Cocoa Packet Analyzer
By jens Francke
Open the Mac App Store to buy and download apps.
Cocoa Packet Analyzer is a native Mac OS X implementation of a network protocol analyzer.
CPA supports the industry-standard PCAP packet capture format for reading and writing packet trace files. With CPA you are able to analyze, display and filter packet trace files. A QuickLook plugin is included to get an overview over packet traces already in finder. Furthermore you can print packet traces on a printer.
Supported types and network protocols:
- Ethertypes: ARP, IP (v4/v6), PPP, PPPoED/S, 802.1Q VLAN, MPLS
- Linktypes: Loopback, PPP
- IP-Protocols: IP(v4/v6), TCP, UDP, ICMP (v4/v6), IGMP, ESP, Mobility, MPLSinIP, DHCPv6, L2TP, RADIUS
- PPP-Protocols: IP, LCP, IPCP (v4/v6), CCP, PAP, CHAP
- PPPoE Discovery and Sessionstages
What's New in Version 1.51
macOS Sierra compatibility fixes.
general stability and compatibility fixes.
Needs much better filters
Filtering is limited to a single field at a time, as far as I can tell. You can’t, for example, filter to see only packets "to and from" a particular IP. You can choose “source IP” or you can choose “destination IP”, but not both at the same time. That’s a massive limitation. You also can’t filter a negative, to remove content that you know is uninteresting, like background chatter from arp, mdns, etc. Those two things together are the vast majority of what you’d be doing with a packet capture in the first place — zeroing in on one series of “conversations” that you’re analyzing. It does produce the basic tcpdump/pcap output, and if you’re only looking for a very limited number of things, it’ll get the job done. But a ‘tcpdump -r’ from the command line will too, and of course supports all the filtering described above as well. Please add a much more robust filter system that will support and/or/not logic to combine many different fields.