You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A simple, cross-platform utility to classify packets into flows using only the essential 4-tuple (src_ip, dst_ip, src_port, dst_port). Each flow is saved as a separate pcap file, named with its 4-tuple and the timestamp of its first packet. No payload reassembly or extra processing is performed—just pure flow separation for your analysis needs.
Why pkt2flow?
Existing tools like tcpflow, tcpslice, and tcpsplit either reduce trace volume or reassemble payloads, which may not fit all research or analysis needs. pkt2flow fills the gap by simply splitting packets into flows, making it ideal for deep packet inspection, flow classification, and traffic research.
./pkt2flow [-huvx] [-o outdir] pcapfile
Options:
-h Print this help and exit
-u Also dump (U)DP flows
-v Also dump in(v)alid TCP flows without the SYN option
-x Also dump non-UDP/non-TCP IP flows
-o (O)utput directory
Example
./pkt2flow -u -o output_flows/ input.pcap
This will split all TCP and UDP flows from input.pcap into separate files in the output_flows/ directory.
Troubleshooting
libpcap not found on macOS (Apple Silicon):
Set the PKG_CONFIG_PATH before running cmake:
Linker warnings about /usr/local/opt/llvm/lib:
These are harmless if you are not using a custom LLVM install. You can ignore them or remove the path from your environment.
Contributing
Fork the repository
Create a feature branch
Make your changes with appropriate tests
Ensure all tests pass and code follows the style guide
Submit a pull request
Contributors
About
A simple, cross-platform utility to classify packets into flows using only the essential 4-tuple.
