Go to bash by typing “bash” in the console window.
Real time capture:
tcpdump -i 0.0:nnnp -s0 src host <SRC_IP> and dst host <DST_IP>
Save to file capture:
tcpdump -i 0.0:nnnp -s0 -w /var/tmp/<filename>.cap 'host <IP#1> or host <IP#2>' -vv
Other options:
tcpdump -nni 0.0 host 10.0.0.1 -w /var/tmp/test.pcap
tcpdump -nni 0.0 host 10.0.0.1 or host 10.0.0.2 - w /var/tmp/test2.pcap
0.0 means match any interface.
By privilege15