Forensics Wiki
Register
Advertisement

TCPdStat is a useful tool that has become hard to use due to its age. TCPdStat is a Network Forensics Analysis Tool (NFAT) that allows you to break down packet capture session data into categories based on protocol. It returns statistical data that is highly useful in understanding the traffic over the network.

Installation[]

Because TCPdStat is no longer well supported it is difficult to gain access to the tool. Currently, the only proven way to install TCPdStat is to acquire the source code, compile it, and install it on a Debian based distribution of Linux.

  1. sudo apt-get install gcc make libpcap0.8-dev unzip
  2. wget https://github.com/netik/tcpdstat/archive/master.zip
  3. unzip master.zip
  4. cd tcpdstat-master
  5. make
  6. sudo make install

Popularity[]

TCPdStat was highly popular before the creation of powerful GUI NFAT tools such as wireshark. Because these tools are so powerful and have so many features TCPdStat has fallen by the wayside. However, TCPdStat can still be highly useful in some situations.

Advertisement