Tcpdump

From wikinotes

Watch/record network traffic.

tcpdump -i eth0  # watch all traffic on eth0
tcpdump -T rpc   # watch traffic of protocol 'rpc'

# write to file
tcpdump -w out.pcap -i eth0
tshark -r out.pcap

# it may be useful to try command with/without (-n)
# to use ip-addrs instead of hostnames
tcpdump -n -i eth0

# piping tcpdump using (-l)
tcpdump -l -i eth0 | grep "192.1" 

# tcpdump specific host or port
tcpdump host 10.10.10.10 port 22

# tcpdump specific protocol
tcpdump icmp -i eth0