I'm using tcpflow to analyze traffic traces. When I launch tcpflow with -r option it creates some files, one for each flow. The problem is that some of these files are not readable. I tryed to process them with awk, but also using it i cannot visualize them correctly. Can anyone suggest me a solution?

Hello, while looking at the internet man page for tcpflow, -r switch means "Read packets from file, which was created using the -w option of tcpdump". Are you sure that you've got the right ones ? When you run "file" against the files, what does it say ?

I solved it running tcpflow -r filename.pcap -s. Thanks anyway

I want to separate each tcp or udp connection packets into a separate file, is there any tool available which can do this.

try wireshark

wireshark does not separate the connection packets, but has an option to manually ask it to that. I have a very huge file containing 40-50 k connections. manually separating is just infeasible.