Useful TCPDump Commands
Using CDP (Cisco Discovery Protocol) to identify which switch and port you are plugged into:
#tcpdump -nn -v -i eth0 -s 1500 -c 1 'ether[20:2] == 0x2000'
Apache Requests in real time:
#tcpdump -i eth0 -s 1024 -l -A port 80|grep "Host:"
Create pcap file compatible with wireshark
tcpdump -nn -w tcpdump.pcap -s0 *rules*
Pipe remote tcpdump into local wireshark
tcpdump -nn -w - -s0 *rules* | nc -l 9999
nc remote.server.address 9999 | wireshark -k -S -i -