Capture traffic for an interface tcpdump -i {interface} Capture traffic for an interface and write to file tcpdump -i {interface} -w {file} Read packets from file and don't resolve host and port tcpdump -r {file} -n Read packets from file and don't resolve, show as ASCII tcpdump -r file -n -A Read packets from file, filter on host tcpdump -r {file} 'host {ipaddress}' Read packets from file, filter on direction and host tcpdump -r {file} 'src host {ipaddress}' Read packets from file, filter on direction and host using NOT tcpdump -r {file} 'icmp and (src host {ipaddress})'