Gather network traffic


Do not read this sign.
<em>tcpflow</em> is a great little *nix utility that captures network packets and reassembles them. I'm working on a nice little GUI for it and thought I'd whet your appetites. Also I was bored. =)



  • dn-out.jpg
    37.2 KB · Views: 36
As you say, tcpflow is a great utility, but a GUI on the front of it would make it more useful for everyday use.

If you want someone to test your dev just send me a message.

Thanks, Roger. It's going kinda slow because I have to learn the Authentication scheme and the new Cocoa pattern of programming.

I'll keep you all posting.

It's <em>such</em> a cool little utility, tcpflow.

Huh. I can't remember where I got it, but you can do a search for it out there. The tricky thing was that it needs the libpcap library for packet capture, and I never could get that to compile. Somewhere I found a pre-compiled version.

Ah heck, I'll just attach it. Sorry, I had to zip it again to be uploaded.



    75.5 KB · Views: 18
I notice libpcap is another thing where Apple included the library (/usr/lib/libpcap.A.dylib) but no headers...Anyone know which version of libpcap is already installed ('what' doesn't help) so we can install the properly-versioned headers?
That looks like a handy little utility. How are tcpflow's features in comparison to the built in tcpdump?
I didn't think tcpdump was included. Anyhoo...

I haven't used tcpdump. My understanding is that while tcpdump tells you about the packets coming through, tcpflow actually reconstructs the packets to give you the actual content. Way cool.

tcpflow also has some feature where it will read in tcpdump data and reconstruct it for you. Or something.

It sounds pretty neat. I guess neither utility is really better than the other; they're just different.
Okay, I'm a sucker for compiling command line utilities, so if anyone wants the source code, I found it at

Here's how to build it; it's pretty easy. First download that libpcap thing, and do
sudo ./osxinstall
That will put that in its place. Then unpack the tcpflow source code, and run
./configure --host=powerpc-apple-darwin1.3.7
sudo make install
That will compile the program, and install the executable and man pages in appropriate locations. You will have to be root to run the program, though. Judging by this program's power and capability, a GUI frontend would be very cool.