TCP Flow Monitor

One thing which is usually lacking in packet-based sniffers is the ability to conveniently follow the conversation between the nodes. Sure, there might be a “Re-create Conversation” or a similary function — but you still need to capture packets first and post-process the log later. Besides, this re-created conversation might be not so easy to use if binary data is involved.

The TCP Flow Monitor plugin provides an elegant way to see just the data and nothing else. Specify an interface to capture packets on, specify a filter in the form of address (or just port) and forget about packets! You will receive a clean log of data exchange reconstructed from the captured packets behind the scene - and in real time (no capture-first-re-create-conversation-later). The end result will look just like the one you see in TCP Connection plugin or TCP Listener plugin.

And of course, since this log is powered by our binary-oriented Ninja Scroll Logging Engine, you are free to use all the advanced logging features such as merging packets, switching between hex-view and plain text, inspecting data offsets and lengths, searching for binary patterns (even when they span across packet boundaries) and so on.

Under the hood, the TCP Flow Monitor plugin is powered by Pcap, an industry-standard open-source cross-platform packet capture driver.