TCPFlow – When you just want to see what’s going on, now.

Use Wireshark, they said, it’s awesome, they said.

Sure, ok but what if I just want to see what’s going on?  Enter TCPFlow. No, not as full featured as Wireshark, but neither is my brain when I’m in a hurry.

What’s the benefit? Follow along:

  • Download TCPFlow – there’s a prepackaged copy here
  • Figure out which network-interface has the interesting traffic (en0, etc)
  • Follow one of these examples:
    • sudo /usr/local/bin/tcpflow -c -i en0 host 10.0.1.1 - Watches all traffic to 10.0.1.1
    • sudo /usr/local/bin/tcpflow -c -i en1 tcp port 80 - Watches all traffic on port 80

This is especially handy when troubleshooting smtp process, or directory server setup (before enabling ssl)

Learn more at: http://www.office.mvps.org/troubleshoot/tcpflow.html