Tcpdump

tcpdump is a command-line network monitoring and data acquisition tool. It is capable of sniffing packets and "dumping" information.

Emerge
Install tcpdump:

SUID
In order for normal users to run tcpdump the program should be built with the  flag enabled and the user(s) should be added to the tcpdump group.

Do this by using the usermod command where  is user's username:

Invocation
The root user can invoke tcpdump at any time:

When tcpdump has been set with SUID permissions normal users can invoke it, however since the directory is not included in a normal user's path, the full path must be specified:

Listing interfaces
To discover the interfaces available to tcpdump issue the following command:

Specifying an interface
After an output of available interfaces has been displayed it is possible to select a specific interface upon which to listen:

Where  is either the number of the interface or the string version of the name.

Write output to a file
Running tcpdump with the  instructs the program to write output to a file. This is helpful to future analysis:

External resources

 * http://www.tcpdump.org/manpages/pcap.3pcap.html - The tcpdump man page hosted on the web.