tcpick
TCP stream sniffer and connection tracker that uses libpcap to track, reassemble, and reorder TCP streams. It can save captured flows to files or display them in the terminal with various modes like hexdump, ASCII, printable characters, raw, or colorized.
Description
tcpick is a libpcap-based textmode sniffer designed for tracking and analyzing TCP connections on network interfaces. It reassembles TCP streams, reorders packets, and provides flexible output options for displaying or saving network traffic. This tool supports multiple network interface types, including ethernet cards and PPP interfaces, making it versatile for different network environments.
Use cases include real-time monitoring of TCP flows, debugging network issues by inspecting stream contents, and capturing specific traffic matching filters. It displays streams in various formats such as hexdump + ASCII, only printable characters, raw mode, or colorized output, aiding in quick analysis without complex tools.
tcpick is lightweight with an installed size of 88 KB and depends on libc6, libpcap0.8t64, and tcpick packages. For detailed options, refer to the tcpick(1) manpage.
How It Works
tcpick leverages libpcap to capture packets from specified network interfaces. It tracks TCP connections, reassembles out-of-order streams, and reorders packets to reconstruct complete TCP flows. Captured data can be output in terminal display modes (hexdump, ASCII, printable, raw, colorized) or saved to files, with filtering support via libpcap syntax for targeting specific traffic.
Installation
sudo apt install tcpickFlags
Examples
tcpick --helptcpick -i ppp0 -yP -C -h "not port 22"tcpick -i eth0 -yHtcpick -C -yUtcpick -yR "port 80"tcpick -i any -bP "tcp"tcpick -r capture.pcap -yP