Today, I would like to introduce you to some of tcpdump’s advanced options. If you’ve ever used tcpdump you’ve probably captured traffic off a network interface, or examined the contents of an existing pcap file. In it’s most basic use (sudo tcpdump), all visible network traffic is dumped off the primary interface to stdout. While this is the making of a great screen saver, it’s not very useful. This is the moment at which you began reading the man page, and discovered Berkley Packet Filters (bpf). BPF statements can range from something as broad as # tcpdump ‘port 80′ or # tcpdump ‘host and/or host’. There are times where a very specific level of detail is needed. This is where Berkley Packet Filters become your best friend.