Projects / tcpick


tcpick is a textmode sniffer that can track TCP streams and saves the data captured in files or displays them in the terminal. It is useful for picking files in a passive way. It can store all connections in different files, or it can display all the stream on the terminal (using colors too).

Operating Systems

Recent releases

  •  18 Jan 2005 23:07

    Release Notes: This release fixes SIGALRM bug that caused freezes, adds a workaround for a kernel bug in NetBSD in the setitimer call, adds the -e option that makes the program exit when a defined amount of packets have been captured, and fixes a header problem on OpenBSD. Some internals have been changed: sigaction now handles signals, and atexit handling has been added.

    •  09 Jan 2005 16:52

      Release Notes: This release adds EXPIRED and RESET status detection. The -td option displays timestamps with the date. The "u" flag to the "-w" option enables tcpick to write sniffed data in a unique file. The "b" flag to the "-w" option enables tcpick to write a banner to the unique file that introduces server and client data. Minimal UDP support and signal support with statistics were added. PPP, SLIP, SLIP_BSDOS, and PPP_BSDOS datalink support were added. Many bugfixes were made.

      •  28 Aug 2004 12:33

        Release Notes: This release adds the option "-Enum" to exit when "num" connections are marked as CLOSED (which differs from "-Efnum", which exits when all the first "num" tracked connections are marked as CLOSED), the option "-Tfnum" to stop tracking new connections when "num" is reached, a balanced AVL tree to the IP lookup engine, and several bugfixes. It now works successfully under OpenBSD and NetBSD.

        •  03 Jun 2004 18:01

          Release Notes: Most of the code has been cleaned or rewritten. This release is able to sniff files via FTP, and md5sums should be equal. A new set of options to display the rebuilt and acknowledged TCP stream to stdout in various flavours. An option `-Tnum' to track only the first `num' connections. It is possible to choose to sniff only the stream from the client, from the server, or both. A `--pipe' option to redirect a rebuilt stream to stdout as input for other software. An EXAMPLES file. Many options have been introduced and some have been deleted.

          •  08 Apr 2004 20:47

            Release Notes: This version features some bugfixes, including important changes in the functions that write the dump to files. Now files are opened in "append" mode and data are written using the fwrite() function. A big change is that data captured are stored directly in files, without using heap allocating functions (i.e. malloc and calloc). This way much less memory will be used.


            Project Spotlight


            A Fluent OpenStack client API for Java.


            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.