tcpflow is a tool that captures data transmitted as part of TCP connections, and stores the data in a way that is convenient for protocol analysis, keyword searching, etc.
tcpflow stores all captured data in files that have names of the form
where the contents of the above file would be data transmitted from host 220.127.116.11 port 2345, to host 10.11.12.13 port 45103.
- tcpflow does not understand IP fragments;
- tcpflow does not understand 802.11 headers.
- tcpflow uses sequence numbers for resizing files, so a reconstruction of the sessions may create 600 megabyte files more or less empty.