Saving a packet trace in Mac OS X

  1. Log in with an administrator account.
  2. Open Terminal (/Applications/Utilities).
  3. To start the trace, you will type a command, followed by the Return key. The command you choose needs to match the way your computer connects to the Internet.

    For built-in Ethernet, type:

    sudo tcpdump -i en0 -vvv -n -s 0 -w ~/Desktop/DumpFile.dmp

    Note: Both “en0” and “-s 0” include a zero, not the letter O.

    For AirPort, type:

    sudo tcpdump -i en1 -vvv -n -s 0 -w ~/Desktop/DumpFile.dmp

    Note:-s 0” includes a zero (0), not the letter O.

    For a VPN connection or a dial-up modem (PPP), type:

    sudo tcpdump -i ppp0 -vvv -n -s 0 -w ~/Desktop/DumpFile.dmp

    Note: Both “ppp0” and “-s 0” include a zero, not the letter O.

  4. When prompted for a password, enter the one for your administrator account. You’ll see a message in Terminal such as “tcpdump: listening on en0…” which lets you know the computer is actively capturing network traffic.
  5. Now, perform the network activities that involve the issue you’re trying to capture packets for.
  6. When you’re ready to stop capturing packets, click the Terminal window to bring it to the foreground.
  7. Press Control-C.