Capturing via tcpdump to view in Wireshark

$sudo tcpdump -i en1 -s0 -w captured.pcap-i Listening interface-s Snarf snaplen bytes of data from each packet rather than the default of 64K bytes. Packets truncated because of a limited snapshot are indicated in the output with ``[|proto]'', where proto is the name of the protocol level at which the truncation has occurred. Note that taking larger snapshots both increases the amount of time it