ipmon

<< Click to Display Table of Contents >>

Navigation:  Network Tools >

ipmon

IPMon utilizes the WinPcap network driver to monitor IP traffic to the local host for troubleshooting and monitoring purposes. Unlike full blown network sniffers, IPMon only shows the IP addresses and ports (for TCP/UDP) affected, and groups output so that repetitive traffic is not being displayed. For example, any IP address that communicates with the local host where IPMon runs is only displayed once.

 

Using IPMon, a system or network administrator can quickly see which TCP/UDP/ICMP communication is taking place from the local host, without having to parse through thousands of lines network captures. IPMon currently supports the following IP protocols:

 

UDP

TCP

ICMP

 

and has the following filtering / output capabilities:

 

Filter based on TCP port number

Filter based on UDP port number

Filter protocols (UDP, TCP, ICMP)

Show any IP address only once, even when communication is flowing to/from multiple ports

Show any IP address / remote port combination only once

Resolve IP addresses to host names

 

Simply running IPMon without arguments will, in most cases, reveal interesting information about the IP traffic to the local host.

 

info_24

In this version IPMon only shows incoming traffic sent from remote hosts to the local machine. Outgoing traffic, as well as traffic sent to interfaces other than a local one, are not shown.

 

IPMon outputs captured traffic to the command line as follows:

 

[Timestamp] [IP Protocol] [Remote IP Address] [Source Port->Destination Port] [Resolved Host Name]

 

Timestamp:        Current time as Hour:Minute:Seconds

IP Protocol:        The IP protocol used, either UDP, TCP or ICMP

Remote IP Address:        The IP address of the remote host sending a packet to the local host

Source Port:        The UDP/TCP source port (from the remote host)

Destination Port:        The UDP/TCP destination port (on the local machine)

Resolved Host Name:        The FQDN of the remote host, when run with /resolve option. Only available when the IP address can be resolved through DNS.

 

 

ipmon_1

Figure 1: All TCP and UDP communication

 

 

ipmon_2

Figure 2: IPMon quickly shows questionable traffic via UDP (in this case Skype is the "culprit")

 

Requirements

WinPcap network driver

 

Interface

Command-line

 

Files

ipmon(.exe)

 

Supported Platforms

Windows

Linux

FreeBSD

OS X