Welcome to the Office Mac Help Site About | Blog | Links | Glossary | Feedback | Downloads | Help

"Packet sniffing" or "Port trace"

Contributed by Corentin Cras-Méneur, Mac MVP

There are several applications you can use to monitor Internet or network traffic. These applications will report every single bit of data coming in or out of your computer on every single port possible (you can see it as recording everything that goes on every single channel of a radio). To help you troubleshoot Entourage issues, you should focus on only a few ports that the application uses. This article on the Apple web site lists most of the well-known used ports the system and some of the Apple application use. The same ports are used by Office applications:

http://docs.info.apple.com/article.html?artnum=106439

The ones you'll need are all through TCP:

Ports

POP

Receiving mail through POP

110

IMAP

Mail through IMAP as well as Mail on an Exchange server in Entourage 10.1.4 (2004 uses WebDAV)

143 (over SSL: 993)

WebDAV

Sending and receiving mail through an Exchange server in Entourage 2004 as well as the free/busy server on Exchange (10.1.4 and 2004)

80 (over SSL: 443)

SMTP

Sending mail (except on Exchange in Entourage 2004)

25

LDAP

Directory services and GAL queries for Exchange

389 (over SSL: 636)

  • Your configuration might require you to override the default ports and use specific ports though.
  • You can limit the port sniffing to certain protocols (here TCP), certain ports (depending on what protocol you are trying to troubleshoot) and ever the target host (eg: your mail server).
  • You also might have to specify what interface you use to connect to the Internet (the Ethernet card, the modem, AirPort or a FireWire cable).

The two more common (free) applications that allow you to monitor Internet traffic both run in the Terminal. They are tcpdump (provided with the system) and tcpflow (which can be downloaded here). They both have their own syntax. A very complete instruction manual is provided in the system for tcpdump (in the Terminal, type "man tcpdump") and you can find very detailed instructions (with screenshots) in this article on the Apple web site "Saving a packet trace in Mac OS X". This page will provide you with some instructions about tcpflow.

Another alternative is to use the Network monitoring options of Interarchy, (shareware, formerly Anarchy by the authors of Internet Config). This application is primarily a powerful FTP client application but amongst many other features, it provides you with an easy user interface to monitor about anything you can monitor regarding network traffic on your Mac (try File:Network:Traffic). The application also comes with a very detailed instruction manual.

Contributed by Corentin Cras-Méneur, Mac MVP