This post contains various commands that may come in useful when utilizing tcpdump. This article will be expanded upon as time goes on.
Basic Usage
Run tcpdump to collect traffic:sudo tcpdump -i <interface>
Run tcpdump with verbosity:sudo tcpdump -i <interface> -v
Disable DNS Conversation:sudo tcpdump -i <interface> -n
Quieter output:sudo tcpdump -i <interface> -q
Specify the number of packets to capture:sudo tcpdump -i <interface> -c 100
Applying Filters
Filter based on ICMP requests:sudo tcpdump -i <interface> icmp
Filter based on IP or hostname:sudo tcpdump -i <interface> host <hostname>
Filter based on specific source/destination address:sudo tcpdump -i <interface> src 10.0.0.1 and dst 10.0.0.2
Rather than filter based on source/destination, you can use Grep:sudo tcpdump -i <interface> | grep <ipAddr>
Saving / Reading Output
To save output to a text file:
sudo tcpdump -i <interface> -w output_file.txt
To read output from a text file:sudo tcpdump -i <interface> -r output_file.txt