tcpproxy is a simple TCP connection proxy which combines the features of
rinetd and 6tunnel. tcpproxy supports IPv4 and IPv6 and also supports
connections from IPv6 to IPv4 endpoints and vice versa.
tcpshow reads a tcpdump(1) savefile and provides a reasonably complete
decode of Ethernet, IP, ICMP, UDP and TCP headers. Boolean expressions
may also be specified for packet selection. Data within the packets are
displayed in ASCII.
tcpshow's output is simular to Sun Solaris's snoop(1M) command for
network packet capture and inspection.
tcpslice is a tool for extracting portions of packet trace
files generated using tcpdump's -w flag.
The basic operation of tcpslice is to copy to stdout all packets
from its input file(s) whose timestamps fall within a given range.
The tcpsplit utility breaks a single libpcap packet trace into some number
of sub-traces, breaking the trace along TCP connection boundaries so that
a TCP connection doesn't end up split across two sub-traces. This is useful
for making large trace files tractable for in-depth analysis and for
subsetting a trace for developing analysis on only part of a trace.
tcptrace is a TCP connection analysis tool. It can tell you detailed
information about TCP connections by sifting through dump files.
The dump file formats supported are:
Standard tcpdump format (you need the pcap library)
Sun's snoop format
Macintosh Etherpeek format
HP/NetMetrix protocol analysis format
NS simulator output format
NetScout
NLANR Tsh Format
To see the graphs, you'll also need Tim Shepard's xplot program,
available at http://www.xplot.org
TCPWatch is a utility written in Python that lets you monitor forwarded TCP
connections or HTTP proxy connections. It displays the sessions in a window
with a history of past connections. It is useful for developing and debugging
protocol implementations and web services.
tcptraceroute is a traceroute implementation using TCP packets.
The more traditional traceroute(8) sends out either UDP or ICMP ECHO packets
with a TTL of one, and increments the TTL until the destination has been
reached. By printing the gateways that generate ICMP time exceeded messages
along the way, it is able to determine the path packets are taking to reach the
destination.
The problem is that with the widespread use of firewalls on the modern Internet,
many of the packets that traceroute(8) sends out end up being filtered, making
it impossible to completely trace the path to the destination. However, in many
cases, these firewalls will permit inbound TCP packets to specific ports that
hosts sitting behind the firewall are listening for connections on. By sending
out TCP SYN packets instead of UDP or ICMP ECHO packets, tcptraceroute is able
to bypass the most common firewall filters.
tcpxd is a general purpose TCP/IP relay program designed
to be simple to get going, requiring only three parameters;
the port to listen on, the host to forward to, and the port
on that host to connect to.
tdetect detects someone running traceroute against your system.
It does this by detecting UDP (Unix traceroute) or ICMP ECHO (Windows
traceroute) packets with TTL fields == 1.