It’s also important to note that
tcpdump only takes the first 68 bytes of data from a packet by default. If you would like to look at more, add the -s number option to the mix, where number is the number of bytes you want to capture. I usually give it 1514 (to get everything) if I use this option. Here’s a short list of the options I use most:
-i any: Listen on all interfaces just to see if you’re seeing any traffic.
-n: Don’t resolve hostnames.
-nn: Don’t resolve hostnames or port names.
-X: Show the packet’s contents in both hex and ASCII.
-v, -vv, -vvv: Increase the amount of packet information you get back.
-c: Only get x number of packets and then stop.
-S: Print absolute sequence numbers.
-e: Get the ethernet header as well.
-q: Show less protocol information.