 |
 |
Network Traffic Monitor
|
|
|
|
|
Grizzled Veteran
Join Date: Jan 2001
Location: Evansville, IN
Status:
Offline
|
|
Is there a software package or tool I can use in OSX that lets me watch and keeps a log of my network traffic?
By network traffic, I mean I'd like to be able to see what outside computers I'm talking to (by their IP or hostname) and see which computers are trying to talk to me.
|
|
|
| |
|
|
|
|
|
|
|
Professional Poster
Join Date: Sep 2002
Location: New York, NY
Status:
Online
|
|
tcpdump (run in the Terminal) will show you everything.
|
|
Vandelay Industries
|
| |
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Jan 2001
Location: Evansville, IN
Status:
Offline
|
|
That works but I'm on a cable modem so the log is filled with all this garbage coming from other people. "ARP" requests or something. Is there a way to filter that so I only see the important stuff?
|
|
|
| |
|
|
|
|
|
|
|
Senior User
Join Date: Feb 2003
Location: Atlanta
Status:
Offline
|
|
Originally posted by ckohler:
That works but I'm on a cable modem so the log is filled with all this garbage coming from other people. "ARP" requests or something. Is there a way to filter that so I only see the important stuff?
pipe to grep -v arp
Ex: sudo tcpdump -i en0 | grep -v arp
|
|
|
| |
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Jan 2001
Location: Evansville, IN
Status:
Offline
|
|
Wonderful, thanks! One more question. What if I want to exclude additional lines? What is the correct grep syntax? For example, I tried:
sudo tcpdump -i en0 | grep -v arp exampledomain.com
...to also exclude listings from "exampledomain.com" but the above syntax just errors out.
|
|
|
| |
|
|
|
|
|
|
|
Professional Poster
Join Date: Sep 2002
Location: New York, NY
Status:
Online
|
|
Have you looked at the man page for it? It might give you some pointers for the correct syntax for filtering.
|
|
Vandelay Industries
|
| |
|
|
|
|
|
|
|
Mac Elite
Join Date: May 2001
Status:
Offline
|
|
Originally posted by ckohler:
Wonderful, thanks! One more question. What if I want to exclude additional lines? What is the correct grep syntax? For example, I tried:
sudo tcpdump -i en0 | grep -v arp exampledomain.com
...to also exclude listings from "exampledomain.com" but the above syntax just errors out.
sudo tcpdump -i en0 | grep -v arp | grep -v exampledomain.com
If your grep pattern contains characters that the shell would interpret as "wildcards" (+?[]{}), surround it by 'quotes'. If you want wildcards you need to use regular expressions (for beginners: use . instead of ?, use .* instead of *, use \. if you mean a real .).
You also can make a shell script out of such a line if you want to invoke it frequently and save some typing.
-
|
|
|
| |
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Nov 2002
Location: London, UK
Status:
Offline
|
|
How would this work for an airport connected machine. I see en0 as the ethernet port, but not sure which one is the airport.
How would I find this out (yes, I know, I need to brush up my unix knowledge ;-) )
Thanks,
J.
|
|
By all means let's be open-minded, but not so open-minded that our brains drop out - Richard Dawkins
|
| |
|
|
|
|
|
|
|
Professional Poster
Join Date: Sep 2002
Location: New York, NY
Status:
Online
|
|
The AirPort card is usually en1. You can verify this using the Network Utility in the Utilities folder.
If you're on an AirPort network, you won't see much external network traffic since AirPort creates its own network, unless you are in bridged mode.
|
|
Vandelay Industries
|
| |
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Aug 2002
Status:
Offline
|
|
You may want to look into installing Ethereal, which is available via fink. It is a very nice network analyzer that is free software. It requires X11 to run btw.
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
 
|
|
|
Forum Rules
|
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
|
Top
