OSX: Is there a log of connections?

networking macos logging
7,087

Yes. There is tcpdump. You can use it to log the complete traffic that runs over a given network interface. And then use Wireshark to investigate it further. You can also use Wireshark for both, logging and investigation in one step.

  1. Open the  › System Information and identify the BSD device name of the network interface (AirPort, Ethernet etc.) you want to monitor
  2. Open the Terminal.app
  3. Run sudo tcpdump -i en1 -s 0 -B 524288 -w ~/Desktop/DumpFile01.pcap replace en1 with the name of step 1 and DumpFile01.pcap with the desired file name and path.
  4. Press return and enter your password
  5. Press Control + C if you've captured what you need

To view the file you can either print it by using tcpdump -s 0 -n -e -x -vvv -r ~/Desktop/DumpFile01.pcap or investigate it further using Wireshark.

The dump contains everything that happened while the command was running. Including IPs, each package sent/received and so on.

More information on running tcpdump on macOS can be found here.

If you don't actually need logging you can also use nettop to view just the currently active connections.

Ongoing logs

There is no "access.log" that only contains network requests that I am aware of, but some network events may be found in cat /var/log/system.log | grep en0 (replace en0 with your interface name) and WiFi related events in /var/log/wifi.log.

If you want a simple solution with UI that tracks your traffic on macOS the firewall Little Snitch is a good companion. I use it myself.

Share:
7,087

Related videos on Youtube

step
Author by

step

Updated on September 18, 2022

Comments

  • step
    step over 1 year

    I am the original owner of this question OSX log of connections? but unfortunately something went wrong and i had to create a new account, so here i am. The question is: I was wondering if Mac OS X is having some sort of a log storing the connections that have interacted with the given computer? I cannot really seem to find it, therefore I am asking ;-) Thanks! To avoid further confusing, I am talking about info like ip addresses and not just connection has been established etc.

  • step
    step over 7 years
    Thanks! But what about for ip addresses that has interacted with the pc before starting to capture using that method
  • woerndl
    woerndl over 7 years
    @step I've updated my answer regarding ongoing logging.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

What is acvpnagent?
How do I keep my Amazon Linux EC2 instance /var/log/messages from being filled with dhclient and ec2net messages?
How to list AFP shares from command-line (MacOS)?
Avoiding TIME_WAIT
Can't access my computer with its public ip
Why PPPoE Connection fails with error 691 - ADSL2+ Modem
Wi-Fi does not work on OS X Yosemite Beta 4
Utorrent trackers list showing "Connection timed out."
How to interpret TCP/ip fingerprint when scanning for OS?
How to find logs of Remote Management and Remote Login on my Mac?