How many times did you forget the parameters. I have, countless time.
Lets see if my sharing here I will remember some of my favorite commands
# tcpdump -nnXSs 0 ‘port 5060’
Command switches (what they are for)
- “-nn” plays nice by not looking up hostnames in DNS or service names.
- “-X” makes it print each packet in hex and ascii
- “-S” print absolute rather than relative TCP sequence numbers
- “-s 0” by default tcpdump will only capture the beginning of each packet, using 0 I get it all