diff --git a/pkg/agent/packetcapture/packetcapture_controller.go b/pkg/agent/packetcapture/packetcapture_controller.go
index 3691f0cd895..93d15e4875d 100644
--- a/pkg/agent/packetcapture/packetcapture_controller.go
+++ b/pkg/agent/packetcapture/packetcapture_controller.go
@@ -449,7 +449,14 @@ func (c *Controller) performCapture(
 	if err != nil {
 		return false, err
 	}
-	pcapngWriter, err := pcapgo.NewNgWriter(file, layers.LinkTypeEthernet)
+
+	// set SnapLength here to make tcpdump on Mac OSX works. By default, its value is
+	// 0 and means unlimited, but tcpdump on Mac OSX will complain:
+	// 'tcpdump: pcap_loop: invalid packet capture length <len>, bigger than snaplen of 524288'
+	defaultNgInterface := pcapgo.DefaultNgInterface
+	defaultNgInterface.SnapLength = 524288
+	defaultNgInterface.LinkType = layers.LinkTypeEthernet
+	pcapngWriter, err := pcapgo.NewNgWriterInterface(file, defaultNgInterface, pcapgo.DefaultNgWriterOptions)
 	if err != nil {
 		return false, fmt.Errorf("couldn't initialize a pcap writer: %w", err)
 	}