tcpdump
This is a command-line utility used to sniff particular types of traffic and data off the wire:
- -i eth0: Select an interface to listen on
- port 80: Select a port to listen on
- host 172.16.1.1: Only collect traffic going to/from host
- src: Data coming from
- dst: Data going to
- -w output.pcap: Capture traffic to file on disk