OS X’s tcpdump

I was messing around with non-recursive DNS queries today and noticed that the version of tcpdump that comes with OS X is special. (Why wouldn’t it be?) It’s compiled with a -P flag which allows it to save pcap-ng files as opposed to pcap. Pretty nifty. In the man page the following is said about the hook:

-P     Use the pcap-ng file format when saving files. Apple modification.

Pretty nifty!

OS X’s tcpdump