Navigation:  Command Line Applications >

IPMon

 Top  Previous  Next

IPMon is a command-line utility that utilizes the WinPcap network driver to monitor IP traffic to the local host for troubleshooting and monitoring purposes. Unlike full blown network sniffers, IPMon only shows the IP addresses and ports (for TCP/UDP) affected, and groups output so that repetitive traffic is not being displayed. For example, any IP address that communicates with the local host where IPMon runs is only displayed once.

 

Using IPMon, a system or network administrator can quickly see which TCP/UDP/ICMP communication is taking place from the local host, without having to parse through thousands of lines network captures. IPMon currently supports the following IP protocols:

 

UDP
TCP
ICMP

 

and has the following filtering / output capabilities:

 

Filter based on TCP port number
Filter based on UDP port number
Filter protocols (UDP, TCP, ICMP)
Show any IP address only once, even when communication is flowing to/from multiple ports
Show any IP address / remote port combination only once
Resolve IP addresses to host names

 

Simply running IPMon without arguments will, in most cases, reveal interesting information about the IP traffic to the local host.

 

alert_or_warning_1_24_n_g

In this version IPMon only shows incoming traffic sent from remote hosts to the local machine. Outgoing traffic, as well as traffic sent to interfaces other than a local one, are not shown.

 

IPMon outputs captured traffic to the command line as follows:

 

[Timestamp] [IP Protocol] [Remote IP Address] [Source Port->Destination Port] [Resolved Host Name]

 

Timestamp:        Current time as Hour:Minute:Seconds
IP Protocol:        The IP protocol used, either UDP, TCP or ICMP
Remote IP Address:        The IP address of the remote host sending a packet to the local host
Source Port:        The UDP/TCP source port (from the remote host)
Destination Port:        The UDP/TCP destination port (on the local machine)
Resolved Host Name:        The FQDN of the remote host, when run with /resolve option. Only available when the IP address can be resolved through DNS.

 

 

ipmon_1

Figure 1: All TCP and UDP communication

 

 

ipmon_2

Figure 2: IPMon quickly shows questionable traffic via UDP (in this case Skype is the "culprit")

 

Requirements

WinPcap network driver

 

Files

ipmon(.exe)

 

Supported Platforms

Windows

Linux

FreeBSD

OS X