Example of Using tcpdump for Capturing and Showing Frame Content

This is just a quick note on an example of using tcpdump.

To capture packets whose TCP or UDP port number is 112233 via interface eth0, and save the captured packets to file packet.cap, we run,

sudo tcpdump -i eth0 -w packet.cap port 112233

To examine the content of the captured the frames including full data-link layer header and payload in the packet.cap file, we run,

sudo tcpdump -nn -xx -XX -r packet.cap