MacSniffer - A TCPdump GUI Frontend

Discussion in 'PowerPC Macs' started by Hack5190, Feb 1, 2017.

  1. Hack5190, Feb 1, 2017
    Last edited: Feb 3, 2017

    Hack5190 macrumors 6502a

    Hack5190

    Joined:
    Oct 21, 2015
    Location:
    Stuck on Earth in the USA
    #1
    While searching for a method to update 'tcpdump' (packet sniffer) in Sierra I came across a PPC GUI front end to 'tcpdump' called MacSniffer. Having retired my PPC systems I'm not able to test this program, but will gladly update this post (to make it easier for future viewers) with feedback.

    Here is a description of MacSniffer:

    MacSniffer is a front end to the built-in 'tcpdump' packet sniffer on Mac OS X. MacSniffer allows you to view all of the traffic on a network connection, such as ethernet. MacSniffer includes a filter editing interface and a filter library to easily construct and reuse packet filters to view a subset of all the traffic on the connection, such as just that destined for a specific host or port. You can choose the level of detail you want captured, from just the minimal packet headers (showing source and destination hosts and ports) up to a full hex and ASCII dump of the packet contents. MacSniffer can be useful for diagnosing many network problems, debugging client/server programs, and scanning for particular network exploits in real time.

    The original publisher is gone, but it can still be downloaded via the Internet Wayback machine at this URL:
    https://web.archive.org/web/20110628222003/http://personalpages.tds.net/~brian_hill/downloads.html

    The man page for tcpdump is available here: http://ss64.com/osx/tcpdump.html

    NOTE: See post #9 from @Lastic RE: needed permission changes.
     
  2. eyoungren macrumors P6

    eyoungren

    Joined:
    Aug 31, 2011
    Location:
    Phoenix • 85037
    #2
    Hmmmm…going to see about that tonight when I get home.

    I'm pretty ignorant about stuff like this, so forgive the following question if it's a stupid one. Is this similar in any way to Wireshark or are they entirely different things?
     
  3. Hack5190 thread starter macrumors 6502a

    Hack5190

    Joined:
    Oct 21, 2015
    Location:
    Stuck on Earth in the USA
    #3
    Erik both do network sniffing / monitoring. tcpdump is included by Apple (as part of the OS) and command line based. Wireshark is a GUI based third party add-on. Most people prefer Wireshark because it can decode lots of protocols and has lots of filters. tcpdump has limited protocol decoding but is available (without installing anything else) on most *NIX systems. In fact you can use tcpdump to capture traffic by writing it to a file, then use Wireshark to analyze the capture.
     
  4. Lastic macrumors 6502

    Joined:
    Mar 19, 2016
    Location:
    North of the HellHole
    #4
    Brilliant find, another networking tool I can add to my Powerbook !

    Funny coincidence, I was helping/explaining my colleauge how to install iperf3 on her brand new MBP macOS at work, had to explain what an executable binary was and how to execute it in Terminal.

    As such I went to look if it existed for PPC and looks like Macports has the iperf3 port whereas the original site only has a pre-compiled binary for iperf2.

    Did you ever look for /find a GUI for iperf ? I found jperf but tend to stay away from Java if I can.
     
  5. eyoungren macrumors P6

    eyoungren

    Joined:
    Aug 31, 2011
    Location:
    Phoenix • 85037
    #5
    Hmmm…Tried this and it quits with no notice right after I try to run it.

    The log stated that it couldn't access a file/folder inside the app. So I gave it permissions (and view the package and gave all the files/folders inside the same permissions).

    Now it quits with 'error 1'.
     
  6. Hack5190 thread starter macrumors 6502a

    Hack5190

    Joined:
    Oct 21, 2015
    Location:
    Stuck on Earth in the USA
    #6
    I may be firing up the G5 to rip some video. I'll look at it then, thanks for the update.
     
  7. Lastic macrumors 6502

    Joined:
    Mar 19, 2016
    Location:
    North of the HellHole
    #7
    I copied the app to /Applications and it starts but doesn't seem to do anything.

    Here I'm sniffing web traffic on en1 whilst surfing.

    Picture 1.png
     
  8. Hack5190 thread starter macrumors 6502a

    Hack5190

    Joined:
    Oct 21, 2015
    Location:
    Stuck on Earth in the USA
    #8
    There isn't much information on the developers product page about configuration / use.

    Less the display of captured (monitored) packets your picture looks similar to the authors

    [​IMG]

    Have you checked if tcpdump is running?
    Code:
    sudo ps -ax | grep tcpdump
    Please keep in mind I don't have access to a PPC so this is general troubleshooting / help based on my really bad memory ;)
     
  9. Lastic macrumors 6502

    Joined:
    Mar 19, 2016
    Location:
    North of the HellHole
    #9
    Apparantly once you click Start, it will ask for root priviledges and then it tries to launch a daemon called SnoopyDaemon.

    However this Daemon didn't have an e(x)ecute permission set on it's file /Applications/MacSniffer.app/Contents/Resources/SnoopyDaemon

    Did a chmod ugo+rwx and now after a sec , data came flooding in and a seperate tcpdump process was running.

    Name resolving doesn't seem to work on my current test, and the Inspector gives the usefull information since the main window is rather limited

    Picture 5.png
     
  10. Hack5190, Feb 2, 2017
    Last edited: Feb 3, 2017

    Hack5190 thread starter macrumors 6502a

    Hack5190

    Joined:
    Oct 21, 2015
    Location:
    Stuck on Earth in the USA
    #10
    First let me say nice job getting it to work. I've updated post #1 to include your information about needed permission changes.

    Based on your screenshot it seems that MacSniffer provides basic monitoring and filtering for the novice. Of course Wireshark remains the tool of choice for those willing to invest time into learning it.
     

Share This Page