Wireshark
Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Originally named Ethereal, the project was renamed Wireshark in May 2006 due to trademark issues.
-- Wikipedia

Packet filtering

Operators:

Examples

IP address (any)
1
ip.addr == <ip-address>
Copied!
Source and destination IP addresses
1
ip.src == <src-ip-address> and ip.dst == <dst-ip-address>
Copied!
Protocol
1
<protocol>
2
http
Copied!
Protocol contains string
1
<protocol> contains <string>
2
http contains google.com
Copied!
TCP port
1
tcp.port eq <port>
Copied!
UDP port
1
udp.port eq <port>
Copied!
Negation
1
not <expression>
Copied!

Capture packets

1
ssh <user>@<ip> "/usr/sbin/tcpdump -i ens33 -U -s0 -w - 'not port 22'" > bla.cap
2
wireshark bla.cap
Copied!
Alternative approach
1
ssh <user>@<ip> "/usr/sbin/tcpdump -i lo -U -s0 -w - 'not port 22'" | wireshark -k -i -
Copied!