Use Wireshark, they said, it’s awesome, they said.
Sure, ok but what if I just want to see what’s going on? Enter TCPFlow. No, not as full featured as Wireshark, but neither is my brain when I’m in a hurry.
What’s the benefit? Follow along:
- Download TCPFlow – there’s a prepackaged copy on Rudix
- Figure out which network-interface has the interesting traffic (en0, etc)
- Follow one of these examples:
sudo /usr/local/bin/tcpflow -c -i en0 host 10.0.1.1 - Watches all traffic to 10.0.1.1
sudo /usr/local/bin/tcpflow -c -i en1 tcp port 80 - Watches all traffic on port 80
This is especially handy when troubleshooting smtp process, or directory server setup (before enabling ssl)
Learn more at: http://www.office.mvps.org/troubleshoot/tcpflow.html