Based on manpage of
tcpdump(8) from Debian jessie's
|set buffer size to buffersize kilobytes|
|exit after |
|read filter expression from |
|Listen on |
|write packets to |
|after opening input device but before opening output file change user ID to |
useful to avoid chown-calls after each tcpdump run
|expression | 'expression'||filter expression, see manpage pcap-filter(7) and next chapter|
2. "interrupt" the ethernet connection with a Linux machine set up as software bridge. If successful maybe apply for a job with NSA or your country's sister organization.
Avoiding 'packets dropped by kernel'
-B to increase the capture buffer size.
The size specified is in KB, i.e.
-B 1024 sets the buffer to 1 MB.