22 lines
937 B
Text
22 lines
937 B
Text
|
tcpflow is a program that captures data transmitted as part of TCP
|
||
|
connections (flows), and stores it in a way that is convenient for
|
||
|
protocol analysis or debugging. A program like 'tcpdump' only shows a
|
||
|
summary of packets seen on the wire, but usually doesn't store the
|
||
|
data that's actually being transmitted. In contrast, tcpflow
|
||
|
reconstructs the actual data streams and stores each flow in a
|
||
|
separate file for later analysis.
|
||
|
|
||
|
tcpflow understands sequence numbers and will correctly reconstruct
|
||
|
data streams regardless of retransmissions or out-of-order delivery.
|
||
|
However, it currently does not understand IP fragments; flows
|
||
|
containing IP fragments will not be recorded properly.
|
||
|
|
||
|
Note: this port includes a small patch that adds the capability of
|
||
|
reading the packets from a tcpdump(1) capture file, using
|
||
|
a new option (-r).
|
||
|
|
||
|
WWW: http://www.circlemud.org/~jelson/software/tcpflow/
|
||
|
|
||
|
- Jose M. Alcaide
|
||
|
jose@we.lc.ehu.es
|