Which tool/utility can help you extract the application layer data from each TCP connection from a
log file into separate files?
A.
Snort
B.
argus
C.
TCPflow
D.
Tcpdump
Explanation:
Tcpflow is a program that captures data transmitted as part of TCP connections
(flows),and stores the data in a way that is convenient for protocol analysis or debugging. A
program like ‘tcpdump’ shows a summary of packets seen on the wire,but usually doesn’t store the
data that’s actually being transmitted. In contrast,tcpflow reconstructs the actual data streams and
stores each flow in a separate file for later analysis.