tcpflow

Capture and display traffic on interface and port

$ tcpflow -c -i [eth0] port [80]

tcpflow [OPTIONS] [EXPRESSION]

tcpflow captures TCP traffic and reconstructs data streams for debugging and analysis. Unlike packet sniffers that show individual packets, tcpflow reassembles TCP connections into complete data flows.
Each TCP flow is saved to a separate file named by source and destination addresses/ports, making it easy to analyze individual connections.

-c

Output to console (stdout)

Capture on specified interface

Read from pcap file

Output directory for flow files

Output in ASCII format

Enable specific scanner

Requires root privileges or appropriate capabilities. Uses libpcap filter expressions. Only captures TCP traffic, not UDP or other protocols. Large captures can consume significant disk space.

tcpflow was created by Jeremy Elson and is designed for forensic analysis and debugging of network applications by reconstructing TCP sessions.

tcpdump(8), wireshark(1), tcpick(8)