tcpdump - dump traffic on a network.
Capture packets from a specific interface:
tcpdump -i eth0
Capture only 10 packets:
tcpdump -i eth0 -c 10
Display captured Packets in ASCII:
tcpdump -i eth0 -A
Display captured packets in HEX:
tcpdump -i eth0 -XX
Capture packets and write into a file:
tcpdump -i eth0 -w network-log.pcap
Read packets from a saved file:
tcpdump -r network-log.pcap
Don't convert IP addresses to names:
tcpdump -i eth0 -n
Capture packets with timestamp:
tcpdump -i eth0 -n -tttt
Capture packets greater than 1024 bytes:
tcpdump -i eth0 greater 1024
Read packets lesser than 1024 bytes:
tcpdump -i eth0 less 1024
Receive only udp packets:
tcpdump -i eth0 upd
Receive only tcp packets:
tcpdump -i eth0 tcp
Receive only arp:
tcpdump -i eth0 arp
Receive packets of a specific port:
tcpdump -i eth0 port 80
Capture packets of a specific source IP:
tcpdump -i eth0 src 192.168.0.1
Capture packets of a specific destination IP:
tcpdump -i eth0 dst 8.8.8.8
Capture packets except arp protocol:
tcpdump -i eth0 not arp