On Linux, to capture data on a port and write to output.pcap, run

sudo tcpdump  -i any -v 'port 1514' -w output.pcap

To capture traffic on a server (192.168.11.153) where the client (1921.68.99.74) is accessing TCP-443 on the server.

tcpdump -i eth1 -n '(src 192.168.99.74 and dst 192.168.11.153 and dst port 443) or (src 192.168.11.153 and dst 192.168.99.74 and src port 443)'

• Name Resolution: Use -n to disable hostname and port number resolution for faster output.
• Verbose Output: Use -v, -vv, or -vvv for more detailed output.
• Packet Size: Use -s <snaplen> to specify the number of bytes to capture per packet (e.g., -s 0 for the entire packet).
• Output to File: Use -w <filename> to save the captured packets to a file.
• Read from File: Use -r <filename> to read and display packets from a saved file.
• Quotes: Use single quotes around filter expressions containing special characters (like parentheses) to prevent shell interpretation