- Get the last 20 packets exept ssh connections
tcpdump -s 0 -n not port ssh -c 20
- Get the last 100 http packets and extract hosts
tcpdump -s 0 -n -ttt -v -A port 80 -c 100 | grep Host
- Get the last 100 MySQL queries
tcpdump -s 0 -n -ttt -v -A port 3306 -c 100 | grep SELECT