13 lines
686 B
Plaintext
13 lines
686 B
Plaintext
|
tcpflow is a program that captures data transmitted as part of TCP
|
||
|
|
connections (flows), and stores it in a way that is convenient for
|
||
|
|
protocol analysis or debugging. A program like 'tcpdump' only shows a
|
||
|
|
summary of packets seen on the wire, but usually doesn't store the
|
||
|
|
data that's actually being transmitted. In contrast, tcpflow
|
||
|
|
reconstructs the actual data streams and stores each flow in a
|
||
|
|
separate file for later analysis.
|
||
|
|
|
||
|
|
tcpflow understands sequence numbers and will correctly reconstruct
|
||
|
|
data streams regardless of retransmissions or out-of-order delivery.
|
||
|
|
However, it currently does not understand IP fragments; flows
|
||
|
|
containing IP fragments will not be recorded properly.
|