Use Wireshark for network packet tracing and analysis.
http://www.wireshark.org/ - Official Wireshark Website - Download from here
http://wiki.wireshark.org - Wireshark Wiki
http://wiki.wireshark.org/DisplayFilters?highlight=%28filter%29 - Wireshark Display Filters
Some Display Filter Rules
To show only SMTP (port 25) and ICMP traffic:
tcp.port eq 25 or icmp
Show only traffic in the LAN (192.168.x.x), between workstations and servers – no Internet:
ip.src==192.168.0.0/16 and ip.dst==192.168.0.0/16
Filter against both ip source and destination
ip.addr == 10.43.54.65
To show packets containing specific text:
tcp contains "SEARCH-TEXT" or udp contains "SEARCH-TEXT"
Running on Mac OS X
To run Wireshark in Mac OS X you will need permission to the /dev/bpf* files. To fix permissions do the following:
sudo chgrp admin /dev/bpf* sudo chmod g+rw /dev/bpf* sudo chown michaelc:admin /dev/bpf*
where michaelc is your current username. run whoami to see what it is.
cd /Library/StartupItems sudo chown -R root:wheel ChmodBPF