Capture 1000 packets on interface eth0 and save to packets.pcap
~$ tcpdump -i eth0 -c 1000 -w packets.pcap
View packet capture from cli
~$ tcpdump -r packets.pcap
Capture just tcp packets on interface eth0
tcpdump -i eth0 tcp
Capture packets to and from port 22
tcpdump port 22
Capture packets from a specific source ip address
tcpdump src 172.31.3.1
Capture packets destined for a specific ip address
tcpdump dst 172.31.5.1