Capture everything on that interface (-nn for numerical)
sudo tcpdump -i eth1 -nn -tttt
Capture only ASCII
sudo tcpdump -i eth0 -nn -tttt -A
Captured packets in HEX and ASCII
sudo tcpdump -i eth0 -nn -tttt -XX
Monitor all except my ssh
sudo tcpdump -i eth1 -nn port not 22
#Monitor except my address (-c for only 15 packets)
sudo tcpdump -i eth1 -nn -c 15 host not x.x.x.x
#Monitor with src address and port 22
sudo tcpdump -i eth1 -nn tcp and host x.x.x.x
sudo tcpdump -i eth1 -nn src x.x.x.x and port 22
#only tcp, src & dst
sudo tcpdump -i eth1 -nn tcp port 22
sudo tcpdump -i eth1 -nn tcp and port 80
sudo tcpdump -i eth1 -nn dst 8.8.8.8 and port 22
sudo tcpdump -i eth1 -nn src 8.8.8.8 and dst 8.8.8.8
sudo tcpdump -i eth1 -nn src 8.8.8.8 and dst 8.8.8.8 and port 22
#only arp or icmp
sudo tcpdump -i eth1 arp
sudo tcpdump -i eth1 icmp
#Write to file
sudo tcpdump -w 2015-11-31.pcap -i ethi
#Write to file (packets greater than 1024)
sudo tcpdump -w 2015-11-31.pcap -i ethi greater 1024
#Read from file
sudo tcpdump -tttt -r filename.pcap
#Timestamp -tttt
sudo tcpdump -i eth1 -nn -c 10 tcp and port 80