tcpdump

This is a command-line utility used to sniff particular types of traffic and data off the wire:

  • -i eth0: Select an interface to listen on
  • port 80: Select a port to listen on
  • host 172.16.1.1: Only collect traffic going to/from host
  • src: Data coming from
  • dst: Data going to
  • -w output.pcap: Capture traffic to file on disk