Cannot use tcpdump's -Q on Mac

Question

DEVs-iMac:dev$ sudo tcpdump -Qout -nnSX -c 1 -w packet.pcap port 9656
Password:
tcpdump: cannot parse term at: 
tcpdump: invalid expression "out"

I'm trying to dump all outgoing IP packets. It works on Linux but not on Mac. Does anyone have any idea why?

I figured out its only -Qout that gives me problems I tried to rearrange it but no matter where I place it, it doesn't work.

Answer 1

Linux vs Macos tcpdump

You cannot use the -Q option on Macos-builtin tcpdump because it has additions from Apple. You can see that they are different software by looking at their version info:

Macos version

macos-10.14$ sudo tcpdump --version
tcpdump version tcpdump version 4.9.2 -- Apple version 83.200.2
libpcap version 1.8.1 -- Apple version 79.250.1
LibreSSL 2.2.7

Linux version

ubuntu-18.04$ sudo tcpdump --version
tcpdump version 4.9.2
libpcap version 1.8.1
OpenSSL 1.1.1  11 Sep 2018

Manpages

Confusingly, man tcpdump on a Macos terminal shows -Q, which is not available. For comparison:

• Linux's tcpdump manpage
• Macos' tcpdump manpage (courtesy of SS64)

Alternatives

You could build from source if direction is important to you. This may or may not be possible based on your architecture.