalempin.com>$Date: 2006-03-18 20:10:23 +0200 (sam, 18 mar 2006) $ | tcpreen |