TCPDump

TCPDump Filters
Source: [thegeekstuff.com]

tcpdump -s 0 -i eth0 host 10.1.1.1 -v -w /tmp/packet_capture.cap
 * General TCPDump command:

Command Line Options
-A 		Print frame payload in ASCII -c 	Exit after capturing count packets -D 		List available interfaces -e 		Print link-level headers -F 	Use file as the filter expression -G  	Rotate the dump file every n seconds -i 	Specifies the capture interface -K 		Don't verify TCP checksums -L 		List data link types for the interface -n 		Don't convert addresses to names -p 		Don't capture in promiscuous mode -q 		Quick output -r 	Read packets from file -s 	Capture up to len bytes per packet -S 		Print absolute TCP sequence numbers -t 		Don't print timestamps -v[v[v]] 	Print more verbose output -w 	Write captured packets to file -x 		Print frame payload in hex -X 		Print frame payload in hex and ASCII -y 	Specify the data link type