Apple - Packet sniffer for MacOS Mojave and above

1 - Wireshark

If you have brew installed it's trivial to install Wireshark via a Cask.

$ brew cask install wireshark

This will install both the GUI and CLI versions. The GUI version is called wireshark and should show up in Launcher. The CLI version should show up in your $PATH as tshark.

GUI

Invoking the GUI will show you a selection window from where you can select which network interface to analyze. NOTE: on my system we'll use en0.

A double click on en0 and you're in selecting packet data.

CLI

To use the CLI it's about as difficult.

$ tshark -i en0 | head
Capturing on 'Wi-Fi: en0'
137     1   0.000000 192.168.1.95 → 172.217.6.42 UDP 65 56557 → 443 Len=23
    2   0.111321 192.168.1.95 → 172.217.5.110 ICMP 70 Echo (ping) request  id=0x4300, seq=39758/20123, ttl=255
    3   0.118526 172.217.6.42 → 192.168.1.95 UDP 70 443 → 56557 Len=20
    4   0.150560  192.168.1.2 → 255.255.255.255 UDP 223 44779 → 7437 Len=173
    5   0.152892 192.168.1.87 → 192.168.1.255 BROWSER 241 Browser Election Request
    6   0.155246 192.168.1.10 → 192.168.1.255 BROWSER 239 Browser Election Request
    7   0.157628 192.168.1.69 → 192.168.1.255 BROWSER 243 Browser Election Request
    8   0.161358 192.168.1.95 → 172.217.5.110 ICMP 70 Echo (ping) request  id=0x4300, seq=40014/20124, ttl=1
    9   0.168584  192.168.1.2 → 192.168.1.95 ICMP 106 Time-to-live exceeded (Time to live exceeded in transit)
   10   0.194384 172.217.5.110 → 192.168.1.95 ICMP 78 Echo (ping) reply    id=0x4300, seq=39758/20123, ttl=47 (request in 2)
280 tshark: An error occurred while printing packets: Broken pipe.

NOTE: Wireshark has excellent tutorials and guides on line once you're past the install.

2 - tcpdump

If you want something even lighter, you can use tcpdump to capture all types of traffic, not just TCP.

$ tcpdump -i en0 -n | head
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on en0, link-type EN10MB (Ethernet), capture size 262144 bytes
20:01:20.630058 IP 192.168.1.95 > 172.217.5.110: ICMP echo request, id 17152, seq 21845, length 36
20:01:20.681163 IP 192.168.1.95 > 172.217.5.110: ICMP echo request, id 17152, seq 22101, length 36
20:01:20.688948 IP 192.168.1.2 > 192.168.1.95: ICMP time exceeded in-transit, length 64
20:01:20.728713 IP 172.217.5.110 > 192.168.1.95: ICMP echo reply, id 17152, seq 21845, length 36
20:01:20.732391 IP 192.168.1.95 > 172.217.5.110: ICMP echo request, id 17152, seq 22357, length 36
20:01:20.747365 IP 65.190.128.1 > 192.168.1.95: ICMP time exceeded in-transit, length 64
20:01:20.783439 IP 192.168.1.95 > 172.217.5.110: ICMP echo request, id 17152, seq 22613, length 36
20:01:20.803827 IP 174.111.103.48 > 192.168.1.95: ICMP time exceeded in-transit, length 36
20:01:20.820382 IP 192.168.1.2.44779 > 255.255.255.255.7437: UDP, length 173
20:01:20.834717 IP 192.168.1.95 > 172.217.5.110: ICMP echo request, id 17152, seq 22869, length 36
tcpdump: Unable to write output: Broken pipe

References

• Wireshark User’s Guide
• tshark man page
• tcpdump Examples — 50 Ways to Isolate Specific Traffic
• tcpdump tag from Unix & Linux Stackexchange Site

You probably are looking for Wireshark

The latest version of Packet Peeper should run on Mojave, it can be downloaded here.

If it doesn't please file a bug report and I'll look into it (I am the developer).