Notes and links on tcpdump.
Capture and output at the same time
This command will make tcpdump save captured packets in a .pcap file,
and output their printable format on stdout:
sudo tcpdump -n -s0 -U -vvv tcp port 80 -w - | tee capture.pcap | tcpdump -vvv -n -r -
Options:
-n : numeric output, don't resolve IPs to names, don't resolve ports to service names
-s0 : don't truncate packets unless they are bigger than 65535 bytes
-U : don't buffer output, dump to `.pcap` immediately
-w : write `.pcap`
-r : read from `.pcap`