This command line tool is included with all versions of Mac OS X, and is also available on many other Unix platforms. To get started, try the following command.

sudo tcpdump -i en0 -s 0 -w DumpFile.dmp

Each element of the command line is explained below.

The sudo command causes tcpdump to run with privileges, which is necessary to access promiscuous mode.

The -i en0 option tells tcpdump to capture packets on the first Ethernet interface. You need to select an interface; there is no default. For a list of interfaces, type ifconfig -a. Mac OS X 10.1 and later provide packet capture support on PPP, so you can also specify a PPP interface here (for example, -i ppp0).

Note: If you need to capture PPP packets on traditional Mac OS, try using Interarchy or Sample Code Project ‘OTStreamDumper’.

The -s 0 option requests the full packet rather than just the first 68 bytes.

The -w DumpFile.dmp parameter tells tcpdump to dump the packets to a file called DumpFile.dmp.

In response to this command, tcpdump will begin to capture packets and put them in the DumpFile.dmp file. When you want to stop capturing, interrupt tcpdump by typing ^C. You can then display the contents of the packets as text using the following command.

tcpdump -s 0 -n -e -x -vvv -r DumpFile.dmp

NAME

kill — terminate or signal a process

SYNOPSIS

kill [-s signal_name] pid …
kill -l [exit_status]
kill -signal_name pid …
kill -signal_number pid …

DESCRIPTION

The kill utility sends a signal to the processes specified by the pid op-operand(s).
erand(s).

Only the super-user may send signals to other users’ processes.

The options are as follows:

-s signal_name
A symbolic signal name specifying the signal to be sent instead
of the default TERM.

-l [exit_status]
If no operand is given, list the signal names; otherwise, write
the signal name corresponding to exit_status.

-signal_name
A symbolic signal name specifying the signal to be sent instead
of the default TERM.

-signal_number
A non-negative decimal integer, specifying the signal to be sent
instead of the default TERM.

The following pids have special meanings:
-1 If superuser, broadcast the signal to all processes; otherwise
broadcast to all processes belonging to the user.

Some of the more commonly used signals:

1 HUP (hang up)
2 INT (interrupt)
3 QUIT (quit)
6 ABRT (abort)
9 KILL (non-catchable, non-ignorable kill)
14 ALRM (alarm clock)
15 TERM (software termination signal)

Some shells may provide a builtin kill command which is similar or iden-identical
tical to this utility. Consult the builtin(1) manual page.

(more…)