In Linux environment, if you want to use command base to capture network packets, you can use the following command with TCPDUMP.
tcpdump -i eth0 -w out.pcap
The above command will dump network packet for network interface eth0 to a file call out.pcap. This file is a pcap format which you can open by Wireshark.
The above command will use a default capture size of 96 bytes and the benefit of this is to create a small output file. However, the downside is that certain large packet information will be lost and you may not see a complete picture of network communication. Especially in Wireshark, such situation will display with a message “Packet size limited during capture HTTP truncated” for large packet.
To solve this issue, use the following command.
tcpdump -i eth0 -w out.pcap -s 0
-s 0 flag tell tcpdump to capture packet at original size (65535 bytes). And, this will create much larger output file.