Obtain a packet capture from a Mac computer using Terminal


Article ID: 171081


Updated On:


Web Security Service - WSS


You would like to diagnose a network issue and submit the packet capture to support.


Mac OS


First, document the BSD Device Name:

  1. Log in with your administrator username and password.

  2. While holding down the Option key, select the Apple menu> Select System Information.

  3. Select Network

  4. Select Network Interface (Ethernet or Wi-Fi)

  5. Under the details section, find "BSD Device Name." (example en0)

Then, proceed to capture the packet:

  • Open your Applications folder> Utilities> Terminal,

  • Type the following command (replace BSDname with your BSD device name) 

sudo tcpdump -1 BSDname -s 0 -B 524288 -w ~/Desktop/DumpFile01.pcap

  • Press return, then enter your Admin username & password

Your Terminal should say  tcpdump: listening on... to indicate that it is listening for activity

  • Leave the Terminal open.  Perform the network function you would like to test.

  • When complete, return to the Terminal and press Control-C to capture the packet trace.  

  • The trace will be saved to the desktop in a file named "DumpFile01.pcap"

  • Email the file to your case or upload at upload.bluecoat.com Email the file to your case or upload at upload.bluecoat.com 

If you would like to see the contents, enter the following command:
tcpdump -s 0 -n -e -x -vvv -r ~/Desktop/DumpFile01.pcap