tshark sniffer

tshart sniffer (old name ethreal)

install tshark

example:

tshark -R ‘((ip.addr eq 10.255.0.2) and (tcp or udp))’ -w test.pcap

in test.cap we get only tcp and udp packets that went from an to ip 10.255.0.2

PS: wireshark like this pcap files.