capture-traffic
$ littlesnitch capture-traffic --help
usage: littlesnitch capture-traffic [-hp] [-v <via process path>] <process path>
[<output file>]
-h, --help
Print a short help and exit.
-v, --via <via process path>
Capture only if the connecting is made via the given helper process.
-p, --pcap
Use pcap output format.
This command captures all network traffic from a particular executable and outputs it to a file or to standard output. The executable is selected by path (or, in special cases such as scripts, Java executables or executables in temporary paths, the string used by log-traffic
in the connectingExecutable
and parentAppExecutable
columns).
Example:
$ sudo littlesnitch capture-traffic -p /System/Applications/Utilities/Terminal.app/Contents/MacOS/Terminal /sbin/ping
Starting Sniffing. Stop by hitting ^C.
+++ connect Terminal+ping(9624/501) → 17.253.144.10/ICMP:0:
=== Terminal+ping(9624/501) → 17.253.144.10/ICMP:0:
08 00 32 da 98 25 00 00 60 91 47 bd 00 07 99 a7 |..2..%..`.G.....|
08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 |................|
18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 26 27 |........ !"#$%&'|
28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35 36 37 |()*+,-./01234567|
=== 17.253.144.10/ICMP:0 → Terminal+ping(9624/501):
45 00 40 00 ae 4b 00 00 36 01 72 bd 11 fd 90 0a |E.@..K..6.r.....|
c0 a8 00 f1 00 00 3a da 98 25 00 00 60 91 47 bd |......:..%..`.G.|
00 07 99 a7 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 |................|
14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 |............ !"#|
24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 |$%&'()*+,-./0123|
34 35 36 37 |4567|
...
With option --pcap
, captured data is wrapped into faked protocol frames (TCP/UDP/ICMP, IP/IPv6, Ethernet) and stored in PCAP format. This is the format which can be decoded by powerful protocol analyzers such as Wireshark.
Was this help page useful? Send feedback.
© 2016-2024 by Objective Development Software GmbH