Tcpread: An Aid to Analysing tcpdump Traces

In order to gather statistics about the traffic on a network it is necessary to have a capture of network traffic. When packet captures are examined connection state can be tracked to extract information and the extracted information can be grouped, in order to present it in a meaningful manner. tcpdump is a popular packet monitoring and capture tool that produces lines of text output. When TCP packets are captured the format used preserves some of the information from the IP header and most of the information from the TCP header. In order to examine tcpdump traces a tool has been created which can read the output of tcpdump and track the state of the connections in the trace.