tcpflow/0000755000175000017500000000000012567232016011146 5ustar dimadimatcpflow/python/0000755000175000017500000000000012263702517012470 5ustar dimadimatcpflow/python/plot_wifi_aps.py0000644000175000017500000000213612263702517015703 0ustar dimadima#!/usr/bin/env python3.3 # # Read a report.xml file and output a graphviz graph of the nodes # import xml.etree.ElementTree as ET if __name__=="__main__": import sys root = ET.parse(sys.argv[1]) macs = set() ssids = set() print("digraph ssids {") for ssidnode in root.findall('.//ssid'): macs.add(ssidnode.attrib['mac']) ssids.add(ssidnode.attrib['ssid']) print(' "{}" -> "{}";'.format(ssidnode.attrib['mac'],ssidnode.attrib['ssid'])) # Send through the attributes # Make all of the boxes for mac in macs: print(' "{}" [shape=box]'.format(mac)) # color all of the SSIDs c = 1 for ssid in ssids: r = (c)//3 g = (c+1)//3 b = (c+2)//3 color = "#{:02X}{:02X}{:02X}".format(255-r*16,255-g*16,255-b*16) c += 1 if c/3>4: c = 0 print(' "{}" [color="{}",style=filled]'.format(ssid,color)) for macnode in root.findall(".//ssid/[@ssid='{}']".format(ssid)): print(' "{}" [color="{}",style=filled]'.format(macnode.attrib['mac'],color)) print("}") tcpflow/NEWS0000644000175000017500000001707012476160245011655 0ustar dimadimaVersion 1.3.1 NOV ?? Complete rewrite of the TCP state machine, now handles flows larger than 4GiB. Version 1.3.0 SEP 30 2012 Release for end of FY2012, includes bug fixes, better support for autoconf, DFXML standardizations, and the ability to compile under mingw for Windows (that was a LOT of work). Version 1.2.7 May 24 2012 (GIT) I am pleased to announce the release of tcpflow version 1.2.7 Version 1.2.7 offers two significant features over previous versions relating to the processing of the -r and the new -R options. -r file1.pcap - This option specifies a pcap file to be read. New with version 1.2.7, the -r flag may be repeated any number of times. -R file0.pcap - This option, new with version 1.2.7, allows a file to be specified that was captured in time *before* the file specified with -r. This option allows TCP sessions that started in file0.pcap and which continued into file1.pcap to be properly started. This option is useful when some external process makes packet capture files at regular intervals and then the files are reassembled later. Typically these files result from tcpdump run with the -w or -C options. Verison 1.2.7 can be downloaded from github: $ git clone git://github.com/simsong/tcpflow.git $ cd tcpflow $ sh bootstrap.sh $ ./configure $ make or from: $ https://github.com/downloads/simsong/tcpflow/tcpflow-1.2.7.tar.gz ================================================================ Version 1.2 March 15 2012 (SVN ) I am pleased to announce the release of tcpflow version 1.2. Version 1.2 is the first to include post-processing of TCP connections integrated directly into the tcpflow program itself. post-processing is optional and is performed on a per-connection basis when the connection is closed. The following post-processing method methods are currently defined. -FM - Compute the MD5 hash value of every stream on close. Currently MD5 hashes are only computed for TCP streams that contain packets transmitted contigiously. -FM processing can happen even when output is suppressed. The MD5 is written into the DFXML file. -AH - Detect Email/HTTP responses and separate headers from body. This requires that the output files be captured. If the output file is 208.111.153.175.00080-192.168.001.064.37314, Then the post-processing will create the files: 208.111.153.175.00080-192.168.001.064.37314-HTTP 208.111.153.175.00080-192.168.001.064.37314-HTTPBODY If the HTTPBODY was compressed with GZIP, you may get a third file as well: 208.111.153.175.00080-192.168.001.064.37314-HTTPBODY-GZIP Additional information about these streams, such as their MD5 hash value, is also written to the DFXML file These features are all present in Version 1.2.2, which is available now for download from http://afflib.org/ Version 1.1.0 19 January 2012 (SVN 8118) I am pleased to announce the release of tcpflow version 1.1. Version 1.1 represents a significant rewrite of tcpflow. All users are encouraged to upgrade. Significant changes include: * Entire code base migrated to C++ ; code generally improved. tcpflow's original hash table has been replaced with a tr1::unordered_map which should offer significantly more scalability. * tcpflow now automatically expires out old connections. This finally end the program's memory-hogging problem. (You can disable this behavior with -P, which makes tcpflow run faster because it never cleans up after itself. That's fine if you are working with less than a million connections.) * Multiple connections with the same (source/destination) are now detected and stored in different files. This is significant, as the previous implementation would make a single file 1-2GB in length if you the same host/port pairs with two different flows. Additional files have the same filename and a "c0001", "c0002" appended. * Filenames may now be prefixed with either the ISO8601 time or a Unix timestamp indicating the time that the connection was first seen. * tcpflow will now save a DFXML file containing information for each flow that it reconstructs. * The following new options are now implemented: -o outdir --- now works (previously was not implemented) -X xmfile --- now reports execution results in a DFXML file. (Version 1.1 will include complete notion in the XML file of every TCP connection as a DFXML -Fc --- Every file has the 'cXXXX' postfix, rather than just the files with duplicate source/destination. -Ft --- Every file has the T prefix. -FT --- Every file has an ISO8601 time prefix, e.g. 2012-01-01T09:45:15Z -mNNNN --- Specifies the minimum number of bytes that need to be skipped in a TCP connection before a new -Lname --- use the named semaphore 'name' to prevent multiple tcpflow processes printing to standard output from overprinting each other. -P --- do not prune the tcp connection table. Other improvements include: * Support for IPv6 * Support for VLANs * The default filter which was causing problems under MacOS has been removed. tcpflow can be downloaded from: http://afflib.org/ http://afflib.org/software/tcpflow Finally, because the previous maintainer had lost control of the old tcpflow mailing list, a new one has been created at Google Groups. You can subscribe at: http://groups.google.com/group/tcpflow-users Version 1.0.4 November 24, 2011 * Default fitler changed to ""; previous default filter was causing problems on macs. Version 1.0.2 September 30, 2011 * IPv6 code added Version 1.0.0 January 2011 * Updated to support VLANs. VLAN packets are marked by hex 0x8100 following the destination and source mac addresses, followed by the 16-bit VLAN address, followed by 0x0800 marking the beginning of the traditional IP header. Version 0.30 October 2007 * Simson Garfinkel is now the maintainer of this package * Modified to set the time of each tcpflow with the time of the first packet. * Created a regression test, so "make check" and "make distcheck" now work. * Updated to modern autoconf tools. Version 0.20 (February 26, 2001): * A bug was fixed that caused out-of-order reassembly to generate seemingly very large files on some systems (specifically, those that support fgetpos/fsetpos). * Bug fixed that caused the interface to be left in promiscuous mode after tcpflow terminated * The -r option was added, contributed by Jose M. Alcaide * We now distribute tcpflow RPMs, thanks to a spec file submitted by Ross Golder . Version 0.12 (April 20, 1999): * Now compiles under IRIX, and using non-GCC compilers. * Workaround for the Linux/libpcap bug that prevented tcpflow from listening to packets on the Linux loopback interface. It's not perfect -- it appears impossible to install a libpcap filtering expression when listening to the Linux loopback interface. Thus, *all* flows on that interface are recorded. Someday I may try to fix either libpcap or the Linux kernel so that this workaround is not necessary. Version 0.11 (April 13, 1999): * Support for older (libc5) Linux systems (submitted by Johnny Tevessen ). * Some minor fixes. Version 0.10 (April 12, 1999): * First public release. tcpflow/tests/0000755000175000017500000000000012567231732012314 5ustar dimadimatcpflow/tests/iphtest-nitroba-100.txt0000644000175000017500000000137212263702517016467 0ustar dimadimatrim before: 4999 trim after: 99 nodes: 99 histogram size: 29 0.0.0.0/2 count=2950 64.0.0.0/7 count=4330 66.0.0.0/7 count=9316 68.0.0.0/8 count=354 69.16.0.0/14 count=174 69.22.167.192/28 count=3917 69.22.167.208/28 count=11753 69.22.167.224/27 count=4169 69.24.0.0/13 count=2048 69.32.0.0/11 count=748 69.64.0.0/10 count=125 69.128.0.0/9 count=87 70.0.0.0/7 count=95 72.0.0.0/7 count=3457 74.0.0.0/7 count=9695 76.0.0.0/6 count=1140 80.0.0.0/4 count=581 96.0.0.0/3 count=3 128.0.0.0/2 count=1316 192.168.1.64/26 count=12544 192.168.15.4 count=71478 192.192.0.0/10 count=22 194.0.0.0/7 count=119 196.0.0.0/6 count=4423 200.0.0.0/5 count=2773 208.0.0.0/8 count=8403 209.0.0.0/8 count=6856 212.0.0.0/6 count=59 216.0.0.0/5 count=4823 tcpflow/tests/test1-part1.pcap0000644000175000017500000000644212263702517015251 0ustar dimadimaòPHb66[E(@@fiPB} P/|PHhFF[E8cJfj5E(@?fiPB}PHXmZZ[EL/@gbf{{8_# ̔ =*C̔:̔>T̔m9p\ PH~ZZ[EL85ٮf{{8$*\H7̔C2̔m9p\ ̔m<ס̔m JJ[EfJ}h P6< 1jPH JJ[E<7nJ}hfP NX6(= ;~1jPH BB[E47@@ fJ}h P6NY 1j;~PH [E3@@fJ}h P6NYo 1j;~GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_5; en-us) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.2 Safari/525.20.1 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us Accept-Encoding: gzip, deflate Cookie: rememberme=true; PREF=ID=509fa92efffbd577:LD=en:NR=100:TM=1210898180:LM=1218831137:L=0veUs8ZfoozNBR3nyhxk:DV=AA:GM=1:IG=1:S=HFBwZ4As7wZ2VuJy; NID=15=rLfzXrsL_QsVJ0v8OYAPxDlzLxugre3bK075NPVsTnY-vAIF-pb4taX0m5sGH9-hRC8LH2_NgSRFRM4DhiKhJU77lHWx7DHoYLNgnFwEeS7P0B_aJRF783hRFvKZ2NNl Connection: keep-alive Host: www.google.com PH4! BB[E47nJ}hfP NY6n ;~1jPHS __[EQ7iJ}hfP NY6nn ;~1jHTTP/1.1 200 OK Cache-Control: private, max-age=0 Date: Mon, 06 Oct 2008 17:54:54 GMT Expires: -1 Content-Type: text/html; charset=UTF-8 Content-Encoding: gzip Server: gws Content-Length: 2589 XmW:~k_;/8hK=lKȲl ˱4Ȳcɣg^50x4G1HH[dөcDʑ r'lp2NuH 13dhѐ9?7o"35hZ+@c((69Jx;?ȠN f1;!KkRM0\"EOpЖ e>Z@A =-"BH )bz B,t;~S.`N8%\GbtE4ۻRjE6X B_L)"$q~h; .Kע;kH)=!.!ү#u)TmyL6,(ʪfIZ3LfʊeOxH6|3FYHVVX;S QB1 > b@Zn)]1J%c: %*xgxjQU (o nIXB b ؆N .m-g4ͬ:@/'<;դ߼: u՗+w^~s~GG@'tK154p>=l `5o݊Mbfh,h\cn,(ӐK| '8̴̈́ ImX<înY|̑{7`Q]7>Las QI@-cciXOgM}{Wu?\fDY,'`'Yb4WQ{n,95k"E+j4ֆ X6_߬=HjMQL dE \o[q1q3^S4CkH'`"X:8i" d* Kn3靾,nh\t_)>FE*$hNdݕB"^D/IL7L H x*i@ L\9ig֠8#HrM$\JW2*+N hөn8UOmfJQJSg}SBBfץ@nR&ZhPH BB[E4@@FfJ}h P6Svr 1j;~tcpflow/tests/test7-three-flows.pcap0000644000175000017500000000360012263702517016460 0ustar dimadimaò͋MJJ ےy 0E<H@@\.'Pb P͋MBB0 ےy E4@E\'.PAP?͋M66 ےy 0E(I@@\.'PPBP\bӋMeRR ےy 0EDJ@@\.'PPBP\bThis is connection number 1 ӋM<<0 ےy E(g@\'.PBPP\phԋM#66 ےy 0E(K@@\.'PPBP\bԋMt$<<0 ےy E(h@\'.PBPP\pfԋM$66 ےy 0E(L@@\.'PPCP\bMJJ ےy 0E<@@7+\.'Бb qMBB0 ےy E4@E\'.j@ВЙ^Mן66 ےy 0E(@@7>\.'ВjAP\bMx RR ےy 0ED@@7!\.'ВjAP\bThis is connection number 2 Mdy <<0 ےy E(!@vc\'.jAЮP\M 66 ےy 0E(@@7<\.'ЮjAP\bMX <<0 ےy E(!@vb\'.jAЯP\M 66 ےy 0E(@@7;\.'ЯjBP\b\M JJ ےy 0E<$3@@ \.'pLb h\M{ BB0 ےy E4@E\'.p,pL݀\M 66 ےy 0E($4@@\.'pLp,P\baM RR ےy 0ED$5@@\.'pLp,P\bThis is connection number 3 aMH <<0 ےy E(_@\'.p,pLP\`bMK 66 ےy 0E($6@@\.'pLp,P\bbM <<0 ےy E(`@\'.p,pLP\`bM 66 ےy 0E($7@@\.'pLp,P\btcpflow/tests/test-pdfs.sh0000755000175000017500000000040112567231732014557 0ustar dimadima#!/bin/sh # . $srcdir/test-subs.sh # create PDFs for all of the pcap files for i in $DMPDIR/*.pcap do echo $i cmd "$TCPFLOW -Fg -e netviz -o tmp$$ -r $i" cmd "mv tmp$$/report.pdf `basename $i .pcap`.pdf" echo "" /bin/rm -rf tmp$$ test?.pdf done tcpflow/tests/test1.sh0000755000175000017500000000554012567231732013717 0ustar dimadima#!/bin/sh # # test to make sure that we can process the packets normally # . $srcdir/test-subs.sh for t in 1 2 3 do echo echo ======== echo check $t echo ======== # Run the program DMPFILE=$DMPDIR/test$t.pcap echo checking $DMPFILE if ! [ -r $DMPFILE ] ; then echo $DMPFILE not found ; fi /bin/rm -rf out cmd "$TCPFLOW -o out -X out/report.xml -r $DMPFILE" case $t in 1) checkmd5 out/"074.125.019.101.00080-192.168.001.102.50956" "ae30a88136feb0655492bdb75e078643" "136" checkmd5 out/"074.125.019.104.00080-192.168.001.102.50955" "61051e417d34e1354559e3a8901d19d3" "2792" checkmd5 out/"192.168.001.102.50955-074.125.019.104.00080" "14e9c335bf54dc4652999e25d99fecfe" "655" checkmd5 out/"192.168.001.102.50956-074.125.019.101.00080" "78b8073093d107207327103e80fbdf43" "604" # Check the times if ! ls -l out/074.125.019.101.00080-192.168.001.102.50956 | grep '2008' >/dev/null ; then echo utimes on packet files not properly set. exit 1 fi ;; 2) checkmd5 out/"010.000.000.001.09999-010.000.000.002.36559--42" "b7d0b9ee8a7c1ea94b6b43b5a3e0da83" checkmd5 out/"010.000.000.002.36559-010.000.000.001.09999--42" "c4b95c552616bda3e21d063e8ee2e332" ;; 3) ;; 4) checkmd5 out/2001:0:53aa:64c:422:2ece:a29c:9cf6.51391-2001:67c:1220:809::93e5:916.00080 2600d38f9524c66f190212bbdb6f3c96 checkmd5 out/2001:0:53aa:64c:422:2ece:a29c:9cf6.51392-2001:67c:1220:809::93e5:916.00080 ea4d328b4c831f6cb54772bcaa206ad1 checkmd5 out/2001:0:53aa:64c:422:2ece:a29c:9cf6.51393-2001:67c:1220:809::93e5:916.00080 775823553ec206c97c079ab054869c80 checkmd5 out/2001:0:53aa:64c:422:2ece:a29c:9cf6.51394-2001:67c:1220:809::93e5:916.00080 4b12431fb1403ed45a0cdd264c555c21 checkmd5 out/2001:0:53aa:64c:422:2ece:a29c:9cf6.51395-2001:67c:1220:809::93e5:916.00080 3a2c8438a3e42e617b0d134ae9bb2f0a checkmd5 out/2001:0:53aa:64c:422:2ece:a29c:9cf6.51396-2001:67c:1220:809::93e5:916.00080 547bdc57f5ac3bac3b6620afc19d5a00 checkmd5 out/2001:67c:1220:809::93e5:916.00080-2001:0:53aa:64c:422:2ece:a29c:9cf6.51391 2a8f64558ad7a1731e4950a3f7f16913 checkmd5 out/2001:67c:1220:809::93e5:916.00080-2001:0:53aa:64c:422:2ece:a29c:9cf6.51392 92e4df1f268a7f7b1244b4ddc67120d3 checkmd5 out/2001:67c:1220:809::93e5:916.00080-2001:0:53aa:64c:422:2ece:a29c:9cf6.51393 873ce29539afc9bd72d65c11d9aef2f7 checkmd5 out/2001:67c:1220:809::93e5:916.00080-2001:0:53aa:64c:422:2ece:a29c:9cf6.51394 c043c19025e6ba8278b7ddb6f08d68d3 checkmd5 out/2001:67c:1220:809::93e5:916.00080-2001:0:53aa:64c:422:2ece:a29c:9cf6.51395 ca32de2d5504c6f8dc32610d94046106 checkmd5 out/2001:67c:1220:809::93e5:916.00080-2001:0:53aa:64c:422:2ece:a29c:9cf6.51396 b4772e037e05aaf315aaad911a59650d ;; esac /bin/rm -f *.[0-9][0-9][0-9][0-9][0-9]-[0-9][0-9][0-9].* /bin/rm -f *.[0-9][0-9][0-9][0-9][0-9]-[0-9][0-9][0-9][0-9]:* echo Packet file $t completed successfully done /bin/rm -rf out exit 0 tcpflow/tests/test-iptree.sh0000755000175000017500000000156112567231732015123 0ustar dimadima. $srcdir/test-subs.sh echo DMPDIR=$DMPDIR echo TCPFLOW=$TCPFLOW # check the results checkmd5() { if [ ! -r $1 ] ; then echo file $1 was not created ls -l exit 1 fi md5val=`openssl md5 $1 | awk '{print $2;}'` if [ x$2 != x$md5val ]; then echo failure: $1 echo expected md5: $2 "(got '$md5val')" echo expected length: $3 ls -l $1 exit 1 fi } testmd5() { md5val=`openssl md5 $1 | awk '{print $2;}'` len=`stat -r $1 | awk '{print $8;}'` echo checkmd5 \"$1\" \"$md5val\" \"$len\" } cmd() { echo $1 if ! $1 ; then echo failed; exit 1; fi } NITROBA=/corp/nps/packets/2008-nitroba/nitroba.pcap if [ -r $NITROBA ]; then /bin/rm -rf out1 cmd "$TCPFLOW -S netviz_max_histogram_size=1000 -S netviz_histogram_dump=1 -o out1 -r $NITROBA" /bin/rm -rf out1 else echo $NITROBA not present. fi exit 0 tcpflow/tests/test-multifile.sh0000755000175000017500000001543712567231732015634 0ustar dimadima#!/bin/sh # test the multifile . $srcdir/test-subs.sh # this test requires MULTIFILE MULTIFILE=/corp/nps/packets/2013-httpxfer/multifile_25_21.pcap if [ ! -r $MULTIFILE ]; then echo missing $MULTIFILE exit 0 fi testlist="1 2 3 4 10 100" deldir=yes if test x$1 != x ; then echo Just testing $1 testlist=$1 deldir=no fi OUT=/tmp/out$$ for maxfds in $testlist do /bin/rm -rf $OUT if test -x $OUT ; then echo out directory not deleted. ls -l $OUT exit 1 fi cmd="$TCPFLOW -f $maxfds -o $OUT -X $OUT/report.xml -r $MULTIFILE -a" $TCPFLOW -V echo $cmd if ! $cmd; then echo tcpdump failed; exit 1 ; fi checkmd5 "$OUT/038.122.002.045.00080-192.168.123.101.04634" "e0971231a9473c40c2de398b73dc0d80" "3183" checkmd5 "$OUT/038.122.002.045.00080-192.168.123.101.04634-HTTPBODY-001.png" "9e7819dcf5f9ebff79a9d2b09caac6fc" "2947" checkmd5 "$OUT/038.122.002.045.00080-192.168.123.101.04637" "e24c1889394a9b693e4211c294476e5d" "6497" checkmd5 "$OUT/038.122.002.045.00080-192.168.123.101.04637-HTTPBODY-001.png" "b1ba2f6d2bf1adaa9ffc2208eb383844" "2943" checkmd5 "$OUT/038.122.002.045.00080-192.168.123.101.04637-HTTPBODY-002.png" "e55dcbaf4c9b3437b1af2764721dfcf7" "3082" checkmd5 "$OUT/038.122.002.045.00080-192.168.123.101.04648" "5870e48e497c50487def6714540ab7d3" "3346" checkmd5 "$OUT/038.122.002.045.00080-192.168.123.101.04648-HTTPBODY-001.png" "b5e24b33589a29a73709661ff7f51243" "3110" checkmd5 "$OUT/038.122.002.045.00080-192.168.123.101.04649" "6564a6583bb31f5fc0b97d233450a98e" "3436" checkmd5 "$OUT/038.122.002.045.00080-192.168.123.101.04649-HTTPBODY-001.png" "e27d7c5537b03f08cd8f80b179b9c321" "3200" checkmd5 "$OUT/038.122.002.045.00080-192.168.123.101.04654" "45f8461dab7b145667093aab500600bc" "896" checkmd5 "$OUT/038.122.002.045.00080-192.168.123.101.04654-HTTPBODY-001" "fa5c9a9bf04219147f73e4fd9f72193d" "1473" checkmd5 "$OUT/038.122.002.045.00080-192.168.123.101.04655" "53d401972e8b0600e6e41500dc6da31b" "668" checkmd5 "$OUT/038.122.002.045.00080-192.168.123.101.04655-HTTPBODY-001" "230d6a43654bc5cf8891601df7218f19" "32" checkmd5 "$OUT/038.122.002.045.00080-192.168.123.101.04655-HTTPBODY-002" "230d6a43654bc5cf8891601df7218f19" "32" checkmd5 "$OUT/046.137.228.251.00080-192.168.123.101.04646" "7f8700b151e6eb5623993eb7ca80bf7d" "26160818" checkmd5 "$OUT/046.137.228.251.00080-192.168.123.101.04646-HTTPBODY-001" "538ae956097d9ee5813441561ec4ad33" "26160468" checkmd5 "$OUT/046.137.228.251.00080-192.168.123.101.04651" "6a980b667ac975f9ce031b11d7349559" "22751630" checkmd5 "$OUT/046.137.228.251.00080-192.168.123.101.04651-HTTPBODY-001" "bc5222e0c58a7be607dc9ce4bf121490" "1290" checkmd5 "$OUT/046.137.228.251.00080-192.168.123.101.04651-HTTPBODY-002" "64576f998dde977627d8131b5aa33ee8" "4000" checkmd5 "$OUT/046.137.228.251.00080-192.168.123.101.04651-HTTPBODY-003" "b94ff046f678a5e89d06007ea24c57ec" "22749412" checkmd5 "$OUT/063.217.232.082.00443-192.168.123.101.04607" "524b5d5853191e976128502cf33f5576" "53" checkmd5 "$OUT/074.125.128.094.00443-192.168.123.101.04587" "6092dbf3a2098fa0fa135db550043c63" "102" checkmd5 "$OUT/074.125.128.125.05222-192.168.123.101.02503" "f7fef5760e6fbc27faccea641f581299" "15165" checkmd5 "$OUT/074.125.128.125.05222-192.168.123.101.04000" "3f0ee6e9d4c523ba8d2362e569e31035" "602" checkmd5 "$OUT/074.125.128.136.00443-192.168.123.101.04657" "8fbfee96d692fdd6c2e18206bc26ef83" "3217" checkmd5 "$OUT/074.125.128.138.00443-192.168.123.101.04586" "001a6a55b70316c68b0dbf7a2ecafe9f" "11210" checkmd5 "$OUT/110.045.186.224.01120-192.168.123.101.04660" "7522c09ef4414d352984f89625da3ef4" "199" checkmd5 "$OUT/110.045.186.224.01120-192.168.123.101.04660-HTTPBODY-001.html" "43c55722039e66f40fd12cf03d68f1e0" "23" checkmd5 "$OUT/110.045.186.224.01120-192.168.123.101.04661" "3b2e761992ea2aaeacf7f783fd7a354f" "178" checkmd5 "$OUT/110.045.186.224.01120-192.168.123.101.04661-HTTPBODY-001.html" "ecaa88f7fa0bf610a5a26cf545dcd3aa" "3" checkmd5 "$OUT/110.045.186.225.01120-192.168.123.101.04658" "d8a9d91e4514d98771bbcccbfa0f8309" "2148" checkmd5 "$OUT/110.045.186.225.01120-192.168.123.101.04658-HTTPBODY-001.html" "b4ec4bc12cf6f200acfeb0a68d373c35" "1970" checkmd5 "$OUT/173.194.038.190.00443-192.168.123.101.04606" "2c99627350d11352ae267b7111b36167" "102" checkmd5 "$OUT/182.162.057.224.00443-192.168.123.101.04595" "3403a3dcb06aeba43d503e3ea5b082f7" "53" checkmd5 "$OUT/182.162.057.224.00443-192.168.123.101.04598" "a8a48f227b7147ae7b47af04ceaa0878" "53" checkmd5 "$OUT/192.168.123.101.02503-074.125.128.125.05222" "ffcf862c8632cd11235ea8d7100fc106" "8445" checkmd5 "$OUT/192.168.123.101.04000-074.125.128.125.05222" "93b885adfe0da089cdf634904fd59f71" "1" checkmd5 "$OUT/192.168.123.101.04586-074.125.128.138.00443" "7231901ed6805790ef9ae1ea8b2b16ea" "5576" checkmd5 "$OUT/192.168.123.101.04587-074.125.128.094.00443" "93b885adfe0da089cdf634904fd59f71" "1" checkmd5 "$OUT/192.168.123.101.04591-202.043.063.139.00443" "93b885adfe0da089cdf634904fd59f71" "1" checkmd5 "$OUT/192.168.123.101.04595-182.162.057.224.00443" "93b885adfe0da089cdf634904fd59f71" "1" checkmd5 "$OUT/192.168.123.101.04598-182.162.057.224.00443" "93b885adfe0da089cdf634904fd59f71" "1" checkmd5 "$OUT/192.168.123.101.04606-173.194.038.190.00443" "93b885adfe0da089cdf634904fd59f71" "1" checkmd5 "$OUT/192.168.123.101.04607-063.217.232.082.00443" "93b885adfe0da089cdf634904fd59f71" "1" checkmd5 "$OUT/192.168.123.101.04615-074.125.128.100.00080" "93b885adfe0da089cdf634904fd59f71" "1" checkmd5 "$OUT/192.168.123.101.04634-038.122.002.045.00080" "a86fc704a0a8e49043a43211c56ac6f4" "749" checkmd5 "$OUT/192.168.123.101.04637-038.122.002.045.00080" "b0e06f173af7d6bed3a1b93358116b1e" "1493" checkmd5 "$OUT/192.168.123.101.04646-046.137.228.251.00080" "a0a547efbcb42b4ac1b2a74334e1be41" "893" checkmd5 "$OUT/192.168.123.101.04648-038.122.002.045.00080" "5c22ffaef694fd09f829563aa8cc9e3b" "752" checkmd5 "$OUT/192.168.123.101.04649-038.122.002.045.00080" "210ee9c362c938ef68630ebab12c4a17" "750" checkmd5 "$OUT/192.168.123.101.04651-046.137.228.251.00080" "49cc6cc8758ec5b605a7d6f62af291af" "2791" checkmd5 "$OUT/192.168.123.101.04654-038.122.002.045.00080" "bde02e78dbdc16949d2580f7c1d91099" "941" checkmd5 "$OUT/192.168.123.101.04655-038.122.002.045.00080" "3b4417ab638ca9120c7fb49bfeb73d4c" "2046" checkmd5 "$OUT/192.168.123.101.04657-074.125.128.136.00443" "fe8a9a4d79ac47ba78464ac835e32d3b" "2095" checkmd5 "$OUT/192.168.123.101.04658-110.045.186.225.01120" "e6493e52f04325f9a06e22dc7f977a04" "297" checkmd5 "$OUT/192.168.123.101.04660-110.045.186.224.01120" "dcd18bf7b6572443215154539a37d75c" "363" checkmd5 "$OUT/192.168.123.101.04661-110.045.186.224.01120" "d202ebd7c286d1ea4734bdbef69431c6" "323" checkmd5 "$OUT/202.043.063.139.00443-192.168.123.101.04591" "722c54c6443119b6c411359b9b7a47c2" "53" if test $deldir == "yes" ; then /bin/rm -rf $OUT fi done exit 0 tcpflow/tests/bug3.pcap0000644000175000017500000014567212263702517014035 0ustar dimadimaò>H@@.OakhE,tAv@P{Ř`@|O.>Hٽ@@.OakhE(&@-Av@P|řJP T{>H.OakhE'@-[Av@P|řJP uHTTP/1.1 200 OK Date: Tue, 22 Jul 2008 01:59:37 GMT Server: Apache Cache-Control: no-cache Pragma: no-cache Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: text/html;charset=ISO-8859-1 2066 Pacific Grove Weather Forecast and Conditions California (93950) var css='style_sheet.css?01272008';if(typeof(pageType)!="undefined"&&pageType=="920"){css="global.css?01272008";} if(typeof(usingGrids)!="undefined"&&usingGrids=="yes"){css="global_grids.css?01272008";} document.write(''); 368a

Home Travel Driving & Traffic Healthy Living Home & Family Sports & Recreation Climate & Green The Weather Channel TV