Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Ethereal packet sniffer available Network
Ethereal is a NetXray-like tool that runs in an X-Window environment. I was most pleased to discover that it has already been successfully ported to OSX!

See (look under downloads - binary packages)

This was really good work by Peter F. Handel. If you have X-Widows running on OSX (you can do this with either the free XFree86 or Tenon's commercial XTools), this application is worth a look.
  • Currently 4.00 / 5
  You rated: 5 / 5 (3 votes cast)

Ethereal packet sniffer available | 5 comments | Create New Account
Click here to return to the 'Ethereal packet sniffer available' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Getting the Ethereal Packet Sniffer Up and Running
Authored by: noworryz on Feb 18, '03 01:11:24PM

Here's the easy way to get ethereal up and running so you can diagnose network problems with an IP Sniffer:

  1. Download and install the X11 (X-Windows) package from Apple.
  2. Download and install the Fink package from
  3. Download and install the Fink Commander package from
  4. Edit your ~/.cshrc file (using a text editor such as pico or BBEdit) to contain the line
    source /sw/bin/init.csh
    as described in the Fink ReadMe.rtf file.
  5. Double-click on the Fink Commander icon, scroll down to the package named ethereal, control-click on the line and select "Binary/Install" from the contextual menu.
  6. Double-click on the X11 icon in your Applications folder.
  7. Type
    sudo ethereal
    in the X11 terminal window, entering your admin password when requested. Ethereal starts up.
  8. Select Start from the Capture memory, enter the number of packets you want to collect and click OK.
That's it!

[ Reply to This | # ]
Getting the Ethereal Packet Sniffer Up and Running
Authored by: Balz on Dec 16, '03 03:37:50AM

I did the following steps (under 10.3.1 on my G4 12' PB):
- installed X11 (works fine, e.g. xeyes shows eyes)
- installed Fink 0.6.2 (no error message - how can I see if it installed correctly?)
- installed FinkCommander (just copy to Applications folder)
- in FinkCommander mark ethereal, select Binary --> Install
- Error message: "Can't exec "/usr/bin/nm": No such file or directory at /sw/lib/perl5/Fink/ line 234."

I do not understand what is missing. Yes, there is no /usr/bin/nm. But who and when should it be installed?

Thanks for any hint

[ Reply to This | # ]
Getting the Ethereal Packet Sniffer Up and Running
Authored by: fellow on Dec 16, '03 06:35:18PM

Try running:

apt-get install ethereal (or ethereal-ssl)

That installed the binaries for 10.3, which are working fine for me.



[ Reply to This | # ]
Getting the Ethereal Packet Sniffer Up and Running
Authored by: Balz on Dec 17, '03 02:42:18AM

Thanks for the hint. in the meantime I installed some other tools from 3rd and 4th CD of Panther Upgrade.

Now I did in X11-Terminal
% sudo apt-get install ethereal
Sorry, ethereal is already the newest version.

% sudo ethereal
dyld: ethereal can't open library: /sw/lib/libdl.0.dylib (No such file or directory, errno = 2)
Trace/BPT trap

who shuld install this lib?

regards, Balz

[ Reply to This | # ]
MacSniffer: A Native OS X Packet Sniffer
Authored by: noworryz on Feb 18, '03 03:51:22PM

Another freeware IP sniffer is MacSniffer, downloadable from Brian Hill.

Unlike ethereal, this program is native OS X and does not require the X11 package. It is a graphical front-end to the tcpdump command line utility.

The downside is that there is no manual, the output is not as clear, and the program requires a bit of experimenting to figure out. The man page for tcpdump is not much help. Here are some points to remember:

  • All the options and preferences only apply to the next capture, after you press the Start button.
  • The first time you press Start, you are asked for the admin password.
  • If you want to look at only IP traffic, not all Ethernet traffic, you can just type ip into the Filter Expression text box before pressing Start.
  • Alternatively, you can select "Filter Library" from the pull-down menu, press the "+" button to create a new filter, double-click on the new filter, and enter details in the window that pops up. Then save and close your way out. Select your new filter from the pull-down menu in the main window before pressing Start.
  • The format of addresses in the dump is a bit strange. For IP traffic they looks like these examples:
    The number or text after the last period is the TCP or UDP port. Well-known ports (below 1023) are given names, such as http for port 80, domain for 53, etc. See for the complete list.

    [ Reply to This | # ]