./net/tcpflow, Captures data transmitted as part of TCP connections

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 1.4.5nb4, Package name: tcpflow-1.4.5nb4, Maintainer: pkgsrc-users

tcpflow is a program that captures data transmitted as part of TCP connections
(flows), and stores the data in a way that is convenient for protocol analysis
or debugging. A program like 'tcpdump' shows a summary of packets seen on the
wire, but usually doesn't store the data that's actually being transmitted.
In contrast, tcpflow reconstructs the actual data streams and stores each flow
in a separate file for later analysis.

tcpflow understands sequence numbers and will correctly reconstruct data
streams regardless of retransmissions or out-of-order delivery. However, it
currently does not understand IP fragments; flows containing IP fragments will
not be recorded properly.

tcpflow is based on the LBL Packet Capture Library (available from LBL) and
therefore supports the same rich filtering expressions that programs like
'tcpdump' support.

Required to run:

Required to build:
[devel/boost-headers] [pkgtools/cwrappers]

Master sites:

SHA1: a86ca927ec68e7a05cdc0da436e365504fdab27b
RMD160: 2f30ea47f301fb4737fc3911c1d94f8c53e5db0f
Filesize: 439.893 KB

Version history: (Expand)

CVS history: (Expand)

   2018-04-29 23:32:09 by Adam Ciarcinski | Files touched by this commit (629) | Package updated
Log message:
revbump for boost-libs update
   2018-03-12 12:18:01 by Thomas Klausner | Files touched by this commit (2155)
Log message:
Recursive bumps for fontconfig and libzip dependency changes.
   2018-01-01 22:18:57 by Adam Ciarcinski | Files touched by this commit (629) | Package updated
Log message:
Revbump after boost update
   2017-08-24 22:03:43 by Adam Ciarcinski | Files touched by this commit (621) | Package updated
Log message:
Revbump for boost update
   2017-07-14 14:58:25 by Joerg Sonnenberger | Files touched by this commit (3)
Log message:
Deal with libtre without tre.h.
   2017-07-04 15:50:42 by Jonathan Perkin | Files touched by this commit (11) | Package updated
Log message:
Update net/tcpflow to 1.4.5.

This package was last updated in 2004, since then it has changed maintainers
and looks quite different.  An incomplete changelog is as follows:

Version 1.3.1 NOV ??

	Complete rewrite of the TCP state machine, now handles flows larger
	than 4GiB.

Version 1.3.0 SEP 30 2012

	Release for end of FY2012, includes bug fixes, better support for
	autoconf, DFXML standardizations, and the ability to compile under
	mingw for Windows (that was a LOT of work).

Version 1.2.7 May 24 2012 (GIT)

	Version 1.2.7 offers two significant features over previous versions
	relating to the processing of the -r and the new -R options.

	  -r file1.pcap - This option specifies a pcap file to be read.
	                  New with version 1.2.7, the -r flag may be
	                  repeated any number of times.

	  -R file0.pcap - This option, new with version 1.2.7, allows a file
	                  to be specified that was captured in time *before*
	                  the file specified with -r. This option allows TCP
	                  sessions that started in file0.pcap and which
	                  continued into file1.pcap to be properly
	                  started. This option is useful when some external
	                  process makes packet capture files at regular
	                  intervals and then the files are reassembled
	                  later. Typically these files result from tcpdump run
	                  with the -w or -C options.

Version 1.2 March 15 2012 (SVN )

	Version 1.2 is the first to include post-processing of TCP connections
	integrated directly into the tcpflow program itself. post-processing
	is optional and is performed on a per-connection basis when the
	connection is closed.

	The following post-processing method methods are currently defined.

	 -FM - Compute the MD5 hash value of every stream on close. Currently
	       MD5 hashes are only computed for TCP streams that contain
	       packets transmitted contigiously. -FM processing can happen
	       even when output is suppressed. The MD5 is written into the
	       DFXML file.

	 -AH - Detect Email/HTTP responses and separate headers from
	       body. This requires that the output files be captured.

	       If the output file is

	       Then the post-processing will create the files:

	       If the HTTPBODY was compressed with GZIP, you may get a
	       third file as well:


	       Additional information about these streams, such as their MD5
	       hash value, is also written to the DFXML file

Version 1.1.0 19 January 2012 (SVN 8118)

	Version 1.1 represents a significant rewrite of tcpflow. All users are
	encouraged to upgrade.

	Significant changes include:

	* Entire code base migrated to C++ ; code generally
	  improved. tcpflow's original hash table has been replaced with a
	  tr1::unordered_map which should offer significantly more

	* tcpflow now automatically expires out old connections. This finally
	  end the program's memory-hogging problem. (You can disable this
	  behavior with -P, which makes tcpflow run faster because it never
	  cleans up after itself. That's fine if you are working with less
	  than a million connections.)

	* Multiple connections with the same (source/destination) are now
	  detected and stored in different files. This is significant, as the
	  previous implementation would make a single file 1-2GB in length if
	  you the same host/port pairs with two different flows. Additional
	  files have the same filename and a "c0001", "c0002" appended.

	* Filenames may now be prefixed with either the ISO8601 time or a Unix
	  timestamp  indicating the time that the connection was first seen.

	* tcpflow will now save a DFXML file containing information for each
	  flow that it reconstructs.

	* The following new options are now implemented:

	  -o outdir --- now works (previously was not implemented)
	  -X xmfile --- now reports execution results in a DFXML
	                file. (Version 1.1 will include complete notion in the
	                XML file of every TCP connection as a DFXML <fileobject>
	  -Fc       --- Every file has the 'cXXXX' postfix, rather than just
	                the files with duplicate source/destination.
	  -Ft       --- Every file has the <time_t>T prefix.
	  -FT       --- Every file has an ISO8601 time prefix,
	                e.g. 2012-01-01T09:45:15Z
	  -mNNNN    --- Specifies the minimum number of bytes that need to be
	                skipped in a TCP connection before a new
	  -Lname    --- use the named semaphore 'name' to prevent multiple
	                tcpflow processes printing to standard output from
	                overprinting each other.
	  -P        --- do not prune the tcp connection table.

	Other improvements include:

	* Support for IPv6

	* Support for VLANs

	* The default filter which was causing problems under MacOS has been

Version 1.0.4 November 24, 2011
	* Default fitler changed to ""; previous default filter was causing
	  problems on macs.

Version 1.0.2 September 30, 2011
	* IPv6 code added

Version 1.0.0 January 2011
	* Updated to support VLANs. VLAN packets are marked by hex 0x8100
	  following the destination and source mac addresses, followed by the
	  16-bit VLAN address, followed by 0x0800 marking the beginning of the
	  traditional IP header.

Version 0.30 October 2007
	* Simson Garfinkel <simsong@acm.org> is now the maintainer of this
	* Modified to set the time of each tcpflow with the time of the first
	* Created a regression test, so "make check" and "make \ 
distcheck" now
	* Updated to modern autoconf tools.
   2015-11-04 01:35:47 by Alistair G. Crooks | Files touched by this commit (748)
Log message:
Add SHA512 digests for distfiles for net category

Problems found with existing digests:
	Package haproxy distfile haproxy-1.5.14.tar.gz
	159f5beb8fdc6b8059ae51b53dc935d91c0fb51f [recorded]
	da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated]

Problems found locating distfiles:
	Package bsddip: missing distfile bsddip-1.02.tar.Z
	Package citrix_ica: missing distfile citrix_ica-10.6.115659/en.linuxx86.tar.gz
	Package djbdns: missing distfile djbdns-1.05-test25.diff.bz2
	Package djbdns: missing distfile djbdns-cachestats.patch
	Package djbdns: missing distfile 0002-dnscache-cache-soa-records.patch
	Package gated: missing distfile gated-3-5-11.tar.gz
	Package owncloudclient: missing distfile owncloudclient-2.0.2.tar.xz
	Package poink: missing distfile poink-1.6.tar.gz
	Package ra-rtsp-proxy: missing distfile rtspd-src-
	Package ucspi-ssl: missing distfile ucspi-ssl-0.70-ucspitls-0.1.patch
	Package waste: missing distfile waste-source.tar.gz

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
   2013-02-06 20:31:06 by Jonathan Perkin | Files touched by this commit (76) | Package updated
Log message:
PKGREVISION bumps for net/libpcap update.