The patches are a modified version of some enhancements to tcpflow from Debian
Adds the following options:
-e When outputting to the console each flow will be output in alternating
colours.
-C Console print without the packet source and destination details being
printed. Print the contents of packets to stdout as they are received,
without storing any captured data to files (implies -s).
in host, not network format. At least, this is the case for NetBSD. I don't
know what systems out there exist where this is not the case, but Linux is
one possibility.
tcpflow is a program that captures data transmitted as part of TCP connections
(flows), and stores the data in a way that is convenient for protocol analysis
or debugging. A program like 'tcpdump' shows a summary of packets seen on the
wire, but usually doesn't store the data that's actually being transmitted.
In contrast, tcpflow reconstructs the actual data streams and stores each flow
in a separate file for later analysis.
tcpflow understands sequence numbers and will correctly reconstruct data
streams regardless of retransmissions or out-of-order delivery. However, it
currently does not understand IP fragments; flows containing IP fragments will
not be recorded properly.
tcpflow is based on the LBL Packet Capture Library (available from LBL) and
therefore supports the same rich filtering expressions that programs like
'tcpdump' support.
