7dbda33e53
- tcpflow is a program that captures data transmitted as part of TCP connections (flows), and stores it in a way that is convenient for protocol analysis or debugging. A program like 'tcpdump' only shows a summary of packets seen on the wire, but usually doesn't store the data that's actually being transmitted. In contrast, tcpflow reconstructs the actual data streams and stores each flow in a separate file for later analysis. tcpflow understands sequence numbers and will correctly reconstruct data streams regardless of retransmissions or out-of-order delivery. However, it currently does not understand IP fragments; flows containing IP fragments will not be recorded properly. Note: this port includes a small patch that adds the capability of reading the packets from a tcpdump(1) capture file, using a new option (-r).
17 lines
843 B
Plaintext
17 lines
843 B
Plaintext
tcpflow is a program that captures data transmitted as part of TCP
|
|
connections (flows), and stores it in a way that is convenient for
|
|
protocol analysis or debugging. A program like 'tcpdump' only shows a
|
|
summary of packets seen on the wire, but usually doesn't store the
|
|
data that's actually being transmitted. In contrast, tcpflow
|
|
reconstructs the actual data streams and stores each flow in a
|
|
separate file for later analysis.
|
|
|
|
tcpflow understands sequence numbers and will correctly reconstruct
|
|
data streams regardless of retransmissions or out-of-order delivery.
|
|
However, it currently does not understand IP fragments; flows
|
|
containing IP fragments will not be recorded properly.
|
|
|
|
Note: this port includes a small patch that adds the capability of
|
|
reading the packets from a tcpdump(1) capture file, using
|
|
a new option (-r).
|