tcpdump flags & options

-i

Specify the network interface to capture on.

sudo tcpdump -i eth0

sudo tcpdump -i any

-n

Don't resolve hostnames or port names.

sudo tcpdump -n -i eth0

-c

Stop after capturing a specific number of packets.

sudo tcpdump -c 100 -i eth0

-w

Write captured packets to a file.

sudo tcpdump -w capture.pcap -i eth0

-r

Read packets from a previously saved file.

tcpdump -r capture.pcap

-X

Display packet contents in hex and ASCII.

sudo tcpdump -X -c 5 -i eth0

-A

Display packet contents in ASCII only.

sudo tcpdump -A -i eth0 port 80

port

Filter traffic by port number.

sudo tcpdump -i eth0 port 443

sudo tcpdump -i eth0 src port 53

host

Filter traffic by host address.

sudo tcpdump -i eth0 host 192.168.1.1

sudo tcpdump -i eth0 src host 10.0.0.1 and dst port 80