What does it do?

If you have ever used the "Net Traffic" tool in Interarchy, you will have some idea of what Traffic Watcher does. Basically, it intercepts any network traffic coming in or going out of your computer.

How does it work?

Traffic Watcher uses a tool called "tcpflow" that was originally adapted by Jeremy Elson from the well known UNIX tool "tcpdump". Thankfully Marc Liyanage managed to port it to OS X!

How do I use it?

In Traffic Watcher, you have to choose the Network Interface you want to monitor. This is done by selecting one from the "Network Interface" Popup menu. Net Tool Box assumes that "en0" is the Ethernet Interface and that "en1" is the Airport Interface.

You then need to decide whether you want to monitor all ports, or just one. This can be changed by selecting "This Port" and typing the port number of the port that you want to watch.

Once you have set it up, click "Start" to begin. If it is the first time you have used Traffic Watcher this session it may ask you for your password. This is because the resources needed to run "tcpflow" are owned by "root". If you want Net Tool Box to remember your password for next time, you can set it to do so in the Preferences.

When Traffic Watcher is running, it will display any traffic with a header explaining the sender and receiver of the data in the form of "xxx.xxx.xxx.xxx.port - yyy.yyy.yyy.yyy.port" (x being the sender's IP, y as the receiver).

Problems

• Traffic Watcher can freeze up Net Tool Box sometimes when stopping. This is still to be resolved, it is to do with terminating a sudo shell program.
• Sometimes if you have set NTB to store the password for sudo, the encryption can sometimes screw up and either leave an unencrypted password or a un-decriptable string. USE WITH CAUTION.
• Traffic Watcher hasn't been tested on OS X 10.1 or with a Dialup connection or with a machine that has any more than 2 interfaces. If anyone finds a problem (or can assure me that it works), with any of these scenarios, please let me know.