Linux‎ > ‎


listen on the specified udp port with -n which tells tcpdump not to reverse lookup IPs

tcpdump -n udp port 2055
Capture packets that are less than 52 bytes in a detailed format viewable by wireshark

tcpdump -i any -n less 52 -w /root/kr3.log -s0 -vvv

capture SYN and FIN packets only

tcpdump -i any -n "tcp[tcpflags] & (tcp-syn | tcp-fin) != 0"