Using tcpdump and Wireshark

Run tcpdump on a remote machine

The -s option specifies capture of whole data packets.

You probably want to change the device "eth0" and expression "port 80" in the following command:

sudo tcpdump -w /tmp/tcpdump.pcap -s 0 -i eth0 port 80

The following example uses the pseudo-device "any" to collect data from all interfaces at the same time. I believe the warning about promiscuous mode can be ignored:

sudo tcpdump -w /tmp/tcpdump.pcap -s 0 -i any port 80

Here's an example which collects data from a range of ports:

sudo tcpdump -w /tmp/tcpdump.pcap -s 0 -i any 'portrange 5100-5200'

Analyze the output using Wireshark

The output file (tcpdump.pcap) may be analyzed on a different machine then it was collected on.

wireshark /tmp/tcpdump.pcap