What are the instructions for performing a packet trace (tcpdump)?

These instructions are from Apple's support site. The original article can be found here:


1. Log in with an administrator account into Mac OS X.
2. Open Terminal (/Applications/Utilities).
3. To start the trace, you will type a command, followed by the Return key. The command you choose needs to match the way your computer connects to the Internet. You can also copy and paste the appropriate command into the terminal application to avoid typing mistakes.

For built-in Ethernet, type:
sudo tcpdump -i en0 -s 0 -w ~/Desktop/DumpFile.dmp

Note: Both "en0" and "-s 0" include a zero, not the letter O.

For AirPort, type:
sudo tcpdump -i en1 -s 0 -w ~/Desktop/DumpFile.dmp

Note: "-s 0" includes a zero, not the letter O.

For a VPN connection, type:
sudo tcpdump -i ppp0 -s 0 -w ~/Desktop/DumpFile.dmp

Note: "-s 0" includes a zero, not the letter O.

4. When prompted for a password, enter the one for your administrator account.
5. Now, perform the steps necessary to reproduce the problem so that the tcpdump can record the problem as it occurs (leaving the Terminal window open or minimized).
6. When you're ready to stop capturing packets, click the Terminal window to bring it to the foreground.
7. While holding down the Control key, press C (Control-C).

For each relevant computer shown in the trace, please send us along with the trace the following information:

The computer's role in the network activity.
The system type and operating system version.
The computer's IP address.
The computer's media access control (MAC) address, which is also known as the Ethernet address, hardware address, or AirPort ID.

NOTE: Apple's article does not mention that you can add the following to the end of the tcpdump command:

host [ip address]
(without "[ ]")

The [ip address] would be that of the machine the tcpdump trace needs to be of. This would be used if you perform the tcpdump from a different Macintosh. This other Macintosh must be connected to a hub that the problem Macintosh is connected to.