Tcpdump examples in Linux

Capture the traffic based on the time interval

combine -G {sec} (rotate dump files every x seconds) and -W {count} (limit # of dump files)

tcpdump -G 15 -W 1 -w myfile -i eth0 'port 8080'
timeout 5400 tcpdump -i eth0 'port 8080' -w myfile

Capture the traffic on multiple ports

tcpdump port 22 or port 53

Capture the traffic on multiple hosts

$ tcpdump src 192.168.0.10 or src 192.168.0.10

Capture traffic from specific ip and destined for a specific port

tcpdump  src 10.5.2.3 and dst port 3389

Capture traffic from a host that isn’t on a specific port

tcpdump -vv src mars and not dst port 22

Isolate TCP RST flags.

tcpdump 'tcp[13] & 4!=0'
tcpdump 'tcp[tcpflags] == tcp-rst'

Isolate TCP SYN flags.

tcpdump 'tcp[13] & 2!=0'
tcpdump 'tcp[tcpflags] == tcp-syn'

This is from 20 Advanced Tcpdump Examples On Linux.