TCP Flow Monitor

TCP Flow Monitor

Starting with version 3.14.3, IO Ninja also includes the TCP Flow Analyzer layer plugin. This layer can be attached on top of Pcap Sniffer or Ethernet Tap to post-process captured packets and convert those into the high-level data flow representation.

One thing which is usually lacking in packet-based sniffers is the ability to conveniently follow the conversation between the nodes. Sure, there might be a "Re-create Conversation" or a similar function — but you still need to capture packets first and post-process the log later. Besides, this re-created conversation might be not so easy to use if binary data is involved.

The TCP Flow Monitor plugin provides an elegant way to see just the data and nothing else. Specify an interface to capture packets on, specify a filter in the form of address (or just port) — and forget about packets! You will receive a clean log of data exchanges reconstructed in real time from the captured packets behind the scene. You don't need to capture packets first and re-create TCP conversations later! The end result will look just like the one you see in TCP Proxy or TCP Server plugins.

And of course, since this log is powered by our binary-oriented Ninja Scroll Logging Engine, you are free to use all the advanced logging features such as merging packets, switching between hex-view and plain text, inspecting data offsets and lengths, searching for binary patterns (even when they span across packet boundaries) and so on.

The TCP Flow Monitor plugin allows you to follow multiple TCP conversations at the same time. If the log gets too messy — apply a filter and leave only a particular conversation while hiding everything else.

Under the hood, the TCP Flow Monitor plugin is powered by libpcap, an industry-standard open-source cross-platform packet capture technology.