My first impression on opening this program is confusion with the UI; you have to hover over the buttons at the top to see the help text and figure out what they do. (A little globe to start, an "x" to stop which makes sense, and what appears to be a fish to clear the buffer.) Once I did start the monitor, performance was EXTREMELY slow. Part of this I traced back by looking at the tcpdump command being called:
root 6198 0.0 0.1 2440168 4816 ?? S 4:48PM 0:00.10 /usr/sbin/tcpdump -i en1 -v
Calling tcpdump in this fashion forces all addresses to be resolved, and that make tcpdump stall while waiting for anything to be resolved. Even so, performance is still extremely slow (especially while initially capturing.) I suspect that the program is doing a read from tcpdump such that enough data has to be queued up before it's sent over the pipe.
On first enabling the monitor, I'm asked for my password. If I stop and restart the monitor, I'm asked for my password again. This is potentially quite cumbersome if one wants to tweak options and run many tcpdumps.
I experienced some weird behavior, including beachballing, as well as not seeing any output until I stopped the program. I also noted multiple dead tcpdump processes .
The release notes mention filtering; however, you can only filter by port, and you're limited to the small number of included ports; there's no way to specify them on your own. Also, the port numbers are not listed for these ports, and the port names do not all match the port names in the output (those being ones generated by tcpdump doing a service name lookup.) You also cannot specify source or destination ports, which the help does not mention; tcpdump supports these options, but this program just uses the option that lets either the source or destination port match.
Next, I went to do a Search. Normally, when one clicks in a Search box, the initial placeholder "Search" text goes away. Not in this case; I had to manually select and delete the actual text "Search" before entering my search. The release notes speak of "filters", which I had assumed might actually let one filter based on TCP/IP parameters; however, these "filters" appear to just be this Search box. And when you do a search, it just seems to highlight the matching text in the output. You need to hit return after entering search text for it to trigger, which is not at all intuitive. (And if you don't, whatever your previous search was just remains up.)
Any sort of "filter" should make it possible to only see relevant traffic, not have all traffic (or possibly limited to a given port) shown with a simple text search highlighting words; often one may have thousands of packets per second being output, and only want to see a few of those, which can't be accomplished with the above.
Finally, I read through the help. The only relevant part (e.g., not pages about how to install it, contact the author, version info, etc.) was the section on "Using PacketStream for Network Analysis." The section on interpreting output is basic and not very useful. It basically explains how to tell which side of the output is the sending host and which is the receiving host. There's some info on the limited number of ports available, but much of the info is lacking or incorrect.
For example, how do I interpret "18:56:09.156166 IP6 (hlim 64, next-header TCP (6) payload length: 44) lucid.61462 > neural.ssh: Flags [S], cksum 0x8c3f (correct), seq 453830739, win 65535, options [mss 1440,nop,wscale 2,nop,nop,TS val 407968415 ecr 0,sackOK,eol], length 0"? The program gives me absolutely no idea how to interpret even the most basic part of that data. While much of it is indeed advanced data that the average user doesn't need to know about, it is data that's included, so one would expect the help to at least provide a little assistance. At the very least, some basic data should be decoded: for example, at the very least, this program might indicate that this is a SYN packet, which is an attempt to open a TCP connection, in this case to a server on the ssh port.
Somewhat amusingly, at the bottom of the Network Analysis section, the help tells you that for further information you should run Terminal.app and do a "man tcpdump" there! (Which of course give you a ton of options that PacketStream doesn't provide any access to.) I thought the purpose of this program was to avoid the Terminal.
All in all: this is a very simple wrapper for tcpdump, and it's not very well written. It basically just spits out the output of tcpdump into a window with some very basic additional functionality (copying text, printing, all things I can do from the terminal or other programs...) It's big (176.6MB), slow, and buggy. It provides little guidance to the user in interpreting its output.
If this was a free program, I could possibly recommend it as a simple tcpdump tool for basic needs (if bugs were fixed), but it's not, thus I believe the significant flaws and lack of features far outweigh the price.