When troubleshooting a network or connectivity issue, Automox Support may ask you to capture the traffic on a device using tcpdump, a command-line packet capture tool. This guide walks through capturing that traffic and sharing it with Support.
tcpdump runs natively on Linux (install it from your distribution's package manager if needed) and macOS (included by default). The commands below are identical on both. tcpdump is not available on Windows; capture traffic there with the built-in pktmon tool or Wireshark instead.
Capturing Traffic
Packet capture requires administrator privileges, so the commands below use sudo.
-
Identify the interface to capture on. List the available network interfaces:
sudo tcpdump -D
-
Start the capture, writing the output to a file:
sudo tcpdump -i <interface> -w capture.pcap
Replace
<interface>with the interface from step 1. tcpdump captures full-sized packets by default, so no snap-length option is needed. - Reproduce the issue you are troubleshooting while the capture runs, so the relevant traffic is recorded.
-
Stop the capture with Ctrl+C. The traffic is saved to
capture.pcapin your current directory.
Useful Options
You can refine a capture with the following options. For the complete list, see the official tcpdump man page or run man tcpdump on the device.
| Option | Description |
-i <interface> |
Capture on a specific interface (use -i any for all interfaces) |
-w <file> |
Write raw packets to a file for later analysis |
-c <count> |
Stop automatically after capturing a set number of packets |
host <address> |
Capture only traffic to or from a specific host |
port <number> |
Capture only traffic on a specific port |
-n |
Skip DNS resolution to reduce noise and overhead |
For example, to capture only traffic between the device and the Automox console endpoint:
sudo tcpdump -i <interface> -w capture.pcap host console.automox.com
Sharing the Capture with Support
Attach the resulting capture.pcap file to your support ticket. Avoid leaving a capture running longer than necessary, as files can grow large quickly.
References
- tcpdump and libpcap home page — official project site and downloads
- tcpdump man page — full command reference