Doku review done: Mon 20 Feb 2023 11:03:31 CET
Table of Content
iptraf-ng
showing actuall network trafic with nice ui
tcpdump
shoing actuall network trafic tcpdump doku
Commands
$ tcpdump -n -i anz host 10.10.10.10 and port 1234 or port 6789
netstat-nat
Show the natted connections on a linux iptable firewall
netstat-nat snat
$ netstat-nat -S
Proto NATed Address Destination Address State
tcp 10.13.37.35:40818 orwell.freenod:afs3-fileserver ESTABLISHED
tcp 10.13.37.35:45422 refraction.oftc.net:ircs-u ESTABLISHED
tcp 10.13.37.35:57510 jmt1.darkfasel.net:9999 ESTABLISHED
tcp 10.84.42.3:58288 104.22.27.164:https TIME_WAIT
tcp 10.84.42.3:46266 104.22.23.187:https ESTABLISHED
udp 10.13.37.2:52543 dns9.quad9.net:domain UNREPLIED
udp 10.13.37.2:50158 dns9.quad9.net:domain UNREPLIED
udp 10.13.37.2:43517 dns9.quad9.net:domain UNREPLIED
udp 10.13.37.2:41412 dns9.quad9.net:domain UNREPLIED
udp 10.13.37.64:8303 master.status.tw:8283 ASSURED
udp 10.13.37.64:8303 twmaster2.teecloud.eu:8283 ASSURED
udp 10.13.37.64:8303 twmaster3.teecloud.eu:8283 ASSURED
udp 10.13.37.64:8303 ddnet.tw:8283 ASSURED
udp 10.84.42.3:57388 185.69.161.157:9987 ASSURED
# with filter on source
$ netstat-nat -S -s 10.13.37.2
Proto NATed Address Destination Address State
udp 10.13.37.2:52543 dns9.quad9.net:domain UNREPLIED
udp 10.13.37.2:50158 dns9.quad9.net:domain UNREPLIED
udp 10.13.37.2:43517 dns9.quad9.net:domain UNREPLIED
udp 10.13.37.2:41412 dns9.quad9.net:domain UNREPLIED
netstat-nat dnat
$ netstat-nat -D
Proto NATed Address Destination Address State
# with filter on testination
$ netstat-nat -D -d 9.9.9.9
Proto NATed Address Destination Address State