[TN#011] Capturing AFP network traffic
- Author
- Ralph Böhme
- Published on
- August 29, 2012
GUI Tool for packet capturing
You can use a nice program called CocoaPacketAnalyzer in order to capture AFP network traffic.
- Download and extract the program from above link.
- Start it.
- Press “Capturing”:
- In the dialog window that opens choose the active network interface, the first time you may be asked to scan for interfaces:
- Enter “port 548″ as filter expression:
- Then when you’re ready to do the actual trace press “start”. When you’re done with the trace press “stop”. While tracing minimize activities on the AFP volume to, only perform actions that are required.
- Finally choose “Save” from the “File” menu to save the trace to a file.
Using tcpdump with a ringbuffer
Another useful thing only available in Terminal with tcpdump is using a ringbuffer:
# tcpdump -s 0 -w afp.pcap -C 10 -W 2 port 548
This limits the captured data to two capture files (-W 2) with a size of 10 MB each (-C 10). This way for large amount of AFP traffic, only the last 10-20 MB will be saved and available for analysis.