February 26, 2010
I was debugging an application at work the other day and needed to monitor tcp network traffic on ports 80 and 8080 from one of our servers to another server. I fired up tcp dump on the server with the following command:
>tcpdump -Xvnes 0 -w /tmp/capture.log 'tcp and host 22.214.171.124 and (port 8080 or port 80)'
Replace 126.96.36.199 with the real ip of the destination server. This created a dump file at /tmp/capture.log that I could then load up in wireshark for analysis.