Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'MacSniffer: A Native OS X Packet Sniffer' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
MacSniffer: A Native OS X Packet Sniffer
Authored by: noworryz on Feb 18, '03 03:51:22PM

Another freeware IP sniffer is MacSniffer, downloadable from Brian Hill.

Unlike ethereal, this program is native OS X and does not require the X11 package. It is a graphical front-end to the tcpdump command line utility.

The downside is that there is no manual, the output is not as clear, and the program requires a bit of experimenting to figure out. The man page for tcpdump is not much help. Here are some points to remember:

  • All the options and preferences only apply to the next capture, after you press the Start button.
  • The first time you press Start, you are asked for the admin password.
  • If you want to look at only IP traffic, not all Ethernet traffic, you can just type ip into the Filter Expression text box before pressing Start.
  • Alternatively, you can select "Filter Library" from the pull-down menu, press the "+" button to create a new filter, double-click on the new filter, and enter details in the window that pops up. Then save and close your way out. Select your new filter from the pull-down menu in the main window before pressing Start.
  • The format of addresses in the dump is a bit strange. For IP traffic they looks like these examples:
    10.109.33.12.16832
    www.apple.com.http
    ns1.myispname.net.domain
    10.1.1.205.ntp
    
    The number or text after the last period is the TCP or UDP port. Well-known ports (below 1023) are given names, such as http for port 80, domain for 53, etc. See iana.org for the complete list.

    [ Reply to This | # ]