- Log in with an administrator account.
- Open Terminal (/Applications/Utilities).
- To start the trace, you will type a command, followed by the Return key. The command you choose needs to match the way your computer connects to the Internet.
For built-in Ethernet, type:
sudo tcpdump -i en0 -vvv -n -s 0 -w ~/Desktop/DumpFile.dmp
Note: Both “en0” and “-s 0” include a zero, not the letter O.
For AirPort, type:
sudo tcpdump -i en1 -vvv -n -s 0 -w ~/Desktop/DumpFile.dmp
Note: “-s 0” includes a zero (0), not the letter O.
For a VPN connection or a dial-up modem (PPP), type:
sudo tcpdump -i ppp0 -vvv -n -s 0 -w ~/Desktop/DumpFile.dmp
Note: Both “ppp0” and “-s 0” include a zero, not the letter O.
- When prompted for a password, enter the one for your administrator account. You’ll see a message in Terminal such as “tcpdump: listening on en0…” which lets you know the computer is actively capturing network traffic.
- Now, perform the network activities that involve the issue you’re trying to capture packets for.
- When you’re ready to stop capturing packets, click the Terminal window to bring it to the foreground.
- Press Control-C.