##########################
## Sniffing traffic using tcpdump
##########################

# listing all interfaces
ifconfig -a

# start sniffing on an interface
tcpdump -i eth0

# sniffing only packets to or form an ip address, domain (dns lookup) or network
tcpdump -i eth0 host 8.8.8.8 
tcpdump -i eth0 dst medium.com -n # -n -> do not convert addresses to names
tcpdump -i eth0 net 192.168.0.0/24

# sniffing only packets to or from a specific port
tcpdump -i eth0 port 443 -vv -n    # -vv -> verbose
# using the `or` operator
tcpdump -i eth0 port 80 or port 443

# sniffing only packets to a specific port
tcpdump -i eth0 dst port 53 -vv -n

# sniffing only packets from a specific port
tcpdump -i eth0 dst port 22 -vv -n

# -A outputs ascii strings and -X outputs both in ascii and hexadecimal 
tcpdump -i eth0 port 80 -A -n
tcpdump -i eth0 port 80 -X -n

# writing captured packets to file
tcpdump port 80 -w web.pcap

# reading from a file
tcpdump -r web.pcap