I needed to capture some packets on a server to import into Wireshark on a Windows XP computer but hadn’t done this in awhile so I needed to refresh on how to do this. I ended up using dumpcap to capture the data, then obtain the dump file on the windows computer, and then imported into Wireshark. One thing I had a moment of trouble with was the dumpcap filter syntax. Below are some examples of how to use the filter that the dumpcap -f switch uses.
Basic dumpcap Capture[All Data]:
dumpcap -w /path/to/filecapture, dumpcap, filter, filter syntax, host, libpcap, net, SCP, tcp, UDP, windows, wireshark, xp