Sunday, January 24, 2016

Human way to read your TCP traffic - tcpflow Utility

If you happened to work on low level TCP protocol, there is only better way to troubleshoot. Guess what, people will say different answers. But, Packet capture will do its job. When system running on Linux, most probably, you may take tcpdump in .pcap format using tcpdump command and analyze later on using graphical tool like Wireshark which has much advanced features.

Nonetheless, but having .pcap file and using Wireshark is not real-time and bit cumbersome. You know what I mean when you work on real production environment where people are ready to sit on your head and you are really under pressure most of the working hours.

Tcpflow is a handy tool which will take all your burden and all headaches when it comes to packet monitoring. It is not installed by default in commonly used distribution line CentOS/Fedora/RHEL. .rpm package is freely available to download and install. If you installed tcpflow, no doubt that you wouldn’t look for any other tool. Installation is pretty much easy and straight forward. Just two commands all together.


[root@cluster-node01 installs]# rpm -ivh tcpflow-0.21-1.2.el6.rf.x86_64.rpm

I guess you don’t need a better description here for tcpflow command. Then tcpflow man page give an exact details. I have highlighted what is important. 


Basically, for me tcpflow is helps to monitor traffic goes via different application specific services. Our application calls external Rest API via web Services. Sometimes I used tcpflow to make sure http/https traffic goes via particular Network Interface card. This is one of real example of monitoring request and response traffic using tcpflow command.

[root@RWDAPPSVR ~]# tcpflow -i any port 7000 –c

Above tcpflow command monitors traffic goes via port 7000 on listening on any network interface. And output is written to console itself (-c option). Port and any option is quite understandable for novice users.


Hopefully, I bet you are going to be a fan of tcpflow. Have a good and happy reading Cheers.

No comments:

Post a Comment