Cocoa Packet Analyzer

Developer: jens Francke

Current Version: 1.51

Last Updated: 6 months ago

Download Size: 6.8 MB - Download


Cocoa Packet Analyzer is a native Mac OS X implementation of a network protocol analyzer.
CPA supports the industry-standard PCAP packet capture format for reading and writing packet trace files. With CPA you are able to analyze, display and filter packet trace files. A QuickLook plugin is included to get an overview over packet traces already in finder. Furthermore you can print packet traces on a printer.

Supported types and network protocols:
- Ethertypes: ARP, IP (v4/v6), PPP, PPPoED/S, 802.1Q VLAN, MPLS
- Linktypes: Loopback, PPP
- IP-Protocols: IP(v4/v6), TCP, UDP, ICMP (v4/v6), IGMP, ESP, Mobility, MPLSinIP, DHCPv6, L2TP, RADIUS
- PPP-Protocols: IP, LCP, IPCP (v4/v6), CCP, PAP, CHAP
- PPPoE Discovery and Sessionstages


Release Notes:

updated libPCAP(1.7.4)
macOS Sierra compatibility fixes.
general stability and compatibility fixes.


Most Helpful Reviews

Version 1.10
Review by cyrusbuilt

Good Stuff - This is essentially Wireshark for OSX. Considering I can never get Wireshark to recognize the network interfaces on my MacBook (even under linux, but works fine in Windows on the same hardware), this is pretty nice. As a network admin, its nice to be able to use my MacBook to do proper packet capture and analysis. Go to the dev's website to download the version thats actually useful (does actual packet capture).

Found helpful by 6 out of 6 people
Version 1.31
Review by Yoj_MM

Dissapointed - The software itself (Cocoa Packet Analyzer) is almost perfect, but not the App Store version of it. You should just go the developer's website and download the non-AppStore version of this software (Google/Bing it), since the App Store version is missing the key feature of the application, i.e. the ability to "capture" network traffic for analyzing it, while the non-AppStore version has it. What is even the point of this application without its key feature?

Found helpful by 33 out of 37 people

More Reviews for Current Version

Version 1.51
Review by jiggerinc

Needs much better filters - Filtering is limited to a single field at a time, as far as I can tell. You can’t, for example, filter to see only packets "to and from" a particular IP. You can choose “source IP” or you can choose “destination IP”, but not both at the same time. That’s a massive limitation. You also can’t filter a negative, to remove content that you know is uninteresting, like background chatter from arp, mdns, etc. Those two things together are the vast majority of what you’d be doing with a packet capture in the first place — zeroing in on one series of “conversations” that you’re analyzing. It does produce the basic tcpdump/pcap output, and if you’re only looking for a very limited number of things, it’ll get the job done. But a ‘tcpdump -r’ from the command line will too, and of course supports all the filtering described above as well. Please add a much more robust filter system that will support and/or/not logic to combine many different fields.

Found helpful by 2 out of 2 people