From the doc: 'tcpflow is a program that captures data transmitted as part of TCP connections (flows), and stores it in a way that is convenient for protocol analysis or debugging. A program like 'tcpdump' only shows a summary of packets seen on the wire, but usually doesn't store the data that's actually being transmitted. In contrast, tcpflow reconstructs the actual data streams and stores each flow in a separate file for later analysis. tcpflow understands sequence numbers and will correctly reconstruct data streams regardless of retransmissions or out-of-order delivery. However, it currently does not understand IP fragments; flows containing IP fragments will not be recorded properly.'