Mac View TCP/IP Activity?

[ArtOfWarfare]

I'm taking a class on computer networks and we're discussing the way TCP/IP decides how much data to send at a time - IE, if a packet times out then it decides to cut the amount of data it sends in half, if a packet is lost then it decides to cut the amount of data it sends to almost nothing.

I was wondering if there was some way this activity was exposed. Is there a way I can see what my current congestion window is and stuff like that? I'm not sure if it would really have any practical application, but it'd be interesting to be able to see that kind of stuff.

 

[subsonix]

You can dump packets to the terminal with tcpdump and it's installed by default on OS X.

sudo tcpdump -i en0 -X -vv host www.google.com

Will dump all packets between you and google.com to the terminal (assuming en0) in hex, and show headers, including IP. You can also add a '-w dump.pcap' at the end which will save it to a file that you can view in other applications like Wireshark or CocoaPacketAnalyzer.

Make sure you use a large terminal window because lines can be long and wrap around.

 

[robvas]

Is the a program like Wireshark that uses the native OS X interface? It's so ugly running X11

 

[ArtOfWarfare]

I was hoping for something more continuous/real time. IE, something like Activity Monitor's Network tab, but with more data, IE, a list of packets that have been requested but not yet received and how much longer until they timeout.

 

[subsonix]

Is the a program like Wireshark that uses the native OS X interface? It's so ugly running X11

Yeah, CocoaPacketAnalyzer is like Wireshark but not as full featured and doesn't support as many protocols. It does have a plugin architecture though so it can be expanded. http://www.tastycocoabytes.com/cpa/

----------

I was hoping for something more continuous/real time. IE, something like Activity Monitor's Network tab, but with more data, IE, a list of packets that have been requested but not yet received and how much longer until they timeout.

All of the above are realtime, i.e you can view traffic as it happens. Although, network traffic happens faster than you can read anyway. You can set up Wireshark and CocoaPacketAnalyzer for live packet capture, I just use them for visualization of pcap files though. The reason is that the Wireshark install script wanted to change permission on /dev/bpf, I'd rather keep it as is, so I removed the .app from the installer and run it simply as a visualizer. You can do as you see fit however.

 

[ChOas]

Hi, maybe I'm a bit late to the party but try running
the 'nettop' command from the commandline.

It will show you loads of the info you want!