The following is a demonstration of the tcpsnoop script.
Here we run tcpsnoop and wait for new TCP connections to be established,
UID PID LADDR LPORT DR RADDR RPORT SIZE CMD
100 20892 192.168.1.5 36398 -> 192.168.1.1 79 54 finger
100 20892 192.168.1.5 36398 <- 192.168.1.1 79 66 finger
100 20892 192.168.1.5 36398 -> 192.168.1.1 79 54 finger
100 20892 192.168.1.5 36398 -> 192.168.1.1 79 56 finger
100 20892 192.168.1.5 36398 <- 192.168.1.1 79 54 finger
100 20892 192.168.1.5 36398 <- 192.168.1.1 79 606 finger
100 20892 192.168.1.5 36398 -> 192.168.1.1 79 54 finger
100 20892 192.168.1.5 36398 <- 192.168.1.1 79 54 finger
100 20892 192.168.1.5 36398 -> 192.168.1.1 79 54 finger
100 20892 192.168.1.5 36398 -> 192.168.1.1 79 54 finger
100 20892 192.168.1.5 36398 <- 192.168.1.1 79 54 finger
0 242 192.168.1.5 23 <- 192.168.1.1 54224 54 inetd
0 242 192.168.1.5 23 -> 192.168.1.1 54224 54 inetd
0 242 192.168.1.5 23 <- 192.168.1.1 54224 54 inetd
0 242 192.168.1.5 23 <- 192.168.1.1 54224 78 inetd
0 242 192.168.1.5 23 -> 192.168.1.1 54224 54 inetd
0 20893 192.168.1.5 23 -> 192.168.1.1 54224 57 in.telnetd
0 20893 192.168.1.5 23 <- 192.168.1.1 54224 54 in.telnetd
0 20893 192.168.1.5 23 -> 192.168.1.1 54224 78 in.telnetd
0 20893 192.168.1.5 23 <- 192.168.1.1 54224 57 in.telnetd
0 20893 192.168.1.5 23 -> 192.168.1.1 54224 54 in.telnetd
0 20893 192.168.1.5 23 <- 192.168.1.1 54224 54 in.telnetd
0 20893 192.168.1.5 23 -> 192.168.1.1 54224 60 in.telnetd
0 20893 192.168.1.5 23 <- 192.168.1.1 54224 63 in.telnetd
0 20893 192.168.1.5 23 -> 192.168.1.1 54224 54 in.telnetd
0 20893 192.168.1.5 23 <- 192.168.1.1 54224 60 in.telnetd
0 20893 192.168.1.5 23 -> 192.168.1.1 54224 60 in.telnetd
0 20893 192.168.1.5 23 <- 192.168.1.1 54224 60 in.telnetd
0 20893 192.168.1.5 23 -> 192.168.1.1 54224 72 in.telnetd
[...]
As new connections are made, each of the TCP packets are traced along with
the UID, PID and command name.