skip to navigation
skip to content

tcpextract 1.0

Extract files from captured TCP sessions. Support live streams and pcap files.

Latest Version: 1.1

Extract files from captured TCP sessions. Support live streams and pcap files.

Supported protocols are:

  • HTTP (GET)



To install last stable release or older releases dowload the tarball and extract it:

$ tar xzvvf tcpextract-*.tar.gz
$ cd tcpextract-*
$ sudo python install

To install from git please run:

$ git clone
$ cd tcpextract
$ sudo python install


When you run tcpextract, by default, it will listen on any avaible interface and will put extracted files in ‘./output’. Please remember that capturing live streams will require root privileges. Live sniffing is really slow. If you can, use tcpdump or something else to capture data.

If you want further information on how to change default behavior please run:

$ tcpextract --help


tcpextract is modular, so it is easy to extend.

Modules are in TcpExtract.modules package. All you need to do to create your own module is to create a new file in that directory. Your module must contain a global variable called “matchlist” which is a python list or tuple containing one or more regexp needed to recognize the protocol.

You will also need to create a new class with the same name of the module which is inherited from TcpExtract.Plugin. Your class must implements the “getFile” method which can use “self.other_stream” and “self.matched_stream” lists to read the next file and append it to “self.files” list as a tuple in this format:

(Filename, # Can be None
file_extension, # if Filename is given this will not be used


tcpextract is released under GPLv3 or later.


You can contact the Author using this form

File Type Py Version Uploaded on Size
tcpextract-1.0.tar.gz (md5) Source 2012-07-18 17KB