tcpreen(1)

1TCPREEN(1)                  System Manager's Manual                 TCPREEN(1)
2
3
4

NAME

6       tcpreen - TCP stream monitoring tool
7

SYNOPSIS

9       tcpreen  [-cdflnqv] [-b maxbytes] [ -f format] [-F maxclients] [-m max‐
10       connect] [ -o logfile] [-u user] [-a bindaddress] [ -s servername]  [-p
11       proto1/proto2] serverport [localport]
12
13

DESCRIPTON

15       TCPreen  monitors  and  let  the  user analyse data transmitted between
16       clients and servers via TCP connections. It focuses on the data  stream
17       and  operates  at  the  software layer, not on lower level transmission
18       protocols as a packet sniffers do.
19
20       It works like a bridge between a server and clients  that  communicates
21       through  TCP sessions, and can display or save data that is sent either
22       way.
23
24       In standard mode, TCPreen opens a listening socket (on  port  localport
25       which  is  dynamically  allocated by default), and waits until a client
26       connects to it. Then, it connects to the server  (on  port  serverport)
27       and  forwards  data  between  each hosts until the session is closed by
28       either side.
29
30

OPTIONS

32       -a interface, --accept interface or --bind interface
33              Specify an interface that will be used to listen for client con‐
34              nections.  By default, all network interfaces are used.
35
36
37       -b bytecount or --bytes bytecount
38              Limit  the length of a TCP session to bytecount bytes. If a ses‐
39              sion exceeds this quantity, it will be closed on the  next  data
40              packet boundary.
41
42
43       -c or --connect
44              Connect  to  the  specified  client  instead  of waiting for the
45              client to connect. This is meant for expert users who know  what
46              they  are doing only.  If no hostname is specified, TCPreen will
47              try to connect to the local host.
48
49              Use -a address to specify the client address to connect to.
50
51
52       -d or --daemon
53              Turn on daemon mode.  When this option is selected, TCPreen will
54              run in the background and send informations to syslog instead of
55              the console.  This enables quiet mode and multiple clients  mode
56              automatically.
57
58              You will probably want to use option -F as well.
59
60              NOTE:  if  you  turn  this feature on, log files will be created
61              from the root directory, not from the  current  one.   See  dae‐
62              mon(3) for more details.
63
64
65       -f logformat or --format logformat
66              Selects  a  format  for output. Supported formats includes: C (C
67              source strings-like  encoding),  hex  (hexadecimal  data  dump),
68              count  (write  quantities of data), null (only displays new con‐
69              nections addresses), password (basic  password  capture,  unfin‐
70              ished  yet),  raw  (write  data  as  is, even if it is not 7-bit
71              clean), strip (replace non printable characters with dots).
72
73
74       -F nproc or --fork nproc
75              Specifies the maximum number of sessions that can be treated  at
76              the  same  time.   By  default, only one session is allowed at a
77              time not so as to keep the program output easy to read.
78
79
80       -h or --help
81              Display some help and exit.
82
83
84       -l or --listen
85              Listen for the "server" instead of connecting to it. This can be
86              used  by  advanced  users to run a human brain-powered server by
87              telnet-ing to TCPreen server  address.  An  optionnal  listening
88              interface address can be specified.
89
90
91       -m conn_num or --maxconn conn_num
92              Handle  conn_num  consecutive client connections before exiting.
93              When this option is not  used,  the  program  will  run  forever
94              (until interrupted).
95
96
97       -n or --numeric
98              Disable  reverse  DNS  lookup and service name resolution.  Node
99              names and port numbers will appear in numeric form.  This option
100              will speed up connections a little.
101
102
103       -o logfile or --output logfile
104              Save  data  to  file  logfile.  If it already exists, it will be
105              overwritten. "-" is used for stdout.
106
107              Multiple log files can be used  (with  different  formats).  For
108              example:
109
110              tcpreen -f hex -o hexafile.log -f C -o file.log smtp
111
112              will  save  hexafile.log in hexadecimal and file.log in C encod‐
113              ing.
114
115
116       -p or --protocol
117              Specifies which network protocol(s) is/are going to be used.  If
118              a  single protocol name is specified, it will be used both ways.
119              Two different protocols can be used on each side  by  separating
120              them with a slash like this: 'tcp/tcp6'. The first protocol will
121              then be used to communicate with the server, the last  one  will
122              be used to exchange data with the client.
123
124              The  following protocols are currently recognized: tcp (TCP over
125              IPv4), tcp6 (TCP over IPv6) and unix or local (Unix interprocess
126              streams).  By default, tcp is used.
127
128
129
130       -q or --quiet
131              Turn on quiet mode: Do not write anything on the standard output
132              (stdout).
133
134
135       -s hostname or --server hostname
136              Connect to the specified server instead of the local host  which
137              is used by default.
138
139
140       -u user or --user user
141              When  run  as  super-user, drop privilege and set UID to that of
142              user (it must be a valid username). That is  highly  recommended
143              if  tcpreen  is  to be bound to a reserved port, which only root
144              can bind on Unix systems.
145
146              You must be root to use this option.
147
148
149       -v or --verbose
150              Increase program verbosity. This can be cumulated.
151
152
153       -V or --version
154              Display program version and license and exit.
155
156

DIAGNOSTICS

158       These are common problems:
159
160       Nothing happens:
161              The client is  communicating  with  the  server  correctly,  but
162              TCPreen stays quiet. Make sure you told the client to connect to
163              TCPreen address rather than the actual server address.
164
165              Make sure you have enabled verbose mode.
166
167       Strange port names:
168              Have a look at /etc/services and  you  will  realize  what  this
169              means. Alternatively, you may want to use -n.
170
171

SECURITY

173       tcpreen  requires  root  privileges  to be bound to a reserved TCP port
174       (under 1024).  If you really need to do so, you may run tcpreen Set-UID
175       root.  In  such  circumstances,  you  must ensure that only trustworthy
176       users can run tcpreen, as it could be used to  divert  traffic  to  any
177       reserved ports on the system.
178
179       tcpreen  will automatically drop privileges as soon as it has allocated
180       its listening socket(s) to limit exposure. Log files are always created
181       with the default permission of the current user.
182
183       Care  should  be taken when using tcpreen as it could be used to access
184       your network or system from the outside (that is why it  will  normally
185       refuse to run as root).
186
187

AUTHOR

193       Remi Denis-Courmont <rdenis at simphalempin.com>
194
195       $Id: tcpreen.1 178 2006-03-18 18:10:23Z remi $
196
197       http://www.simphalempin.com/dev/tcpreen/
198
199
200
201
202tcpreen      $Date: 2006-03-18 20:10:23 +0200 (sam, 18 mar 2006) $  TCPREEN(1)