tcpdump is a command-line packet capture tool for Linux/Unix — capturing and displaying network packets matching filter expressions. Outputs to PCAP files for Wireshark analysis.
tcpdump is pre-installed on most Linux/Unix systems. '-n' disables DNS resolution (faster). '-w file.pcap' saves to file. Basic filter: 'tcpdump -i eth0 port 443'. Complement to Wireshark for remote/headless capture.