cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
78edeef281
openbsd-ports/net/tcpflow/patches/patch-ab
brad 7dbda33e53 add tcpflow port; jethro@dqc.org 
-
tcpflow is a program that captures data transmitted as part of TCP
connections (flows), and stores it in a way that is convenient for
protocol analysis or debugging.  A program like 'tcpdump' only shows a
summary of packets seen on the wire, but usually doesn't store the
data that's actually being transmitted.  In contrast, tcpflow
reconstructs the actual data streams and stores each flow in a
separate file for later analysis.

tcpflow understands sequence numbers and will correctly reconstruct
data streams regardless of retransmissions or out-of-order delivery.
However, it currently does not understand IP fragments; flows
containing IP fragments will not be recorded properly.

Note: this port includes a small patch that adds the capability of
      reading the packets from a tcpdump(1) capture file, using
      a new option (-r).
1999-11-12 14:22:25 +00:00

54 lines
1.8 KiB
Plaintext
Raw Blame History

--- tcpflow.1.in.orig Wed Apr 21 04:57:20 1999
+++ tcpflow.1.in Sun Oct 10 21:31:33 1999
@@ -21,6 +21,9 @@
.BI \-i \ iface\fR\c
]
[\c
+.BI \-r \ file\fR\c
+]
+[\c
.BI expression\fR\c
]
.SH DESCRIPTION
@@ -29,7 +32,7 @@
is a program that captures data transmitted as part of TCP connections
(flows), and stores it in a way that is convenient for protocol
analysis or debugging. A program like
-.IR tcpdump (4)
+.IR tcpdump (1)
only shows a summary of packets seen on the wire, but usually doesn't
store the data that's actually being transmitted. In contrast,
tcpflow reconstructs the actual data streams and stores each flow in a
@@ -93,6 +96,13 @@
.B \-i
, a reasonable default will be used by libpcap automatically.
.TP
+.B \-r
+Read packets from \fIfile\fP, which was created using the
+.B \-w
+option of
+.IR tcpdump (1).
+Standard input is used if \fIfile\fP is ``-''.
+.TP
.B \-p
No promiscuous mode. Normally, tcpflow attempts to put the network
interface into promiscuous mode before capturing packets. The
@@ -118,7 +128,7 @@
specified on the command-line specifies which packets should be
captured. Because tcpflow uses the the libpcap library, tcpflow has
the same powerful filtering language available as programs such as
-.IR tcpdump (4).
+.IR tcpdump (1).
.LP
.B The following part of the man page is excerpted from the tcpdump man page.
.LP
@@ -259,7 +269,7 @@
.IP "\fBdst net \fInet\fR"
True if the IP destination address of the packet has a network
number of \fInet\fP. \fINet\fP may be either a name from /etc/networks
-or a network number (see \fInetworks(4)\fP for details).
+or a network number (see \fInetworks(5)\fP for details).
.IP "\fBsrc net \fInet\fR"
True if the IP source address of the packet has a network
number of \fInet\fP.
Reference in New Issue View Git Blame Copy Permalink