The following is a demonstration of the tcptop command,
tcptop will display info on newly established TCP connections,
# tcptop -C 10
Tracing... Please wait.
2005 Jul 5 04:55:25, load: 1.11, TCPin: 2 KB, TCPout: 110 KB
UID PID LADDR LPORT FADDR FPORT SIZE NAME
100 20876 192.168.1.5 36396 192.168.1.1 79 1160 finger
100 20875 192.168.1.5 36395 192.168.1.1 79 1160 finger
100 20878 192.168.1.5 36397 192.168.1.1 23 1303 telnet
100 20877 192.168.1.5 859 192.168.1.1 514 115712 rcp
2005 Jul 5 04:55:35, load: 1.10, TCPin: 0 KB, TCPout: 0 KB
UID PID LADDR LPORT FADDR FPORT SIZE NAME
0 242 192.168.1.5 79 192.168.1.1 54220 272 inetd
0 20879 192.168.1.5 79 192.168.1.1 54220 714 in.fingerd
[...]
In the above output, we run it with a 10 second interval and with -C so
that the screen does not clear. Some traffic was captured, around 110 Kbytes
by the rcp process (PID 20877), etc.