Skip to main content

Extract files from captured TCP sessions. Support live streams and pcap files.

Project description

Extract files from captured TCP sessions. Support live streams and pcap files.

Supported protocols are:

  • HTTP (GET)



To install last stable release or older releases dowload the tarball and extract it:

$ tar xzvvf tcpextract-*.tar.gz
$ cd tcpextract-*
$ sudo python install

To install from git please run:

$ git clone
$ cd tcpextract
$ sudo python install


When you run tcpextract, by default, it will listen on any avaible interface and will put extracted files in ‘./output’. Please remember that capturing live streams will require root privileges. Live sniffing is really slow. If you can, use tcpdump or something else to capture data.

If you want further information on how to change default behavior please run:

$ tcpextract --help


tcpextract is modular, so it is easy to extend.

Modules are in TcpExtract.modules package. All you need to do to create your own module is to create a new file in that directory. Your module must contain a global variable called “matchlist” which is a python list or tuple containing one or more regexp needed to recognize the protocol.

You will also need to create a new class with the same name of the module which is inherited from TcpExtract.Plugin. Your class must implements the “getFile” method which can use “self.other_stream” and “self.matched_stream” lists to read the next file and append it to “self.files” list as a tuple in this format:

(Filename, # Can be None
file_extension, # if Filename is given this will not be used


tcpextract is released under GPLv3 or later.


You can contact the Author using this form

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Filename, size & hash SHA256 hash help File type Python version Upload date
tcpextract-1.0.tar.gz (18.1 kB) Copy SHA256 hash SHA256 Source None

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN SignalFx SignalFx Supporter DigiCert DigiCert EV certificate StatusPage StatusPage Status page