====== TCPDump ======


tcpdump -D

tcpdump -i 

tcpdump -i  [capture filter]
tcpdump -i  port ## and udp

# -n: no conversion
tcpdump -i  -n -w dump.pcap [cf]

tcpdump -i  -n -w dump_%c.pcap -Z root -C 1000 [cf]
# rotate 10 log files
tcpdump -i  -n -W 10 -w dump.pcap -Z root -C 1000 [cf]

* for capture filters see [[soc:tools:wireshark]]