13 lines
722 B
Plaintext
13 lines
722 B
Plaintext
tcpflow is a program that captures data transmitted as part of TCP connections
|
|
(flows), and stores the data in a way that is convenient for protocol analysis
|
|
and debugging. Each TCP flow is stored in its own file. Thus, the typical TCP
|
|
flow will be stored in two files, one for each direction. tcpflow can also
|
|
process stored 'tcpdump' packet flows.
|
|
|
|
tcpflow is similar to 'tcpdump', in that both process packets from the wire or
|
|
from a stored file. But it's different in that it reconstructs the actual data
|
|
streams and stores each flow in a separate file for later analysis.
|
|
|
|
tcpflow understands sequence numbers and will correctly reconstruct data
|
|
streams regardless of retransmissions or out-of-order delivery.
|