View TCP/IP Activity?

Discussion in 'Mac Programming' started by ArtOfWarfare, Feb 26, 2014.

  1. ArtOfWarfare macrumors G3


    Nov 26, 2007
    I'm taking a class on computer networks and we're discussing the way TCP/IP decides how much data to send at a time - IE, if a packet times out then it decides to cut the amount of data it sends in half, if a packet is lost then it decides to cut the amount of data it sends to almost nothing.

    I was wondering if there was some way this activity was exposed. Is there a way I can see what my current congestion window is and stuff like that? I'm not sure if it would really have any practical application, but it'd be interesting to be able to see that kind of stuff.
  2. subsonix macrumors 68040

    Feb 2, 2008
    You can dump packets to the terminal with tcpdump and it's installed by default on OS X.

    sudo tcpdump -i en0 -X -vv host
    Will dump all packets between you and to the terminal (assuming en0) in hex, and show headers, including IP. You can also add a '-w dump.pcap' at the end which will save it to a file that you can view in other applications like Wireshark or CocoaPacketAnalyzer.

    Make sure you use a large terminal window because lines can be long and wrap around.
  3. robvas macrumors 68030

    Mar 29, 2009
    Is the a program like Wireshark that uses the native OS X interface? It's so ugly running X11
  4. ArtOfWarfare thread starter macrumors G3


    Nov 26, 2007
    I was hoping for something more continuous/real time. IE, something like Activity Monitor's Network tab, but with more data, IE, a list of packets that have been requested but not yet received and how much longer until they timeout.
  5. subsonix macrumors 68040

    Feb 2, 2008
    Yeah, CocoaPacketAnalyzer is like Wireshark but not as full featured and doesn't support as many protocols. It does have a plugin architecture though so it can be expanded.


    All of the above are realtime, i.e you can view traffic as it happens. Although, network traffic happens faster than you can read anyway. :) You can set up Wireshark and CocoaPacketAnalyzer for live packet capture, I just use them for visualization of pcap files though. The reason is that the Wireshark install script wanted to change permission on /dev/bpf, I'd rather keep it as is, so I removed the .app from the installer and run it simply as a visualizer. You can do as you see fit however.
  6. ChOas macrumors regular

    Nov 24, 2006
    The Netherlands
    Hi, maybe I'm a bit late to the party but try running
    the 'nettop' command from the commandline.

    It will show you loads of the info you want!

Share This Page