MacSniffer - A TCPdump GUI Frontend

[Hack5190]

While searching for a method to update 'tcpdump' (packet sniffer) in Sierra I came across a PPC GUI front end to 'tcpdump' called MacSniffer. Having retired my PPC systems I'm not able to test this program, but will gladly update this post (to make it easier for future viewers) with feedback.

Here is a description of MacSniffer:

MacSniffer is a front end to the built-in 'tcpdump' packet sniffer on Mac OS X. MacSniffer allows you to view all of the traffic on a network connection, such as ethernet. MacSniffer includes a filter editing interface and a filter library to easily construct and reuse packet filters to view a subset of all the traffic on the connection, such as just that destined for a specific host or port. You can choose the level of detail you want captured, from just the minimal packet headers (showing source and destination hosts and ports) up to a full hex and ASCII dump of the packet contents. MacSniffer can be useful for diagnosing many network problems, debugging client/server programs, and scanning for particular network exploits in real time.

The original publisher is gone, but it can still be downloaded via the Internet Wayback machine at this URL:
https://web.archive.org/web/20110628222003/http://personalpages.tds.net/~brian_hill/downloads.html

The man page for tcpdump is available here: http://ss64.com/osx/tcpdump.html

NOTE: See post #9 from @Lastic RE: needed permission changes.

 

[eyoungren]

While searching for a method to update 'tcpdump' (packet sniffer) in Sierra I came across a PPC GUI front end to 'tcpdump' called MacSniffer. Having retired my PPC systems I'm not able to test this program, but will gladly update this post (to make it easier for future viewers) with feedback.

Here is a description of MacSniffer:

MacSniffer is a front end to the built-in 'tcpdump' packet sniffer on Mac OS X. MacSniffer allows you to view all of the traffic on a network connection, such as ethernet. MacSniffer includes a filter editing interface and a filter library to easily construct and reuse packet filters to view a subset of all the traffic on the connection, such as just that destined for a specific host or port. You can choose the level of detail you want captured, from just the minimal packet headers (showing source and destination hosts and ports) up to a full hex and ASCII dump of the packet contents. MacSniffer can be useful for diagnosing many network problems, debugging client/server programs, and scanning for particular network exploits in real time.

The original publisher is gone, but it can still be downloaded via the Internet Wayback machine at this URL:
https://web.archive.org/web/20110628222003/http://personalpages.tds.net/~brian_hill/downloads.html

The man page for tcpdump is available here: http://ss64.com/osx/tcpdump.html

Hmmmm…going to see about that tonight when I get home.

I'm pretty ignorant about stuff like this, so forgive the following question if it's a stupid one. Is this similar in any way to Wireshark or are they entirely different things?

 

[Hack5190]

Hmmmm…going to see about that tonight when I get home.

I'm pretty ignorant about stuff like this, so forgive the following question if it's a stupid one. Is this similar in any way to Wireshark or are they entirely different things?

Erik both do network sniffing / monitoring. tcpdump is included by Apple (as part of the OS) and command line based. Wireshark is a GUI based third party add-on. Most people prefer Wireshark because it can decode lots of protocols and has lots of filters. tcpdump has limited protocol decoding but is available (without installing anything else) on most *NIX systems. In fact you can use tcpdump to capture traffic by writing it to a file, then use Wireshark to analyze the capture.

 

[Lastic]

While searching for a method to update 'tcpdump' (packet sniffer) in Sierra I came across a PPC GUI front end to 'tcpdump' called MacSniffer. Having retired my PPC systems I'm not able to test this program, but will gladly update this post (to make it easier for future viewers) with feedback.

Here is a description of MacSniffer:

The original publisher is gone, but it can still be downloaded via the Internet Wayback machine at this URL:
https://web.archive.org/web/20110628222003/http://personalpages.tds.net/~brian_hill/downloads.html

The man page for tcpdump is available here: http://ss64.com/osx/tcpdump.html

Brilliant find, another networking tool I can add to my Powerbook !

Funny coincidence, I was helping/explaining my colleauge how to install iperf3 on her brand new MBP macOS at work, had to explain what an executable binary was and how to execute it in Terminal.

As such I went to look if it existed for PPC and looks like Macports has the iperf3 port whereas the original site only has a pre-compiled binary for iperf2.

Did you ever look for /find a GUI for iperf ? I found jperf but tend to stay away from Java if I can.

 

[eyoungren]

While searching for a method to update 'tcpdump' (packet sniffer) in Sierra I came across a PPC GUI front end to 'tcpdump' called MacSniffer. Having retired my PPC systems I'm not able to test this program, but will gladly update this post (to make it easier for future viewers) with feedback.

Here is a description of MacSniffer:

MacSniffer is a front end to the built-in 'tcpdump' packet sniffer on Mac OS X. MacSniffer allows you to view all of the traffic on a network connection, such as ethernet. MacSniffer includes a filter editing interface and a filter library to easily construct and reuse packet filters to view a subset of all the traffic on the connection, such as just that destined for a specific host or port. You can choose the level of detail you want captured, from just the minimal packet headers (showing source and destination hosts and ports) up to a full hex and ASCII dump of the packet contents. MacSniffer can be useful for diagnosing many network problems, debugging client/server programs, and scanning for particular network exploits in real time.

The original publisher is gone, but it can still be downloaded via the Internet Wayback machine at this URL:
https://web.archive.org/web/20110628222003/http://personalpages.tds.net/~brian_hill/downloads.html

The man page for tcpdump is available here: http://ss64.com/osx/tcpdump.html

Hmmm…Tried this and it quits with no notice right after I try to run it.

The log stated that it couldn't access a file/folder inside the app. So I gave it permissions (and view the package and gave all the files/folders inside the same permissions).

Now it quits with 'error 1'.

 

[Hack5190]

Hmmm…Tried this and it quits with no notice right after I try to run it.

The log stated that it couldn't access a file/folder inside the app. So I gave it permissions (and view the package and gave all the files/folders inside the same permissions).

Now it quits with 'error 1'.

I may be firing up the G5 to rip some video. I'll look at it then, thanks for the update.

 

[Lastic]

I copied the app to /Applications and it starts but doesn't seem to do anything.

Here I'm sniffing web traffic on en1 whilst surfing.

 

[Hack5190]

I copied the app to /Applications and it starts but doesn't seem to do anything.

Here I'm sniffing web traffic on en1 whilst surfing.

There isn't much information on the developers product page about configuration / use.

Less the display of captured (monitored) packets your picture looks similar to the authors

Have you checked if tcpdump is running?

sudo ps -ax | grep tcpdump

Please keep in mind I don't have access to a PPC so this is general troubleshooting / help based on my really bad memory

 

[Lastic]

Apparantly once you click Start, it will ask for root priviledges and then it tries to launch a daemon called SnoopyDaemon.

However this Daemon didn't have an e(x)ecute permission set on it's file /Applications/MacSniffer.app/Contents/Resources/SnoopyDaemon

Did a chmod ugo+rwx and now after a sec , data came flooding in and a seperate tcpdump process was running.

Name resolving doesn't seem to work on my current test, and the Inspector gives the usefull information since the main window is rather limited

 

[Hack5190]

Apparantly once you click Start, it will ask for root priviledges and then it tries to launch a daemon called SnoopyDaemon.

However this Daemon didn't have an e(x)ecute permission set on it's file /Applications/MacSniffer.app/Contents/Resources/SnoopyDaemon

Did a chmod ugo+rwx and now after a sec , data came flooding in and a seperate tcpdump process was running.

Name resolving doesn't seem to work on my current test, and the Inspector gives the usefull information since the main window is rather limited

First let me say nice job getting it to work. I've updated post #1 to include your information about needed permission changes.

Based on your screenshot it seems that MacSniffer provides basic monitoring and filtering for the novice. Of course Wireshark remains the tool of choice for those willing to invest time into learning it.

 

[Capwalker666]

i've been trying to track this down but all links are broken. know any way current to download mac sniffer ?