tcptrack

tcptrack is a sniffer which displays information about TCP connections it
sees on a network interface. It passively watches for connections on the
network interface, keeps track of their state and displays a list of
connections in a manner similar to the unix ‘top’ command. It displays
source and destination addresses and ports, connection state, idle time, and
bandwidth usage. The following screenshot explains a lot:


TCP-over-DNS tunnel software

DNS stands for “Domain Name System”. The purpose of DNS is convert a domain name, such as “analogbit.com” to an ip address, such as “208.113.168.166”. The interesting thing about DNS queries is that they are usually recursive queries. This means that if a server doesn’t know the answer for a domain name, it is allowed to ask other servers for the answer. So while a firewall or restrictive ISP may filter regular internet traffic they probably overlooked DNS traffic.