Want To Put Network Traffic Under A Microscope? Try FrameSeer!
October 13th, 2003

FrameSeer 1.2 ($49 Shareware)
LGOSystems

The TCP/IP protocol suite helps to move data between computers, both over the Internet, and also between your Mac and other local machines. It does this behind the scenes, without requiring the user to have any intimate knowledge of how it works. For the curious, however, information on these protocols can be obtained, though it's not necessarily obvious how to do this. Fortunately, the good folks at LGOSystems have come up with a nifty packet capture and decoding utility called FrameSeer...

FrameSeer has four major modes that can be used to obtain and display network data. The first is the Capture mode, which will capture individual packets. This basic feature can help open up your eyes to the fact that most of the data that you are flinging around the Internet is, in fact, made of smaller packets, rather than a single packet containing all of your data. You can see some high-level of each packet, such as source IP address, destination IP address, the specific protocol, and the length of the packet. There's also an advanced features that can show a "conversation" since multiple TCP/IP sessions can overlap, and can get confusing to follow.


Capture Mode Shows Individual Packets
(Click for a larger version)

The next mode is the Decode mode, which shows content of each field inside of a packet, including both the IP and TCP information. For the uninitiated, IP is one of the lowest levels of the TCP/IP protocol, and only provides basic information, like payload size and checksum information. IP doesn't even guarantee the order in which data should arrive at its destination. That's what TCP is for. The TCP layer of TCP/IP makes sure that packets are in the right order, since packets can take various routes and may not all arrive in correct sequence. Although TCP and IP are the most common packet types, FrameSeer can understand 11 different packet types.

These Capture and Decode modes alone are enough to examine your network data, but there are also a few other extra goodies that make FrameSeer particularly useful. There is a powerful Filter feature, that can filter at the data link, network and transport layers of TCP/IP. There's also a Traffic feature, that can show network traffic in a graphical map, and a graph sorted by either protocol type or packet size.

So squeeze as much info out of each packet as possible, and try FrameSeer!

Have any other gadgets let you get down to the nitty gritty? Send John an e-mail and he'll try to grok it.