tcpflow is a program that captures data transmitted as part of TCP
connections (flows), and stores it in a way that is convenient for
protocol analysis or debugging.  A program like 'tcpdump' only shows a
summary of packets seen on the wire, but usually doesn't store the
data that's actually being transmitted.  In contrast, tcpflow
reconstructs the actual data streams and stores each flow in a
separate file for later analysis.

tcpflow understands sequence numbers and will correctly reconstruct
data streams regardless of retransmissions or out-of-order delivery.
However, it currently does not understand IP fragments; flows
containing IP fragments will not be recorded properly.

Note: this port includes a small patch that adds the capability of
      reading the packets from a tcpdump(1) capture file, using
      a new option (-r).

WWW: http://www.circlemud.org/~jelson/software/tcpflow/

- Jose M. Alcaide
jose@we.lc.ehu.es