This tutorial shows how to use the Tcptrack package on Centos 8, which does not have this RPM in its repository.
The Tcptrack is a console tool that displays the TCP connections that are currently active. It is also useful to see the amount of data and traffic that each connection consumes. Its usage is quite similar to the Tcpdump command.
To install this package on your Centos or RedHat version 8, follow the steps below. You should be logged in with root privileges.
1 – Enable the Powetools repository and Install both the RPM builder and those packages’ dependencies:
# yum config-manager --set-enabled powertools
# yum -y install rpm-build libpcap-devel gcc-c++ ncurses-devel make
2 – Download the source code:
# cd /tmp
# git clone https://github.com/bchretien/tcptrack.git
3 – Change SPEC file to the new version:
# cd /tmp/tcptrack/
# vi tcptrack.spec
Change line #2 to:
%define version 1.4.3
4 – Create the compressed source
# cd /tmp
# mv tcptrack tcptrack-1.4.3
# mkdir -p /root/rpmbuild/SOURCES/
# tar -czvf /root/rpmbuild/SOURCES/tcptrack-1.4.3.tar.gz tcptrack-1.4.3
5 – Now, go to the source directory and build the new package:
# cd /tmp/tcptrack-1.4.3
# rpmbuild -ba tcptrack.spec
6 – It is done! You can install the package that was just created:
# rpm -ivh /root/rpmbuild/RPMS/x86_64/tcptrack-1.4.3-1.x86_64.rpm
7 – There is a simple example of how to use it:
# tcptrack -i eth0
8 – Following, more advanced filters:
Showing only IPv4 connections
# tcptrack -i eth0 "ip"
Showing only connections through ports 465 and 587
# tcptrack -i eth0 "port 465 and port 587"
Showing only connections from a specific IP:
# tcptrack -i eth0 "host 192.168.1.2"
You can also combine both filters:
# tcptrack -i eth0 "host 192.168.1.2 and port 443"
Here is an example of how to exclude a value from your view:
# tcptrack -i eth0 "host 192.168.1.2 and port ! 22"
By pressing “s” you can sort by:
- Rate
- Bytes
- Idle
- Unsorted
That’s it, have fun 🙂