Which tool/utility can help you extract the application layer data from each TCP connection from a log file into separate files?
A.
Snort
B.
argus
C.
TCPflow
D.
Tcpdump
Explanation:
Tcpflow is a program that captures data transmitted as part of TCP connections (flows), and stores the data in a way that is convenient for protocol analysis or debugging. A program like ‘tcpdump’ shows a summary of packets seen on the wire, but usually doesn’t store the data that’s actually being transmitted. In contrast, tcpflow reconstructs the actual data streams and stores each flow in a separate file for later analysis.