[TN#011] Capturing AFP network traffic
Author
Ralph Böhme
Published on
August 29, 2012
GUI Tool for packet capturing
You can use a nice program called CocoaPacketAnalyzer in order to capture AFP network traffic.
| Step | Instruction | Image |
|---|---|---|
| 1 | Download and extract the program from the above link. | |
| 2 | Start it. | |
| 3 | Press “Capturing”. |  |
| 4 | In the dialog window that opens, choose the active network interface. The first time, you may be asked to scan for interfaces. |  |
| 5 | Enter “port 548” as the filter expression. |  |
| 6 | When ready to do the actual trace, press “start.” When done with the trace, press “stop.” Minimize activities on the AFP volume and perform only necessary actions. | |
| 7 | Finally, choose “Save” from the “File” menu to save the trace to a file. |
Using tcpdump with a ringbuffer
Another useful thing only available in Terminal with tcpdump is using a ringbuffer:
# tcpdump -s 0 -w afp.pcap -C 10 -W 2 port 548
This limits the captured data to two capture files (-W 2) with a size of 10 MB each (-C 10). This way for large amount of AFP traffic, only the last 10-20 MB will be saved and available for analysis.
