'tcpdump' Examples

Show all arp traffic:
tcpdump 'ether proto \arp'

Show all 'ping'-generated traffic (ICMP echo and echo-reply packets):
tcpdump 'ip proto \icmp and (icmp[0] = 8 or icmp[0] = 0)'

Show all traffic between '204.141.72.94' and the world:
tcpdump 'host 204.141.72.94'

Show all DNS-related traffic (in/out) originating from '204.141.72.94':
tcpdump '(src host 204.141.72.94 and dst port 53) or (dst host 204.141.72.94 and src port 53)'