tcpdump command dump traffic on a network in real time. It prints out a description of the contents of packets on a network interface.
How do I capture network packets to a file?
By default traffic is dumped on a screen. To capture these packets to a file, enter the following command as the root user:
# tcpdump -i eth0 -w traffic.eth0
How do I read packets from a file?
The -w flag causes it to save the packet data to a file called traffic.eth0 for later analysis, and/or with the -r flag, which causes it to read from a saved packet file rather than to read packets from a network interface:
# tcpdump -r traffic.eth0