netatalk.io

[TN#011] Capturing AFP network traffic

Author
Ralph Böhme
Published on
August 29, 2012

GUI Tool for packet capturing

You can use a nice program called CocoaPacketAnalyzer in order to capture AFP network traffic.

  1. Download and extract the program from above link.
  2. Start it.
  3. Press “Capturing”:

  4. In the dialog window that opens choose the active network interface, the first time you may be asked to scan for interfaces:
  5. Enter “port 548″ as filter expression:
  6. Then when you’re ready to do the actual trace press “start”. When you’re done with the trace press “stop”. While tracing minimize activities on the AFP volume to, only perform actions that are required.
  7. Finally choose “Save” from the “File” menu to save the trace to a file.

Using tcpdump with a ringbuffer

Another useful thing only available in Terminal with tcpdump is using a ringbuffer:

# tcpdump -s 0 -w afp.pcap -C 10 -W 2 port 548

This limits the captured data to two capture files (-W 2) with a size of 10 MB each (-C 10). This way for large amount of AFP traffic, only the last 10-20 MB will be saved and available for analysis.