How to inspect TCP/IP packets

macos terminal tcp

How can I inspect IP packets send through currently open TCP connections? I opened a nettop utility in Terminal, which I think lists IP packet, but doesn't tell anything about their content, namely about TCP Data Stream. Any clues? I found the source and destination ports and some other data that doesn't look like http messages. I would like to see how stuff works for educational purposes.


Solution 1:

You can inspect network packets with WireShark.

This software capture all packets through a network interface, although you can select only the protocol you want by applying a filter in its settings.

Solution 2:

In addition, you can use the built in command line tool tcpdump. You will need root privileges to use it (so execute it with the sudo command) - e.g. to see all IP traffic going through your interface, without listening to all other hosts' traffic, you can run: 

sudo tcpdump -i en0 -p -vv -A ip

If you want to limit the output of tcpdump to only show traffic to/from a particular host or IP range, you can do: 

sudo tcpdump -i en0 -p -vv -A ip and host 192.0.2.123

or 

sudo tcpdump -i en0 -p -vv -A ip and net 192.0.2.0/24

Read more about tcpdump by running man tcpdump in your Terminal.

Related

Restore Podcast Layout in iTunes 12.4
Internal S/PDIF connector on Gigabyte Z97 motherboard
Does OS X El Capitan have a /boot folder
How do I format a partition with FAT32? [duplicate]
Apple iPod 16gb; Can this be used without the internet?
MacBook Pro 2016 15" w/ Touch Bar battery and overheating problems
Which MacOS (Sierra) Services are spy services/daemons from Apple?
Why does my CPU fan stop spinning after Windows Vista starts?
How to see media files (namely `flv`) details/info in Windows 7?
Excel - convert number entry into time value
Is it possible to buy one photoshop and use virtualization in a way that everyone can use it?
Can't change folder permissions on FAT32 partition-Mac OSX