Wireshark

Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Originally named Ethereal, the project was renamed Wireshark in May 2006 due to trademark issues.
-- Wikipedia​
Packet filtering
​Building Display Filter Expressions​
Operators:
​Display Filter comparison operators​
​Display Filter Logical Operations​
Examples
IP address (any)
ip.addr == <ip-address>
Source and destination IP addresses
ip.src == <src-ip-address> and ip.dst == <dst-ip-address>
Protocol
<protocol>
http
Protocol contains string
<protocol> contains <string>
http contains google.com
TCP port
tcp.port eq <port>
UDP port
udp.port eq <port>
Negation
not <expression>
Capture packets
ssh <user>@<ip> "/usr/sbin/tcpdump -i ens33 -U -s0 -w - 'not port 22'" > bla.cap
wireshark bla.cap
Alternative approach
ssh <user>@<ip> "/usr/sbin/tcpdump -i lo -U -s0 -w - 'not port 22'" | wireshark -k -i -

Last modified 1yr ago