TCP Flow Analyzer
TCP Flow Analyzer is the layer version of TCP Flow Monitor. It can be attached to Pcap Sniffer or Ethernet Tap to convert low-level packet views into high-level data flow representations.
One thing which is usually lacking in packet-based sniffers is the ability to conveniently follow the conversation between the nodes. The TCP Flow Analyzer plugin provides an elegant way to see just the data and nothing else. Attach it as a layer on top of Pcap Sniffer or Ethernet Tap and you will receive a clean log of data exchanges reconstructed in real time from the captured packets behind the scene. You don't need to capture packets first and re-create TCP conversations later! The end result will look just like the one you see in TCP Proxy or TCP Server plugins.
The TCP Flow Analyzer plugin allows you to follow multiple TCP conversations at the same time. If the log gets too messy — apply an address filter and leave only a particular conversation while hiding everything else.
Getting Started
Step 1. Attach Analyzer
In a Pcap Sniffer or Ethernet Tap session, attach the TCP Flow Analyzer layer.
Step 2. Analyze TCP
Analyze Pcap Sniffer or Ethernet Tap session logs as if they were TCP Proxy or TCP Server session logs.
Documentation
See Also
| Plugin | Relevance |
|---|---|
 Pcap Sniffer | A streamlined, binary-friendly interface for capturing and inspecting raw packets. |
| Ethernet Tap | A hardware sniffer for monitoring Ethernet traffic. |
Gallery
