what network monitor will display which applications are using which connections?

Thu Feb 18 21:47:50 UTC 2010

On 02/18/2010 09:52 AM, Wendell Nichols wrote:
> I would like to monitor network connections on my servers.  Users run
> all sorts of stuff and I want to know when some chat client starts
> shipping data to a system in china etc.

Snort is probably the best (and complicated) network sniffer out
there.  It can do some serious analysis.  It also eats up CPU cycles
like crazy.  You've been warned.

If you try to use something like "netstat" and such, you can't be sure
which application is using which port without finding the port being
used and analyzing the output of something like "lsof -i :port".
Example: port 22 is ssh, but you can tell ssh to listen on a completely
different port.  This is true of many applications.

You should also keep in mind that if the connection is being originated
at your end, the source port could be on any one.  You'd need to look
at the destination port to see what it's talking to and even then it
could be completely bogus.  All you know for sure is that if the
destination port is 22, it's talking to a port that was reserved for
ssh by the IETF.  It doesn't mean that what's actually at the other end
is an sshd instance.
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer                      ricks at nerd.com -
- AIM/Skype: therps2        ICQ: 22643734            Yahoo: origrps2 -
-                                                                    -
-         We have enough youth, how about a fountain of SMART?       -
----------------------------------------------------------------------