tcpdump 1) is :
It prints out a description of the contents of packets on a network interface that match a boolean expression
tcpdump -C 104.8576 -W 10 -i eth0 -s 0 -w /tmp/tcpdump.infa -Z userName 'host hostname and port 1433' &
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
tcpdump -w /file/name -s 0 'host example.com and port 25'
Stop it with Ctrl-C when done.
tcpdump can always be interrupted by:
It will by default run for ever.
Options:
tcpdump has a log rotate functionality built-in.
Rotate Options:
The first savefile will have the name specified with the -w flag, with a number after it, starting at 1 and continuing upward.
For the expression syntax, see pcap-filter%287%29
Reading packets from a network interface may require that you have special privileges
See Tcptrace to analyze a tcp dump file