Cocoa Packet Analyzer is a native Mac OS X implementation of a network protocol analyzer.
CPA supports the industry-standard PCAP packet capture format for reading and writing packet trace files. With CPA you are able to analyze, display and filter packet trace files. A QuickLook plugin is included to get an overview over packet traces already in finder. Furthermore you can print packet traces on a printer.
Supported types and network protocols:
- Ethertypes: ARP, IP (v4/v6), PPP, PPPoED/S, 802.1Q VLAN, MPLS
- Linktypes: Loopback, PPP
- IP-Protocols: IP(v4/v6), TCP, UDP, ICMP (v4/v6), IGMP, ESP, Mobility, MPLSinIP, DHCPv6, L2TP, RADIUS
- PPP-Protocols: IP, LCP, IPCP (v4/v6), CCP, PAP, CHAP
- PPPoE Discovery and Sessionstages
macOS Sierra compatibility fixes.
general stability and compatibility fixes.
Ratings and Reviews
Needs much better filters
Filtering is limited to a single field at a time, as far as I can tell. You can’t, for example, filter to see only packets "to and from" a particular IP. You can choose “source IP” or you can choose “destination IP”, but not both at the same time. That’s a massive limitation. You also can’t filter a negative, to remove content that you know is uninteresting, like background chatter from arp, mdns, etc. Those two things together are the vast majority of what you’d be doing with a packet capture in the first place — zeroing in on one series of “conversations” that you’re analyzing. It does produce the basic tcpdump/pcap output, and if you’re only looking for a very limited number of things, it’ll get the job done. But a ‘tcpdump -r’ from the command line will too, and of course supports all the filtering described above as well. Please add a much more robust filter system that will support and/or/not logic to combine many different fields.
A usable free analyzer
Just getting started with this app, but thus far, it seems to be a useful packet analyzer. Basic features, but a good starting point. Would like to see better graphing capabilities, as the only thing I have found is a basic bar graph of protocol statistics.
Not sure if this is an artifact of an earlier installation, but there appears to be two versions of the app installed: one in /Applications and one in /Applications/Utilities. The one in the Applications folder has identitical modified and added dates (the install date), while the one in the Utilities folder has a modified date of 6 Aug 2014 and an added date of the install date. Both have the same version number.
When starting the copy in Applications, there are no packet capture capabilities. Starting the one in Utilities does. You need to select “Scan interfaces” from the Capture menu to get the interface list populated. Live capture is an option that is available under Preferences, in the Capture tab.
This is essentially Wireshark for OSX. Considering I can never get Wireshark to recognize the network interfaces on my MacBook (even under linux, but works fine in Windows on the same hardware), this is pretty nice. As a network admin, its nice to be able to use my MacBook to do proper packet capture and analysis. Go to the dev's website to download the version thats actually useful (does actual packet capture).
With Family Sharing set up, up to six family members can use this app.