Capture and Record Specific Protocols / Port

TCPDump is a tool for network monitoring and data acquisition. It can save lots of time and can be used for debugging network or server related problems. Tcpdump prints out a description of the contents of packets on a network interface that match the boolean expression.

Monitor all packets on eth0 interface

tcpdump -i eth0

Monitor all traffic on port 22 ( SSH )

tcpdump -i eth0 'port 22'

Monitor all traffic on port 25 ( SMTP )

tcpdump -vv -x -X -s 1500 -i eth0 'port 25'