FrameSeer uses tcpdump’s native file format. Among other things, this means that you can use any Macintosh to capture traffic to a file, which you can then open and inspect using FrameSeer.

Assume, for example, that FrameSeer is installed on Macintosh “A” but that you need to diagnose a problem on Macintosh “G”. Unfortunately, because “G” is in different broadcast and collision domains, “A” is unlikely to be able to capture anything useful (see Traffic Capture Fundamentals for additional information).

The good news is that there is an easy way around this problem. If the owner of “G” gives you permission to login as an administrator (eg via ssh), you can launch tcpdump at the command line and save the traffic it captures to a file.

FrameSeer can help you construct the command you will need. Open a new FrameSeer document, select any filters you might need, click the Start button, then the Stop button, and then switch to the Log tab.

The Log tab will show entries similar to the following:

--date-- --time-- arguments: -i en0 -s 0 -F /tmp/<file name>
--date-- --time-- filters: ((dst host 17.250.248.64))

The following Unix command launches tcpdump from the command line interface in exactly the same way that FrameSeer launches tcpdump when you click on the Start button, with the exception that the captured packets are written to the file called capture.dmp. About the only thing you need to double-check is that you are using the correct interface (the AirPort interface on “G” is probably “en1”).

You terminate tcpdump by pressing Control-C. The file capture.dmp can then be opened using FrameSeer. You may wish to copy the file across the network to your own Macintosh (eg via scp or ftp), or you can simply mount “G’s” hard disk using AppleShare/IP and open the capture file across the network.

Note: Some routers and switches include a facility known as Conversation Steering which can be used to copy traffic on one port to another port. For example, the L2 switch shared by “A” thru “D” could be told to steer “C’s” traffic to the port where “A’s” hub attaches. This would enable “A” to see and capture “C’s” traffic, even though the two hosts are in different collision domains. Conversation Steering is, therefore, an alternative to running tcpdump remotely.