Linux command
tcpflow 命令
文本
复制后可按需替换文件名、目录或参数。
常用示例
Example
tcpflow -c -i [eth0] port [80]
Example
tcpflow -r [path/to/capture.pcap] -o [output_dir]
Example
tcpflow -c -g -i [eth0]
Example
tcpflow -b [10000] -i [eth0] port [443]
Example
tcpflow -c -s -i [eth0]
说明
tcpflow captures TCP traffic and reconstructs data streams for debugging and analysis. Unlike packet sniffers that show individual packets, tcpflow reassembles TCP connections into complete data flows. Each TCP flow is saved to a separate file named by source and destination addresses/ports, making it easy to analyze individual connections.
参数
- -c
- Console print with source/dest header (don't create files)
- -C
- Console print without header (don't create files)
- -i _INTERFACE_
- Capture on specified network interface
- -r _FILE_
- Read from pcap file instead of live capture
- -o _DIR_
- Output directory for flow files
- -b _MAX_BYTES_
- Capture no more than max_bytes per flow
- -e _SCANNER_
- Enable specific scanner
- -s
- Strip non-printable characters (replace with '.')
- -g
- Colorized console output (blue=client, red=server)
- -D
- Console output in hex
- -d _LEVEL_
- Debug level (0=silent, 1=default)
- -f _MAX_FDS_
- Maximum number of file descriptors to use
- -p
- Do not put interface into promiscuous mode
- -q
- Quiet mode, suppress warnings
- -P
- No purge of closed connections from hash table
FAQ
What is the tcpflow command used for?
tcpflow captures TCP traffic and reconstructs data streams for debugging and analysis. Unlike packet sniffers that show individual packets, tcpflow reassembles TCP connections into complete data flows. Each TCP flow is saved to a separate file named by source and destination addresses/ports, making it easy to analyze individual connections.
How do I run a basic tcpflow example?
Run `tcpflow -c -i [eth0] port [80]` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does -c do in tcpflow?
Console print with source/dest header (don't create files)