Gather network traffic

rharder

Do not read this sign.
<em>tcpflow</em> is a great little *nix utility that captures network packets and reassembles them. I'm working on a nice little GUI for it and thought I'd whet your appetites. Also I was bored. =)

-Rob
 

Attachments

  • dn-out.jpg
    dn-out.jpg
    37.2 KB · Views: 36
As you say, tcpflow is a great utility, but a GUI on the front of it would make it more useful for everyday use.

If you want someone to test your dev just send me a message.

R.
 
Thanks, Roger. It's going kinda slow because I have to learn the Authentication scheme and the new Cocoa pattern of programming.

I'll keep you all posting.

It's <em>such</em> a cool little utility, tcpflow.

-Rob
 
Huh. I can't remember where I got it, but you can do a search for it out there. The tricky thing was that it needs the libpcap library for packet capture, and I never could get that to compile. Somewhere I found a pre-compiled version.

Ah heck, I'll just attach it. Sorry, I had to zip it again to be uploaded.

-Rob
 

Attachments

  • libpcap-0.6-macosx.tar.gz.zip
    75.5 KB · Views: 18
I notice libpcap is another thing where Apple included the library (/usr/lib/libpcap.A.dylib) but no headers...Anyone know which version of libpcap is already installed ('what' doesn't help) so we can install the properly-versioned headers?
 
That looks like a handy little utility. How are tcpflow's features in comparison to the built in tcpdump?
 
I didn't think tcpdump was included. Anyhoo...

I haven't used tcpdump. My understanding is that while tcpdump tells you about the packets coming through, tcpflow actually reconstructs the packets to give you the actual content. Way cool.

tcpflow also has some feature where it will read in tcpdump data and reconstruct it for you. Or something.

-Rob
 
It sounds pretty neat. I guess neither utility is really better than the other; they're just different.
 
Okay, I'm a sucker for compiling command line utilities, so if anyone wants the source code, I found it at http://www.circlemud.org/~jelson/software/tcpflow/

Here's how to build it; it's pretty easy. First download that libpcap thing, and do
Code:
sudo ./osxinstall
That will put that in its place. Then unpack the tcpflow source code, and run
Code:
./configure --host=powerpc-apple-darwin1.3.7
make
sudo make install
That will compile the program, and install the executable and man pages in appropriate locations. You will have to be root to run the program, though. Judging by this program's power and capability, a GUI frontend would be very cool.
 
Back
Top