15 lines
855 B
Text
15 lines
855 B
Text
tcpflow is a program that captures data transmitted as part of TCP connections
|
|
(flows), and stores the data in a way that is convenient for protocol analysis
|
|
or debugging. A program like 'tcpdump' shows a summary of packets seen on the
|
|
wire, but usually doesn't store the data that's actually being transmitted.
|
|
In contrast, tcpflow reconstructs the actual data streams and stores each flow
|
|
in a separate file for later analysis.
|
|
|
|
tcpflow understands sequence numbers and will correctly reconstruct data
|
|
streams regardless of retransmissions or out-of-order delivery. However, it
|
|
currently does not understand IP fragments; flows containing IP fragments will
|
|
not be recorded properly.
|
|
|
|
tcpflow is based on the LBL Packet Capture Library (available from LBL) and
|
|
therefore supports the same rich filtering expressions that programs like
|
|
'tcpdump' support.
|