| Hey Fed-Talkers,
Last year I noticed Apple put a little Easter egg in the PCAP data coming out of the tcpdump program - the name of the application that generated each packet. Now you can not only see what Internet addresses your computer is connecting to, but you can also see the application that generated it. Initially I don’t think Apple even documented this feature, but now it is in the tcpdump man page.
Anyways, over Christmas break I wanted to finally learn Swift, and I thought exposing the application information in Apple’s PCAP data would be a good motivation. I wrote a little program called SimpleSniffer and posted it on my web site if anyone wants to play with it.
A couple of caveats: - It *is* my first Swift program, and it is only at version 0.2 (0.1 had a nasty memory leak). So there is no guarantees on safety, accuracy, or reliability (which is pretty much in the EULA of all programs).
- One colleague who was using a corporate Mac that was VPNed into the home office didn’t get very good results (I think all the packets were encrypted).
Other than that, if you want, please have fun with it. And if not, check Apple’s man page for tcpdump for how to view this data (-k option I think).
SimpleSniffer and Apple's Easter Egg in the PCAP Data
Todd
PS. Not that you should be giving out PCAP data in general, but if you do, keep in mind that you are also leaking information about the applications running on your computer.
|