Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

tcpflow packet sniffer Network
If you're interested in seeing what things get sent out by your machine (for example, hidden data sent out as part of a software install or what cookies are getting set while browsing), check out tcpflow. tcpflow is a packet sniffer for unix-based operating systems. It's got more features than tcpdump (which is included with OS X). Marc Liyanage has created a Mac OS X installer package, which is available here:

http://www.entropy.ch/software/macosx/#tcpflow

The home page for tcpflow itself is here:

http://www.circlemud.org/~jelson/software/tcpflow/

Michael
    •    
  • Currently 2.33 / 5
  You rated: 5 / 5 (3 votes cast)
 
[40,795 views]  

tcpflow packet sniffer | 10 comments | Create New Account
Click here to return to the 'tcpflow packet sniffer' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Still does not watch PPP
Authored by: zzen on Aug 12, '01 07:25:23PM
This still does not solve the problem I described here. I would really like to watch PPP traffic, but with present software / os (10.0.4) this seems to be impossible. If anybody has a clue, PLEASE let me know. Thanks!

[ Reply to This | # ]
Still does not watch PPP
Authored by: mhanna on Aug 13, '01 03:17:44PM

Try setting the interface. From an email I got from the authour:

Subject: Re: pppoe0 not configured in tcpflow 0.20
From: Jeremy Elson <jelson@circlemud.org>
Date: Fri, 10 Aug 2001 08:15:40 -0700
In-Reply-To: Message from ****@hwcn.org (Michael Hanna) of "Fri, 10 Aug 2001 06:22:59 EDT." <20010810062259.754%05696@smtp1.sympatico.ca>

You can use the -i argument to specify the interface tcpflow should
use. If you get 'interface not configured' it means you have to
configure the interface via the operating system (e.g. ifconfig).

Michael Hanna writes:
>I get this error when trying to run tcpflow on my OS X machine..
>
>How do I configure so tcpflow can run over mf DSL connection?
>
>thanks,
>Michael



[ Reply to This | # ]
Still does not watch PPP
Authored by: frogger on Aug 15, '01 01:31:16PM

ummmm... Okay....

So exactly how should it be configured?

Any help greatly appreciated. I am also having the Device not configured errors...



[ Reply to This | # ]
Still does not watch PPP
Authored by: mhanna on Aug 16, '01 05:49:17PM

type ifconfig -a

at a command line...this is as far as I have gotten on this. Any help would be appreciated.

Michael



[ Reply to This | # ]
Still does not watch PPP
Authored by: oxymoron on Aug 12, '01 10:01:14PM

Sounds like you should try BrickHouse, download it from versiontracker.com
with it you can monitor ethernet, PPP, PPPoE, Airport and IP Gateway you'll like it
let me know



[ Reply to This | # ]
Strange behavior
Authored by: Jay on Aug 14, '01 12:15:59PM

This is a fantastic utility. Check this out: I have my Mac and a PC connected to a small hub on my desk. That's connected to a hub in the next office. When my PC has TCP traffic, TCPflow picks it up. Why is that? More interestingly, I can see the passwords (transmitted in clear text by Outlook) when the PC checks my email! What if I were connected to a larger hub at an office where it mattered? Could I see everyone's usernames and passwords when they check their email?



[ Reply to This | # ]
Sniffers
Authored by: bhines on Aug 14, '01 05:15:50PM
Jay: in a word, yes. You have discovered why "https" is a good thing. Network sniffing is Very Easy™. Another cool sniffer util to check out is - Ettercap. Etherpeek is a sweet network sniffer for OS9 and earlier. Etherpeek. -Ben

[ Reply to This | # ]
Hub vs Switch
Authored by: Another osX User on Aug 14, '01 10:52:36PM

>When my PC has TCP traffic, TCPflow picks it up. Why is that?

What you are witnessing is the difference between a hub and a switch. Incoming traffic from a hub will be broadcasted to any machines connected to it. Packets that are not intended for your IP are normally ignored, but packet sniffers log the receipt of the packet.

Switches only send packets to the machines that they are intended for.



[ Reply to This | # ]
re: replies
Authored by: Jay on Aug 15, '01 11:59:33AM

How interesting! Thanks very much. I new that a switch was more secure, but had never actually witnessed how public the information is!



[ Reply to This | # ]
Strange behavior
Authored by: mhanna on Aug 16, '01 05:47:02PM

I think TCPflow picks up the data going to the PC because in the Ethernet specification(Carrier Sense Multiple Access/Collision Detect) frames go to every interface on the collision domain(any interface connected by a link-layer device like a hub).

Anybody know how to configure tcpflow for a pppoe0 device??

Michael



[ Reply to This | # ]