tcpdump is a swiss-army tool to help you troubleshoot network and security tools
Capture information based on IP Address
# tcpdump -i eth0 host 192.168.1.1
If you are capturing source
# tcpdump -i eth0 src 192.168.1.5
OR If you are capturing destination
# tcpdump -i eth0 dst 192.168.1.10
Capture and write to a standard pcap file
# tcpdump -i eth0 -s0 -w temp.pcap
where s0 – set the size of captured to unlimited. In other words, capture all packets
Line Buffered Mode
If you are using grep to capture selected parameter, you will need to force the line buffered (-l). The output is sent immediately to the piped command
# tcpdump -i eth0 -s0 -l | grep 'bmc'
Capture on Protocol
# tcpdump -i eth0 udp
OR
# tcpdump -i eth0 -n icmp
References: