Re: OS X packet sniffing tools

Tim Streater <timstreater@xxxxxxxxxxxx> wrote:

In article <1j48mql.skkit310kaokuN%james.dore@xxxxxxxxxxxx>,
james.dore@xxxxxxxxxxxx (James Dore) wrote:

Tim Streater <timstreater@xxxxxxxxxxxx> wrote:

Anyone been using any GUI-based packet sniffing tools? I've been using
Packet Peeper, which has the nice feature of being able to show the TCP
stream, so I can cut the lower layer crap out and see what was actually
sent/received.

Unfortunately it appears to destabilise my Mini - the other day I
suddenly couldn't launch apps from the Duck and today it wrote all over
video memory. In all cases a power-cycle fixes it. PP seems to work fine
during all this.

Today I tried MacSniffer which captures the packets OK but lacks the
ability to display the TCP stream.

All other tools appear to be for Terminal-based - unless anyone has
suggestions for other small apps I could look at.

Wireshark is available, via MacPorts or, IIRC, a .pkg install. It needs
X11 though. Have a look on VersionTracker for it.

X11, hmmm. Seems a bit heavy just to get some packets. Also, is it any
better than it was in 1990 or are you still stuck with the revolting
Motif?

VT seems to show LeoShark, which is apparently a Leopard-native port,
which might come with an Aqua UI. I haven't checked that, I'm happy with
my X11 version; since I'm using it for other things.

It's not Motif - I think it uses Qt (which in this context does not mean
QuickTime) for the UI.

Cheers,
--
james dore
IT Officer,
New College, Oxford
http://www.new.ox.ac.uk/ it-support@xxxxxxx
.

Relevant Pages

  • Re: vaporware LOS question
    ... enter a store at the exact same time and the packets arrive at the server at the ... Also, TCP is connection oriented, not necessarily stream oriented. ... The issue of "oops, my stream has backed up packets, and the player wants to ...
    (rec.games.roguelike.development)
  • Re: TCP question
    ... It's a stream. ... by its nature it behaves more like a stream at the TCP level. ... the code you have for receiving the packets ... Consecutive packets can even take different routes from sender ...
    (microsoft.public.vb.general.discussion)
  • Re: Winsock - how to insure packets are received?
    ... There are no packets, only a bidirectional stream. ... TCP works hard to abstract away the actual packets involved, and couldn't possibly care less about how often you call SendData or the size of what was "sent." ... If you want framing you have to add framing. ... And before "deblocking" your message frames from the stream you have to reassemble the received stream fragments. ...
    (microsoft.public.vb.general.discussion)
  • Re: UPD better than TCP in streaming video/audio ?
    ... > UDP gains speed over TCP because it carries no information that would ... it doesn't even know that packets were lost. ... which is perfect for UDP. ... > Finally, there's the possibility of multicast data - for instance, a live ...
    (microsoft.public.win32.programmer.networks)
  • Re: Simulating smaller MTU? ie sending small packets.
    ... This is due to the fact that TCP ... If you want smaller packets, ... >> set there as the MSS is announced by the receiver during the ... Yes, per connection. ...
    (comp.lang.perl.misc)
Loading