Monitor TCP/UDP In Real Time

If you’re concerned about network connections to your device, you may want to monitor TCP/UDP in real time. It’s a pretty handy way to get a handle on what connections are being made by your devices. This article could be pretty complicated, but I’ll try to make sense of it all.

By the way, if you ever want to be sure you know something, try explaining it to someone who knows nothing about it. It can be pretty humbling. Leave a comment letting me know how I did.

Anyhow, moving on…

Network connections happen on various ports. Think of them as though your computer is a country and you have various ports that let traffic in and let traffic out.

There are different kinds of traffic, just like there are different kinds of ships. You have leisure, goods, military ships, etc… You have cruise ships, tankers, cargo yachts, kayaks, aircraft carriers, etc. Traffic is often bidirectional, meaning going in and leaving on the same port. In the case of TCP and UDP, traffic is bidirectional so one port will accommodate both.

So…

What Are TCP and UDP Anyhow?

In the case of TCP, you may be familiar with the expression TCP/IP, and it stands for Transmission Control Protocol. TCP requires a server/client relationship and should only be used on certain ports. Those ports are things like FTP, SSH, SMTP, Time, TELNET, etc… So, if you know you don’t have an FTP server running, you really shouldn’t be seeing traffic on ports 20 or 21.

UDP, on the other hand, stands for “User Datagram Protocol”. Unlike UDP, there’s no client/server relationship required. It just spews traffic out as needed/ordered. UDP connections do things like check a DNS server to find the IP address for a domain name. It then waits for the server to respond. There’s less latency and it’s more useful for ‘real time’ processes. Voice and video may be sent using UDP. Again, if you’re seeing unrecognized traffic, there may be a problem.

If you want, you can get a general idea (you don’t really need to memorize this) of what belongs where, with regards of TCP/UDP traffic. Wikipedia has an excellent list of TCP/UDP port numbers.

So, with that information at hand, you can see why you might want to …

Monitor TCP/UDP In Real Time:

This article requires an open terminal, like many other articles on this site. If you don’t know how to open the terminal, you can do so with your keyboard – just press CTRL + ALT + T and your default terminal should open.

Once you have your terminal open, you can use ‘netstat’ and examine this in detail. If you just want to check once,  you can run this command:

sudo netstat -tulpn

To monitor it in real time, you’ll just use the ‘watch’ command. That’d look like this:

sudo watch netstat -tulpn

You can use the -n flag to change the refresh interval, as it will default to every two seconds. To make it every five seconds, the command would look like this:

sudo watch -n 5 netstat -tulpn

You can change that number, but you can go no lower than once ever 0.1 seconds. I’m not sure if there’s an upper threshold, but it might have one. 

Either way, you can monitor your TCP/IP connections in real time. It’s not really all that difficult. You may see some results that alarm you, but odds are you’re just new to checking the output. Before getting alarmed and making drastic changes to your computer, research to see if the connection is actually just normal traffic.

Closure:

And there you have it, you have another article to read. This one is about how you can monitor TCP/UDP in real time, a useful tool if you’re concerned with your network’s traffic. Malicious activities will likely require network ingress and egress, so this can help your security assessments. Strange connections don’t necessarily mean there’s a problem – but they do mean you might want to look to see what’s causing the connections.

Thanks for reading! If you want to help, or if the site has helped you, you can donate, register to help, write an article, or buy inexpensive hosting to start your own site. If you scroll down, you can sign up for the newsletter, vote for the article, and comment.