tcpdump -nni INTERFACE host IP_FILTRO
Exemplos:
Mostrar tráfego na porta 9081
tcpdump -nni enc0 host 172.57.168.100 and port 9081
Mostrar tráfego exceto icmp
tcpdump -nni enc0 host 10.1.1.1 and not icmp
Mostrar HTTP GET
tcpdump -i enp0s8 -s 0 -A ‘tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x47455420’
Mostrar HTTP POST
tcpdump -i enp0s8 -s 0 -A ‘tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x504F5354’
Mostrar HTTP GET/POST nas portas 80 e 443 filtrando o IP
tcpdump -i any -s 0 -A ‘tcp dst port 80 or tcp dst port 443 and tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x47455420 or tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x504F5354’ and host 192.168.1.1