TCP Dump allows you to examine the header or content of each packet flowing over an interface or data link. To begin monitoring, select the desired interface from the "Monitor interface" popup and press "Start".

In the context of IPNetSentryX, TCP Dump can be used to examine undesireable network traffic and identify characteristic properties and values for filtering.

TCP Dump in IPNetSentryX (IPNetSentryX) is a simple User Interface to the underlying unix "tcpdump" facility. Unix tcpdump has many options allowing you to specify in detail what packets you want to capture including protocols, interfaces, and link layer headers. The Options field accepts standard tcpdump options ("-n -p -t" for example to show numeric addresses, do not set promiscuous mode, and no time stamps). To learn more about the features of tcpdump, refer to the tcpdump manual page available by typing "man tcpdump" from a terminal window.

Naturally you can run tcpdump directly from a terminal window if desired. The reason to incorporate TCP Dump in IPNetSentryX is simple user convenience. You don't need to launch another application, be logged in as root, lookup the desired interface name, and IPNetSentryX remembers your options between launches.

While TCP Dump is well suited to capturing packet headers and protocol information, it is less ideal for viewing the actual TCP data flow between a client and server. For this purpose, you can "Use TCP Flow" instead of TCP Dump. tcpflow is an open source utility distributed under GNU General Public License. IPNetSentryX includes a binary version of the tcpflow application built using "DarwinPorts" (v0.21, released 7 August 2003). When you select tcpflow, IPNetSentryX simply runs this command line tool (as is) and displays the output in a scroll view. You can learn more about tcpflow here: .

A popup menu keeps a list of recent Options or history. The contents of the options field are added to the list when tcpdump is invoked. If the recent options menu becomes full (10 entries), the least recently used item will be removed. To add or remove an item, or clear the entire list, use the corresponding selections from the History menu.

To help you remember what different options do, the TCP Dump tool allows you to append comments separated by "//" to your list of options. The options history is pre-loaded with some common examples that show how to capture different information.

You can open and use multiple TCP Dump windows at the same time.

Warning - Use tcpdump with caution

Tcpdump on Mac OS X has a known bug when trying to monitor an interface that doesn't exist (may kernel panic).

Setting an interface to promiscuous mode is not recommended when IP forwarding (Internet sharing or natd) is enabled since the BSD stack will try to forward packets that were not addressed to your machine causing network confusion.

As a safety precaution, TCP Dump is only authorized for users in the "admin" group.

Previous | Next | Return to IPNetSentryX Help