====== TCPdump Examples======
\\
===== Capture only ICMP packets =====

<code>
tcpdump -ni eth0 icmp
</code>

===== Ignore specific port =====

<code>
tcpdump -ni eth0 not port 22
tcpdump -ni eth0 tcp and not port 22
</code>

===== Multiple match criteria =====
Use logic and/or/not parameters in the match statement

<code>
tcpdump -ni enp1s9 dst 192.168.6.1 and port 443
tcpdump -ni enp1s9 src 192.168.6.2 and dst port 80
tcpdump -ni enp1s9 dst 192.168.6.1 and src 192.168.6.2 and src port 80
</code>

===== Multiple match criteria with  and/or logic =====
Use brackets () to group matches together
<code>
tcpdump -ni eth0 \(tcp or udp\) and \(port 80 or 443 or 53\)
</code>

===== Write captured packets to a file =====

<code>
tcpdump -ni eth0 -s 1500 -w /tmp/capture.pcap
tcpdump -ni eth0 -s 1500 -w /tmp/capture.pcap tcp and not port 22
tcpdump -ni eth0 -s 1500 -w /tmp/capture.pcap \(tcp or udp\) and \(port 80 or 443 or 53\)
</code>