Tcp dump is a most powerful and widely used command-line packets sniffer or package analyzer tool which is used to capture or filter TCP/IP packets that received or transferred over a network on a specific interface. It is available under most of the Linux/Unix based operating systems. tcpdump also gives us an option to save captured packets in a file for future analysis. It saves the file in a pcap format, that can be viewed by tcpdump command or an open source GUI based tool called Wireshark (Network Protocol Analyzer) that reads tcpdump pcap format files.

• Some important TcpDump options
• -i (interface). Users should provide the interface on which packets need to be captured. Specify any for capturing packet on all interfaces.
• -A. For ASCII output
• -w to dump output in binary format.
• -v verbose mode
• src for specifying source , dst for specifying destination and
• Tcp dump Usage
• Capture Packets from Specific Interface - # tcpdump -i eth0
• Capture Only N Number of Packets # tcpdump -c 5 -i eth0
• Print Captured Packets in ASCII # tcpdump -A -i eth0
• Display Captured Packets in HEX and ASCII # tcpdump -XX -i eth0
• Capture and Save Packets in a File # tcpdump -w 0001.pcap -i eth0
• Read Captured Packets File # tcpdump -r 0001.pcap
• Capture IP address Packets # tcpdump -n -i eth0
• Capture only TCP Packets. # tcpdump -i eth0 tcp
• Capture Packet from Specific Port # tcpdump -i eth0 port 22
• Capture Packets from source IP # tcpdump -i eth0 src 192.168.0.2

Root privileges are required to execute tcpdump. As cmon will be executing tcpdump program, either CMON should be running with root user or the user with which CMON is running should be in /etc/sudoers list.