macOS Monitor URLs

nelly22 · Dec 31, 2012

Q-chan said:
Snort, the de-facto standard network intrusion tool will serve your needs. You can get it from http://www.snort.org but you have to build it from source. The other caveat is the learning curve. As with most high-power tools, it takes some good study time to make it do what you want.

All that unix stuff in Snort looks scary. I have never build anything from source, but it seems to have other features i'm also interested.

Q-chan said:
Good tool, but the OP needs text (text file ?) output, not X11 screens....

Yes, text file.

ipsychedelic said:
You're right, I was quick on the response but didn't really bothered to read the whole topic (somebody had suggested Wireshark before anyway).

I think wireshark can be called from the command line, or one can use TShark. But my usage has always been in the GUI.

TShark is one possibility.

pitaya said:
You might want to pipe it through tee, or just append it to a log file:

Code:

sudo /Users/Nelly/Desktop/test_fs.sh | tee -a urls.log

Code:

sudo /Users/Nelly/Desktop/test_fs.sh >> urls.log

Your code works.

What pros/cons there is between piping thru tee or appending?

I learned alot unix stuff from that long script posted by pitaya, but it creates very long rows which has many folder paths.

I wonder if there is easy way to use Snort or TShark.

Did i understand correctly, there is no text logging in Wireshark?

What is proper way to quit this kind of script (using AppleScript). There is tcpdump, sh and bash running now in Activity Monitor.

Thanks again

pitaya · Dec 31, 2012

nelly22 said:
All that unix stuff in Snort looks scary. I have never build anything from source, but it seems to have other features i'm also interested.

It's in macports as well. If you go that route, you'll need to install Xcode. Via the xcode preferences you'll need to install the command line tools. You'll find instructions and a macports installation package at http://www.macports.org. I've not tried homebrew.

What pros/cons there is between piping thru tee and or appending?

Nothing major. It's a matter of preference. tee is just one way to watch the output as you write out the log file. This is a simple solution using a loop in a bash script--it may be good enough, and it's easy to modify, but it's neither perfect nor the most performant.

I learned alot unix stuff from that long script posted by pitaya, but it creates very long rows which has many folder paths.

You can change/shorten the date format, to start with (e.g., date +"%Y/%m/%d %H:%M"). Aside from that, I'll point you towards a few relevant manual pages:

Code:

man date
man sed
man grep
man re_format
man tcpdump

chickenwingfly · Dec 31, 2012

nelly22 said:
I wonder if there is easy way to use Snort or TShark.

I never used TShark but seeing as it's the "commandline Wireshark" then I guess it's real easy, plus there is a man page on their site and google is your friend anyway.

nelly22 said:
Did i understand correctly, there is no text logging in Wireshark?

There is only "Text exporting".

nelly22 · Jan 1, 2013

What MacPorts GUIs are for Mountain Lion and which is best/easiest?

pitaya · Jan 1, 2013

nelly22 said:
What MacPorts GUIs are for Mountain Lion and which is best/easiest?

I've never heard of one. I'd be surprised if one exists!

edit: Googled it for you: http://trac.macports.org/wiki/MacPortsGUI

Search

Search

macOS Monitor URLs

nelly22

macrumors 6502

pitaya

macrumors member

chickenwingfly

macrumors 6502a

nelly22

macrumors 6502

pitaya

macrumors member

Our Staff