Export to a file

tcpdump -i <interface> -s 65535 -w name.pcap

 

• -n:  will suppress name resolution of IPs, improving capture performance.
• -nn: will also suppress protocol lookups
• -x : Display a hex dump of the packet contents with line numbering.
• -X : will Produce the friendly printable characters see in the rightmost column of the bottom pane of the Wireshark capture display
• -s : Define the snaplength (size) of the capture in bytes, by default tcpdump only capture the first 68 bytes of a packet. Use -s 0 to get full length of any packets, unless you are intentionally capturing less
• -w : write to file a file, in which way we can use it for analyse later. Note that use “>” to redirect the output will not work.

 

Promiscuous mode

Simply add the -I option to your tcpdump command.