tcpdump

This is a command-line utility used to sniff particular types of traffic and data off the wire:

• -i eth0: Select an interface to listen on
• port 80: Select a port to listen on
• host 172.16.1.1: Only collect traffic going to/from host
• src: Data coming from
• dst: Data going to
• -w output.pcap: Capture traffic to file on disk