Here's the info for getting a tcpdump that Heath sent me last fall. Worked
fine for me. The last part about jumping to Software Update was specific for
the problem I was having, so for you you'd have to figure out how to do your
test and get your results.

On 9/13/04 11:45 PM, "Heath Raftery" <[EMAIL PROTECTED]> wrote:

> Back to the issue with the server responding - you'll get a lot more
> information and I'll have a lot more idea of what is going on, if you
> could capture the tcp dump. I'm not sure if you're familiar with the
> tools (or even if this is appropriate in your situation), but OS X
> comes built in with a (command line) program called tcpdump, which
> dumps the raw network traffic to a file. You can then analyse the
> traffic with various tools (Ethereal being my favourite). Here's how to
> dump the information necessary to file:
> In an administrator account on the OS X machine, type this at the
> prompt in the Terminal (where % is your prompt):
> % sudo tcpdump -p -s 0 -i en0 -w networktraffic
> It should prompt you for your password, by which it means your
> admin/login password. You might get a message about not having enough
> permissions to access /dev/bpf0 or something. In that case, use this
> command first:
> % sudo chmod 777 /dev/bpf*
> to change permissions on the files required by tcpdump.
> Here's a breakdown of the command:
> - sudo means to "do" the command as the "su" (super user), ie. the all
> powerful root user.
> - tcpdump is an application with "sniffs" network traffic. It will
> record all traffic in and out of your computer.
> - -p turns off "promiscuous" mode so you don't see the traffic of other
> computers on the network.
> - -s 0 sets the packet collection size to unlimited, so you get all the
> data.
> - -i en0 means to use the first Ethernet interface for collection. This
> will be your built-in Ethernet connection which I'm assuming you are
> connecting to the Internet through.
> - -w networktraffic means to write the raw data to the file named
> networktraffic (make sure you don't happen to have a file already by
> that name in your home directory!). The raw data can later be
> interpreted by other applications.
> After entering the command, you should get a confirmation message and
> then nothing. At this point, tcpdump is recording traffic. Hopefully
> your network is not too busy with traffic, which would make the output
> rather complicated. In any case, quickly jump into Software Update and
> do an update. To start with, it might be worth waiting out the delay.
> Then jump back to the Terminal and press Control-C to stop tcpdump. You
> can start is again with another file name (say -w networktraffic2) and
> then try and update followed by a cancel.

Reply via email to