<![CDATA[
tcpdump -i en0 -s 65535 -w tcpdump.`hostname` tcp port 80 or tcp port 443 or udp port 53
tcpdump -i en0 -s 65535 -w tcpdump.`hostname` ip host xxx.xxx.xxx.xxx and tcp port 80 or ip host xxx.xxx.xxx.xxx and tcp port 443 or ip host xxx.xxx.xxx.xxx and udp port 53
tcpdump -i en0 -s 65535 -w /tmp/mytcpdump tcp portrange 20-443
]]>
its a good idea to set -s to the size of the mtu (maximum transmission unit)
<![CDATA[
netstat -I en0
# In linux its found in ifconfig
]]>
Are passwords passed in clear?
<![CDATA[
tcpdump port http or port ftp or port smtp or port imap or port pop3 -l -A | egrep -i 'pass=|pwd=|log=|login=|user=|username=|pw=|passw=|passwd=|password=|pass:|user:|username:|password:|login:|pass |user ' --color=auto --line-buffered -B20
]]>