"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "doc/tcpflow.1.in" between
tcpflow-1.5.0.tar.gz and tcpflow-1.6.1.tar.gz

About: tcpflow is a TCP/IP packet demultiplexer that captures data transmitted as part of TCP connections (flows), and stores the data in a way that is convenient for protocol analysis and debugging.

tcpflow.1.in  (tcpflow-1.5.0)	:	tcpflow.1.in  (tcpflow-1.6.1)
skipping to change at line 499		skipping to change at line 499
tcp connection, how the \fBtcpflow\fP program was compiled, and the computer on which \fBtcpflow\fP was run.		tcp connection, how the \fBtcpflow\fP program was compiled, and the computer on which \fBtcpflow\fP was run.
By default		By default
.B tcpflow		.B tcpflow
writes the		writes the
.B DFXML report		.B DFXML report
in file \fIreport.xml\fP.		in file \fIreport.xml\fP.
.TP		.TP
.B \-Z		.B \-Z
Don't decompress gzip-compressed streams.		Don't decompress gzip-compressed streams.
.\"START -- tcpdump excerpt"		.\"START -- tcpdump excerpt"
		.B \-K
		Retain per flow isolated pcap structure.
.TP		.TP
\fIexpression\fP		\fIexpression\fP
selects which packets will be captured. If no \fIexpression\fP		selects which packets will be captured. If no \fIexpression\fP
is given, all packets on the net will be captured. Otherwise,		is given, all packets on the net will be captured. Otherwise,
only packets for which \fIexpression\fP is `true' will be captured.		only packets for which \fIexpression\fP is `true' will be captured.
.IP		.IP
For the \fIexpression\fP syntax, see		For the \fIexpression\fP syntax, see
.BR pcap-filter (7).		.BR pcap-filter (7).
.IP		.IP
The \fIexpression\fP argument can be passed to \fItcpflow\fP as either a single		The \fIexpression\fP argument can be passed to \fItcpflow\fP as either a single
skipping to change at line 614		skipping to change at line 616
.IP \(bu		.IP \(bu
\fBmodule\fP Module name (printed if relevant, used to indicate the python scrip t)		\fBmodule\fP Module name (printed if relevant, used to indicate the python scrip t)
.IP \(bu		.IP \(bu
\fBfunction\fP Function name (printed if relevant,		\fBfunction\fP Function name (printed if relevant,
used to indicate the function within the python module)		used to indicate the function within the python module)
.SH EXAMPLES		.SH EXAMPLES
.LP		.LP
To record all packets arriving at or departing from \fIsundown\fP and extract al l of the HTTP attachments:		To record all packets arriving at or departing from \fIsundown\fP and extract al l of the HTTP attachments:
.RS		.RS
.nf		.nf
\fBtcpflow -e scan_http -o outdir host sundown\fP		\fBtcpflow -e http -o outdir host sundown\fP
.fi		.fi
.RE		.RE
.LP		.LP
To record traffic between \fIhelios\fR and either \fIhot\fR or \fIace\fR and bin the results into 1000 files per directory and calculate the MD5 of each flow:		To record traffic between \fIhelios\fR and either \fIhot\fR or \fIace\fR and bin the results into 1000 files per directory and calculate the MD5 of each flow:
.RS		.RS
.nf		.nf
\fBtcpflow -X report.xml -e scan_md5 -o outdir -Fk host helios and \\( hot or ac e \\)\fP		\fBtcpflow -X report.xml -e md5 -o outdir -Fk host helios and \\( hot or ace \\) \fP
.fi		.fi
.SH BUGS		.SH BUGS
Please send bug reports to simsong@acm.org.		Please send bug reports to simsong@acm.org.
.LP		.LP
\fBtcpflow\fP currently does not understand IP fragments. Flows containing		\fBtcpflow\fP currently does not understand IP fragments. Flows containing
IP fragments will not be recorded correctly.		IP fragments will not be recorded correctly.
.SH AUTHORS		.SH AUTHORS
Originally by Jeremy Elson <jelson@circlemud.org>.		Originally by Jeremy Elson <jelson@circlemud.org>.
Substantially modified and maintained by Simson L. Garfinkel <simsong@acm.org>.		Substantially modified and maintained by Simson L. Garfinkel <simsong@acm.org>.
Network visualization code by Michael Shick <mike@shick.in>		Network visualization code by Michael Shick <mike@shick.in>
End of changes. 3 change blocks.
2 lines changed or deleted		4 lines changed or added

---