各种网络工具 !
iptstateIPTables - State Top
Version: 1.2.1 Sort: SrcIP s to change sorting
Source IP Destination IP Proto State TTL
192.168.10.4,137 192.168.10.255,137 udp 0:00:15
192.168.10.7,137 192.168.10.255,137 udp 0:00:29
192.168.10.214,138 192.168.10.255,138 udp 0:00:25
192.168.20.3,138 192.168.20.255,138 udp 0:00:06
192.168.20.4,137 192.168.20.255,137 udp 0:00:12
192.168.20.18,38125 211.148.130.131,80 tcp TIME_WAIT 0:00:13
192.168.20.18,32780 192.168.20.1,53 udp 0:02:43
192.168.20.18,38128 211.148.130.131,80 tcp TIME_WAIT 0:00:14
192.168.20.18,38131 211.148.130.131,80 tcp TIME_WAIT 0:01:14
192.168.20.18,38134 211.148.130.131,80 tcp TIME_WAIT 0:01:15
192.168.20.18,38137 211.148.130.131,80 tcp TIME_WAIT 0:01:15
192.168.20.18,38140 211.148.130.131,80 tcp TIME_WAIT 0:01:15
192.168.20.18,38130 205.188.248.89,80 tcp TIME_WAIT 0:00:44
192.168.20.18,38143 211.148.130.131,80 tcp TIME_WAIT 0:01:16
192.168.20.18,38129 211.95.164.50,80 tcp ESTABLISHED119:59:39
192.168.20.18,38146 211.148.130.131,80 tcp TIME_WAIT 0:01:16
192.168.20.18,38105 211.148.130.131,80 tcp TIME_WAIT 0:00:13
192.168.20.18,38149 211.148.130.131,80 tcp TIME_WAIT 0:01:16
192.168.20.18,38108 211.148.130.131,80 tcp TIME_WAIT 0:00:13
192.168.20.18,38152 211.148.130.131,80 tcp TIME_WAIT 0:01:16
192.168.20.18,32770 202.104.129.252,8000udp 0:02:09
192.168.20.18,38155 211.148.130.131,80 tcp TIME_WAIT 0:01:16
192.168.20.18,38114 211.148.130.131,80 tcp TIME_WAIT 0:00:13
192.168.20.18,38117 211.148.130.131,80 tcp TIME_WAIT 0:00:13
http://www.linuxfans.org/nuke/modules/Forums/files/iptstate.png
conntrack-viewer.pl
conntrack-viewer.pl2002年11月19日下午15时33分31秒# conntrack-viewer.pl
Active Connections according to /proc/net/ip_conntrack
Proto Source Address Remote Address Service State MasqName Resolution
udp 192.168.10.19:1034 192.168.20.1:1900 [???] UNRESOLVED! > mail.fruitron.com.cn
udp 192.168.20.19:4002 218.17.209.19:8000 [???] M UNRESOLVED! > UNRESOLVED!
udp 211.148.130.132:35335 202.96.128.68:53 domain fruitron.com.cn > dns.guangzhou.gd.cn
udp 192.168.20.3:137 192.168.20.255:137 netbios-ns-netbios-ns UNRESOLVED! > UNRESOLVED!
udp 192.168.20.3:138 192.168.20.255:138 netbios-dgm-netbios-dgm UNRESOLVED! > UNRESOLVED!
udp 192.168.20.19:138 192.168.20.255:138 netbios-dgm-netbios-dgm UNRESOLVED! > UNRESOLVED!
udp 211.148.130.132:35341 202.96.128.68:53 domain fruitron.com.cn > dns.guangzhou.gd.cn
udp 211.148.130.132:35342 202.96.128.68:53 domain fruitron.com.cn > dns.guangzhou.gd.cn
udp 211.148.130.132:35344 202.96.128.68:53 domain fruitron.com.cn > dns.guangzhou.gd.cn
udp 211.148.130.132:35345 202.96.128.68:53 domain fruitron.com.cn > dns.guangzhou.gd.cn
udp 192.168.20.157:137 192.168.20.255:137 netbios-ns-netbios-ns UNRESOLVED! > UNRESOLVED!
udp 192.168.20.133:138 192.168.20.255:138 netbios-dgm-netbios-dgm UNRESOLVED! > UNRESOLVED!
udp 211.148.130.132:35347 202.96.128.68:53 domain fruitron.com.cn > dns.guangzhou.gd.cn
udp 192.168.20.151:138 192.168.20.255:138 netbios-dgm-netbios-dgm UNRESOLVED! > UNRESOLVED!
udp 192.168.20.162:138 192.168.20.255:138 netbios-dgm-netbios-dgm UNRESOLVED! > UNRESOLVED!
udp 192.168.20.198:137 192.168.20.255:137 netbios-ns-netbios-ns UNRESOLVED! > UNRESOLVED!
udp 192.168.20.177:138 192.168.20.255:138 netbios-dgm-netbios-dgm UNRESOLVED! > UNRESOLVED!
udp 211.148.130.132:35349 202.96.128.68:53
http://www.linuxfans.org/nuke/modules/Forums/files/conntrack-viewer.jpg
netwatch
netwatchxKEY LOCAL NETWORK REMOTE NETWORK x
x HOST (PKTS) X R HOST (PKTS) X R x
v x
x192.168.20.255 0 501 >255.255.255.255 0 3 x
x192.168.20.198 34 0cs51.msg.sc5.yahoo.com 7 7 x
x192.168.20.187 1 0cs46.msg.sc5.yahoo.com 7 7 x
x192.168.20.182 15 0211.148.130.135 0 1 x
x192.168.20.181 1 0mail.fruitron.com.cn 9 10 x
x192.168.20.180 1 0ns1.fruitron.com.cn 524 629 x
x192.168.20.179 2 0211.148.130.130 0 1 x
x192.168.20.178 3 0211.95.164.50 163 170 x
x192.168.20.177 1 0207.46.106.6 12 12 x
x192.168.20.174 2 0fes-d001.icq.aol.com 4 6 x
x192.168.20.173 1 0tgftp.nws.noaa.gov 19 19 x
x192.168.20.172 1 0nszx104.129.szptt.net.cn 7 7 x
x192.168.20.171 1 0nszx104.129.szptt.net.cn 7 7 x
x192.168.20.170 1 0202.97.33.158 1 0 x
x192.168.20.169 3 0192.168.10.255 0 21 x
x192.168.20.167 3 0192.168.10.214 1 0 x
x192.168.20.166 3 0192.168.10.8 2 0 x
x192.168.20.165 2 0192.168.10.7 10 0 x
x192.168.20.164 2 0192.168.10.4 8 0 x
x192.168.20.163 1 061.144.238.140 7 7 x
x192.168.20.162 163 061.140.60.21 13 13 x
x192.168.20.161 1 0 x
x192.168.20.158 2 0 x
x192.168.20.157 4 0 x
x192.168.20.156 3 0 x
http://www.linuxfans.org/nuke/modules/Forums/files/netwatch.png
netstat-nat
netstat-nat2002年11月19日下午14时29分12秒# netstat-nat -L
Proto NATed Address Foreign Address State
tcp gugonghcs.fruitron.com.c:38257 ns1.fruitron.com.cn:http TIME_WAIT
tcp gugonghcs.fruitron.com.c:38294 tgftp.nws.noaa.gov:ftp CLOSE
tcp gugonghcs.fruitron.com.c:38266 211.148.130.142:http ASSURED
tcp gugonghcs.fruitron.com.c:38269 www.fruitron.com.cn:http TIME_WAIT
tcp gugonghcs.fruitron.com.c:38272 www.fruitron.com.cn:http TIME_WAIT
tcp gugonghcs.fruitron.com.c:38275 www.fruitron.com.cn:http ASSURED
tcp gugonghcs.fruitron.com.c:38278 ns1.fruitron.com.cn:http ASSURED
tcp gugonghcs.fruitron.com.c:38281 www.fruitron.com.cn:http TIME_WAIT
tcp gugonghcs.fruitron.com.c:38284 www.fruitron.com.cn:http UNREPLIED
tcp gugonghcs.fruitron.com.c:38267 211.95.164.50:http TIME_WAIT
tcp gugonghcs.fruitron.com.c:38237 ns1.fruitron.com.cn:http ESTABLISHED
tcp gugonghcs.fruitron.com.c:38287 www.fruitron.com.cn:http TIME_WAIT
tcp gugonghcs.fruitron.com.c:38240 ns1.fruitron.com.cn:http TIME_WAIT
tcp gugonghcs.fruitron.com.c:38290 www.fruitron.com.cn:http TIME_WAIT
tcp gugonghcs.fruitron.com.c:38243 www.fruitron.com.cn:http TIME_WAIT
tcp gugonghcs.fruitron.com.c:38246 www.fruitron.com.cn:http TIME_WAIT
tcp gugonghcs.fruitron.com.c:38249 www.fruitron.com.cn:http TIME_WAIT
tcp gugonghcs.fruitron.com.c:38252 ns1.fruitron.com.cn:http TIME_WAIT
tcp gugonghcs.fruitron.com.c:38258 www.fruitron.com.cn:http TIME_WAIT
tcp gugonghcs.fruitron.com.c:38255 www.fruitron.com.cn:http TIME_WAIT
tcp gugonghcs.fruitron.com.c:38261 www.fruitron.com.cn:http TIME_WAIT
tcp gugonghcs.fruitron.com.c:38264 211.148.130.130:http TIME_WAIT
tcp gugonghcs.fruitron.com.c:32776 cs51.msg.sc5.yahoo.com:5050 TIME_WAIT
tcp gugonghcs.fruitron.com.c:32779 cs46.msg.sc5.yahoo.com:5050 ESTABLISHED
tcp gugonghcs.fruitron.com.c:38273 ns1.fruitron.com.cn:http ESTABLISHED
tcp gugonghcs.fruitron.com.c:38276 www.fruitron.com.cn:http UNREPLIED
http://www.linuxfans.org/nuke/modules/Forums/files/netstat-nat.png
jnettop
jnettoptime 14:36:14 run 0:00:13 device eth0 bytes67.99k pkts 341 .
pkt ilter: none bps20.3k/s strs 35
uit ontent filtering: onps=bytes/s
HOSTS BPS
(IP) PORTPROTO (IP) PORT -> <- TOTAL
gugonghcs.fruitron.com.cn <-> www.fruitron.com.cn 2.30k/s
192.168.20.18 38459 TCP 211.148.130.131 80 1.28k7.94k 9.22k
GET /horde/css.php?app=imp
gugonghcs.fruitron.com.cn <-> www.fruitron.com.cn 929b/s
192.168.20.18 38460 TCP 211.148.130.131 80 1.08k1.65k 2.72k
GET /horde/imp/graphics/answered.gif
gugonghcs.fruitron.com.cn <-> www.fruitron.com.cn 911b/s
192.168.20.18 38477 TCP 211.148.130.131 80 1.09k1.58k 2.67k
GET /horde/imp/graphics/answered.gif
gugonghcs.fruitron.com.cn <-> www.fruitron.com.cn 774b/s
192.168.20.18 38462 TCP 211.148.130.131 80 1.08k1.18k 2.27k
GET /horde/imp/graphics/compose.gif
gugonghcs.fruitron.com.cn <-> www.fruitron.com.cn 774b/s
192.168.20.18 38481 TCP 211.148.130.131 80 1.09k1.18k 2.27k
GET /horde/imp/graphics/unseen.gif
gugonghcs.fruitron.com.cn <-> www.fruitron.com.cn 773b/s
192.168.20.18 38483 TCP 211.148.130.131 80 1.08k1.18k 2.27k
GET /horde/imp/graphics/unseen.gif
gugonghcs.fruitron.com.cn <-> www.fruitron.com.cn 745b/s
192.168.20.18 38468 TCP 211.148.130.131 80 1.08k1.10k 2.18k
GET /horde/imp/graphics/folders/folder_open.gif
gugonghcs.fruitron.com.cn <-> www.fruitron.com.cn 712b/s
192.168.20.18 38461 TCP 211.148.130.131 80 1.09k1.00k 2.09k
GET /horde/imp/graphics/unseen.gif
http://www.linuxfans.org/nuke/modules/Forums/files/jnettop.png
iftop
iftop10b 100b 1.00Kb 10.0Kb
mqqqqqqqqqqqqqqqqqqqqqqvqqqqqqqqqqqqqqqqqqqqqqvqqqqqqqqqqqqqqqqqqqqqqvqqqqqqqqqqqqqqqqqqqqqqqvqqqqqqqqqqqqqqqqqq
192.168.20.255 => 192.168.20.162 0b 0b 0b
<= 4.45Kb 912b 912b
gugonghcs.fruitron.com.cn => 192.168.20.1 0b 117b 272b
<= 0b 240b 586b
192.168.20.255 => 192.168.20.180 0b 0b 0b
<= 0b 183b 61b
192.168.20.255 => 192.168.20.172 0b 0b 0b
<= 0b 183b 61b
gugonghcs.fruitron.com.cn => 207.46.106.6 0b 42b 58b
<= 0b 109b 65b
192.168.20.255 => 192.168.20.52 0b 0b 0b
<= 0b 125b 62b
192.168.20.255 => 192.168.20.133 0b 0b 0b
<= 0b 0b 587b
gugonghcs.fruitron.com.cn => cs51.msg.sc5.yahoo.com 0b 0b 38b
<= 0b 0b 14b
gugonghcs.fruitron.com.cn => nszx104.129.szptt.net.cn 0b 0b 17b
<= 0b 0b 16b
gugonghcs.fruitron.com.cn => nszx104.129.szptt.net.cn 0b 0b 17b
<= 0b 0b 16b
gugonghcs.fruitron.com.cn => cs46.msg.sc5.yahoo.com 0b 0b 19b
<= 0b 0b 14b
gugonghcs.fruitron.com.cn => 61.144.238.140 0b 0b 17b
<= 0b 0b 16b
qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
TX: cumm:1.66KB peak: 3.03Kb rates: 0b 158b 454b
RX: 8.87KB 13.3Kb 4.45Kb1.71Kb2.37Kb
TOTAL: 10.5KB 16.3Kb 4.45Kb1.87Kb2.81Kb
http://www.linuxfans.org/nuke/modules/Forums/files/iftop.png
slurm
slurm见:
http://www.linuxfans.org/nuke/modules.php?name=Forums&file=viewtopic&t=4844
http://www.linuxfans.org/nuke/modules/Forums/files/snapshot3_796.png
bubblemon
一个极酷的 Applet见:
http://www.linuxfans.org/nuke/modules.php?name=Forums&file=viewtopic&t=5003
http://www.linuxfans.org/nuke/modules/Forums/files/snapshot5_119.png
http://www.linuxfans.org/nuke/modules/Forums/files/gugong_00000.JPG 天!
这都是什么意思?!
老大能不能稍微说明? 实时观察网络、联接、流量的工具呗。 我看不懂! 比如。你的 Linux 做网关,人家在聊QQ。
你用 netstat -M 可以看到吗?不可以,那是针对 2.2.x 核心的。
用 iptstate 可以很清楚地看到 多少个连接,一个人同时上了几个 QQ 都可以看到。
比如: 我现在上了两个QQ:
127.0.0.1,40811 127.0.0.1,22 tcp TIME_WAIT 0:01:52
127.0.0.1,40786 127.0.0.1,825 tcp TIME_WAIT 0:00:40
127.0.0.1,40803 127.0.0.1,825 tcp TIME_WAIT 0:01:16
192.168.20.1,40799 192.168.20.1,143 tcp TIME_WAIT 0:00:57
192.168.20.2,137 192.168.20.255,137 udp 0:00:21
192.168.20.2,37100 192.168.20.1,993 tcp CLOSE 0:00:02
192.168.20.19,2883 66.218.77.70,80 tcp SYN_SENT 0:00:47
192.168.20.19,1898 207.46.106.125,1863 tcp ESTABLISHED119:58:14
192.168.20.19,4000 218.17.209.19,8000 udp 0:02:28
192.168.20.19,1051 205.188.10.27,5190 tcp ESTABLISHED111:00:28
192.168.20.19,2901 211.78.213.163,80 tcp TIME_WAIT 0:01:48
192.168.20.19,2890 66.218.77.70,80 tcp SYN_SENT 0:01:11
192.168.20.19,2902 211.78.213.163,80 tcp TIME_WAIT 0:01:52
192.168.20.19,2903 211.78.213.163,80 tcp TIME_WAIT 0:01:51
192.168.20.19,2905 211.78.213.163,80 tcp TIME_WAIT 0:01:52
192.168.20.19,2906 211.78.213.163,80 tcp CLOSE 0:00:07
192.168.20.19,2907 211.78.213.163,80 tcp FIN_WAIT 0:01:56
192.168.20.19,2896 66.218.77.70,80 tcp SYN_SENT 0:01:35
192.168.20.19,2908 211.78.213.163,80 tcp SYN_SENT 0:01:57
192.168.20.19,2909 211.78.213.163,80 tcp ESTABLISHED119:59:59
192.168.20.19,2904 66.218.77.70,80 tcp SYN_SENT 0:01:59
192.168.20.19,2736 192.168.20.1,993 tcp ESTABLISHED119:48:46
192.168.20.19,4236 65.54.195.253,80 tcp ESTABLISHED 76:18:50
192.168.20.19,4001 202.104.129.253,8000udp 0:02:41
192.168.20.19,4366 216.136.225.84,5050 tcp ESTABLISHED119:53:19
有人说,我 sniffer 不就可以吗 ? 可是那不直观。
netspeed
放在 Gnome 面板的。http://www.linuxfans.org/nuke/modules/Forums/files/snapshot2_871.png
http://www.linuxfans.org/nuke/modules/Forums/files/snapshot1_193.png rpm 包提供给 大家 !
portscan
portscanhttp://www.linuxfans.org/nuke/modules/Forums/files/gugong-portscan-01.png
页:
[1]
2