tcpflow - TCP flow recorder

Property Value
Distribution Debian 7 (Wheezy)
Repository Debian Main i386
Package name tcpflow
Package version 0.21.ds1
Package release 7
Package architecture i386
Package type deb
Installed size 83 B
Download size 26.69 KB
Official Mirror
tcpflow is a program that captures data transmitted as part of TCP
connections (flows), and stores the data in a way that is convenient
for protocol analysis or debugging. A program like 'tcpdump' shows a
summary of packets seen on the wire, but usually doesn't store the
data that's actually being transmitted. In contrast, tcpflow
reconstructs the actual data streams and stores each flow in a
separate file for later analysis.
tcpflow understands sequence numbers and will correctly reconstruct
data streams regardless of retransmissions or out-of-order delivery.
However, it currently does not understand IP fragments; flows
containing IP fragments will not be recorded properly.
tcpflow is based on the LBL Packet Capture Library and therefore
supports the same rich filtering expressions that programs like
'tcpdump' support. tcpflow can also rebuild flows from data captured
with 'tcpdump -w'.


Package Version Architecture Repository
tcpflow_0.21.ds1-7_amd64.deb 0.21.ds1 amd64 Debian Main
tcpflow - - -


Name Value
libc6 >= 2.3.4
libpcap0.8 >= 0.9.8


Type URL
Binary Package tcpflow_0.21.ds1-7_i386.deb
Source Package tcpflow

Install Howto

  1. Update the package index:
    # sudo apt-get update
  2. Install tcpflow deb package:
    # sudo apt-get install tcpflow




2012-05-20 - Romain Francoise <>
tcpflow (0.21.ds1-7) unstable; urgency=low
* Switch to debhelper compat level 9, enable hardening via
* Override lintian warning about stack protector: the binary is
correctly built with stack protection enabled, but doesn't have any
arrays on the stack.
* Override lintian tag 'package-needs-versioned-debhelper-build-depends'.
* Bump Standards-Version to 3.9.3.
* Set Maintainer to Debian QA group.
2010-01-14 - Romain Francoise <>
tcpflow (0.21.ds1-6) unstable; urgency=low
* debian/control: Build-depend on hardening-includes.
* debian/rules: Use hardening.make.
* debian/patches/10_vlan.diff: Dropped (closes: #558209).
* debian/patches/series: Update.
2009-11-09 - Romain Francoise <>
tcpflow (0.21.ds1-5) unstable; urgency=low
* Switch to 3.0 (quilt) source format:
+ Drop build-depends on quilt.
+ Remove patch/unpatch logic from debian/rules.
+ Refresh all patches.
* Use dh(1):
+ debian/compat: Bump to 7.
+ debian/control: Build-depend on debhelper (>> 7).
+ debian/rules: Simplify.
* debian/patches/10_vlan.diff: New patch, makes tcpflow skip VLAN
headers if present (closes: #536792).
* debian/patches/series: Update.
* debian/control: Bump Standards-Version to 3.8.3, no changes needed.
2009-06-21 - Romain Francoise <>
tcpflow (0.21.ds1-4) unstable; urgency=low
* debian/patches/20_fix-usage.diff: New patch, fixes wrong usage output
(closes: #499158).
* debian/control: Bump Standards-Version to 3.8.2, no changes needed.
2008-05-01 - Romain Francoise <>
tcpflow (0.21.ds1-3) unstable; urgency=low
* debian/patches/10_extra-opts.diff: Fix off-by-one error in handling of
isn, the handshake SYN packet counts for one but doesn't contain data
(closes: #477163).
2008-03-10 - Romain Francoise <>
tcpflow (0.21.ds1-2) unstable; urgency=low
* debian/control: Bump Standards-Version to 3.7.3, no changes needed.
* debian/copyright: Add actual copyright notice (lintian warning).
2007-10-14 - Romain Francoise <>
tcpflow (0.21.ds1-1) unstable; urgency=low
* Repack tarball from Git.
* debian/control: Add Homepage, Vcs-Browser and Vcs-Git fields.
2007-09-01 - Romain Francoise <>
tcpflow (0.21-12) unstable; urgency=low
* Convert to quilt for patch management:
+ debian/control: build-depend on quilt (>= 0.40).
+ debian/rules: Include /usr/share/quilt/quilt.make and call quilt
* Split monolithic Debian diff:
+ debian/patches/10_extra-opts.diff: Add options -C and -e.
+ debian/patches/50_autotools-dev.diff: Make config.{guess,sub}
exec newer versions of themselves if autotools-dev is installed.
* debian/control: Don't build-depend on automake1.7, but on autotools-dev.
* debian/rules: Don't reconf.  Major cleanup.
2006-10-14 - Romain Francoise <>
tcpflow (0.21-11) unstable; urgency=high
* Fix broken Debian-specific changes:
+ -C and -c *must* imply -s to strip non-printable characters or
network data could end up messing with the terminal; this is
potentially a security issue, hence urgency: high.
+ Reimplement Debian-specific option -e from scratch, the previous
implementation was tragically flawed: it assumed that the entirety
of the TCP connection would have only two segments, which is of
course rarely true...  Do it properly by finding out who's the
client and who's the server by examining the TCP handshake. Also
mention -e in usage.
+ Fix spelling errors in Debian-specific patches.
+ Fix the manpage to make explanations actually match their
corresponding options (closes: #392676).

See Also

Package Description
tcpick_0.2.1-6_i386.deb TCP stream sniffer and connection tracker
tcpreen_1.4.4-2_i386.deb Simple TCP re-engineering tool
tcpreplay_3.4.3-2+wheezy1_i386.deb Tool to replay saved tcpdump files at arbitrary speeds
tcpser_1.0rc12-1_i386.deb emulate a Hayes compatible modem
tcpslice_1.2a3-4_i386.deb extract pieces of and/or glue together tcpdump files
tcpspy_1.7d-4_i386.deb Incoming and Outgoing TCP/IP connections logger
tcpstat_1.5-7_i386.deb network interface statistics reporting tool
tcptrace_6.6.7-4.1_i386.deb Tool for analyzing tcpdump output
tcptraceroute_1.5beta7+debian-4_i386.deb traceroute implementation using TCP packets
tcptrack_1.4.2-1_i386.deb TCP connection tracker, with states and speeds
tcputils_0.6.2-9_i386.deb Utilities for TCP programming in shell-scripts
tcpwatch-httpproxy_1.3b-3_all.deb TCP monitoring and logging tool with support for HTTP 1.1
tcpxtract_1.0.1-8_i386.deb extracts files from network traffic based on file signatures
tcs_1-11_i386.deb character set translator
tcsh_6.18.01-2_i386.deb TENEX C Shell, an enhanced version of Berkeley csh