Tcpdump
From wikinotes
Watch/record network traffic.
tcpdump -i eth0 # watch all traffic on eth0
tcpdump -T rpc # watch traffic of protocol 'rpc'
# write to file
tcpdump -w out.pcap -i eth0
# it may be useful to try command with/without (-n)
# to use ip-addrs instead of hostnames
tcpdump -n -i eth0
# piping tcpdump using (-l)
tcpdump -l -i eth0 | grep "192.1"
# tcpdump specific host or port
tcpdump host 10.10.10.10 port 22
# tcpdump specific protocol
tcpdump icmp -i eth0