Has anyone got ethereal to run under OSX. It was the only reason I used linux and I would be great if I could get it to run under OSX. If not are there any other packet sniffing programs for X, I would not know where to start to write one in Java.


there were supposed to be problems w/ the pcap library but I've compiled
it w/ older supposedly non-buggy versions of pcap and it still dies. This
is tethereal, the X version is even worse.
What would be involved in porting it. A fully native version would be preferable to something using an X Server (XDarwin). Does anyone know how easy it is to interface directly with the ethernet implementation in X - would it be easy to write a network sniffer from the ground up?

On a completely different note has anyone tried user/password verification in Windows Active Directory using LDAP, I can't seem to get it to work.


/usr/sbin/tcpdump is the bulit in packet sniffer. Run this as root. If you want a nicer output, well, I don't know how to do that, but you might find these perl scripts usefull:

--begin ----

$LIMIT = shift || 5000;

open (STDIN,"/usr/sbin/tcpdump -lnx -s 1024 dst port 80 |");
while (<>) {
if (/^\S/) {
last unless $LIMIT--;
while ($packet=~/(GET|POST|WWW-Authenticate|Authorization).+/g) {
print "$client -> $host\t$&\n";
undef $client; undef $host; undef $packet;
($client,$host) = /(\d+\.\d+\.\d+\.\d+).+ > (\d+\.\d+\.\d+\.\d+)/
if /P \d+:\d+\((\d+)\)/ && $1 > 0;
next unless $client && $host;
$packet .= $_;



use Socket;
use MIME::Base64;

while (<>) {
next unless ($host,$client,$msg) = /(\S+) -> (\S+)\s+(.*)\s+/;
$msg=~s/(Authorization:\s+Basic\s+)(\S+)/$1 . decode_base64($2)/e;
print lookup($host)," -> ",lookup($client),"\t$msg\n";

sub lookup {
my $addr = shift;
my $lookup = (gethostbyaddr(inet_aton($addr),AF_INET))[0];
return $lookup || $addr;

to use them, ./ | ./ You'll need to add the mime encoding perl thing, too. Perhaps with this information, you could build a nice perl sniffer or something.

Ethereal comes in two flavors, the console text version and the X-GTK based version. Since the source is distributed, it would be an exercise left to the motivated student as to how to interface the low level sniffer engine to Cocoa.


TCPflow is a good sniffer that produces very readable output. The source code isn't too hard to come by, and I think I posted instructions for compiling it in another thread. Just search around for the name and read the posts.