OSX: Is there a log of connections?
Solution 1:
Yes. There is tcpdump. You can use it to log the complete traffic that runs over a given network interface. And then use Wireshark to investigate it further. You can also use Wireshark for both, logging and investigation in one step.
- Open the › System Information and identify the BSD device name of the network interface (AirPort, Ethernet etc.) you want to monitor
- Open the Terminal.app
- Run
sudo tcpdump -i en1 -s 0 -B 524288 -w ~/Desktop/DumpFile01.pcap
replace en1 with the name of step 1 and DumpFile01.pcap with the desired file name and path. - Press return and enter your password
- Press Control + C if you've captured what you need
To view the file you can either print it by using tcpdump -s 0 -n -e -x -vvv -r ~/Desktop/DumpFile01.pcap
or investigate it further using Wireshark.
The dump contains everything that happened while the command was running. Including IPs, each package sent/received and so on.
More information on running tcpdump on macOS can be found here.
If you don't actually need logging you can also use nettop to view just the currently active connections.
Ongoing logs
There is no "access.log" that only contains network requests that I am aware of, but some network events may be found in cat /var/log/system.log | grep en0
(replace en0 with your interface name) and WiFi related events in /var/log/wifi.log
.
If you want a simple solution with UI that tracks your traffic on macOS the firewall Little Snitch is a good companion. I use it myself.