1. Download and run the executable Follow the instructions on the screen. The installation applet will automatically detect the operating system and install the correct drivers.
2. Download Cocoa Packet Analyzer for macOS 10.6 or later and enjoy it on your Mac. ‎Cocoa Packet Analyzer is a native Mac OS X implementation of a network protocol analyzer. CPA supports the industry-standard PCAP packet capture format for reading and writing packet trace files.
3. Click on the cog icon and select Downloads from the dropdown menu. Click on either the Mac Download or Windows Download link, depending on your device. Install PCAP.

1. Pcap Analyzer
2. Download Pcap Files

To capture additional packet traces, modify the Terminal command to increment the number of the saved file (such as DumpFile02.pcap and DumpFile03.pcap). Learn more The Apple Developer website has more information about packet traces.

Get the BSD device name of the network interface

1. Log in to your Mac with an administrator account.
2. While holding down the Option key, then choose Apple menu () > System Information (or System Profiler).
3. Select Network from the list on the left side of the System Information window.
4. Select the network interface (such as Wi-Fi or Ethernet) from the list of active services on the right side of the window.
5. From the details section at the bottom of the window, find 'BSD Device Name.' In the example pictured, the BSD device name for Wi-Fi is en0.

Capture the packet trace

1. Open Terminal, which is in the Utilities folder of your Applications folder,.
2. Type the following command, but replace BSDname with the BSD device name (such as en0, en1, or ppp0) from System Information:
   sudo tcpdump -i BSDname -s 0 -B 524288 -w ~/Desktop/DumpFile01.pcap
   
3. Press Return, then enter your administrator password when prompted.
4. Terminal should say tcpdump: listening on... to indicate that it's listening for activity on that network interface.
5. While Terminal is open, perform the network function that you want to test.
6. When the network function is complete, return to Terminal and press Control-C to capture the packet trace. Terminal saves it to your desktop in a file named 'DumpFile01.pcap.'
7. To see the contents of the file, use this command in Terminal:
   tcpdump -s 0 -n -e -x -vvv -r ~/Desktop/DumpFile01.pcap
   
8. To capture additional packet traces, modify the Terminal command to increment the number of the saved file (such as DumpFile02.pcap and DumpFile03.pcap).

Pcap Analyzer

Learn more

The Apple Developer website has more information about packet traces. When troubleshooting a network connection, you should know your computer's model, macOS version, IP address (and the destination IP address), and media access control (MAC) address. You should also understand your computer's role in the network activity, as well as the time of each network event associated with the issue.

Download Pcap Files

When troubleshooting the connection between an AirPort Base Station and a broadband modem, restart the base station and capture its interactions with the Internet service provider while it starts up. You can restart the base station using AirPort Utility, or by briefly unplugging it from power. While testing, it's best if the base station, modem, and capturing computer are connected to an Ethernet hub, not a switch. You should also manually assign the capturing computer's IP address so that it doesn't take the DHCP lease that the base station needs (a 169.254.x.x address should suffice).

The packet trace may show that the TCP checksum of packets sent by the Mac is bad. This is because the packet trace is being captured at the link layer of the network stack, which is just before the physical network adapter where checksums are generated. This can be safely ignored.