tcpdump
tcpdump -i eth0 #Capture Packets from Specific Interface
tcpdump -i any #Capture all packets in any interface
tcpdump -c 5 -i eth0 #Capture Only N Number of Packets
tcpdump -A -i eth0 #Print Captured Packets in ASCII
tcpdump -D #Display Available Interfaces
tcpdump -XX -i eth0 #Display Captured Packets in HEX and
tcpdump -w 0001.pcap -i eth0 #Capture and Save Packets in a File
tcpdump -r 0001.pcap #Read Captured Packets File
tcpdump -n #show IP address replace name (disable name resolution)
tcpdump -nn #show port address replace name (disable port resolution with -nn
tcpdump tcp #Capture only TCP Packets.
tcpdump port 22 #Capture Packet from Specific Port
tcpdump port 80 #capture packets related to a web (HTTP) service
tcpdump -i eth0 src 192.168.0.2 #Capture Packets from source IP
tcpdump -i eth0 dst 50.116.66.139 #Capture Packets from destination IP
tcpdump --number #show acket numbers in output
tcpdump -t #omit timestamp info from tcpdump outpu
tcpdump -v #show detailed output
tcpdump icmp #capture ICMP packets only
tcpdump host 54.204.39.132 #only packets related to a specific host
tcpdump -i any -c5 -nn \
src 192.168.122.98 and port 80 #filter packets from source IP address 192.168.122.98 and service HTTP only
tcpdump -i any -c5 -nn "port 80 \
and (src 192.168.122.98 \
or src 54.204.39.132)" #filtering packets for HTTP service only (port 80) and source IP addresses 192.168.122.98 or 54.204.39.132