[jswanson]

If you're on a server that doesn't have an X environment set up for wireshark, you can use tcpdump to spit to a file:

   -w     Write the raw packets to file rather than parsing and printing them out.  They can later be printed with the -r option.  Standard output is used if file is ``-''.  See pcap-savefile(5) for a description of the file format.

--

You can then open this file in wireshark on your desktop for easier analysis if you wish.

[gatehouse]

Yeah, I do this all the time also with -s0 (saves all data traffic as well). You need some kind of filter because of all the traffic, but you can see everything afterwards. Easy to use wireshark to show TCP streams reconstructed: http://www.wireshark.org/docs/wsug_html_chunked/ChAdvFollowT... .