-i any : Listen on all interfaces just to see if you're seeing any traffic. -n : Don't resolve hostnames. -nn : Don't resolve hostnames or port names. -X : Show the packet's contents in both hex and ASCII . -XX : Same as -X , but also shows the ethernet header. -v, -vv, -vvv : Increase the amount of packet information you get back. -c : Only get x number of packets and then stop. -s : Define the size of the capture (use -s0 unless you are intentionally capturing less.) -S : Print absolute sequence numbers. -e : Get the ethernet header as well. -q : Show less protocol information. -E : Decrypt IPSEC traffic by providing an encryption key. -s : Set the snaplength , i.e. the amount of data that is being captured in bytes -c : Only capture x number of packets, e.g. ' tcpdump -c 3 ' Basic Usage So, based on the kind of traffic I'm looking for, I use a different combination of options to tcpdump , as can be seen below: Basic communication // se