- The format of tcpdump command
- Show help & version info
- Print less protocol information
- Print verbose output
- Specify how to interpret packet
- Specify network interfaces
- Read filter expression from file
- Save packets into file
- Rotate capture files
- Parse and print packets
- Print Autonomous System Number in ASDOT notation
- Print absolute TCP sequence number
- Set capture buffer size
- Set snapshot length
- Capture packets for specified direction
- Limit capture packet count
- Display serial number for every capture packet
- Dump compiled BPF program
- Don't optimize BPF program
- Print link level header
- List and set data link type
- Don't convert address to name
- Don't translate foreign IPv4 address
- Don't print domain name qualification of host names
- Output line-buffered or packet-buffered
- Set timestamp type and precision during capture
- Control timestamp display
- Set monitor mode for interface
- Capture packets in immediate mode
- Don't verify TCP, UDP or IP checksums
- Don't put the interface into promiscuous mode
- Relinquish privileges when running tcpdump
- Verify cryptographic signature of the TCP packet
- Load SMI MIB module
- Print undecoded NFS handles
- Detect 802.11s mesh header
- Decrypt IPSec ESP packets