tcpflow
« Back to VersTracker
Description:
TCP/IP packet demultiplexer
Type: Formula  |  Tracked Since: Dec 28, 2025
Links: Homepage  |  formulae.brew.sh
Category: Networking
Tags: networking packet-capture forensics tcp analysis security
Install: brew install tcpflow
About:
Tcpflow is a command-line tool that captures and reconstructs TCP/IP data streams from network traffic. It demultiplexes packets based on connection identifiers and writes the data payload to individual files for analysis. This allows security professionals and developers to inspect the actual content transmitted over network connections.
Key Features:
  • Reconstructs TCP data streams from packet captures
  • Supports both live capture and offline PCAP file analysis
  • Handles out-of-order packets and TCP retransmissions
  • Extracts application-layer data for protocol analysis
Use Cases:
  • Network forensics and incident response investigations
  • Debugging network applications by inspecting raw traffic
  • Malware analysis by extracting suspicious network payloads
  • Monitoring and auditing network protocol implementations
Alternatives:
  • Wireshark – GUI-based packet analyzer with visualization vs tcpflow's command-line stream reconstruction focus
  • tcpdump – Raw packet capture tool vs tcpflow's stream reassembly and file extraction capabilities
Version History
Detected Version Rev Change Commit
Sep 12, 2025 3:19am 0 VERSION_BUMP cefeeb06
Sep 12, 2024 11:46pm 0 VERSION_BUMP d513b514