Viewing Current Traffic
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Viewing Current Traffic

  1. #1
    Flash M0nkey
    Join Date
    Sep 2001
    Posts
    3,447

    Viewing Current Traffic

    Hrm I remember having a prog which did this before but the name now escapes me and for once google has not been able to provide the answer (prolly to me searching the wrong terms more than anything else)

    Basicaly what am looking for is a realtime monitor which displays all connections over my own internal network (to/from this machine) as well as internet connections.

    However I need something that will not only show the usual prog/ip connected to/from but also the full URL

    anyone got any ideas?

    ta

    v

  2. #2
    Shrekkie Reloaded Raiden's Avatar
    Join Date
    Oct 2005
    Posts
    1,115
    You can setup rrdtool. Its a very good and detailed package to monitor all sorts of things.

    http://people.ee.ethz.ch/~oetiker/webtools/rrdtool/

    We use it at work and its very good imo, and if you happen to have a lil serverbox running on your network,
    is even better, since you can monitor multiple devices at the same time.

    Cheers.

  3. #3
    Junior Member
    Join Date
    May 2005
    Posts
    9
    I like TCPView from Sysinternals:

    http://www.sysinternals.com/Utilities/TcpView.html

    It'll show all TCP and UDP connections real time. It doesn't show the full URL but it will show you your http/https connections out to remoteHost:xxxx. It's a decent little program.
    -ts

  4. #4
    The ******* Shadow dalek's Avatar
    Join Date
    Sep 2005
    Posts
    1,564
    I use this a lot to see which programs are trying to call home.http://www.snapfiles.com/get/activeports.html
    PC Registered user # 2,336,789,457...

    "When the water reaches the upper level, follow the rats."
    Claude Swanson

  5. #5
    Shrekkie Reloaded Raiden's Avatar
    Join Date
    Oct 2005
    Posts
    1,115
    I misread a bit. Thought you were looking for bandwidth monitoring and such.

    On windows you have some decent firewalls that have those things builtin, like Agnitum Outpost and Sygate PF. I like both their monitoring. Also Activeports is quite good in showing as well a netstat -a . :s

    Under linux i simply use : 'netstat -edap | grep ESTABLISHED' or 'netstat -edap | grep LISTEN' to view those sockets listenening and active connections.

  6. #6
    Flash M0nkey
    Join Date
    Sep 2001
    Posts
    3,447
    thanks for he suggestions guys but am afraid just seeing the IP an app is connecting to wont cut it I need to see the exact URL of where it is connecting to as well.

    anyone came across anything which will let you do this?

  7. #7
    Shrekkie Reloaded Raiden's Avatar
    Join Date
    Oct 2005
    Posts
    1,115
    Then you should use a proxy and a firewall where your firewall only lets your proxy on the net.

    For.ex.
    - install apache and squid on a seperate box
    - only let that box browse on the internet by restricting on your router/firewall
    - point all browsers to the proxy (check the preferences of the browser itself)

    Cheers.

  8. #8
    Senior Member Opus00's Avatar
    Join Date
    May 2005
    Posts
    143
    What about using a sniffer like ethereal, http://ethereal.zing.org/
    they have both linux and windows versions, you will also need winpcap
    http://www.winpcap.org/

    You could also try URLSnarf
    http://wiki.hping.org/123
    There are two rules for success in life:
    Rule 1: Don't tell people everything you know.

  9. #9
    Junior Member
    Join Date
    May 2005
    Posts
    9
    The only thing I can think of is traditional packet sniffing, either from your firewall, a box on your internal network as long as it's not a switched network, or locally on your host box. I usually use tcpdump, Ethereal, and/or EtherApe, but I usually have a narrow band that I'm looking. With tcpdump and Ethereal you can see the payload, which will have the URL. EtherApe is a "pretty" gui of what the networks doing; nice for a quick view. There are loads of programs out there that do these types of things but I have not played with them.
    -ts

  10. #10
    Senior Member Opus00's Avatar
    Join Date
    May 2005
    Posts
    143
    Sorry, the url above for urlsnarf is invalid, urlsnarf is a part of DSniff
    http://www.monkey.org/~dugsong/dsniff/
    There are two rules for success in life:
    Rule 1: Don't tell people everything you know.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •