1. You can try watching tcpdump output run in a terminal window. The (long) manpage for it gives details. Try eg "sudo tcpdump -i en0 -s 1600 -vvvxX host ds49.dotserv.net", which (with any luck :-) ) will show you the 1st 1600 bytes (which should include everything in any usual case) including header info, of all packets sent to or received from ds49.dotserv.net. But this gives you the content after it has been sent/received, by like a shunted copy of the info.
The output is readable as: left info is bytes count in hexidecimal, middle is content in hexidecimal (each two characters on-screen is one hex character code, so each line is 16 characters (which written in hex is "10" characters)), and right is ordinary text in so far as the actual byte content can be shown as ordinary characters. I agree, it would be nice if LS would give the option of seeing what is in the packet about to be sent, but the programming may be tricky depending on how LS works. (This is not a complaint about LS :-) .) 2. To find out who ds49.dotserv.net is, try whois lookup at the links given at http://www.iana.org/ipaddress/ip-addresses.htm. HTH On Wed, 30 Jun 2004, derek fong wrote: . . . > Is there a way to narrow down the sort of request that's being made? (I > wish I could trigger the alert if only to see how it's trying to connect > to that server.) I realize this might be "too much" for some, but would > it be feasible for a future update of LittleSnitch to show you some (or > all) of the payload that's being sent, where possible? For plaintext > requests like HTTP requests, FTP commands, etc., this could help narrow > down what is actually trying to make a request when the application > itself is being "shielded" (e.g., an application that actually uses Perl > to make a remote connection). . . . _______________________________________________ Littlesnitch-talk mailing list [EMAIL PROTECTED] http://at.obdev.at/mailman/listinfo/littlesnitch-talk
