Mac OS X 10.5.4

For some reason, Wireshark keeps crashing X11 on my machine, so it isn't an option. If you have the same problem, here is how to capture and decode HTTP traffic from the command line, using tcpdump:

tcpdump -n -i en1 -s 0 -A port 80 and host


-nDon't convert addresses to hostnames
-i en1Interface to listen on. en0 is the wired interface and en1 is the wireless on a MacBook Pro
-s 0Snarf the required length to catch whole packets
-APrint each packet (minus its link level header) in ASCII
<expr>Packet match expression. My example of port 80 and host says to only print packets that have a source or destination port of 80 and a source or destination host of There are many other qualifiers, such as portrange, net, src, dst, inbound, outbound, ether, fddi, ip, ip6, arp, tcp, udp. See the manual page for more info.

For more info, at the terminal, type man tcpdump